last executing test programs: 10.526592245s ago: executing program 0 (id=2122): r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x4}, 0x104101, 0x4, 0x2000000, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = getpid() perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x2, 0x3cd, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, r3, 0x0, 0xffffffffffffffff, 0x2) syz_clone(0x41064400, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000580)={0x5, 0x80, 0xec, 0x7, 0x40, 0xe5, 0x0, 0x0, 0xd000, 0x6, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x5, 0x2, @perf_bp={0x0, 0x2}, 0x9c7, 0xfc, 0x4, 0x0, 0x81, 0x9, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x1, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x6, 0x21, 0x0, 0x0) syz_clone(0x0, &(0x7f0000000040)="6e0355da50285327996fb163b419d94cee", 0x11, 0x0, 0x0, 0x0) close(0x3) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10, 0x0}, 0x3000c085) sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xffffffffffffffd1}], 0x13, 0x0, 0x0, 0x10000000}, 0x12cd) 7.937289869s ago: executing program 0 (id=2129): bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340)=0xffffffffffffffff, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x9, [@float={0xc, 0x0, 0x0, 0x10, 0xc}, @ptr={0x1, 0x0, 0x0, 0x2, 0x3}]}, {0x0, [0x2e, 0x2e, 0x61, 0x5f, 0x2e, 0x0, 0x5f]}}, &(0x7f00000005c0)=""/96, 0x39, 0x60, 0x0, 0x9}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x6}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff}]}, &(0x7f00000000c0)='syzkaller\x00', 0x800, 0x45, &(0x7f0000000180)=""/69, 0x41100, 0x28, '\x00', r0, 0x25, r1, 0x8, &(0x7f0000000380)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x1, 0xf, 0x2, 0x9}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000400)=[{0x3, 0x4, 0x6, 0x9}, {0x5, 0x5, 0x2, 0x2}], 0x10, 0x7}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4002}, [@call={0x85, 0x0, 0x0, 0x53}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6cab2ea5}, 0x94) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x48) bpf$OBJ_PIN_MAP(0x9, &(0x7f0000000040)=@generic={0x0, r4}, 0x18) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000880)={r3}, 0x8) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000008c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', r0, r1, 0x4, 0x0, 0x3}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0xe, &(0x7f0000000680)=@raw=[@jmp={0x5, 0x1, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @alu={0x3, 0x1, 0xc, 0x2, 0x6, 0xfffffffffffffff0, 0xffffffffffffffff}, @map_val={0x18, 0x2, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @alu={0x4, 0x1, 0x2, 0xb, 0x9, 0x4, 0x1}, @call={0x85, 0x0, 0x0, 0xb0}, @map_val={0x18, 0x1, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000000700)='GPL\x00', 0x60a, 0x8a, &(0x7f0000000740)=""/138, 0x40f00, 0x0, '\x00', r0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000800)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000840)={0x4, 0x2, 0x88000000, 0xfffffffd}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000940)=[r2, r5, r2, r6, r2], &(0x7f0000000980)=[{0x5, 0x4, 0x3, 0x5}], 0x10, 0x3}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x6, 0x8, 0x8, 0x40}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000c00000008"], 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r8}, 0xc) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000040)="40d174b28bf781c274386d178550", 0x0, 0x1200801, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.192450377s ago: executing program 1 (id=2133): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000003, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x41, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff8, 0x1}, 0x12640, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000080)={0x1, 0x41, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff8, 0x1}, 0x12640, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r1, &(0x7f0000000000), 0x2a979d) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x408) syz_clone(0xc4201100, 0x0, 0x0, &(0x7f0000000740), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001100), 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180), 0xc) r7 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r0) r8 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r8, &(0x7f00000010c0)={&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000480)='\\', 0x1}], 0x1}, 0x4000040) 5.888019285s ago: executing program 0 (id=2136): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000000000000000000000080008500000087000000850000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000300)='syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@cgroup=r1, 0x12, 0x1, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f00000001c0)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@generic={&(0x7f0000000340)='./file0\x00', 0x0, 0x10}, 0x18) perf_event_open(0x0, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0], 0x0, 0x4f, &(0x7f0000000400)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000740), &(0x7f0000000480), 0x8, 0x4d, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0x6, '\x00', r4, r3, 0x0, 0x4, 0x3}, 0x50) r5 = openat$cgroup_int(r2, &(0x7f0000000000)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f0000000100)=0x8000000000000000, 0x12) 4.486816237s ago: executing program 0 (id=2140): perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32=0x0], 0x20) 3.650444351s ago: executing program 3 (id=2143): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000004000000040000000900000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="f600000000000002000000000000000018110027", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b30000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r3}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20403, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_config_ext={0x9}, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001) sendmsg(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)="a6", 0xffffff58}], 0x1}, 0x40001) 3.557765575s ago: executing program 0 (id=2144): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000fe, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x8000, &(0x7f00000006c0)="a65434e415bb67fb968c3c339a6ba48da1171f5aeca05121c4bc37e40e0917ee55fba4af6d93469f7b4999b39670d8c19a3d8d091b8164f819b274e255b4e4626dc5fdafbd6c5ae79c141e67f4aa730c0f08f7a194cb0f9b3511024013d5be4e2e44afb69a565152add1e2ace8e75505892397d465438a1eaffb2e914c20987220959cc0b409e22499a741de6c935637336f3ea7241c96fec1e80c22354723f9c0c7d99f82bfe9ff2c4304cbf8b6218cca2d147d2cc4d6e86fb5a77aa56635484c05cbc0ca675e50e28a7c42fba696aff4172b9726db1ce7", 0xd8, &(0x7f00000007c0), &(0x7f0000000800), &(0x7f0000000840)="5e4071a3e112dd16144ebffcfc93173e426541e3d6dcca2287f1edd8798492b394ed474ea753b9ae4cbf0704d68b3c9f46a1ce2c1ea82b5d65be9afd7a9908a40066d852fdb0d6c1b51fd60689628ccca9ebd9d8143d8ed2a564241977c942ff275db207882115dbdc14a06e9a78f3c0c5820b1e15a8381ef1e8f6d39c887f900ee98ad00a5f79c68fbc64ee9bb92e2bea0a7d34fbbf747d0ccf5180fc73810e5f74cf451eec04b4ec03b001f435f6c4c521b54f6c464d3ab609a4fd843decf070cdd8ed0dc2f565b6979f9f2c062197703dfc0275657f05465ca7e6f5d51d7dd6ab162ea0") close(0x3) perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x85, 0x1, 0x0, 0x0, 0x0, 0x2, 0x20022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x9, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000000400930ec0f8c9e5393680f5ceddef00", @ANYRES32, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000100"/28], 0x50) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f0000000180)=r2, 0x4) sendmsg$inet(r3, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="2c00000000000000000000000700000044150503"], 0x30}, 0x40880) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r4, &(0x7f0000000000), 0x2a979d) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 3.27065834s ago: executing program 1 (id=2145): r0 = perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r3 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.789472525s ago: executing program 1 (id=2147): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000004000000040000000900000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="f600000000000002000000000000000018110027", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b30000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r3}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20403, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_config_ext={0x9}, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001) sendmsg(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)="a6", 0xffffff58}], 0x1}, 0x40001) 2.566343677s ago: executing program 3 (id=2149): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x8, 0x1}, 0x114d05, 0x4, 0xfffffffe, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x1, 0xffffffffffffffff, 0x3) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8916, &(0x7f0000000040)={'bond_slave_1\x00', @random="02000300"}) 2.138754409s ago: executing program 3 (id=2151): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000071108400000000001f010000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 2.096347471s ago: executing program 2 (id=2152): r0 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=r0], 0x20) 1.908401601s ago: executing program 0 (id=2153): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000003, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x41, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff8, 0x1}, 0x12640, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000080)={0x1, 0x41, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff8, 0x1}, 0x12640, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r1, &(0x7f0000000000), 0x2a979d) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x408) syz_clone(0xc4201100, 0x0, 0x0, &(0x7f0000000740), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001100), 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r5, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180), 0xc) r7 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r0) r8 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r8, &(0x7f00000010c0)={&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000480)='\\', 0x1}], 0x1}, 0x4000040) 1.73231458s ago: executing program 2 (id=2154): sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0x10, 0x2, 0x0) perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0, 0x5}, 0x880, 0x800, 0x0, 0x8, 0x0, 0x7, 0xffff, 0x0, 0x20000, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39c}, 0x50) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x9, 0x8004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe30e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8800, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x48) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4800) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000b6c8cff00f90429fc60010f5ddf", 0x14}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x1, 0x2, 0x0, 0x80, 0x1, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0x1, 0xffffffffffffffff, 0x1) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000200)={r6, r1}, 0xc) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e00000010008188e6b62aa73772cc9f1ba1f848480000", 0x17}], 0x1}, 0x0) 1.73213671s ago: executing program 3 (id=2155): r0 = perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x2) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r3 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.297068832s ago: executing program 1 (id=2156): bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005}, 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="2b07030000a78bda"], 0x5) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r2, 0x107, 0x8, 0x0, 0x300) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x3ff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x50) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r3}, &(0x7f0000000200), 0x0}, 0x20) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, 0x0, 0x456c4997c6f2bef1, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x9, 0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x110905, 0x6, 0x0, 0x1, 0xe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) close(0x3) 1.173343609s ago: executing program 3 (id=2157): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000004000000040000000900000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="f600000000000002000000000000000018110027", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b30000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r3}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8003}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20403, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, @perf_config_ext={0x9}, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001) sendmsg(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000440)="a6", 0xffffff58}], 0x1}, 0x40001) 975.45019ms ago: executing program 2 (id=2158): bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[], 0x20) 784.996739ms ago: executing program 1 (id=2159): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8001}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r0 = socket$kcm(0x2, 0x1, 0x84) r1 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r1, 0x84, 0x75, &(0x7f0000000000), 0x8) setsockopt$sock_attach_bpf(r0, 0x84, 0x84, &(0x7f0000000000), 0x90) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x804, 0x14c9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, @perf_config_ext={0x1, 0x4}, 0xa0, 0x58, 0x0, 0x4, 0x2, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r3, 0x0, 0x2000, 0x2000, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0xd8, 0xc4, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804e5ac5d4ec7ac9c5fd67a76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917a1e215b1a6c7ee605b32b91eaae38517fde4303d5f2b1e63e9e52ae4b197fd72de1f71801e1f9f1369d1f530", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5af40bb6f4c526", 0x0, 0x8000}, 0x24) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r2}, 0x8) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x37, 0x37, 0x9, [@datasec={0xe, 0x1, 0x0, 0xf, 0x3, [{0x2, 0xfffffff0, 0x2}], "35b63e"}, @typedef={0xe}, @int={0xe, 0x0, 0x0, 0x1, 0x0, 0x22, 0x0, 0x1e, 0x6}]}, {0x0, [0x5f, 0x2e, 0x61, 0x61, 0x2e, 0x61, 0x5f]}}, &(0x7f00000004c0)=""/33, 0x59, 0x21, 0x1, 0x2}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, @fallback=0x25, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xab35}, 0x94) r5 = socket$kcm(0xa, 0x0, 0x88) r6 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0)={r2}, 0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x19, 0x0, &(0x7f0000000040)="b90703600000f007049e0ff065581fffffe10ec53308633a77", 0x0, 0x104, 0xa000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b", 0x7}], 0x1}, 0x0) write$cgroup_subtree(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe00006a"], 0xfe33) r8 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x13, 0x4, 0xd0, 0xe, 0x0, 0x9, 0x10000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x2, @perf_config_ext={0xb72a, 0x5}, 0x100800, 0xb0, 0x1, 0x3, 0x400, 0xa, 0x60ce, 0x0, 0x6, 0x0, 0x7fffffffffffffff}, 0xffffffffffffffff, 0xf, r2, 0xa) perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x6, 0xd6, 0x8, 0x4, 0x0, 0x7, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x200, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x0, 0xffffffffffffff80, 0x6, 0x8, 0x1, 0x74, 0x0, 0x0, 0x5, 0x0, 0xfff}, r6, 0x2, r8, 0x3) socket$kcm(0x29, 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000480)={&(0x7f00000002c0)=@in6={0xa, 0x4e23, 0xfffffffc, @loopback={0xfe80000000000000}, 0x4}, 0x80, 0x0}, 0x20008810) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) 684.000094ms ago: executing program 2 (id=2160): r0 = socket$kcm(0xa, 0x5, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x15, 0x2000000000000216, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r1, &(0x7f00000010c0)={0x0, 0x0, 0x0}, 0x4000040) close(r1) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8993, &(0x7f0000000200)={'bond0\x00', @local}) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000002fd2835e000000000000000000000000004174f21863d1ef581c23b9e7d162bf36ef667be174be0ea27420fa1272d7c067cd3c30d6918052a9f7f57d12979ebb1b9f7ab5b1ebafcbbd84654595084d144093307eeb267beabd437093c799fdd3c99f0f8f93c0ccc630b624429df1e1de5cc86ac901d2dc74c522b710fb7a51da4ce5cd73ca344c2026ff9f1322bd86a8e76bfc37e7d3f01395e787683b60780ed867e9781bc1961d4fe3dde0ecf6473b50c03bc37bb91b52e8be81f7e6ce7f903dd6b32fb4d6ad48ecad4fe35b988461fb66b2c84f"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000004100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000004000002850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8000) 310.299774ms ago: executing program 2 (id=2161): close(0xffffffffffffffff) mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x43) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000005c0), 0x12) 168.914151ms ago: executing program 1 (id=2162): r0 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=r0], 0x20) 128.832453ms ago: executing program 3 (id=2163): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1a00fe00000000bfa10000000000000701000000feffffb702000005000000b70300000000000085000000c700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000000)={'bond_slave_0\x00', @random="0135013590ff"}) (rerun: 32) recvmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/222, 0xde}, {&(0x7f00000002c0)}, {&(0x7f0000000180)=""/198, 0xc6}], 0x3, &(0x7f0000000340)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}, 0x0) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0xa) 0s ago: executing program 2 (id=2164): close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000005a0000008500000022000000180100002020702500000000002020200100000000000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000005, 0x5a4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x11540, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x16, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x43) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000005c0), 0x12) kernel console output (not intermixed with test programs): /0x310 [ 293.463514][T10084] ? slab_free_freelist_hook+0x130/0x1a0 [ 293.469382][T10084] ? create_local_trace_uprobe+0x158/0x6e0 [ 293.475617][T10084] __kmem_cache_alloc_node+0x53/0x250 [ 293.481225][T10084] ? kern_path+0x3f/0x50 [ 293.485722][T10084] ? create_local_trace_uprobe+0x158/0x6e0 [ 293.491766][T10084] kmalloc_trace+0x2a/0xe0 [ 293.496426][T10084] create_local_trace_uprobe+0x158/0x6e0 [ 293.502402][T10084] ? bpf_get_uprobe_info+0x520/0x520 [ 293.507744][T10084] ? __might_fault+0xaa/0x120 [ 293.512660][T10084] ? _copy_from_user+0xa5/0xe0 [ 293.517614][T10084] perf_uprobe_init+0xf3/0x190 [ 293.522539][T10084] perf_uprobe_event_init+0xe6/0x180 [ 293.527984][T10084] perf_try_init_event+0x12b/0x3c0 [ 293.533169][T10084] perf_event_alloc+0xfa4/0x21b0 [ 293.538409][T10084] ? perf_event_alloc+0xc06/0x21b0 [ 293.543712][T10084] ? find_lively_task_by_vpid+0x19/0x290 [ 293.549517][T10084] __se_sys_perf_event_open+0x740/0x1c50 [ 293.555325][T10084] ? mutex_unlock+0x10/0x10 [ 293.559898][T10084] ? __x64_sys_perf_event_open+0xc0/0xc0 [ 293.565798][T10084] ? lock_chain_count+0x20/0x20 [ 293.570903][T10084] ? lockdep_hardirqs_on+0x98/0x150 [ 293.576436][T10084] ? __x64_sys_perf_event_open+0x20/0xc0 [ 293.582234][T10084] do_syscall_64+0x55/0xa0 [ 293.586987][T10084] ? clear_bhb_loop+0x40/0x90 [ 293.591807][T10084] ? clear_bhb_loop+0x40/0x90 [ 293.596551][T10084] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 293.602586][T10084] RIP: 0033:0x7f40c5f9c819 [ 293.607058][T10084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 293.626809][T10084] RSP: 002b:00007f40c6dec028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 293.635580][T10084] RAX: ffffffffffffffda RBX: 00007f40c6215fa0 RCX: 00007f40c5f9c819 [ 293.643799][T10084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 293.652466][T10084] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 293.653614][T10078] netlink: 'syz.1.1289': attribute type 10 has an invalid length. [ 293.660721][T10084] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 293.660770][T10084] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 293.660826][T10084] [ 293.733996][T10084] trace_uprobe: Failed to allocate trace_uprobe.(-12) [ 294.081884][T10090] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1292'. [ 294.203261][T10092] netlink: 'syz.1.1300': attribute type 10 has an invalid length. [ 294.500970][T10097] netlink: 668 bytes leftover after parsing attributes in process `syz.0.1294'. [ 294.531326][T10097] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 294.567675][T10097] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 295.396754][T10112] netlink: 147988 bytes leftover after parsing attributes in process `syz.0.1299'. [ 295.456698][T10112] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 295.465827][T10112] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 296.416828][T10137] netlink: 668 bytes leftover after parsing attributes in process `syz.1.1307'. [ 296.477816][T10137] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 296.533536][T10137] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 297.023912][T10143] netlink: 'syz.3.1308': attribute type 10 has an invalid length. [ 297.086887][T10143] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1308'. [ 297.346372][T10143] batman_adv: batadv0: Adding interface: virt_wifi0 [ 297.414132][T10143] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.588255][T10143] batman_adv: batadv0: Interface activated: virt_wifi0 [ 299.269564][T10177] netlink: 'syz.3.1318': attribute type 10 has an invalid length. [ 299.739459][T10187] FAULT_INJECTION: forcing a failure. [ 299.739459][T10187] name failslab, interval 1, probability 0, space 0, times 0 [ 299.782805][T10187] CPU: 0 PID: 10187 Comm: syz.1.1323 Not tainted syzkaller #0 [ 299.790691][T10187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 299.801428][T10187] Call Trace: [ 299.804766][T10187] [ 299.807983][T10187] dump_stack_lvl+0x18c/0x250 [ 299.812712][T10187] ? show_regs_print_info+0x20/0x20 [ 299.817939][T10187] ? load_image+0x420/0x420 [ 299.822561][T10187] ? __might_sleep+0xe0/0xe0 [ 299.827359][T10187] ? __lock_acquire+0x7d40/0x7d40 [ 299.832766][T10187] should_fail_ex+0x39d/0x4d0 [ 299.838025][T10187] should_failslab+0x9/0x20 [ 299.842854][T10187] slab_pre_alloc_hook+0x59/0x310 [ 299.848089][T10187] ? d_instantiate+0x6f/0x90 [ 299.853252][T10187] kmem_cache_alloc+0x5a/0x2d0 [ 299.858401][T10187] ? alloc_empty_file+0x9e/0x1d0 [ 299.865060][T10187] alloc_empty_file+0x9e/0x1d0 [ 299.872077][T10187] alloc_file+0x5c/0x600 [ 299.877272][T10187] alloc_file_pseudo+0x184/0x210 [ 299.883123][T10187] ? alloc_empty_backing_file+0xe0/0xe0 [ 299.889410][T10187] ? alloc_fd+0x58f/0x630 [ 299.894498][T10187] anon_inode_getfd+0xca/0x1c0 [ 299.900270][T10187] btf_new_fd+0x856/0x9f0 [ 299.906311][T10187] ? bpf_btf_show_fdinfo+0x80/0x80 [ 299.912528][T10187] ? capable+0x88/0xe0 [ 299.916825][T10187] __sys_bpf+0x670/0x890 [ 299.921502][T10187] ? bpf_link_show_fdinfo+0x390/0x390 [ 299.928071][T10187] ? lock_chain_count+0x20/0x20 [ 299.934280][T10187] __x64_sys_bpf+0x7c/0x90 [ 299.939909][T10187] do_syscall_64+0x55/0xa0 [ 299.944552][T10187] ? clear_bhb_loop+0x40/0x90 [ 299.949377][T10187] ? clear_bhb_loop+0x40/0x90 [ 299.955320][T10187] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 299.961878][T10187] RIP: 0033:0x7f494b59c819 [ 299.966418][T10187] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 299.987146][T10187] RSP: 002b:00007f494c48e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 299.995860][T10187] RAX: ffffffffffffffda RBX: 00007f494b815fa0 RCX: 00007f494b59c819 [ 300.003944][T10187] RDX: 0000000000000028 RSI: 00002000000001c0 RDI: 0000000000000012 [ 300.012213][T10187] RBP: 00007f494c48e090 R08: 0000000000000000 R09: 0000000000000000 [ 300.020575][T10187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 300.028833][T10187] R13: 00007f494b816038 R14: 00007f494b815fa0 R15: 00007ffe30b583f8 [ 300.037194][T10187] [ 300.814237][T10205] netlink: 'syz.3.1330': attribute type 10 has an invalid length. [ 302.547783][T10236] netlink: 'syz.3.1341': attribute type 10 has an invalid length. [ 302.843367][T10239] netlink: 'syz.2.1340': attribute type 10 has an invalid length. [ 302.863820][T10239] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1340'. [ 303.025088][T10239] batman_adv: batadv0: Adding interface: virt_wifi0 [ 303.059218][T10239] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.227303][T10239] batman_adv: batadv0: Interface activated: virt_wifi0 [ 303.678206][T10251] tap0: tun_chr_ioctl cmd 1074025677 [ 303.684570][T10251] tap0: linktype set to 778 [ 303.750705][T10252] tap0: tun_chr_ioctl cmd 2147767511 [ 303.830987][T10255] FAULT_INJECTION: forcing a failure. [ 303.830987][T10255] name failslab, interval 1, probability 0, space 0, times 0 [ 303.866751][T10255] CPU: 1 PID: 10255 Comm: syz.3.1345 Not tainted syzkaller #0 [ 303.875103][T10255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 303.885580][T10255] Call Trace: [ 303.889011][T10255] [ 303.892239][T10255] dump_stack_lvl+0x18c/0x250 [ 303.896977][T10255] ? show_regs_print_info+0x20/0x20 [ 303.902354][T10255] ? load_image+0x420/0x420 [ 303.906924][T10255] ? verify_lock_unused+0x140/0x140 [ 303.912529][T10255] ? perf_trace_lock+0x304/0x3b0 [ 303.917723][T10255] should_fail_ex+0x39d/0x4d0 [ 303.922672][T10255] should_failslab+0x9/0x20 [ 303.927658][T10255] slab_pre_alloc_hook+0x59/0x310 [ 303.933226][T10255] kmem_cache_alloc+0x5a/0x2d0 [ 303.938148][T10255] ? skb_clone+0x1eb/0x370 [ 303.942811][T10255] skb_clone+0x1eb/0x370 [ 303.947114][T10255] __netlink_deliver_tap+0x41c/0x830 [ 303.952755][T10255] ? netlink_deliver_tap+0x2e/0x1b0 [ 303.958101][T10255] netlink_deliver_tap+0x19c/0x1b0 [ 303.963466][T10255] netlink_unicast+0x72c/0x8d0 [ 303.967748][ T5780] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 303.968301][T10255] netlink_sendmsg+0x8d0/0xbf0 [ 303.980715][T10255] ? perf_trace_lock+0x304/0x3b0 [ 303.985956][T10255] ? netlink_getsockopt+0x590/0x590 [ 303.991547][T10255] ? aa_sock_msg_perm+0x94/0x150 [ 303.996738][T10255] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 304.002174][T10255] ? security_socket_sendmsg+0x80/0xa0 [ 304.007686][T10255] ? netlink_getsockopt+0x590/0x590 [ 304.013173][T10255] ____sys_sendmsg+0x5ba/0x960 [ 304.018137][T10255] ? __asan_memset+0x22/0x40 [ 304.022958][T10255] ? __sys_sendmsg_sock+0x30/0x30 [ 304.028042][T10255] ? __import_iovec+0x5f2/0x850 [ 304.033528][T10255] ? import_iovec+0x73/0xa0 [ 304.038142][T10255] ___sys_sendmsg+0x2a6/0x360 [ 304.043362][T10255] ? __sys_sendmsg+0x2a0/0x2a0 [ 304.048617][T10255] ? __lock_acquire+0x7d40/0x7d40 [ 304.054103][T10255] __se_sys_sendmsg+0x1c2/0x2b0 [ 304.059079][T10255] ? __x64_sys_sendmsg+0x80/0x80 [ 304.064641][T10255] ? lockdep_hardirqs_on+0x98/0x150 [ 304.069878][T10255] do_syscall_64+0x55/0xa0 [ 304.074503][T10255] ? clear_bhb_loop+0x40/0x90 [ 304.079478][T10255] ? clear_bhb_loop+0x40/0x90 [ 304.084180][T10255] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 304.090193][T10255] RIP: 0033:0x7f40c5f9c819 [ 304.094640][T10255] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 304.114528][T10255] RSP: 002b:00007f40c6dec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 304.122975][T10255] RAX: ffffffffffffffda RBX: 00007f40c6215fa0 RCX: 00007f40c5f9c819 [ 304.131004][T10255] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 304.139081][T10255] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 304.148253][T10255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.156876][T10255] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 304.165899][T10255] [ 305.922012][T10279] netlink: 'syz.2.1351': attribute type 10 has an invalid length. [ 306.010880][ T5780] Bluetooth: hci0: command 0x0406 tx timeout [ 307.159935][T10301] netlink: 'syz.3.1363': attribute type 10 has an invalid length. [ 307.223348][T10307] netlink: 'syz.1.1355': attribute type 10 has an invalid length. [ 307.245240][T10307] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1355'. [ 307.373451][T10307] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 309.618123][T10354] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1371'. [ 309.848770][T10354] netlink: 184 bytes leftover after parsing attributes in process `syz.1.1371'. [ 310.810550][T10368] FAULT_INJECTION: forcing a failure. [ 310.810550][T10368] name failslab, interval 1, probability 0, space 0, times 0 [ 310.846738][T10368] CPU: 1 PID: 10368 Comm: syz.2.1375 Not tainted syzkaller #0 [ 310.854906][T10368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 310.865514][T10368] Call Trace: [ 310.868993][T10368] [ 310.872051][T10368] dump_stack_lvl+0x18c/0x250 [ 310.877112][T10368] ? show_regs_print_info+0x20/0x20 [ 310.882603][T10368] ? load_image+0x420/0x420 [ 310.887397][T10368] ? lockdep_hardirqs_on+0x98/0x150 [ 310.892895][T10368] should_fail_ex+0x39d/0x4d0 [ 310.897801][T10368] should_failslab+0x9/0x20 [ 310.902479][T10368] slab_pre_alloc_hook+0x59/0x310 [ 310.907731][T10368] ? perf_tp_event+0x13d7/0x1520 [ 310.912899][T10368] kmem_cache_alloc_node+0x60/0x320 [ 310.918190][T10368] ? mark_lock+0x94/0x320 [ 310.922511][T10368] ? __alloc_skb+0x103/0x2c0 [ 310.927336][T10368] __alloc_skb+0x103/0x2c0 [ 310.931963][T10368] tipc_msg_build+0x161/0xee0 [ 310.936644][T10368] ? skb_copy_to_linear_data_offset+0x60/0x60 [ 310.942893][T10368] __tipc_sendstream+0x8a9/0x1270 [ 310.948112][T10368] ? tsk_advance_rx_queue+0x310/0x310 [ 310.953525][T10368] ? wait_woken+0x180/0x180 [ 310.958116][T10368] ? _local_bh_enable+0xa0/0xa0 [ 310.962966][T10368] tipc_sendstream+0x55/0x70 [ 310.967548][T10368] ? tipc_getsockopt+0x5a0/0x5a0 [ 310.972505][T10368] ____sys_sendmsg+0x5ba/0x960 [ 310.977297][T10368] ? __asan_memset+0x22/0x40 [ 310.981905][T10368] ? __sys_sendmsg_sock+0x30/0x30 [ 310.986946][T10368] ? __import_iovec+0x5f2/0x850 [ 310.991827][T10368] ? import_iovec+0x73/0xa0 [ 310.996339][T10368] ___sys_sendmsg+0x2a6/0x360 [ 311.001114][T10368] ? __sys_sendmsg+0x2a0/0x2a0 [ 311.006071][T10368] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 311.012375][T10368] __se_sys_sendmsg+0x1c2/0x2b0 [ 311.017412][T10368] ? __x64_sys_sendmsg+0x80/0x80 [ 311.022529][T10368] ? lockdep_hardirqs_on+0x98/0x150 [ 311.027916][T10368] do_syscall_64+0x55/0xa0 [ 311.032497][T10368] ? clear_bhb_loop+0x40/0x90 [ 311.037198][T10368] ? clear_bhb_loop+0x40/0x90 [ 311.041991][T10368] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 311.048066][T10368] RIP: 0033:0x7fe3e7d9c819 [ 311.053090][T10368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 311.073209][T10368] RSP: 002b:00007fe3e8ccc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.081893][T10368] RAX: ffffffffffffffda RBX: 00007fe3e8016090 RCX: 00007fe3e7d9c819 [ 311.089948][T10368] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 311.097923][T10368] RBP: 00007fe3e8ccc090 R08: 0000000000000000 R09: 0000000000000000 [ 311.106034][T10368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.114174][T10368] R13: 00007fe3e8016128 R14: 00007fe3e8016090 R15: 00007fff54c42c18 [ 311.122767][T10368] [ 311.656271][T10375] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 311.686304][T10377] delete_channel: no stack [ 311.704317][T10377] delete_channel: no stack [ 312.285681][T10398] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1387'. [ 312.687640][T10401] netlink: 184 bytes leftover after parsing attributes in process `syz.2.1387'. [ 312.736795][T10402] netlink: 'syz.2.1387': attribute type 10 has an invalid length. [ 312.773059][T10402] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1387'. [ 312.824229][T10402] batadv0: entered promiscuous mode [ 312.837506][T10402] batadv0: entered allmulticast mode [ 312.843979][T10402] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 312.861549][T10410] delete_channel: no stack [ 312.877366][T10410] delete_channel: no stack [ 312.885278][T10405] netlink: 763 bytes leftover after parsing attributes in process `syz.1.1388'. [ 314.641045][T10447] netlink: 4079 bytes leftover after parsing attributes in process `syz.0.1402'. [ 315.282335][T10459] FAULT_INJECTION: forcing a failure. [ 315.282335][T10459] name failslab, interval 1, probability 0, space 0, times 0 [ 315.308140][T10459] CPU: 0 PID: 10459 Comm: syz.2.1405 Not tainted syzkaller #0 [ 315.308773][T10454] netlink: 'syz.3.1404': attribute type 13 has an invalid length. [ 315.315683][T10459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 315.334354][T10459] Call Trace: [ 315.337659][T10459] [ 315.340827][T10459] dump_stack_lvl+0x18c/0x250 [ 315.341660][T10454] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1404'. [ 315.345618][T10459] ? show_regs_print_info+0x20/0x20 [ 315.345652][T10459] ? load_image+0x420/0x420 [ 315.345685][T10459] should_fail_ex+0x39d/0x4d0 [ 315.369929][T10459] should_failslab+0x9/0x20 [ 315.374747][T10459] slab_pre_alloc_hook+0x59/0x310 [ 315.379811][T10459] ? nf_ct_ext_add+0x1ab/0x440 [ 315.384951][T10459] ? nf_ct_ext_add+0x1ab/0x440 [ 315.389919][T10459] __kmem_cache_alloc_node+0x53/0x250 [ 315.395782][T10459] ? nf_ct_ext_add+0x1ab/0x440 [ 315.400588][T10459] __kmalloc_node_track_caller+0xa2/0x230 [ 315.406532][T10459] krealloc+0x86/0x120 [ 315.410764][T10459] nf_ct_ext_add+0x1ab/0x440 [ 315.415743][T10459] init_conntrack+0x69c/0xf10 [ 315.420812][T10459] ? early_drop+0x7f0/0x7f0 [ 315.425620][T10459] ? nf_conntrack_find_get+0x650/0x650 [ 315.431228][T10459] ? __siphash_unaligned+0x22e/0x3a0 [ 315.436643][T10459] nf_conntrack_in+0xc06/0x15c0 [ 315.441903][T10459] ? nf_ct_pernet+0x270/0x270 [ 315.446971][T10459] ? ip6t_do_table+0x1d9/0x1510 [ 315.452158][T10459] ? ip6t_alloc_initial_table+0x640/0x640 [ 315.458157][T10459] ? ipv6_defrag+0x2d6/0x3a0 [ 315.463019][T10459] ? ipv6_conntrack_in+0x20/0x20 [ 315.467982][T10459] nf_hook_slow+0xbd/0x200 [ 315.472694][T10459] __ip6_local_out+0x784/0x8a0 [ 315.477598][T10459] ? __ip6_local_out+0x60c/0x8a0 [ 315.482588][T10459] ? ip6_dst_hoplimit+0x350/0x350 [ 315.488187][T10459] ? __ip6_local_out+0x8a0/0x8a0 [ 315.493675][T10459] ? read_lock_is_recursive+0x20/0x20 [ 315.499344][T10459] ip6_local_out+0x2a/0x130 [ 315.504041][T10459] ? ip6_send_skb+0x10f/0x380 [ 315.509090][T10459] ip6_send_skb+0x1d5/0x380 [ 315.513724][T10459] l2tp_ip6_sendmsg+0x129b/0x1690 [ 315.518949][T10459] ? __might_sleep+0xe0/0xe0 [ 315.523553][T10459] ? l2tp_ip6_destroy_sock+0x60/0x60 [ 315.529142][T10459] ? aa_af_perm+0x330/0x330 [ 315.534019][T10459] ? tomoyo_socket_sendmsg_permission+0x216/0x2f0 [ 315.540637][T10459] ? sock_rps_record_flow+0x19/0x3f0 [ 315.546077][T10459] ? inet_sendmsg+0x7c/0x2f0 [ 315.550784][T10459] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 315.556195][T10459] ? security_socket_sendmsg+0x80/0xa0 [ 315.561690][T10459] ? inet_send_prepare+0x260/0x260 [ 315.566941][T10459] ____sys_sendmsg+0x5ba/0x960 [ 315.572017][T10459] ? __lock_acquire+0x7d40/0x7d40 [ 315.577341][T10459] ? __sys_sendmsg_sock+0x30/0x30 [ 315.582571][T10459] ? __import_iovec+0x3fa/0x850 [ 315.587548][T10459] ? import_iovec+0x73/0xa0 [ 315.592077][T10459] ___sys_sendmsg+0x2a6/0x360 [ 315.596803][T10459] ? get_pid_task+0x20/0x1e0 [ 315.601611][T10459] ? __sys_sendmsg+0x2a0/0x2a0 [ 315.606422][T10459] ? __lock_acquire+0x7d40/0x7d40 [ 315.611626][T10459] __se_sys_sendmsg+0x1c2/0x2b0 [ 315.616771][T10459] ? __x64_sys_sendmsg+0x80/0x80 [ 315.622288][T10459] ? lockdep_hardirqs_on+0x98/0x150 [ 315.628050][T10459] do_syscall_64+0x55/0xa0 [ 315.632546][T10459] ? clear_bhb_loop+0x40/0x90 [ 315.637334][T10459] ? clear_bhb_loop+0x40/0x90 [ 315.642386][T10459] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 315.648542][T10459] RIP: 0033:0x7fe3e7d9c819 [ 315.653076][T10459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 315.673215][T10459] RSP: 002b:00007fe3e8ccc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.681775][T10459] RAX: ffffffffffffffda RBX: 00007fe3e8016090 RCX: 00007fe3e7d9c819 [ 315.690029][T10459] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000000000000004 [ 315.698298][T10459] RBP: 00007fe3e8ccc090 R08: 0000000000000000 R09: 0000000000000000 [ 315.706533][T10459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 315.714686][T10459] R13: 00007fe3e8016128 R14: 00007fe3e8016090 R15: 00007fff54c42c18 [ 315.722845][T10459] [ 315.744168][T10454] erspan0: refused to change device tx_queue_len [ 315.996891][T10471] bridge0: entered promiscuous mode [ 316.002647][T10471] bridge0: entered allmulticast mode [ 316.173720][T10473] syz.2.1411[10473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.174090][T10473] syz.2.1411[10473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.225129][T10480] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1413'. [ 316.375780][T10485] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1414'. [ 316.377906][T10483] netlink: 'syz.1.1413': attribute type 13 has an invalid length. [ 316.430478][T10483] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1413'. [ 316.445128][T10487] FAULT_INJECTION: forcing a failure. [ 316.445128][T10487] name failslab, interval 1, probability 0, space 0, times 0 [ 316.531039][T10487] CPU: 0 PID: 10487 Comm: syz.3.1414 Not tainted syzkaller #0 [ 316.538668][T10487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 316.549010][T10487] Call Trace: [ 316.552438][T10487] [ 316.555498][T10487] dump_stack_lvl+0x18c/0x250 [ 316.560206][T10487] ? show_regs_print_info+0x20/0x20 [ 316.565411][T10487] ? load_image+0x420/0x420 [ 316.570096][T10487] ? __might_sleep+0xe0/0xe0 [ 316.574948][T10487] ? __lock_acquire+0x7d40/0x7d40 [ 316.580235][T10487] should_fail_ex+0x39d/0x4d0 [ 316.585174][T10487] should_failslab+0x9/0x20 [ 316.589785][T10487] slab_pre_alloc_hook+0x59/0x310 [ 316.595083][T10487] ? __lock_acquire+0x7d40/0x7d40 [ 316.600229][T10487] kmem_cache_alloc_node+0x60/0x320 [ 316.605427][T10487] ? __alloc_skb+0x103/0x2c0 [ 316.610210][T10487] __alloc_skb+0x103/0x2c0 [ 316.614797][T10487] netlink_sendmsg+0x66a/0xbf0 [ 316.619858][T10487] ? netlink_getsockopt+0x590/0x590 [ 316.625336][T10487] ? aa_sock_msg_perm+0x94/0x150 [ 316.630389][T10487] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 316.636037][T10487] ? security_socket_sendmsg+0x80/0xa0 [ 316.641685][T10487] ? netlink_getsockopt+0x590/0x590 [ 316.647252][T10487] ____sys_sendmsg+0x5ba/0x960 [ 316.652083][T10487] ? __asan_memset+0x22/0x40 [ 316.656952][T10487] ? __sys_sendmsg_sock+0x30/0x30 [ 316.662075][T10487] ? __import_iovec+0x5f2/0x850 [ 316.667020][T10487] ? import_iovec+0x73/0xa0 [ 316.671520][T10487] ___sys_sendmsg+0x2a6/0x360 [ 316.676634][T10487] ? __sys_sendmsg+0x2a0/0x2a0 [ 316.681945][T10487] ? __lock_acquire+0x7d40/0x7d40 [ 316.687347][T10487] __se_sys_sendmsg+0x1c2/0x2b0 [ 316.692380][T10487] ? __x64_sys_sendmsg+0x80/0x80 [ 316.697585][T10487] ? lockdep_hardirqs_on+0x98/0x150 [ 316.703308][T10487] do_syscall_64+0x55/0xa0 [ 316.707715][T10487] ? clear_bhb_loop+0x40/0x90 [ 316.712473][T10487] ? clear_bhb_loop+0x40/0x90 [ 316.717255][T10487] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 316.723167][T10487] RIP: 0033:0x7f40c5f9c819 [ 316.727580][T10487] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 316.747801][T10487] RSP: 002b:00007f40c6dcb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.756400][T10487] RAX: ffffffffffffffda RBX: 00007f40c6216090 RCX: 00007f40c5f9c819 [ 316.764365][T10487] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000006 [ 316.772939][T10487] RBP: 00007f40c6dcb090 R08: 0000000000000000 R09: 0000000000000000 [ 316.781003][T10487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.789692][T10487] R13: 00007f40c6216128 R14: 00007f40c6216090 R15: 00007fff6d8da108 [ 316.797770][T10487] [ 317.024176][T10495] netlink: 'syz.0.1418': attribute type 21 has an invalid length. [ 317.032546][T10495] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1418'. [ 317.724024][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.731961][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.841129][T10505] netlink: 'syz.3.1422': attribute type 10 has an invalid length. [ 317.943453][T10511] FAULT_INJECTION: forcing a failure. [ 317.943453][T10511] name failslab, interval 1, probability 0, space 0, times 0 [ 317.950122][T10514] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1424'. [ 317.968975][T10511] CPU: 0 PID: 10511 Comm: syz.1.1423 Not tainted syzkaller #0 [ 317.976845][T10511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 317.987115][T10511] Call Trace: [ 317.990635][T10511] [ 317.993673][T10511] dump_stack_lvl+0x18c/0x250 [ 317.998517][T10511] ? show_regs_print_info+0x20/0x20 [ 318.003845][T10511] ? load_image+0x420/0x420 [ 318.008503][T10511] ? __lock_acquire+0x7d40/0x7d40 [ 318.014114][T10511] should_fail_ex+0x39d/0x4d0 [ 318.018920][T10511] should_failslab+0x9/0x20 [ 318.023566][T10511] slab_pre_alloc_hook+0x59/0x310 [ 318.028982][T10511] ? bpf_test_init+0x9f/0x140 [ 318.033901][T10511] ? bpf_test_init+0x9f/0x140 [ 318.038606][T10511] __kmem_cache_alloc_node+0x53/0x250 [ 318.044193][T10511] ? bpf_test_init+0x9f/0x140 [ 318.049088][T10511] __kmalloc+0xa4/0x230 [ 318.053294][T10511] bpf_test_init+0x9f/0x140 [ 318.057928][T10511] bpf_prog_test_run_xdp+0x4d1/0x10e0 [ 318.063874][T10511] ? dev_put+0x80/0x80 [ 318.068180][T10511] ? dev_put+0x80/0x80 [ 318.072454][T10511] bpf_prog_test_run+0x321/0x390 [ 318.077601][T10511] __sys_bpf+0x49d/0x890 [ 318.082150][T10511] ? bpf_link_show_fdinfo+0x390/0x390 [ 318.087826][T10511] ? lock_chain_count+0x20/0x20 [ 318.092968][T10511] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 318.099090][T10511] __x64_sys_bpf+0x7c/0x90 [ 318.103856][T10511] do_syscall_64+0x55/0xa0 [ 318.108479][T10511] ? clear_bhb_loop+0x40/0x90 [ 318.113273][T10511] ? clear_bhb_loop+0x40/0x90 [ 318.118160][T10511] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 318.124429][T10511] RIP: 0033:0x7f494b59c819 [ 318.128876][T10511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 318.149465][T10511] RSP: 002b:00007f494c48e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 318.158208][T10511] RAX: ffffffffffffffda RBX: 00007f494b815fa0 RCX: 00007f494b59c819 [ 318.166995][T10511] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 318.175332][T10511] RBP: 00007f494c48e090 R08: 0000000000000000 R09: 0000000000000000 [ 318.184654][T10511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 318.192752][T10511] R13: 00007f494b816038 R14: 00007f494b815fa0 R15: 00007ffe30b583f8 [ 318.200957][T10511] [ 319.281965][T10555] netlink: 'syz.1.1436': attribute type 10 has an invalid length. [ 319.474305][T10559] netlink: 'syz.0.1437': attribute type 10 has an invalid length. [ 319.751162][T10572] netlink: 'syz.0.1441': attribute type 4 has an invalid length. [ 319.759679][T10572] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1441'. [ 319.817563][T10572] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 320.583856][T10590] FAULT_INJECTION: forcing a failure. [ 320.583856][T10590] name failslab, interval 1, probability 0, space 0, times 0 [ 320.598253][T10590] CPU: 1 PID: 10590 Comm: syz.3.1448 Not tainted syzkaller #0 [ 320.606121][T10590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 320.616443][T10590] Call Trace: [ 320.619939][T10590] [ 320.623427][T10590] dump_stack_lvl+0x18c/0x250 [ 320.629157][T10590] ? show_regs_print_info+0x20/0x20 [ 320.634933][T10590] ? load_image+0x420/0x420 [ 320.640012][T10590] ? verify_lock_unused+0x140/0x140 [ 320.645966][T10590] ? perf_trace_lock+0xfc/0x3b0 [ 320.651184][T10590] should_fail_ex+0x39d/0x4d0 [ 320.656019][T10590] should_failslab+0x9/0x20 [ 320.660653][T10590] slab_pre_alloc_hook+0x59/0x310 [ 320.665769][T10590] kmem_cache_alloc+0x5a/0x2d0 [ 320.671416][T10590] ? skb_clone+0x1eb/0x370 [ 320.676131][T10590] skb_clone+0x1eb/0x370 [ 320.681273][T10590] __netlink_deliver_tap+0x41c/0x830 [ 320.686962][T10590] ? netlink_deliver_tap+0x2e/0x1b0 [ 320.692453][T10590] netlink_deliver_tap+0x19c/0x1b0 [ 320.697771][T10590] netlink_unicast+0x72c/0x8d0 [ 320.702761][T10590] netlink_sendmsg+0x8d0/0xbf0 [ 320.707912][T10590] ? netlink_getsockopt+0x590/0x590 [ 320.713246][T10590] ? aa_sock_msg_perm+0x94/0x150 [ 320.718316][T10590] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 320.723715][T10590] ? security_socket_sendmsg+0x80/0xa0 [ 320.729546][T10590] ? netlink_getsockopt+0x590/0x590 [ 320.735046][T10590] ____sys_sendmsg+0x5ba/0x960 [ 320.740079][T10590] ? __asan_memset+0x22/0x40 [ 320.744786][T10590] ? __sys_sendmsg_sock+0x30/0x30 [ 320.750399][T10590] ? __import_iovec+0x5f2/0x850 [ 320.755461][T10590] ? import_iovec+0x73/0xa0 [ 320.759999][T10590] ___sys_sendmsg+0x2a6/0x360 [ 320.764703][T10590] ? __sys_sendmsg+0x2a0/0x2a0 [ 320.769627][T10590] ? __lock_acquire+0x7d40/0x7d40 [ 320.774792][T10590] __se_sys_sendmsg+0x1c2/0x2b0 [ 320.779693][T10590] ? __x64_sys_sendmsg+0x80/0x80 [ 320.785215][T10590] ? lockdep_hardirqs_on+0x98/0x150 [ 320.790739][T10590] do_syscall_64+0x55/0xa0 [ 320.795271][T10590] ? clear_bhb_loop+0x40/0x90 [ 320.800158][T10590] ? clear_bhb_loop+0x40/0x90 [ 320.804958][T10590] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 320.811431][T10590] RIP: 0033:0x7f40c5f9c819 [ 320.816003][T10590] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 320.836256][T10590] RSP: 002b:00007f40c6dec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 320.845137][T10590] RAX: ffffffffffffffda RBX: 00007f40c6215fa0 RCX: 00007f40c5f9c819 [ 320.853539][T10590] RDX: 0000000060044084 RSI: 0000200000000040 RDI: 0000000000000003 [ 320.862498][T10590] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 320.870688][T10590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.879301][T10590] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 320.888472][T10590] [ 321.234042][T10590] netlink: 'syz.3.1448': attribute type 4 has an invalid length. [ 321.339539][T10590] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1448'. [ 321.942763][T10598] netlink: 'syz.3.1449': attribute type 10 has an invalid length. [ 323.034240][T10632] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1457'. [ 323.135960][T10632] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1457'. [ 323.167716][T10635] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1457'. [ 324.271395][T10650] netlink: 'syz.2.1461': attribute type 10 has an invalid length. [ 324.322077][T10649] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 324.902978][T10665] netlink: 15999 bytes leftover after parsing attributes in process `syz.3.1467'. [ 324.969034][T10673] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.1467'. [ 325.707432][T10685] FAULT_INJECTION: forcing a failure. [ 325.707432][T10685] name failslab, interval 1, probability 0, space 0, times 0 [ 325.822830][T10685] CPU: 1 PID: 10685 Comm: syz.0.1470 Not tainted syzkaller #0 [ 325.830614][T10685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 325.840874][T10685] Call Trace: [ 325.844255][T10685] [ 325.847299][T10685] dump_stack_lvl+0x18c/0x250 [ 325.852195][T10685] ? show_regs_print_info+0x20/0x20 [ 325.857870][T10685] ? load_image+0x420/0x420 [ 325.862694][T10685] ? __lock_acquire+0x7d40/0x7d40 [ 325.868738][T10685] should_fail_ex+0x39d/0x4d0 [ 325.873999][T10685] should_failslab+0x9/0x20 [ 325.878629][T10685] slab_pre_alloc_hook+0x59/0x310 [ 325.884346][T10685] ? bpf_test_init+0x9f/0x140 [ 325.889672][T10685] ? bpf_test_init+0x9f/0x140 [ 325.894741][T10685] __kmem_cache_alloc_node+0x53/0x250 [ 325.900166][T10685] ? bpf_test_init+0x9f/0x140 [ 325.904951][T10685] __kmalloc+0xa4/0x230 [ 325.909154][T10685] bpf_test_init+0x9f/0x140 [ 325.913689][T10685] bpf_prog_test_run_xdp+0x4d1/0x10e0 [ 325.919097][T10685] ? __fget_files+0x59/0x4b0 [ 325.924247][T10685] ? dev_put+0x80/0x80 [ 325.928363][T10685] ? dev_put+0x80/0x80 [ 325.932456][T10685] bpf_prog_test_run+0x321/0x390 [ 325.937565][T10685] __sys_bpf+0x49d/0x890 [ 325.941932][T10685] ? bpf_link_show_fdinfo+0x390/0x390 [ 325.947421][T10685] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 325.953817][T10685] __x64_sys_bpf+0x7c/0x90 [ 325.958448][T10685] do_syscall_64+0x55/0xa0 [ 325.962950][T10685] ? clear_bhb_loop+0x40/0x90 [ 325.968003][T10685] ? clear_bhb_loop+0x40/0x90 [ 325.972703][T10685] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 325.978797][T10685] RIP: 0033:0x7f726d79c819 [ 325.983227][T10685] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.003306][T10685] RSP: 002b:00007f726e61e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 326.012103][T10685] RAX: ffffffffffffffda RBX: 00007f726da15fa0 RCX: 00007f726d79c819 [ 326.020197][T10685] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 326.028542][T10685] RBP: 00007f726e61e090 R08: 0000000000000000 R09: 0000000000000000 [ 326.036624][T10685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.044886][T10685] R13: 00007f726da16038 R14: 00007f726da15fa0 R15: 00007ffe7ce59458 [ 326.053176][T10685] [ 326.338580][T10687] netlink: 'syz.3.1472': attribute type 10 has an invalid length. [ 326.378824][T10686] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 328.029404][T10713] FAULT_INJECTION: forcing a failure. [ 328.029404][T10713] name failslab, interval 1, probability 0, space 0, times 0 [ 328.071696][T10713] CPU: 1 PID: 10713 Comm: syz.1.1479 Not tainted syzkaller #0 [ 328.079487][T10713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 328.089755][T10713] Call Trace: [ 328.093156][T10713] [ 328.096107][T10713] dump_stack_lvl+0x18c/0x250 [ 328.101001][T10713] ? show_regs_print_info+0x20/0x20 [ 328.106599][T10713] ? load_image+0x420/0x420 [ 328.111133][T10713] ? __might_sleep+0xe0/0xe0 [ 328.116064][T10713] ? __lock_acquire+0x7d40/0x7d40 [ 328.121294][T10713] ? rcu_is_watching+0x15/0xb0 [ 328.126177][T10713] should_fail_ex+0x39d/0x4d0 [ 328.131936][T10713] should_failslab+0x9/0x20 [ 328.136557][T10713] slab_pre_alloc_hook+0x59/0x310 [ 328.141695][T10713] ? do_syscall_64+0x55/0xa0 [ 328.146859][T10713] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 328.153212][T10713] kmem_cache_alloc_node+0x60/0x320 [ 328.158629][T10713] ? __alloc_skb+0x103/0x2c0 [ 328.163371][T10713] __alloc_skb+0x103/0x2c0 [ 328.168173][T10713] netlink_dump+0x1ec/0xe50 [ 328.172712][T10713] ? lock_chain_count+0x20/0x20 [ 328.177701][T10713] ? netlink_lookup+0x200/0x200 [ 328.183089][T10713] ? slab_free_freelist_hook+0x130/0x1a0 [ 328.189093][T10713] ? netlink_recvmsg+0x5e7/0xe60 [ 328.194320][T10713] ? kmem_cache_free+0xf8/0x270 [ 328.199465][T10713] netlink_recvmsg+0x693/0xe60 [ 328.204706][T10713] ? netlink_sendmsg+0xbf0/0xbf0 [ 328.209848][T10713] ? aa_af_perm+0x330/0x330 [ 328.214474][T10713] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 328.219814][T10713] ? security_socket_recvmsg+0x89/0xb0 [ 328.225430][T10713] ? netlink_sendmsg+0xbf0/0xbf0 [ 328.230505][T10713] ____sys_recvmsg+0x2ce/0x5e0 [ 328.235856][T10713] ? __sys_recvmsg_sock+0x50/0x50 [ 328.241209][T10713] ? import_iovec+0x73/0xa0 [ 328.245920][T10713] ___sys_recvmsg+0x216/0x590 [ 328.250889][T10713] ? __sys_recvmsg+0x2a0/0x2a0 [ 328.255772][T10713] ? ksys_write+0x1c4/0x260 [ 328.260412][T10713] ? __fget_files+0x43d/0x4b0 [ 328.265214][T10713] __x64_sys_recvmsg+0x20c/0x2e0 [ 328.270199][T10713] ? ___sys_recvmsg+0x590/0x590 [ 328.275177][T10713] ? lockdep_hardirqs_on+0x98/0x150 [ 328.280404][T10713] do_syscall_64+0x55/0xa0 [ 328.285020][T10713] ? clear_bhb_loop+0x40/0x90 [ 328.289905][T10713] ? clear_bhb_loop+0x40/0x90 [ 328.294652][T10713] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 328.300665][T10713] RIP: 0033:0x7f494b59c819 [ 328.305101][T10713] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.324906][T10713] RSP: 002b:00007f494c44c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 328.333530][T10713] RAX: ffffffffffffffda RBX: 00007f494b816180 RCX: 00007f494b59c819 [ 328.341792][T10713] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000005 [ 328.350132][T10713] RBP: 00007f494c44c090 R08: 0000000000000000 R09: 0000000000000000 [ 328.358559][T10713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.367089][T10713] R13: 00007f494b816218 R14: 00007f494b816180 R15: 00007ffe30b583f8 [ 328.375887][T10713] [ 329.735983][T10737] netlink: 'syz.2.1486': attribute type 10 has an invalid length. [ 329.756158][T10736] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 331.847270][T10777] netlink: 'syz.3.1494': attribute type 9 has an invalid length. [ 331.855249][T10777] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1494'. [ 332.052980][T10780] mac80211_hwsim hwsim4 : renamed from wlan0 [ 332.395624][T10789] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.1500'. [ 332.451358][T10791] TCP: TCP_TX_DELAY enabled [ 335.002637][T10831] FAULT_INJECTION: forcing a failure. [ 335.002637][T10831] name failslab, interval 1, probability 0, space 0, times 0 [ 335.021031][T10829] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.1509'. [ 335.062965][T10831] CPU: 1 PID: 10831 Comm: syz.3.1511 Not tainted syzkaller #0 [ 335.070763][T10831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 335.081446][T10831] Call Trace: [ 335.084842][T10831] [ 335.087970][T10831] dump_stack_lvl+0x18c/0x250 [ 335.092672][T10831] ? show_regs_print_info+0x20/0x20 [ 335.097890][T10831] ? load_image+0x420/0x420 [ 335.102694][T10831] ? __might_sleep+0xe0/0xe0 [ 335.107505][T10831] ? __lock_acquire+0x7d40/0x7d40 [ 335.112641][T10831] should_fail_ex+0x39d/0x4d0 [ 335.117564][T10831] should_failslab+0x9/0x20 [ 335.122097][T10831] slab_pre_alloc_hook+0x59/0x310 [ 335.127491][T10831] ? rtnl_newlink+0x10d/0x20a0 [ 335.132376][T10831] __kmem_cache_alloc_node+0x53/0x250 [ 335.138040][T10831] ? rtnl_newlink+0x10d/0x20a0 [ 335.143075][T10831] kmalloc_trace+0x2a/0xe0 [ 335.147682][T10831] ? rtnl_setlink+0x4e0/0x4e0 [ 335.152744][T10831] rtnl_newlink+0x10d/0x20a0 [ 335.157546][T10831] ? arch_stack_walk+0x160/0x190 [ 335.162698][T10831] ? __mutex_trylock_common+0x159/0x260 [ 335.168264][T10831] ? rtnl_setlink+0x4e0/0x4e0 [ 335.172949][T10831] ? trace_raw_output_contention_end+0xd0/0xd0 [ 335.179379][T10831] ? rcu_is_watching+0x15/0xb0 [ 335.184345][T10831] ? trace_contention_end+0x39/0xe0 [ 335.190315][T10831] ? __mutex_lock+0x315/0xcc0 [ 335.195573][T10831] ? rtnetlink_rcv_msg+0x811/0xfa0 [ 335.201329][T10831] ? mutex_lock_nested+0x20/0x20 [ 335.206488][T10831] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 335.211891][T10831] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 335.217399][T10831] ? rtnl_setlink+0x4e0/0x4e0 [ 335.222186][T10831] rtnetlink_rcv_msg+0x869/0xfa0 [ 335.227447][T10831] ? lockdep_hardirqs_on+0x98/0x150 [ 335.232870][T10831] ? rtnetlink_bind+0x80/0x80 [ 335.237715][T10831] ? perf_trace_preemptirq_template+0xac/0x330 [ 335.244068][T10831] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 335.250325][T10831] ? lock_chain_count+0x20/0x20 [ 335.255312][T10831] ? __local_bh_enable_ip+0x13a/0x1c0 [ 335.260794][T10831] ? lockdep_hardirqs_on+0x98/0x150 [ 335.266215][T10831] ? __local_bh_enable_ip+0x13a/0x1c0 [ 335.271693][T10831] ? _local_bh_enable+0xa0/0xa0 [ 335.276564][T10831] ? __dev_queue_xmit+0x265/0x3660 [ 335.281775][T10831] ? __dev_queue_xmit+0x265/0x3660 [ 335.286996][T10831] ? __dev_queue_xmit+0x1b2c/0x3660 [ 335.292215][T10831] ? __dev_queue_xmit+0x265/0x3660 [ 335.297609][T10831] ? ref_tracker_free+0x690/0x840 [ 335.302769][T10831] netlink_rcv_skb+0x241/0x4d0 [ 335.307890][T10831] ? rtnetlink_bind+0x80/0x80 [ 335.312872][T10831] ? netlink_ack+0x1180/0x1180 [ 335.317797][T10831] ? __lock_acquire+0x7d40/0x7d40 [ 335.323034][T10831] ? netlink_deliver_tap+0x2e/0x1b0 [ 335.328495][T10831] netlink_unicast+0x751/0x8d0 [ 335.333553][T10831] netlink_sendmsg+0x8d0/0xbf0 [ 335.338357][T10831] ? netlink_getsockopt+0x590/0x590 [ 335.344117][T10831] ? aa_sock_msg_perm+0x94/0x150 [ 335.349102][T10831] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 335.354490][T10831] ? security_socket_sendmsg+0x80/0xa0 [ 335.360061][T10831] ? netlink_getsockopt+0x590/0x590 [ 335.365537][T10831] ____sys_sendmsg+0x5ba/0x960 [ 335.370333][T10831] ? __asan_memset+0x22/0x40 [ 335.375031][T10831] ? __sys_sendmsg_sock+0x30/0x30 [ 335.380154][T10831] ? __import_iovec+0x5f2/0x850 [ 335.385022][T10831] ? import_iovec+0x73/0xa0 [ 335.389548][T10831] ___sys_sendmsg+0x2a6/0x360 [ 335.394436][T10831] ? get_pid_task+0x20/0x1e0 [ 335.399336][T10831] ? __sys_sendmsg+0x2a0/0x2a0 [ 335.404407][T10831] ? __lock_acquire+0x7d40/0x7d40 [ 335.409835][T10831] __se_sys_sendmsg+0x1c2/0x2b0 [ 335.414938][T10831] ? __x64_sys_sendmsg+0x80/0x80 [ 335.420011][T10831] ? lockdep_hardirqs_on+0x98/0x150 [ 335.425501][T10831] do_syscall_64+0x55/0xa0 [ 335.429931][T10831] ? clear_bhb_loop+0x40/0x90 [ 335.434710][T10831] ? clear_bhb_loop+0x40/0x90 [ 335.439595][T10831] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 335.445692][T10831] RIP: 0033:0x7f40c5f9c819 [ 335.450397][T10831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 335.471024][T10831] RSP: 002b:00007f40c6dec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 335.479741][T10831] RAX: ffffffffffffffda RBX: 00007f40c6215fa0 RCX: 00007f40c5f9c819 [ 335.487995][T10831] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 335.496066][T10831] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 335.504143][T10831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.512400][T10831] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 335.520845][T10831] [ 335.546857][T10834] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1512'. [ 335.562816][T10834] openvswitch: netlink: Flow actions attr not present in new flow. [ 335.609822][T10834] netlink: 'syz.0.1512': attribute type 21 has an invalid length. [ 335.619697][T10834] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1512'. [ 339.728914][T10879] FAULT_INJECTION: forcing a failure. [ 339.728914][T10879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.775265][T10879] CPU: 1 PID: 10879 Comm: syz.0.1523 Not tainted syzkaller #0 [ 339.778209][T10875] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1522'. [ 339.782995][T10879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 339.783014][T10879] Call Trace: [ 339.783023][T10879] [ 339.783031][T10879] dump_stack_lvl+0x18c/0x250 [ 339.783062][T10879] ? show_regs_print_info+0x20/0x20 [ 339.820271][T10879] ? load_image+0x420/0x420 [ 339.825048][T10879] ? __might_fault+0xaa/0x120 [ 339.829813][T10879] ? __lock_acquire+0x7d40/0x7d40 [ 339.835790][T10879] should_fail_ex+0x39d/0x4d0 [ 339.842041][T10879] _copy_from_user+0x2f/0xe0 [ 339.847363][T10879] ___sys_recvmsg+0x176/0x590 [ 339.852745][T10879] ? __sys_recvmsg+0x2a0/0x2a0 [ 339.859040][T10879] ? ksys_write+0x1c4/0x260 [ 339.865154][T10879] ? __fget_files+0x43d/0x4b0 [ 339.871447][T10879] __x64_sys_recvmsg+0x20c/0x2e0 [ 339.878953][T10879] ? ___sys_recvmsg+0x590/0x590 [ 339.885962][T10879] ? lockdep_hardirqs_on+0x98/0x150 [ 339.893195][T10879] do_syscall_64+0x55/0xa0 [ 339.899195][T10879] ? clear_bhb_loop+0x40/0x90 [ 339.905133][T10879] ? clear_bhb_loop+0x40/0x90 [ 339.911611][T10879] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 339.920944][T10879] RIP: 0033:0x7f726d79c819 [ 339.925863][T10879] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 339.949249][T10879] RSP: 002b:00007f726e5fd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 339.960164][T10879] RAX: ffffffffffffffda RBX: 00007f726da16090 RCX: 00007f726d79c819 [ 339.969021][T10879] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004 [ 339.978833][T10879] RBP: 00007f726e5fd090 R08: 0000000000000000 R09: 0000000000000000 [ 339.987781][T10879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 339.996102][T10879] R13: 00007f726da16128 R14: 00007f726da16090 R15: 00007ffe7ce59458 [ 340.004497][T10879] [ 340.024682][T10875] L+߬: renamed from bridge_slave_0 [ 340.050855][T10875] L+߬: entered allmulticast mode [ 340.184196][T10878] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.1523'. [ 340.806099][T10886] netlink: 'syz.0.1525': attribute type 1 has an invalid length. [ 340.824931][T10886] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1525'. [ 340.841013][T10886] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1525'. [ 342.830093][T10907] netlink: 'syz.0.1532': attribute type 10 has an invalid length. [ 342.895783][T10902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 342.945867][T10905] netlink: 'syz.3.1533': attribute type 10 has an invalid length. [ 342.972534][T10909] mac80211_hwsim hwsim7 : renamed from wlan0 [ 342.999252][T10904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 344.874470][T10925] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 344.885489][T10925] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 344.924765][T10926] mac80211_hwsim hwsim2 : renamed from wlan0 [ 345.618037][T10930] netlink: 'syz.0.1541': attribute type 15 has an invalid length. [ 345.626419][T10930] netlink: 'syz.0.1541': attribute type 5 has an invalid length. [ 345.638598][T10930] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1541'. [ 345.857605][T10933] netlink: 'syz.0.1541': attribute type 3 has an invalid length. [ 345.865662][T10933] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1541'. [ 346.195644][T10930] netlink: 'syz.0.1541': attribute type 10 has an invalid length. [ 346.268099][T10930] team0: left allmulticast mode [ 346.323759][T10930] team_slave_0: left allmulticast mode [ 346.409622][T10930] team_slave_1: left allmulticast mode [ 346.463551][T10930] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 346.487011][T10930] geneve0: left allmulticast mode [ 346.499076][T10930] dummy0: left allmulticast mode [ 346.523687][T10930] team0: left promiscuous mode [ 346.532878][T10930] team_slave_0: left promiscuous mode [ 346.552990][T10930] team_slave_1: left promiscuous mode [ 346.572092][T10930] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 346.581360][T10930] geneve0: left promiscuous mode [ 346.589386][T10930] dummy0: left promiscuous mode [ 346.595591][T10930] bridge0: port 3(team0) entered disabled state [ 346.628172][T10930] wlan1: mtu less than device minimum [ 346.634075][T10930] team0: Device wlan1 failed to change mtu [ 346.646292][T10930] bond0: (slave team0): Error -22 calling dev_set_mtu [ 348.205108][T10977] netlink: 'syz.3.1557': attribute type 17 has an invalid length. [ 348.237955][T10977] netlink: 'syz.3.1557': attribute type 16 has an invalid length. [ 348.246106][T10977] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1557'. [ 348.583576][T10982] A link change request failed with some changes committed already. Interface bcRݘOC may have been left with an inconsistent configuration, please check. [ 349.234602][T10994] sit0: entered allmulticast mode [ 349.259578][T10995] sit0: entered promiscuous mode [ 349.307089][T10999] netlink: 'syz.2.1565': attribute type 10 has an invalid length. [ 349.400551][T10996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 349.423415][T11004] FAULT_INJECTION: forcing a failure. [ 349.423415][T11004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.440932][T11004] CPU: 1 PID: 11004 Comm: syz.3.1568 Not tainted syzkaller #0 [ 349.448738][T11004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 349.459964][T11004] Call Trace: [ 349.463364][T11004] [ 349.466465][T11004] dump_stack_lvl+0x18c/0x250 [ 349.471254][T11004] ? show_regs_print_info+0x20/0x20 [ 349.476746][T11004] ? load_image+0x420/0x420 [ 349.481360][T11004] ? __might_fault+0xaa/0x120 [ 349.486281][T11004] ? __lock_acquire+0x7d40/0x7d40 [ 349.491407][T11004] should_fail_ex+0x39d/0x4d0 [ 349.496288][T11004] _copy_from_user+0x2f/0xe0 [ 349.501063][T11004] ___sys_sendmsg+0x1c7/0x360 [ 349.505814][T11004] ? __sys_sendmsg+0x2a0/0x2a0 [ 349.510906][T11004] __se_sys_sendmsg+0x1c2/0x2b0 [ 349.515873][T11004] ? __x64_sys_sendmsg+0x80/0x80 [ 349.521187][T11004] ? lockdep_hardirqs_on+0x98/0x150 [ 349.526665][T11004] do_syscall_64+0x55/0xa0 [ 349.531269][T11004] ? clear_bhb_loop+0x40/0x90 [ 349.536060][T11004] ? clear_bhb_loop+0x40/0x90 [ 349.540851][T11004] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 349.547889][T11004] RIP: 0033:0x7f40c5f9c819 [ 349.552503][T11004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 349.572842][T11004] RSP: 002b:00007f40c6dec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 349.581816][T11004] RAX: ffffffffffffffda RBX: 00007f40c6215fa0 RCX: 00007f40c5f9c819 [ 349.590432][T11004] RDX: 000000000000c000 RSI: 0000200000000040 RDI: 0000000000000006 [ 349.599033][T11004] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 349.607808][T11004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.616824][T11004] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 349.626479][T11004] [ 350.249306][T11029] FAULT_INJECTION: forcing a failure. [ 350.249306][T11029] name failslab, interval 1, probability 0, space 0, times 0 [ 350.318356][T11029] CPU: 0 PID: 11029 Comm: syz.1.1577 Not tainted syzkaller #0 [ 350.326090][T11029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 350.336975][T11029] Call Trace: [ 350.340570][T11029] [ 350.343919][T11029] dump_stack_lvl+0x18c/0x250 [ 350.348980][T11029] ? show_regs_print_info+0x20/0x20 [ 350.354416][T11029] ? load_image+0x420/0x420 [ 350.359231][T11029] ? verify_lock_unused+0x140/0x140 [ 350.365404][T11029] ? perf_trace_lock+0x304/0x3b0 [ 350.371099][T11029] should_fail_ex+0x39d/0x4d0 [ 350.376163][T11029] should_failslab+0x9/0x20 [ 350.381940][T11029] slab_pre_alloc_hook+0x59/0x310 [ 350.388118][T11029] kmem_cache_alloc+0x5a/0x2d0 [ 350.393544][T11029] ? skb_clone+0x1eb/0x370 [ 350.399151][T11029] skb_clone+0x1eb/0x370 [ 350.403698][T11029] __netlink_deliver_tap+0x41c/0x830 [ 350.409681][T11029] ? netlink_deliver_tap+0x2e/0x1b0 [ 350.415370][T11029] netlink_deliver_tap+0x19c/0x1b0 [ 350.420816][T11029] netlink_unicast+0x72c/0x8d0 [ 350.426023][T11029] netlink_sendmsg+0x8d0/0xbf0 [ 350.431115][T11029] ? perf_trace_lock+0x304/0x3b0 [ 350.436432][T11029] ? netlink_getsockopt+0x590/0x590 [ 350.442046][T11029] ? aa_sock_msg_perm+0x94/0x150 [ 350.447194][T11029] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 350.452626][T11029] ? security_socket_sendmsg+0x80/0xa0 [ 350.458270][T11029] ? netlink_getsockopt+0x590/0x590 [ 350.463789][T11029] ____sys_sendmsg+0x5ba/0x960 [ 350.468767][T11029] ? __asan_memset+0x22/0x40 [ 350.473816][T11029] ? __sys_sendmsg_sock+0x30/0x30 [ 350.479125][T11029] ? __import_iovec+0x5f2/0x850 [ 350.484214][T11029] ? import_iovec+0x73/0xa0 [ 350.488938][T11029] ___sys_sendmsg+0x2a6/0x360 [ 350.493812][T11029] ? __sys_sendmsg+0x2a0/0x2a0 [ 350.498678][T11029] ? __lock_acquire+0x7d40/0x7d40 [ 350.503968][T11029] __se_sys_sendmsg+0x1c2/0x2b0 [ 350.508934][T11029] ? __x64_sys_sendmsg+0x80/0x80 [ 350.514093][T11029] ? lockdep_hardirqs_on+0x98/0x150 [ 350.519534][T11029] do_syscall_64+0x55/0xa0 [ 350.524102][T11029] ? clear_bhb_loop+0x40/0x90 [ 350.529185][T11029] ? clear_bhb_loop+0x40/0x90 [ 350.533899][T11029] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 350.539882][T11029] RIP: 0033:0x7f494b59c819 [ 350.545047][T11029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 350.566682][T11029] RSP: 002b:00007f494c48e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 350.575617][T11029] RAX: ffffffffffffffda RBX: 00007f494b815fa0 RCX: 00007f494b59c819 [ 350.584670][T11029] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 350.592844][T11029] RBP: 00007f494c48e090 R08: 0000000000000000 R09: 0000000000000000 [ 350.601881][T11029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.610867][T11029] R13: 00007f494b816038 R14: 00007f494b815fa0 R15: 00007ffe30b583f8 [ 350.621451][T11029] [ 350.814371][T11029] netlink: 'syz.1.1577': attribute type 10 has an invalid length. [ 350.852294][T11029] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1577'. [ 350.937549][T11029] team0: entered promiscuous mode [ 350.943420][T11029] team_slave_0: entered promiscuous mode [ 350.967562][T11029] team_slave_1: entered promiscuous mode [ 351.015768][T11029] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 351.051287][T11029] geneve1: entered promiscuous mode [ 351.067564][T11029] bond0: entered promiscuous mode [ 351.081751][T11029] bond_slave_0: entered promiscuous mode [ 351.098764][T11029] bond_slave_1: entered promiscuous mode [ 351.105991][T11029] geneve0: entered promiscuous mode [ 351.151092][T11029] team0: entered allmulticast mode [ 351.173937][T11029] team_slave_0: entered allmulticast mode [ 351.190932][T11029] team_slave_1: entered allmulticast mode [ 351.204525][T11029] geneve1: entered allmulticast mode [ 351.226971][T11029] bond0: entered allmulticast mode [ 351.232314][T11029] bond_slave_0: entered allmulticast mode [ 351.246951][T11029] bond_slave_1: entered allmulticast mode [ 351.253105][T11029] geneve0: entered allmulticast mode [ 351.280792][T11029] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 351.342615][T11034] netlink: 'syz.0.1578': attribute type 10 has an invalid length. [ 351.442952][T11042] syzkaller0: entered promiscuous mode [ 351.451770][T11042] syzkaller0: entered allmulticast mode [ 351.470724][T11033] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 351.482604][T11042] syzkaller0: create flow: hash 1777700162 index 0 [ 351.543305][T11045] FAULT_INJECTION: forcing a failure. [ 351.543305][T11045] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.570088][T11045] CPU: 0 PID: 11045 Comm: syz.1.1582 Not tainted syzkaller #0 [ 351.577797][T11045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 351.588143][T11045] Call Trace: [ 351.591717][T11045] [ 351.594676][T11045] dump_stack_lvl+0x18c/0x250 [ 351.599503][T11045] ? show_regs_print_info+0x20/0x20 [ 351.604736][T11045] ? load_image+0x420/0x420 [ 351.609281][T11045] ? __might_fault+0xaa/0x120 [ 351.614176][T11045] ? __lock_acquire+0x7d40/0x7d40 [ 351.619664][T11045] should_fail_ex+0x39d/0x4d0 [ 351.624476][T11045] _copy_to_user+0x2f/0xa0 [ 351.628933][T11045] finalize_log+0xe4/0x160 [ 351.633564][T11045] ? btf_parse_struct_metas+0xe40/0xe40 [ 351.639176][T11045] ? btf_check_type_tags+0x674/0x680 [ 351.644509][T11045] btf_new_fd+0x768/0x9f0 [ 351.648963][T11045] ? __sanitizer_cov_trace_const_cmp4+0x8/0x90 [ 351.655244][T11045] ? bpf_btf_show_fdinfo+0x80/0x80 [ 351.660569][T11045] ? capable+0x88/0xe0 [ 351.664686][T11045] __sys_bpf+0x670/0x890 [ 351.669772][T11045] ? bpf_link_show_fdinfo+0x390/0x390 [ 351.675208][T11045] ? lock_chain_count+0x20/0x20 [ 351.680183][T11045] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 351.686301][T11045] __x64_sys_bpf+0x7c/0x90 [ 351.690854][T11045] do_syscall_64+0x55/0xa0 [ 351.695825][T11045] ? clear_bhb_loop+0x40/0x90 [ 351.700613][T11045] ? clear_bhb_loop+0x40/0x90 [ 351.705337][T11045] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 351.711351][T11045] RIP: 0033:0x7f494b59c819 [ 351.716151][T11045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 351.736486][T11045] RSP: 002b:00007f494c48e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 351.746070][T11045] RAX: ffffffffffffffda RBX: 00007f494b815fa0 RCX: 00007f494b59c819 [ 351.754526][T11045] RDX: 0000000000000028 RSI: 0000200000000800 RDI: 0000000000000012 [ 351.762798][T11045] RBP: 00007f494c48e090 R08: 0000000000000000 R09: 0000000000000000 [ 351.771156][T11045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 351.779938][T11045] R13: 00007f494b816038 R14: 00007f494b815fa0 R15: 00007ffe30b583f8 [ 351.788450][T11045] [ 355.206641][ C1] syzkaller0 (unregistering): delete flow: hash 1777700162 index 0 [ 357.702302][T11108] netlink: 'syz.1.1606': attribute type 3 has an invalid length. [ 357.732016][T11108] netlink: 'syz.1.1606': attribute type 1 has an invalid length. [ 357.923139][T11108] syzkaller0: entered allmulticast mode [ 358.935855][T11138] FAULT_INJECTION: forcing a failure. [ 358.935855][T11138] name failslab, interval 1, probability 0, space 0, times 0 [ 358.968046][T11138] CPU: 1 PID: 11138 Comm: syz.3.1621 Not tainted syzkaller #0 [ 358.976127][T11138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 358.986815][T11138] Call Trace: [ 358.990635][T11138] [ 358.993685][T11138] dump_stack_lvl+0x18c/0x250 [ 358.998572][T11138] ? show_regs_print_info+0x20/0x20 [ 359.004169][T11138] ? load_image+0x420/0x420 [ 359.009922][T11138] ? verify_lock_unused+0x140/0x140 [ 359.015777][T11138] ? perf_trace_lock+0x304/0x3b0 [ 359.021102][T11138] should_fail_ex+0x39d/0x4d0 [ 359.026624][T11138] should_failslab+0x9/0x20 [ 359.031892][T11138] slab_pre_alloc_hook+0x59/0x310 [ 359.037037][T11138] kmem_cache_alloc+0x5a/0x2d0 [ 359.041902][T11138] ? skb_clone+0x1eb/0x370 [ 359.046424][T11138] skb_clone+0x1eb/0x370 [ 359.050797][T11138] __netlink_deliver_tap+0x41c/0x830 [ 359.056407][T11138] ? netlink_deliver_tap+0x2e/0x1b0 [ 359.061757][T11138] netlink_deliver_tap+0x19c/0x1b0 [ 359.067324][T11138] netlink_unicast+0x72c/0x8d0 [ 359.072302][T11138] netlink_sendmsg+0x8d0/0xbf0 [ 359.077150][T11138] ? perf_trace_lock+0x304/0x3b0 [ 359.082191][T11138] ? netlink_getsockopt+0x590/0x590 [ 359.087758][T11138] ? aa_sock_msg_perm+0x94/0x150 [ 359.092979][T11138] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 359.098526][T11138] ? security_socket_sendmsg+0x80/0xa0 [ 359.104772][T11138] ? netlink_getsockopt+0x590/0x590 [ 359.110163][T11138] ____sys_sendmsg+0x5ba/0x960 [ 359.115219][T11138] ? __asan_memset+0x22/0x40 [ 359.120272][T11138] ? __sys_sendmsg_sock+0x30/0x30 [ 359.125419][T11138] ? __import_iovec+0x5f2/0x850 [ 359.130762][T11138] ? import_iovec+0x73/0xa0 [ 359.135859][T11138] ___sys_sendmsg+0x2a6/0x360 [ 359.140754][T11138] ? __sys_sendmsg+0x2a0/0x2a0 [ 359.145635][T11138] ? __lock_acquire+0x7d40/0x7d40 [ 359.151166][T11138] __se_sys_sendmsg+0x1c2/0x2b0 [ 359.156656][T11138] ? __x64_sys_sendmsg+0x80/0x80 [ 359.161617][T11138] ? lockdep_hardirqs_on+0x98/0x150 [ 359.166991][T11138] do_syscall_64+0x55/0xa0 [ 359.171494][T11138] ? clear_bhb_loop+0x40/0x90 [ 359.176354][T11138] ? clear_bhb_loop+0x40/0x90 [ 359.181239][T11138] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 359.187246][T11138] RIP: 0033:0x7f40c5f9c819 [ 359.192454][T11138] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.213204][T11138] RSP: 002b:00007f40c6dec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 359.221668][T11138] RAX: ffffffffffffffda RBX: 00007f40c6215fa0 RCX: 00007f40c5f9c819 [ 359.230040][T11138] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007 [ 359.238300][T11138] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 359.246456][T11138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 359.254692][T11138] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 359.262719][T11138] [ 359.290147][T11138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 359.301918][T11138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 359.312023][T11138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 359.328157][T11138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.341965][T11138] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 359.350215][T11138] batman_adv: batadv0: Removing interface: virt_wifi0 [ 360.299816][T11171] netlink: 'syz.0.1633': attribute type 4 has an invalid length. [ 360.308447][T11171] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1633'. [ 360.662981][T11183] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1636'. [ 360.702771][T11183] netlink: 'syz.1.1636': attribute type 10 has an invalid length. [ 361.197153][T11205] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 361.232981][T11205] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.260644][T11205] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 361.315507][T11205] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 361.624401][T11205] bond0: (slave batadv0): Releasing backup interface [ 362.760349][T11226] netlink: 'syz.3.1650': attribute type 29 has an invalid length. [ 362.779343][T11226] netlink: 'syz.3.1650': attribute type 29 has an invalid length. [ 362.794707][T11226] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1650'. [ 362.807301][T11226] netlink: 'syz.3.1650': attribute type 29 has an invalid length. [ 362.818535][T11226] netlink: 'syz.3.1650': attribute type 29 has an invalid length. [ 362.829785][T11226] netlink: 'syz.3.1650': attribute type 29 has an invalid length. [ 362.957487][T11239] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 362.985957][T11235] netlink: 'syz.2.1653': attribute type 10 has an invalid length. [ 363.059138][T11234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 363.501924][T11247] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.1657'. [ 363.574909][T11256] netlink: 1042 bytes leftover after parsing attributes in process `syz.1.1658'. [ 363.757708][T11261] netlink: 'syz.1.1659': attribute type 29 has an invalid length. [ 363.766433][T11261] netlink: 'syz.1.1659': attribute type 29 has an invalid length. [ 363.780304][T11261] netlink: 'syz.1.1659': attribute type 29 has an invalid length. [ 363.817956][T11261] netlink: 'syz.1.1659': attribute type 29 has an invalid length. [ 363.998019][T11245] delete_channel: no stack [ 364.159373][T11268] FAULT_INJECTION: forcing a failure. [ 364.159373][T11268] name failslab, interval 1, probability 0, space 0, times 0 [ 364.218186][T11268] CPU: 0 PID: 11268 Comm: syz.2.1662 Not tainted syzkaller #0 [ 364.225991][T11268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 364.236333][T11268] Call Trace: [ 364.239731][T11268] [ 364.242868][T11268] dump_stack_lvl+0x18c/0x250 [ 364.247591][T11268] ? show_regs_print_info+0x20/0x20 [ 364.253093][T11268] ? load_image+0x420/0x420 [ 364.257841][T11268] ? __lock_acquire+0x7d40/0x7d40 [ 364.262978][T11268] should_fail_ex+0x39d/0x4d0 [ 364.267776][T11268] should_failslab+0x9/0x20 [ 364.272421][T11268] slab_pre_alloc_hook+0x59/0x310 [ 364.277648][T11268] ? bpf_test_init+0x9f/0x140 [ 364.282550][T11268] ? bpf_test_init+0x9f/0x140 [ 364.287391][T11268] __kmem_cache_alloc_node+0x53/0x250 [ 364.292793][T11268] ? bpf_test_init+0x9f/0x140 [ 364.297508][T11268] __kmalloc+0xa4/0x230 [ 364.301761][T11268] bpf_test_init+0x9f/0x140 [ 364.306438][T11268] bpf_prog_test_run_xdp+0x4d1/0x10e0 [ 364.312163][T11268] ? dev_put+0x80/0x80 [ 364.316365][T11268] ? dev_put+0x80/0x80 [ 364.320627][T11268] bpf_prog_test_run+0x321/0x390 [ 364.325667][T11268] __sys_bpf+0x49d/0x890 [ 364.329916][T11268] ? bpf_link_show_fdinfo+0x390/0x390 [ 364.335312][T11268] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 364.342605][T11268] __x64_sys_bpf+0x7c/0x90 [ 364.347124][T11268] do_syscall_64+0x55/0xa0 [ 364.351984][T11268] ? clear_bhb_loop+0x40/0x90 [ 364.357291][T11268] ? clear_bhb_loop+0x40/0x90 [ 364.361978][T11268] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 364.368139][T11268] RIP: 0033:0x7fe3e7d9c819 [ 364.372808][T11268] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 364.393634][T11268] RSP: 002b:00007fe3e8ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 364.402393][T11268] RAX: ffffffffffffffda RBX: 00007fe3e8015fa0 RCX: 00007fe3e7d9c819 [ 364.411149][T11268] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 364.419727][T11268] RBP: 00007fe3e8ced090 R08: 0000000000000000 R09: 0000000000000000 [ 364.427881][T11268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.436018][T11268] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 364.444100][T11268] [ 364.634083][T11277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 366.510262][T11294] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1668'. [ 366.699330][T11300] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.1671'. [ 367.130264][T11313] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1675'. [ 367.180447][T11313] : renamed from bond_slave_1 (while UP) [ 367.943275][T11327] validate_nla: 3 callbacks suppressed [ 367.943306][T11327] netlink: 'syz.3.1677': attribute type 10 has an invalid length. [ 367.987523][T11326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.228038][T11355] netlink: 'syz.0.1686': attribute type 10 has an invalid length. [ 369.257158][T11352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 369.458888][T11363] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1688'. [ 369.527654][T11363] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 369.617760][T11366] netlink: 'syz.2.1689': attribute type 10 has an invalid length. [ 370.618139][T11377] netlink: 'syz.1.1692': attribute type 21 has an invalid length. [ 370.644882][T11374] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1692'. [ 370.662278][T11374] : renamed from bond_slave_1 (while UP) [ 370.838876][T11376] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1694'. [ 370.851216][T11376] netlink: 292 bytes leftover after parsing attributes in process `syz.3.1694'. [ 370.861576][T11376] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1694'. [ 370.873497][T11376] tc_dump_action: action bad kind [ 371.210576][T11390] netlink: 'syz.1.1696': attribute type 10 has an invalid length. [ 371.237536][T11385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 371.330703][T11392] FAULT_INJECTION: forcing a failure. [ 371.330703][T11392] name failslab, interval 1, probability 0, space 0, times 0 [ 371.366670][T11392] CPU: 0 PID: 11392 Comm: syz.0.1697 Not tainted syzkaller #0 [ 371.374823][T11392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 371.385287][T11392] Call Trace: [ 371.388580][T11392] [ 371.392006][T11392] dump_stack_lvl+0x18c/0x250 [ 371.397233][T11392] ? show_regs_print_info+0x20/0x20 [ 371.402895][T11392] ? load_image+0x420/0x420 [ 371.408196][T11392] ? __might_sleep+0xe0/0xe0 [ 371.413134][T11392] ? __lock_acquire+0x7d40/0x7d40 [ 371.418365][T11392] should_fail_ex+0x39d/0x4d0 [ 371.423207][T11392] should_failslab+0x9/0x20 [ 371.428187][T11392] slab_pre_alloc_hook+0x59/0x310 [ 371.433588][T11392] ? sock_kmalloc+0x96/0xf0 [ 371.438450][T11392] ? sock_kmalloc+0x96/0xf0 [ 371.443248][T11392] __kmem_cache_alloc_node+0x53/0x250 [ 371.448720][T11392] ? sock_kmalloc+0x96/0xf0 [ 371.453578][T11392] __kmalloc+0xa4/0x230 [ 371.457852][T11392] sock_kmalloc+0x96/0xf0 [ 371.462297][T11392] ____sys_sendmsg+0x1be/0x960 [ 371.467512][T11392] ? __lock_acquire+0x7d40/0x7d40 [ 371.472980][T11392] ? __asan_memset+0x22/0x40 [ 371.478289][T11392] ? __sys_sendmsg_sock+0x30/0x30 [ 371.483567][T11392] ? __import_iovec+0x3fa/0x850 [ 371.488557][T11392] ? import_iovec+0x73/0xa0 [ 371.493609][T11392] ___sys_sendmsg+0x2a6/0x360 [ 371.498399][T11392] ? __sys_sendmsg+0x2a0/0x2a0 [ 371.504141][T11392] ? __lock_acquire+0x7d40/0x7d40 [ 371.509485][T11392] __se_sys_sendmsg+0x1c2/0x2b0 [ 371.514605][T11392] ? __x64_sys_sendmsg+0x80/0x80 [ 371.519728][T11392] ? lockdep_hardirqs_on+0x98/0x150 [ 371.524936][T11392] do_syscall_64+0x55/0xa0 [ 371.529714][T11392] ? clear_bhb_loop+0x40/0x90 [ 371.534667][T11392] ? clear_bhb_loop+0x40/0x90 [ 371.539523][T11392] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 371.545931][T11392] RIP: 0033:0x7f726d79c819 [ 371.550454][T11392] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 371.572324][T11392] RSP: 002b:00007f726e61e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 371.581283][T11392] RAX: ffffffffffffffda RBX: 00007f726da15fa0 RCX: 00007f726d79c819 [ 371.589998][T11392] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 0000000000000005 [ 371.598242][T11392] RBP: 00007f726e61e090 R08: 0000000000000000 R09: 0000000000000000 [ 371.606816][T11392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 371.615224][T11392] R13: 00007f726da16038 R14: 00007f726da15fa0 R15: 00007ffe7ce59458 [ 371.623315][T11392] [ 371.742150][T11399] netlink: 711 bytes leftover after parsing attributes in process `syz.2.1700'. [ 372.226247][T11411] netlink: 'syz.0.1706': attribute type 10 has an invalid length. [ 373.224389][T11410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 373.368243][T11424] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.1709'. [ 373.637308][T11434] netlink: 711 bytes leftover after parsing attributes in process `syz.0.1712'. [ 374.864235][T11461] netlink: 'syz.0.1718': attribute type 10 has an invalid length. [ 374.917035][T11459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 374.978728][T11465] netlink: 'syz.3.1719': attribute type 10 has an invalid length. [ 375.002032][T11465] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.024533][T11465] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.052940][T11465] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.086844][T11468] netlink: 144316 bytes leftover after parsing attributes in process `syz.3.1719'. [ 375.645316][T11481] netlink: 711 bytes leftover after parsing attributes in process `syz.1.1725'. [ 375.831645][T11488] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1727'. [ 376.080913][T11492] netlink: 'syz.1.1729': attribute type 10 has an invalid length. [ 376.268208][T11506] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1732'. [ 376.300109][T11489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 376.629641][T11521] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1735'. [ 377.153404][T11540] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1742'. [ 377.297209][T11547] ref_ctr_offset mismatch. inode: 0x42 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 377.431897][T11553] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1748'. [ 377.448583][T11553] openvswitch: netlink: Tunnel attr 0 has unexpected len 60 expected 8 [ 378.971311][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.978096][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.701656][T11576] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1752'. [ 379.713292][T11576] netlink: 292 bytes leftover after parsing attributes in process `syz.0.1752'. [ 379.723635][T11576] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1752'. [ 379.733343][T11576] tc_dump_action: action bad kind [ 380.584086][T11606] netlink: 'syz.2.1764': attribute type 3 has an invalid length. [ 380.626677][T11606] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1764'. [ 380.652367][T11608] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1763'. [ 380.731702][T11608] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 381.608749][T11622] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1769'. [ 382.265993][T11652] netlink: 'syz.2.1778': attribute type 33 has an invalid length. [ 382.295141][T11652] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1778'. [ 382.331445][T11652] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 384.071883][T11691] FAULT_INJECTION: forcing a failure. [ 384.071883][T11691] name failslab, interval 1, probability 0, space 0, times 0 [ 384.091601][T11691] CPU: 0 PID: 11691 Comm: syz.2.1791 Not tainted syzkaller #0 [ 384.099506][T11691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 384.109680][T11691] Call Trace: [ 384.113061][T11691] [ 384.116103][T11691] dump_stack_lvl+0x18c/0x250 [ 384.121002][T11691] ? show_regs_print_info+0x20/0x20 [ 384.126418][T11691] ? load_image+0x420/0x420 [ 384.131581][T11691] ? __might_sleep+0xe0/0xe0 [ 384.136355][T11691] ? __lock_acquire+0x7d40/0x7d40 [ 384.142542][T11691] ? register_lock_class+0xc4/0x8a0 [ 384.148342][T11691] should_fail_ex+0x39d/0x4d0 [ 384.153603][T11691] should_failslab+0x9/0x20 [ 384.159940][T11691] slab_pre_alloc_hook+0x59/0x310 [ 384.165630][T11691] ? __lock_acquire+0x1347/0x7d40 [ 384.171657][T11691] ? tcp_sendmsg_fastopen+0x1de/0x5d0 [ 384.177776][T11691] __kmem_cache_alloc_node+0x53/0x250 [ 384.184171][T11691] ? tcp_sendmsg_fastopen+0x1de/0x5d0 [ 384.190575][T11691] kmalloc_trace+0x2a/0xe0 [ 384.197305][T11691] tcp_sendmsg_fastopen+0x1de/0x5d0 [ 384.203525][T11691] tcp_sendmsg_locked+0x4621/0x4bd0 [ 384.208957][T11691] ? verify_lock_unused+0x140/0x140 [ 384.215019][T11691] ? verify_lock_unused+0x140/0x140 [ 384.220706][T11691] ? perf_trace_lock+0xfc/0x3b0 [ 384.226397][T11691] ? trace_event_raw_event_lock+0x250/0x250 [ 384.232505][T11691] ? mark_lock+0x94/0x320 [ 384.236968][T11691] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 384.242998][T11691] ? lock_chain_count+0x20/0x20 [ 384.248304][T11691] ? tcp_set_state+0x680/0x680 [ 384.253235][T11691] tcp_sendmsg+0x2f/0x50 [ 384.257687][T11691] ? inet_send_prepare+0x260/0x260 [ 384.263093][T11691] ____sys_sendmsg+0x5ba/0x960 [ 384.267997][T11691] ? __lock_acquire+0x7d40/0x7d40 [ 384.273404][T11691] ? __asan_memset+0x22/0x40 [ 384.278065][T11691] ? __sys_sendmsg_sock+0x30/0x30 [ 384.283135][T11691] ? __import_iovec+0x3fa/0x850 [ 384.288032][T11691] ? import_iovec+0x73/0xa0 [ 384.292762][T11691] ___sys_sendmsg+0x2a6/0x360 [ 384.297744][T11691] ? __sys_sendmsg+0x2a0/0x2a0 [ 384.302558][T11691] ? __lock_acquire+0x7d40/0x7d40 [ 384.307910][T11691] __se_sys_sendmsg+0x1c2/0x2b0 [ 384.313145][T11691] ? __x64_sys_sendmsg+0x80/0x80 [ 384.318485][T11691] ? lockdep_hardirqs_on+0x98/0x150 [ 384.323935][T11691] do_syscall_64+0x55/0xa0 [ 384.328482][T11691] ? clear_bhb_loop+0x40/0x90 [ 384.333802][T11691] ? clear_bhb_loop+0x40/0x90 [ 384.339058][T11691] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 384.345424][T11691] RIP: 0033:0x7fe3e7d9c819 [ 384.350060][T11691] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 384.371272][T11691] RSP: 002b:00007fe3e8ced028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 384.380018][T11691] RAX: ffffffffffffffda RBX: 00007fe3e8015fa0 RCX: 00007fe3e7d9c819 [ 384.388273][T11691] RDX: 0000000030004081 RSI: 0000200000000080 RDI: 0000000000000003 [ 384.397228][T11691] RBP: 00007fe3e8ced090 R08: 0000000000000000 R09: 0000000000000000 [ 384.406363][T11691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.415073][T11691] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 384.423710][T11691] [ 384.893043][T11701] netlink: 'syz.0.1794': attribute type 6 has an invalid length. [ 385.995224][T11723] syzkaller0: entered promiscuous mode [ 386.011799][T11723] syzkaller0: entered allmulticast mode [ 386.262856][T11737] netpci0: tun_chr_ioctl cmd 1074025677 [ 386.287480][T11737] netpci0: linktype set to 769 [ 386.491061][T11751] FAULT_INJECTION: forcing a failure. [ 386.491061][T11751] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 386.526799][T11751] CPU: 0 PID: 11751 Comm: syz.3.1806 Not tainted syzkaller #0 [ 386.534333][T11751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 386.544935][T11751] Call Trace: [ 386.548243][T11751] [ 386.551199][T11751] dump_stack_lvl+0x18c/0x250 [ 386.556369][T11751] ? show_regs_print_info+0x20/0x20 [ 386.561874][T11751] ? load_image+0x420/0x420 [ 386.566428][T11751] ? __lock_acquire+0x7d40/0x7d40 [ 386.571849][T11751] ? perf_trace_lock+0xfc/0x3b0 [ 386.576769][T11751] should_fail_ex+0x39d/0x4d0 [ 386.581529][T11751] prepare_alloc_pages+0x1e2/0x5f0 [ 386.586791][T11751] __alloc_pages+0x134/0x460 [ 386.591517][T11751] ? zone_statistics+0x170/0x170 [ 386.596531][T11751] ? alloc_pages+0x4dc/0x740 [ 386.601248][T11751] ? do_raw_spin_unlock+0x121/0x230 [ 386.606909][T11751] __get_free_pages+0xc/0x30 [ 386.611548][T11751] kasan_populate_vmalloc_pte+0x35/0x100 [ 386.617498][T11751] __apply_to_page_range+0x860/0xdd0 [ 386.622857][T11751] ? kasan_populate_vmalloc+0x70/0x70 [ 386.628477][T11751] ? apply_to_page_range+0x50/0x50 [ 386.634020][T11751] ? do_raw_spin_unlock+0x121/0x230 [ 386.639518][T11751] alloc_vmap_area+0x1d0c/0x1e30 [ 386.644952][T11751] ? vm_map_ram+0xcb0/0xcb0 [ 386.649688][T11751] ? rcu_is_watching+0x15/0xb0 [ 386.654698][T11751] __get_vm_area_node+0x162/0x370 [ 386.659777][T11751] __vmalloc_node_range+0x36e/0x1330 [ 386.665271][T11751] ? htab_map_alloc+0x3da/0xe80 [ 386.670346][T11751] ? _raw_spin_unlock+0x40/0x40 [ 386.675231][T11751] ? pcpu_alloc+0x11db/0x1860 [ 386.680763][T11751] ? bpf_map_alloc_percpu+0xb9/0x1a0 [ 386.686561][T11751] ? free_vm_area+0x50/0x50 [ 386.691661][T11751] bpf_map_area_alloc+0xf1/0x110 [ 386.696866][T11751] ? htab_map_alloc+0x3da/0xe80 [ 386.701937][T11751] htab_map_alloc+0x3da/0xe80 [ 386.706765][T11751] htab_of_map_alloc+0x55/0xc0 [ 386.711558][T11751] map_create+0x877/0x12f0 [ 386.716106][T11751] ? bpf_lsm_bpf+0x9/0x10 [ 386.720745][T11751] __sys_bpf+0x651/0x890 [ 386.726236][T11751] ? bpf_link_show_fdinfo+0x390/0x390 [ 386.731658][T11751] ? lock_chain_count+0x20/0x20 [ 386.736750][T11751] __x64_sys_bpf+0x7c/0x90 [ 386.741269][T11751] do_syscall_64+0x55/0xa0 [ 386.745781][T11751] ? clear_bhb_loop+0x40/0x90 [ 386.750559][T11751] ? clear_bhb_loop+0x40/0x90 [ 386.755377][T11751] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 386.761492][T11751] RIP: 0033:0x7f40c5f9c819 [ 386.766104][T11751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.786580][T11751] RSP: 002b:00007f40c6dec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 386.795333][T11751] RAX: ffffffffffffffda RBX: 00007f40c6215fa0 RCX: 00007f40c5f9c819 [ 386.803409][T11751] RDX: 0000000000000050 RSI: 0000200000000440 RDI: 0000000000000000 [ 386.811916][T11751] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 386.820196][T11751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 386.828187][T11751] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 386.836475][T11751] [ 387.797530][T11776] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1812'. [ 387.991596][T11782] netlink: 'syz.2.1814': attribute type 10 has an invalid length. [ 388.024988][T11782] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1814'. [ 388.074750][T11782] hsr0: entered promiscuous mode [ 389.196396][T11795] netlink: 'syz.1.1817': attribute type 4 has an invalid length. [ 389.225596][T11795] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1817'. [ 390.350478][T11822] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1825'. [ 393.031927][T11859] FAULT_INJECTION: forcing a failure. [ 393.031927][T11859] name failslab, interval 1, probability 0, space 0, times 0 [ 393.045322][T11859] CPU: 0 PID: 11859 Comm: syz.0.1835 Not tainted syzkaller #0 [ 393.053395][T11859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 393.063913][T11859] Call Trace: [ 393.067214][T11859] [ 393.070604][T11859] dump_stack_lvl+0x18c/0x250 [ 393.075400][T11859] ? show_regs_print_info+0x20/0x20 [ 393.080617][T11859] ? load_image+0x420/0x420 [ 393.085344][T11859] should_fail_ex+0x39d/0x4d0 [ 393.090157][T11859] should_failslab+0x9/0x20 [ 393.095031][T11859] slab_pre_alloc_hook+0x59/0x310 [ 393.100334][T11859] kmem_cache_alloc+0x5a/0x2d0 [ 393.105299][T11859] ? __nf_conntrack_alloc+0x99/0x380 [ 393.110700][T11859] __nf_conntrack_alloc+0x99/0x380 [ 393.115875][T11859] init_conntrack+0x177/0xf10 [ 393.120581][T11859] ? early_drop+0x7f0/0x7f0 [ 393.125100][T11859] ? nf_conntrack_find_get+0x650/0x650 [ 393.130575][T11859] ? __local_bh_enable_ip+0x13a/0x1c0 [ 393.135972][T11859] ? __siphash_unaligned+0x22e/0x3a0 [ 393.141453][T11859] nf_conntrack_in+0xc06/0x15c0 [ 393.146344][T11859] ? nf_ct_pernet+0x270/0x270 [ 393.151039][T11859] ? ipt_do_table+0x2c1/0x15e0 [ 393.155939][T11859] ? ipv4_conntrack_defrag+0x29d/0x5a0 [ 393.161592][T11859] ? ip_select_ttl+0xb1/0x330 [ 393.166443][T11859] ? ipv4_conntrack_local+0x123/0x200 [ 393.172042][T11859] ? ipv4_conntrack_in+0x20/0x20 [ 393.177006][T11859] nf_hook_slow+0xbd/0x200 [ 393.181626][T11859] ? nf_hook+0x390/0x390 [ 393.185967][T11859] nf_hook+0x228/0x390 [ 393.190051][T11859] ? nf_hook+0xa2/0x390 [ 393.194213][T11859] ? __ip_local_out+0x5f0/0x5f0 [ 393.199170][T11859] ? nf_hook+0x390/0x390 [ 393.203686][T11859] ? ip_fast_csum+0x1ee/0x2b0 [ 393.208380][T11859] __ip_local_out+0x4db/0x5f0 [ 393.213179][T11859] ? nf_hook+0x390/0x390 [ 393.217609][T11859] ip_send_skb+0x4c/0x1d0 [ 393.221947][T11859] raw_sendmsg+0x163e/0x1c00 [ 393.226593][T11859] ? compat_raw_ioctl+0x70/0x70 [ 393.231905][T11859] ? tomoyo_socket_sendmsg_permission+0x216/0x2f0 [ 393.238771][T11859] ? sock_rps_record_flow+0x19/0x3f0 [ 393.244220][T11859] ? inet_sendmsg+0x7c/0x2f0 [ 393.249017][T11859] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 393.254460][T11859] ? security_socket_sendmsg+0x80/0xa0 [ 393.260303][T11859] ? inet_send_prepare+0x260/0x260 [ 393.265451][T11859] ____sys_sendmsg+0x5ba/0x960 [ 393.270358][T11859] ? __asan_memset+0x22/0x40 [ 393.274988][T11859] ? __sys_sendmsg_sock+0x30/0x30 [ 393.280170][T11859] ? __import_iovec+0x3fa/0x850 [ 393.285037][T11859] ? import_iovec+0x73/0xa0 [ 393.289750][T11859] ___sys_sendmsg+0x2a6/0x360 [ 393.294462][T11859] ? get_pid_task+0x20/0x1e0 [ 393.299078][T11859] ? __sys_sendmsg+0x2a0/0x2a0 [ 393.304045][T11859] ? __lock_acquire+0x7d40/0x7d40 [ 393.309223][T11859] __se_sys_sendmsg+0x1c2/0x2b0 [ 393.314189][T11859] ? __x64_sys_sendmsg+0x80/0x80 [ 393.319860][T11859] ? lockdep_hardirqs_on+0x98/0x150 [ 393.325259][T11859] do_syscall_64+0x55/0xa0 [ 393.329908][T11859] ? clear_bhb_loop+0x40/0x90 [ 393.335116][T11859] ? clear_bhb_loop+0x40/0x90 [ 393.340001][T11859] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 393.345997][T11859] RIP: 0033:0x7f726d79c819 [ 393.350701][T11859] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 393.371024][T11859] RSP: 002b:00007f726e61e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 393.379626][T11859] RAX: ffffffffffffffda RBX: 00007f726da15fa0 RCX: 00007f726d79c819 [ 393.387965][T11859] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 393.396121][T11859] RBP: 00007f726e61e090 R08: 0000000000000000 R09: 0000000000000000 [ 393.404274][T11859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.412531][T11859] R13: 00007f726da16038 R14: 00007f726da15fa0 R15: 00007ffe7ce59458 [ 393.420622][T11859] [ 393.438342][T11861] netlink: 'syz.1.1836': attribute type 21 has an invalid length. [ 393.826611][T11870] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1838'. [ 394.086227][T11877] FAULT_INJECTION: forcing a failure. [ 394.086227][T11877] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 394.126657][T11877] CPU: 1 PID: 11877 Comm: syz.3.1839 Not tainted syzkaller #0 [ 394.134277][T11877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 394.145224][T11877] Call Trace: [ 394.148702][T11877] [ 394.151772][T11877] dump_stack_lvl+0x18c/0x250 [ 394.157534][T11877] ? show_regs_print_info+0x20/0x20 [ 394.163468][T11877] ? load_image+0x420/0x420 [ 394.168231][T11877] ? __lock_acquire+0x7d40/0x7d40 [ 394.173451][T11877] ? snprintf+0xe9/0x140 [ 394.178166][T11877] should_fail_ex+0x39d/0x4d0 [ 394.183288][T11877] _copy_to_user+0x2f/0xa0 [ 394.187903][T11877] simple_read_from_buffer+0xe7/0x150 [ 394.193816][T11877] proc_fail_nth_read+0x1e8/0x260 [ 394.200348][T11877] ? proc_fault_inject_write+0x360/0x360 [ 394.206221][T11877] ? fsnotify_perm+0x271/0x5e0 [ 394.211235][T11877] ? proc_fault_inject_write+0x360/0x360 [ 394.217249][T11877] vfs_read+0x28b/0x970 [ 394.221752][T11877] ? kernel_read+0x1e0/0x1e0 [ 394.226455][T11877] ? __fget_files+0x28/0x4b0 [ 394.231156][T11877] ? __fget_files+0x28/0x4b0 [ 394.235789][T11877] ? __fget_files+0x43d/0x4b0 [ 394.240667][T11877] ? __fdget_pos+0x2a3/0x330 [ 394.245265][T11877] ? ksys_read+0x75/0x260 [ 394.249599][T11877] ksys_read+0x150/0x260 [ 394.253844][T11877] ? vfs_write+0x990/0x990 [ 394.258472][T11877] ? lockdep_hardirqs_on+0x98/0x150 [ 394.263899][T11877] do_syscall_64+0x55/0xa0 [ 394.268497][T11877] ? clear_bhb_loop+0x40/0x90 [ 394.273174][T11877] ? clear_bhb_loop+0x40/0x90 [ 394.277873][T11877] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 394.284125][T11877] RIP: 0033:0x7f40c5f5d04e [ 394.288541][T11877] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 394.308437][T11877] RSP: 002b:00007f40c6debfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 394.316939][T11877] RAX: ffffffffffffffda RBX: 00007f40c6dec6c0 RCX: 00007f40c5f5d04e [ 394.325005][T11877] RDX: 000000000000000f RSI: 00007f40c6dec0a0 RDI: 0000000000000004 [ 394.333147][T11877] RBP: 00007f40c6dec090 R08: 0000000000000000 R09: 0000000000000000 [ 394.341476][T11877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 394.349902][T11877] R13: 00007f40c6216038 R14: 00007f40c6215fa0 R15: 00007fff6d8da108 [ 394.358193][T11877] [ 396.118036][T11905] netlink: 'syz.1.1848': attribute type 4 has an invalid length. [ 396.194034][T11909] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.1850'. [ 396.210606][T11909] bridge_slave_1: default FDB implementation only supports local addresses [ 396.837110][T11927] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1853'. [ 396.845057][T11926] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.1856'. [ 396.863277][T11926] openvswitch: netlink: IP tunnel dst address not specified [ 397.237218][T11937] netlink: 959 bytes leftover after parsing attributes in process `syz.3.1859'. [ 397.256808][T11937] bridge_slave_1: default FDB implementation only supports local addresses [ 397.491666][T11943] FAULT_INJECTION: forcing a failure. [ 397.491666][T11943] name failslab, interval 1, probability 0, space 0, times 0 [ 397.526750][T11943] CPU: 1 PID: 11943 Comm: syz.0.1862 Not tainted syzkaller #0 [ 397.534437][T11943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 397.544788][T11943] Call Trace: [ 397.548104][T11943] [ 397.551325][T11943] dump_stack_lvl+0x18c/0x250 [ 397.556243][T11943] ? show_regs_print_info+0x20/0x20 [ 397.561637][T11943] ? load_image+0x420/0x420 [ 397.566252][T11943] should_fail_ex+0x39d/0x4d0 [ 397.571055][T11943] should_failslab+0x9/0x20 [ 397.575908][T11943] slab_pre_alloc_hook+0x59/0x310 [ 397.581071][T11943] ? nf_ct_ext_add+0x1ab/0x440 [ 397.586035][T11943] ? nf_ct_ext_add+0x1ab/0x440 [ 397.590832][T11943] __kmem_cache_alloc_node+0x53/0x250 [ 397.596223][T11943] ? nf_ct_ext_add+0x1ab/0x440 [ 397.600986][T11943] __kmalloc_node_track_caller+0xa2/0x230 [ 397.606726][T11943] krealloc+0x86/0x120 [ 397.611043][T11943] nf_ct_ext_add+0x1ab/0x440 [ 397.615756][T11943] init_conntrack+0x69c/0xf10 [ 397.620441][T11943] ? early_drop+0x7f0/0x7f0 [ 397.625030][T11943] ? nf_conntrack_find_get+0x650/0x650 [ 397.630490][T11943] ? __local_bh_enable_ip+0x13a/0x1c0 [ 397.636040][T11943] ? __siphash_unaligned+0x22e/0x3a0 [ 397.641631][T11943] nf_conntrack_in+0xc06/0x15c0 [ 397.646510][T11943] ? nf_ct_pernet+0x270/0x270 [ 397.651214][T11943] ? ipt_do_table+0x2c1/0x15e0 [ 397.655978][T11943] ? get_random_u32+0x4d1/0x910 [ 397.660974][T11943] ? read_lock_is_recursive+0x20/0x20 [ 397.666634][T11943] ? ipv4_conntrack_defrag+0x29d/0x5a0 [ 397.672290][T11943] ? get_random_u32+0x16f/0x910 [ 397.677239][T11943] ? ipv4_conntrack_local+0x123/0x200 [ 397.682698][T11943] ? ipv4_conntrack_in+0x20/0x20 [ 397.688699][T11943] nf_hook_slow+0xbd/0x200 [ 397.693224][T11943] ? nf_hook+0x390/0x390 [ 397.697642][T11943] nf_hook+0x228/0x390 [ 397.701791][T11943] ? nf_hook+0xa2/0x390 [ 397.705935][T11943] ? __ip_local_out+0x5f0/0x5f0 [ 397.710865][T11943] ? nf_hook+0x390/0x390 [ 397.715194][T11943] ? csum_partial+0x241/0x2c0 [ 397.720050][T11943] ? ip_fast_csum+0x1ee/0x2b0 [ 397.724731][T11943] __ip_local_out+0x4db/0x5f0 [ 397.729464][T11943] ? nf_hook+0x390/0x390 [ 397.733961][T11943] ip_send_skb+0x4c/0x1d0 [ 397.738382][T11943] udp_send_skb+0xa37/0x13a0 [ 397.743084][T11943] udp_sendmsg+0x743/0x23b0 [ 397.747679][T11943] ? mark_lock+0x94/0x320 [ 397.752186][T11943] ? udp_sendmsg+0x23b0/0x23b0 [ 397.757035][T11943] ? udp_cmsg_send+0x350/0x350 [ 397.761974][T11943] ? __lock_acquire+0x1273/0x7d40 [ 397.767028][T11943] ? verify_lock_unused+0x140/0x140 [ 397.772314][T11943] ? aa_label_sk_perm+0x463/0x5c0 [ 397.777872][T11943] udpv6_sendmsg+0x93d/0x2390 [ 397.782824][T11943] ? udpv6_sendmsg+0x2390/0x2390 [ 397.787960][T11943] ? udp_v6_early_demux+0xf80/0xf80 [ 397.793349][T11943] ? __lock_acquire+0x1273/0x7d40 [ 397.798388][T11943] ? inet_send_prepare+0x5c/0x260 [ 397.803623][T11943] ? inet6_sendmsg+0x5f/0xd0 [ 397.808308][T11943] ? inet6_compat_ioctl+0x3c0/0x3c0 [ 397.813877][T11943] ____sys_sendmsg+0x5ba/0x960 [ 397.818815][T11943] ? __asan_memset+0x22/0x40 [ 397.823747][T11943] ? __sys_sendmsg_sock+0x30/0x30 [ 397.829025][T11943] ? __import_iovec+0x3fa/0x850 [ 397.833963][T11943] ? import_iovec+0x73/0xa0 [ 397.838469][T11943] ___sys_sendmsg+0x2a6/0x360 [ 397.843240][T11943] ? __sys_sendmsg+0x2a0/0x2a0 [ 397.848107][T11943] ? __lock_acquire+0x7d40/0x7d40 [ 397.853587][T11943] __se_sys_sendmsg+0x1c2/0x2b0 [ 397.858618][T11943] ? __x64_sys_sendmsg+0x80/0x80 [ 397.863915][T11943] ? lockdep_hardirqs_on+0x98/0x150 [ 397.869988][T11943] do_syscall_64+0x55/0xa0 [ 397.874666][T11943] ? clear_bhb_loop+0x40/0x90 [ 397.879441][T11943] ? clear_bhb_loop+0x40/0x90 [ 397.884464][T11943] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 397.890357][T11943] RIP: 0033:0x7f726d79c819 [ 397.894853][T11943] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 397.915851][T11943] RSP: 002b:00007f726e61e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 397.924260][T11943] RAX: ffffffffffffffda RBX: 00007f726da15fa0 RCX: 00007f726d79c819 [ 397.932499][T11943] RDX: 0000000000000000 RSI: 0000200000000880 RDI: 0000000000000003 [ 397.940828][T11943] RBP: 00007f726e61e090 R08: 0000000000000000 R09: 0000000000000000 [ 397.949062][T11943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.957204][T11943] R13: 00007f726da16038 R14: 00007f726da15fa0 R15: 00007ffe7ce59458 [ 397.965395][T11943] [ 398.673722][T11970] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1870'. [ 398.744153][T11957] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1868'. [ 398.798577][T11957] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 400.193525][T11997] netlink: 'syz.3.1879': attribute type 10 has an invalid length. [ 400.299404][T11997] team_slave_0: left promiscuous mode [ 400.306116][T11997] team_slave_0: left allmulticast mode [ 400.386850][T11997] team0 (unregistering): Port device team_slave_0 removed [ 400.417465][T11997] team_slave_1: left promiscuous mode [ 400.427707][T11997] team_slave_1: left allmulticast mode [ 400.473067][T11997] team0 (unregistering): Port device team_slave_1 removed [ 400.502072][T11997] geneve1: left promiscuous mode [ 400.511936][T11997] geneve1: left allmulticast mode [ 400.532586][T11997] team0 (unregistering): Port device geneve1 removed [ 400.554820][T11997] mac80211_hwsim hwsim8 .3c`19D: left promiscuous mode [ 400.574379][T11997] mac80211_hwsim hwsim8 .3c`19D: left allmulticast mode [ 400.608567][T11997] team0 (unregistering): Port device .3c`19D removed [ 400.621881][T11997] bond0: left promiscuous mode [ 400.628339][T11997] bond0: left allmulticast mode [ 400.633514][T11997] bond_slave_1: left allmulticast mode [ 400.644005][T11997] bond_slave_1: left promiscuous mode [ 400.682644][T11997] team0 (unregistering): Port device bond0 removed [ 400.928288][T12018] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1885'. [ 402.248209][T12038] netlink: 'syz.1.1892': attribute type 10 has an invalid length. [ 402.256374][T12038] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1892'. [ 402.281390][T12038] netlink: 'syz.1.1892': attribute type 10 has an invalid length. [ 402.297153][T12038] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1892'. [ 402.507685][T12048] netlink: 'syz.2.1896': attribute type 10 has an invalid length. [ 402.569556][T12043] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 402.786863][T12057] FAULT_INJECTION: forcing a failure. [ 402.786863][T12057] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 402.802605][T12057] CPU: 1 PID: 12057 Comm: syz.0.1899 Not tainted syzkaller #0 [ 402.810544][T12057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 402.820699][T12057] Call Trace: [ 402.823993][T12057] [ 402.827016][T12057] dump_stack_lvl+0x18c/0x250 [ 402.831718][T12057] ? show_regs_print_info+0x20/0x20 [ 402.836933][T12057] ? load_image+0x420/0x420 [ 402.841538][T12057] ? __lock_acquire+0x7d40/0x7d40 [ 402.847006][T12057] should_fail_ex+0x39d/0x4d0 [ 402.852249][T12057] prepare_alloc_pages+0x1e2/0x5f0 [ 402.857570][T12057] __alloc_pages+0x134/0x460 [ 402.862291][T12057] ? zone_statistics+0x170/0x170 [ 402.867352][T12057] ? alloc_pages+0x4dc/0x740 [ 402.872330][T12057] ? do_raw_spin_unlock+0x121/0x230 [ 402.877558][T12057] __get_free_pages+0xc/0x30 [ 402.882411][T12057] kasan_populate_vmalloc_pte+0x35/0x100 [ 402.888159][T12057] __apply_to_page_range+0x860/0xdd0 [ 402.893566][T12057] ? kasan_populate_vmalloc+0x70/0x70 [ 402.899143][T12057] ? apply_to_page_range+0x50/0x50 [ 402.904265][T12057] ? do_raw_spin_unlock+0x121/0x230 [ 402.909579][T12057] alloc_vmap_area+0x1d0c/0x1e30 [ 402.914820][T12057] ? vm_map_ram+0xcb0/0xcb0 [ 402.919519][T12057] ? rcu_is_watching+0x15/0xb0 [ 402.924382][T12057] __get_vm_area_node+0x162/0x370 [ 402.929423][T12057] __vmalloc_node_range+0x36e/0x1330 [ 402.934884][T12057] ? dev_map_alloc+0x1f6/0x4c0 [ 402.939661][T12057] ? free_vm_area+0x50/0x50 [ 402.944168][T12057] ? rcu_is_watching+0x15/0xb0 [ 402.948935][T12057] ? bpf_map_area_alloc+0x5e/0x110 [ 402.954134][T12057] bpf_map_area_alloc+0xf1/0x110 [ 402.959576][T12057] ? dev_map_alloc+0x1f6/0x4c0 [ 402.964432][T12057] dev_map_alloc+0x1f6/0x4c0 [ 402.969025][T12057] map_create+0x877/0x12f0 [ 402.973531][T12057] ? bpf_lsm_bpf+0x9/0x10 [ 402.977986][T12057] __sys_bpf+0x651/0x890 [ 402.982551][T12057] ? bpf_link_show_fdinfo+0x390/0x390 [ 402.988192][T12057] ? lock_chain_count+0x20/0x20 [ 402.993213][T12057] __x64_sys_bpf+0x7c/0x90 [ 402.997629][T12057] do_syscall_64+0x55/0xa0 [ 403.002057][T12057] ? clear_bhb_loop+0x40/0x90 [ 403.006830][T12057] ? clear_bhb_loop+0x40/0x90 [ 403.011703][T12057] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 403.017695][T12057] RIP: 0033:0x7f726d79c819 [ 403.022548][T12057] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.042533][T12057] RSP: 002b:00007f726e61e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 403.051211][T12057] RAX: ffffffffffffffda RBX: 00007f726da15fa0 RCX: 00007f726d79c819 [ 403.059271][T12057] RDX: 0000000000000050 RSI: 0000200000000580 RDI: 0000000000000000 [ 403.067338][T12057] RBP: 00007f726e61e090 R08: 0000000000000000 R09: 0000000000000000 [ 403.075396][T12057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 403.083546][T12057] R13: 00007f726da16038 R14: 00007f726da15fa0 R15: 00007ffe7ce59458 [ 403.091619][T12057] [ 403.280763][T12066] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.1902'. [ 403.368627][T12065] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 406.210520][T12097] netlink: 'syz.2.1909': attribute type 10 has an invalid length. [ 406.309433][T12092] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 406.475903][T12110] netlink: 'syz.1.1914': attribute type 3 has an invalid length. [ 406.486024][T12110] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1914'. [ 407.916663][T12132] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 408.169037][T12140] netlink: 'syz.3.1923': attribute type 10 has an invalid length. [ 408.268249][T12139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 408.296006][T12143] netlink: 'syz.2.1925': attribute type 3 has an invalid length. [ 408.318089][T12143] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1925'. [ 408.531719][T12158] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1930'. [ 408.760046][T12170] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 409.598441][T12176] netlink: 'syz.2.1936': attribute type 10 has an invalid length. [ 409.884928][T12185] netlink: 'syz.3.1940': attribute type 29 has an invalid length. [ 409.903825][T12185] netlink: 'syz.3.1940': attribute type 29 has an invalid length. [ 409.922561][T12185] netlink: 'syz.3.1940': attribute type 29 has an invalid length. [ 409.938697][T12185] netlink: 'syz.3.1940': attribute type 29 has an invalid length. [ 412.298319][T12214] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 412.481154][T12219] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1950'. [ 412.655410][T12222] FAULT_INJECTION: forcing a failure. [ 412.655410][T12222] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 412.676745][T12222] CPU: 0 PID: 12222 Comm: syz.0.1952 Not tainted syzkaller #0 [ 412.684709][T12222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 412.695235][T12222] Call Trace: [ 412.698676][T12222] [ 412.701734][T12222] dump_stack_lvl+0x18c/0x250 [ 412.706656][T12222] ? show_regs_print_info+0x20/0x20 [ 412.711878][T12222] ? load_image+0x420/0x420 [ 412.716477][T12222] ? __might_fault+0xaa/0x120 [ 412.721160][T12222] ? __lock_acquire+0x7d40/0x7d40 [ 412.726281][T12222] should_fail_ex+0x39d/0x4d0 [ 412.731229][T12222] _copy_to_user+0x2f/0xa0 [ 412.735995][T12222] bpf_test_finish+0x25a/0x650 [ 412.740940][T12222] ? convert_skb_to___skb+0x420/0x420 [ 412.746654][T12222] ? read_tsc+0x9/0x20 [ 412.750983][T12222] bpf_prog_test_run_flow_dissector+0x4c9/0x640 [ 412.758122][T12222] ? xdp_convert_buff_to_md+0x200/0x200 [ 412.764421][T12222] ? __fget_files+0x28/0x4b0 [ 412.769272][T12222] ? __fget_files+0x28/0x4b0 [ 412.774139][T12222] ? xdp_convert_buff_to_md+0x200/0x200 [ 412.780186][T12222] bpf_prog_test_run+0x321/0x390 [ 412.785220][T12222] __sys_bpf+0x49d/0x890 [ 412.789741][T12222] ? bpf_link_show_fdinfo+0x390/0x390 [ 412.795487][T12222] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 412.802693][T12222] __x64_sys_bpf+0x7c/0x90 [ 412.807310][T12222] do_syscall_64+0x55/0xa0 [ 412.811717][T12222] ? clear_bhb_loop+0x40/0x90 [ 412.816388][T12222] ? clear_bhb_loop+0x40/0x90 [ 412.821166][T12222] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 412.827237][T12222] RIP: 0033:0x7f726d79c819 [ 412.831920][T12222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 412.852422][T12222] RSP: 002b:00007f726e61e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 412.861271][T12222] RAX: ffffffffffffffda RBX: 00007f726da15fa0 RCX: 00007f726d79c819 [ 412.869498][T12222] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a [ 412.878249][T12222] RBP: 00007f726e61e090 R08: 0000000000000000 R09: 0000000000000000 [ 412.886406][T12222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.895356][T12222] R13: 00007f726da16038 R14: 00007f726da15fa0 R15: 00007ffe7ce59458 [ 412.903438][T12222] [ 413.107974][T12234] A link change request failed with some changes committed already. Interface bcRݘOC may have been left with an inconsistent configuration, please check. [ 414.499803][T12251] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 414.797776][T12264] lo: entered allmulticast mode [ 414.990892][T12264] lo: entered promiscuous mode [ 414.996672][T12264] lo: left allmulticast mode [ 416.932950][T12296] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 417.521697][T12312] netlink: 'syz.0.1978': attribute type 29 has an invalid length. [ 417.573288][T12312] netlink: 'syz.0.1978': attribute type 29 has an invalid length. [ 417.604441][T12309] netlink: 'syz.0.1978': attribute type 29 has an invalid length. [ 417.638001][T12314] netlink: 'syz.0.1978': attribute type 29 has an invalid length. [ 418.649620][T12327] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 419.604267][T12358] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 420.828313][T12368] netlink: 'syz.2.1999': attribute type 10 has an invalid length. [ 420.852716][T12368] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1999'. [ 422.526730][T12405] ref_ctr_offset mismatch. inode: 0x42 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 424.975112][T12421] FAULT_INJECTION: forcing a failure. [ 424.975112][T12421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.007220][T12421] CPU: 1 PID: 12421 Comm: syz.2.2016 Not tainted syzkaller #0 [ 425.014786][T12421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 425.025000][T12421] Call Trace: [ 425.028333][T12421] [ 425.031395][T12421] dump_stack_lvl+0x18c/0x250 [ 425.036254][T12421] ? show_regs_print_info+0x20/0x20 [ 425.041808][T12421] ? load_image+0x420/0x420 [ 425.046623][T12421] ? __lock_acquire+0x7d40/0x7d40 [ 425.051806][T12421] ? snprintf+0xe9/0x140 [ 425.056280][T12421] should_fail_ex+0x39d/0x4d0 [ 425.061120][T12421] _copy_to_user+0x2f/0xa0 [ 425.065658][T12421] simple_read_from_buffer+0xe7/0x150 [ 425.071334][T12421] proc_fail_nth_read+0x1e8/0x260 [ 425.076522][T12421] ? proc_fault_inject_write+0x360/0x360 [ 425.082222][T12421] ? vfs_read+0x275/0x970 [ 425.086631][T12421] ? proc_fault_inject_write+0x360/0x360 [ 425.092335][T12421] vfs_read+0x28b/0x970 [ 425.096618][T12421] ? kernel_read+0x1e0/0x1e0 [ 425.101428][T12421] ? __fget_files+0x28/0x4b0 [ 425.106072][T12421] ? __fget_files+0x28/0x4b0 [ 425.110812][T12421] ? __fget_files+0x43d/0x4b0 [ 425.115651][T12421] ? __fdget_pos+0x2a3/0x330 [ 425.120279][T12421] ? ksys_read+0x75/0x260 [ 425.125000][T12421] ksys_read+0x150/0x260 [ 425.129268][T12421] ? vfs_write+0x990/0x990 [ 425.133796][T12421] ? syscall_enter_from_user_mode+0x2e/0x80 [ 425.139889][T12421] do_syscall_64+0x55/0xa0 [ 425.144345][T12421] ? clear_bhb_loop+0x40/0x90 [ 425.149132][T12421] ? clear_bhb_loop+0x40/0x90 [ 425.154015][T12421] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 425.160271][T12421] RIP: 0033:0x7fe3e7d5d04e [ 425.164976][T12421] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 425.185304][T12421] RSP: 002b:00007fe3e8cecfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 425.193833][T12421] RAX: ffffffffffffffda RBX: 00007fe3e8ced6c0 RCX: 00007fe3e7d5d04e [ 425.202081][T12421] RDX: 000000000000000f RSI: 00007fe3e8ced0a0 RDI: 0000000000000009 [ 425.210264][T12421] RBP: 00007fe3e8ced090 R08: 0000000000000000 R09: 0000000000000000 [ 425.218516][T12421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.226680][T12421] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 425.234918][T12421] [ 427.460643][T12460] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 428.817133][T12483] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 429.329390][T12488] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2030'. [ 430.479656][T12520] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 431.971755][T12560] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 433.683667][T12592] FAULT_INJECTION: forcing a failure. [ 433.683667][T12592] name failslab, interval 1, probability 0, space 0, times 0 [ 433.698366][T12592] CPU: 0 PID: 12592 Comm: syz.2.2066 Not tainted syzkaller #0 [ 433.705866][T12592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 433.715948][T12592] Call Trace: [ 433.719332][T12592] [ 433.722460][T12592] dump_stack_lvl+0x18c/0x250 [ 433.727293][T12592] ? show_regs_print_info+0x20/0x20 [ 433.732631][T12592] ? load_image+0x420/0x420 [ 433.737359][T12592] ? __might_sleep+0xe0/0xe0 [ 433.742074][T12592] ? __lock_acquire+0x7d40/0x7d40 [ 433.747435][T12592] should_fail_ex+0x39d/0x4d0 [ 433.752301][T12592] should_failslab+0x9/0x20 [ 433.756858][T12592] slab_pre_alloc_hook+0x59/0x310 [ 433.762341][T12592] ? tomoyo_encode+0x28b/0x540 [ 433.767397][T12592] ? tomoyo_encode+0x28b/0x540 [ 433.772477][T12592] __kmem_cache_alloc_node+0x53/0x250 [ 433.778226][T12592] ? tomoyo_encode+0x28b/0x540 [ 433.783082][T12592] __kmalloc+0xa4/0x230 [ 433.787859][T12592] tomoyo_encode+0x28b/0x540 [ 433.792579][T12592] tomoyo_realpath_from_path+0x592/0x5d0 [ 433.798419][T12592] tomoyo_path_number_perm+0x248/0x620 [ 433.803977][T12592] ? tomoyo_path_number_perm+0x217/0x620 [ 433.809716][T12592] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 433.815462][T12592] ? ksys_write+0x1c4/0x260 [ 433.820105][T12592] ? __fget_files+0x28/0x4b0 [ 433.825135][T12592] ? __fget_files+0x28/0x4b0 [ 433.829848][T12592] security_file_ioctl+0x70/0xa0 [ 433.835003][T12592] __se_sys_ioctl+0x48/0x170 [ 433.839784][T12592] do_syscall_64+0x55/0xa0 [ 433.844476][T12592] ? clear_bhb_loop+0x40/0x90 [ 433.849689][T12592] ? clear_bhb_loop+0x40/0x90 [ 433.854550][T12592] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 433.860720][T12592] RIP: 0033:0x7fe3e7d9c819 [ 433.865234][T12592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 433.885375][T12592] RSP: 002b:00007fe3e8ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 433.894023][T12592] RAX: ffffffffffffffda RBX: 00007fe3e8015fa0 RCX: 00007fe3e7d9c819 [ 433.901996][T12592] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000004 [ 433.909983][T12592] RBP: 00007fe3e8ced090 R08: 0000000000000000 R09: 0000000000000000 [ 433.918059][T12592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.926079][T12592] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 433.934335][T12592] [ 433.946492][T12592] ERROR: Out of memory at tomoyo_realpath_from_path. [ 434.566747][T12612] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 437.698117][T12616] delete_channel: no stack [ 439.560158][T12677] FAULT_INJECTION: forcing a failure. [ 439.560158][T12677] name failslab, interval 1, probability 0, space 0, times 0 [ 439.573820][T12677] CPU: 1 PID: 12677 Comm: syz.0.2093 Not tainted syzkaller #0 [ 439.581763][T12677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 439.592020][T12677] Call Trace: [ 439.595365][T12677] [ 439.598491][T12677] dump_stack_lvl+0x18c/0x250 [ 439.603297][T12677] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 439.609664][T12677] ? show_regs_print_info+0x20/0x20 [ 439.615342][T12677] ? load_image+0x420/0x420 [ 439.619990][T12677] should_fail_ex+0x39d/0x4d0 [ 439.624716][T12677] should_failslab+0x9/0x20 [ 439.629390][T12677] slab_pre_alloc_hook+0x59/0x310 [ 439.634518][T12677] ? kvmalloc_node+0x70/0x180 [ 439.639228][T12677] ? kvmalloc_node+0x70/0x180 [ 439.644268][T12677] __kmem_cache_alloc_node+0x53/0x250 [ 439.649661][T12677] ? kvmalloc_node+0x70/0x180 [ 439.654343][T12677] __kmalloc_node+0xa4/0x230 [ 439.659045][T12677] kvmalloc_node+0x70/0x180 [ 439.663648][T12677] bpf_test_run_xdp_live+0x1e9/0x1b20 [ 439.669129][T12677] ? 0xffffffffa0004240 [ 439.673397][T12677] ? 0xffffffffa0004240 [ 439.677878][T12677] ? bpf_dispatcher_change_prog+0xcbf/0xf10 [ 439.684051][T12677] ? 0xffffffffa0004240 [ 439.688578][T12677] ? xdp_convert_md_to_buff+0x330/0x330 [ 439.694148][T12677] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 439.700736][T12677] ? _copy_from_user+0xa5/0xe0 [ 439.705597][T12677] ? bpf_test_init+0x119/0x140 [ 439.710454][T12677] ? xdp_convert_md_to_buff+0x5b/0x330 [ 439.715915][T12677] bpf_prog_test_run_xdp+0x7ca/0x10e0 [ 439.721383][T12677] ? dev_put+0x80/0x80 [ 439.725556][T12677] ? dev_put+0x80/0x80 [ 439.729732][T12677] bpf_prog_test_run+0x321/0x390 [ 439.734796][T12677] __sys_bpf+0x49d/0x890 [ 439.739169][T12677] ? bpf_link_show_fdinfo+0x390/0x390 [ 439.744655][T12677] ? lock_chain_count+0x20/0x20 [ 439.749790][T12677] __x64_sys_bpf+0x7c/0x90 [ 439.754415][T12677] do_syscall_64+0x55/0xa0 [ 439.759204][T12677] ? clear_bhb_loop+0x40/0x90 [ 439.764144][T12677] ? clear_bhb_loop+0x40/0x90 [ 439.768907][T12677] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 439.775233][T12677] RIP: 0033:0x7f726d79c819 [ 439.779740][T12677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 439.800163][T12677] RSP: 002b:00007f726e61e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 439.808753][T12677] RAX: ffffffffffffffda RBX: 00007f726da15fa0 RCX: 00007f726d79c819 [ 439.817127][T12677] RDX: 0000000000000050 RSI: 0000200000000b80 RDI: 000000000000000a [ 439.825455][T12677] RBP: 00007f726e61e090 R08: 0000000000000000 R09: 0000000000000000 [ 439.833955][T12677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.842466][T12677] R13: 00007f726da16038 R14: 00007f726da15fa0 R15: 00007ffe7ce59458 [ 439.851734][T12677] [ 440.090832][T12684] FAULT_INJECTION: forcing a failure. [ 440.090832][T12684] name failslab, interval 1, probability 0, space 0, times 0 [ 440.120734][T12686] netlink: 'syz.0.2095': attribute type 33 has an invalid length. [ 440.124757][T12684] CPU: 0 PID: 12684 Comm: syz.1.2097 Not tainted syzkaller #0 [ 440.129277][T12686] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2095'. [ 440.136741][T12684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 440.136759][T12684] Call Trace: [ 440.136768][T12684] [ 440.136775][T12684] dump_stack_lvl+0x18c/0x250 [ 440.136805][T12684] ? show_regs_print_info+0x20/0x20 [ 440.136826][T12684] ? load_image+0x420/0x420 [ 440.136847][T12684] ? __might_sleep+0xe0/0xe0 [ 440.182454][T12684] ? __lock_acquire+0x7d40/0x7d40 [ 440.187609][T12684] should_fail_ex+0x39d/0x4d0 [ 440.192690][T12684] should_failslab+0x9/0x20 [ 440.197501][T12684] slab_pre_alloc_hook+0x59/0x310 [ 440.202831][T12684] kmem_cache_alloc_node+0x60/0x320 [ 440.208156][T12684] ? __alloc_skb+0x103/0x2c0 [ 440.212791][T12684] __alloc_skb+0x103/0x2c0 [ 440.217235][T12684] alloc_skb_with_frags+0xca/0x7b0 [ 440.222375][T12684] ? is_bpf_text_address+0x28f/0x2a0 [ 440.227699][T12684] ? is_bpf_text_address+0x26/0x2a0 [ 440.233197][T12684] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 440.239459][T12684] ? kernel_text_address+0xa0/0xd0 [ 440.244837][T12684] sock_alloc_send_pskb+0x883/0x9a0 [ 440.250071][T12684] ? arch_stack_walk+0x160/0x190 [ 440.255570][T12684] ? sock_kzfree_s+0x50/0x50 [ 440.260452][T12684] ? __stack_depot_save+0x1f/0x630 [ 440.265652][T12684] ? fib4_rule_action+0x8f/0x330 [ 440.270623][T12684] ? fib4_rule_action+0x8f/0x330 [ 440.275728][T12684] ? kasan_set_track+0x5f/0x70 [ 440.280583][T12684] ? kasan_set_track+0x4e/0x70 [ 440.285342][T12684] ? __kasan_kmalloc+0x8f/0xa0 [ 440.290280][T12684] ? ip_setup_cork+0x22e/0x860 [ 440.295036][T12684] __ip_append_data+0x2ac1/0x3d40 [ 440.300074][T12684] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 440.304922][T12684] ? ip_setup_cork+0x2a4/0x860 [ 440.309678][T12684] ? ip_setup_cork+0x860/0x860 [ 440.314437][T12684] ? ip_setup_cork+0x530/0x860 [ 440.319192][T12684] ip_make_skb+0x22b/0x440 [ 440.323692][T12684] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 440.328554][T12684] ? ip_flush_pending_frames+0x250/0x250 [ 440.334278][T12684] udp_sendmsg+0x1ade/0x23b0 [ 440.339047][T12684] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 440.343883][T12684] ? udp_cmsg_send+0x350/0x350 [ 440.348640][T12684] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 440.354632][T12684] ? lock_chain_count+0x20/0x20 [ 440.359677][T12684] ? inet_sendmsg+0x14b/0x2f0 [ 440.364359][T12684] ? __local_bh_enable_ip+0x13a/0x1c0 [ 440.370255][T12684] ? _local_bh_enable+0xa0/0xa0 [ 440.375202][T12684] ? inet_sendmsg+0x14b/0x2f0 [ 440.380230][T12684] ? inet_sendmsg+0x14b/0x2f0 [ 440.385200][T12684] ? inet_send_prepare+0x260/0x260 [ 440.390655][T12684] ____sys_sendmsg+0x5ba/0x960 [ 440.396104][T12684] ? __lock_acquire+0x7d40/0x7d40 [ 440.401214][T12684] ? __sys_sendmsg_sock+0x30/0x30 [ 440.406365][T12684] ? __import_iovec+0x5f2/0x850 [ 440.411349][T12684] ? import_iovec+0x73/0xa0 [ 440.415862][T12684] ___sys_sendmsg+0x2a6/0x360 [ 440.420624][T12684] ? get_pid_task+0x20/0x1e0 [ 440.425218][T12684] ? __sys_sendmsg+0x2a0/0x2a0 [ 440.429986][T12684] ? __lock_acquire+0x7d40/0x7d40 [ 440.435025][T12684] __se_sys_sendmsg+0x1c2/0x2b0 [ 440.440050][T12684] ? __x64_sys_sendmsg+0x80/0x80 [ 440.445083][T12684] ? lockdep_hardirqs_on+0x98/0x150 [ 440.450711][T12684] do_syscall_64+0x55/0xa0 [ 440.455118][T12684] ? clear_bhb_loop+0x40/0x90 [ 440.459968][T12684] ? clear_bhb_loop+0x40/0x90 [ 440.465187][T12684] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 440.471291][T12684] RIP: 0033:0x7f494b59c819 [ 440.476068][T12684] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 440.495937][T12684] RSP: 002b:00007f494c48e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 440.504354][T12684] RAX: ffffffffffffffda RBX: 00007f494b815fa0 RCX: 00007f494b59c819 [ 440.512494][T12684] RDX: 0000000000000000 RSI: 0000200000000b40 RDI: 0000000000000004 [ 440.520631][T12684] RBP: 00007f494c48e090 R08: 0000000000000000 R09: 0000000000000000 [ 440.528631][T12684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 440.536700][T12684] R13: 00007f494b816038 R14: 00007f494b815fa0 R15: 00007ffe30b583f8 [ 440.544808][T12684] [ 440.567220][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.573682][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.628126][T12685] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2096'. [ 441.120607][T12708] netlink: 'syz.0.2106': attribute type 7 has an invalid length. [ 441.710799][T12716] netlink: 'syz.1.2109': attribute type 10 has an invalid length. [ 441.902132][T12723] netlink: 'syz.3.2112': attribute type 10 has an invalid length. [ 442.625906][T12752] ref_ctr_offset mismatch. inode: 0x42 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 444.798183][T12772] batadv0: left allmulticast mode [ 444.821352][T12772] FAULT_INJECTION: forcing a failure. [ 444.821352][T12772] name failslab, interval 1, probability 0, space 0, times 0 [ 444.870828][T12772] CPU: 1 PID: 12772 Comm: syz.2.2126 Not tainted syzkaller #0 [ 444.878749][T12772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 444.889119][T12772] Call Trace: [ 444.892408][T12772] [ 444.895347][T12772] dump_stack_lvl+0x18c/0x250 [ 444.900061][T12772] ? show_regs_print_info+0x20/0x20 [ 444.905273][T12772] ? load_image+0x420/0x420 [ 444.909982][T12772] ? verify_lock_unused+0x140/0x140 [ 444.915494][T12772] ? perf_trace_lock+0x304/0x3b0 [ 444.920469][T12772] should_fail_ex+0x39d/0x4d0 [ 444.925364][T12772] should_failslab+0x9/0x20 [ 444.929883][T12772] slab_pre_alloc_hook+0x59/0x310 [ 444.935109][T12772] kmem_cache_alloc+0x5a/0x2d0 [ 444.939905][T12772] ? skb_clone+0x1eb/0x370 [ 444.944636][T12772] skb_clone+0x1eb/0x370 [ 444.948986][T12772] __netlink_deliver_tap+0x41c/0x830 [ 444.954311][T12772] ? netlink_deliver_tap+0x2e/0x1b0 [ 444.959623][T12772] netlink_deliver_tap+0x19c/0x1b0 [ 444.964858][T12772] netlink_unicast+0x72c/0x8d0 [ 444.969760][T12772] netlink_sendmsg+0x8d0/0xbf0 [ 444.974647][T12772] ? perf_trace_lock+0x304/0x3b0 [ 444.979784][T12772] ? netlink_getsockopt+0x590/0x590 [ 444.985003][T12772] ? aa_sock_msg_perm+0x94/0x150 [ 444.990114][T12772] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 444.995588][T12772] ? security_socket_sendmsg+0x80/0xa0 [ 445.002045][T12772] ? netlink_getsockopt+0x590/0x590 [ 445.007369][T12772] ____sys_sendmsg+0x5ba/0x960 [ 445.012419][T12772] ? __asan_memset+0x22/0x40 [ 445.017285][T12772] ? __sys_sendmsg_sock+0x30/0x30 [ 445.022405][T12772] ? __import_iovec+0x5f2/0x850 [ 445.027395][T12772] ? import_iovec+0x73/0xa0 [ 445.032033][T12772] ___sys_sendmsg+0x2a6/0x360 [ 445.036932][T12772] ? __sys_sendmsg+0x2a0/0x2a0 [ 445.041859][T12772] ? __lock_acquire+0x7d40/0x7d40 [ 445.047002][T12772] __se_sys_sendmsg+0x1c2/0x2b0 [ 445.052167][T12772] ? __x64_sys_sendmsg+0x80/0x80 [ 445.057344][T12772] ? lockdep_hardirqs_on+0x98/0x150 [ 445.062759][T12772] do_syscall_64+0x55/0xa0 [ 445.067276][T12772] ? clear_bhb_loop+0x40/0x90 [ 445.072272][T12772] ? clear_bhb_loop+0x40/0x90 [ 445.076965][T12772] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 445.082962][T12772] RIP: 0033:0x7fe3e7d9c819 [ 445.087437][T12772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 445.107592][T12772] RSP: 002b:00007fe3e8ced028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 445.117284][T12772] RAX: ffffffffffffffda RBX: 00007fe3e8015fa0 RCX: 00007fe3e7d9c819 [ 445.125375][T12772] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000009 [ 445.133734][T12772] RBP: 00007fe3e8ced090 R08: 0000000000000000 R09: 0000000000000000 [ 445.141811][T12772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 445.150226][T12772] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 445.158614][T12772] [ 445.310931][T12772] netlink: 'syz.2.2126': attribute type 10 has an invalid length. [ 445.322916][T12772] batadv0: left promiscuous mode [ 445.388832][T12772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.418368][T12772] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 448.208540][T12809] FAULT_INJECTION: forcing a failure. [ 448.208540][T12809] name failslab, interval 1, probability 0, space 0, times 0 [ 448.247126][T12809] CPU: 0 PID: 12809 Comm: syz.2.2139 Not tainted syzkaller #0 [ 448.254669][T12809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 448.265563][T12809] Call Trace: [ 448.268887][T12809] [ 448.271908][T12809] dump_stack_lvl+0x18c/0x250 [ 448.276841][T12809] ? show_regs_print_info+0x20/0x20 [ 448.282298][T12809] ? load_image+0x420/0x420 [ 448.286865][T12809] ? verify_lock_unused+0x140/0x140 [ 448.292191][T12809] ? perf_trace_lock+0x304/0x3b0 [ 448.297271][T12809] should_fail_ex+0x39d/0x4d0 [ 448.302007][T12809] should_failslab+0x9/0x20 [ 448.306640][T12809] slab_pre_alloc_hook+0x59/0x310 [ 448.312258][T12809] kmem_cache_alloc+0x5a/0x2d0 [ 448.317496][T12809] ? skb_clone+0x1eb/0x370 [ 448.322235][T12809] skb_clone+0x1eb/0x370 [ 448.326674][T12809] __netlink_deliver_tap+0x41c/0x830 [ 448.332304][T12809] ? netlink_deliver_tap+0x2e/0x1b0 [ 448.337643][T12809] netlink_deliver_tap+0x19c/0x1b0 [ 448.342897][T12809] netlink_unicast+0x72c/0x8d0 [ 448.347928][T12809] netlink_sendmsg+0x8d0/0xbf0 [ 448.352822][T12809] ? perf_trace_lock+0x304/0x3b0 [ 448.357995][T12809] ? netlink_getsockopt+0x590/0x590 [ 448.363603][T12809] ? aa_sock_msg_perm+0x94/0x150 [ 448.368693][T12809] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 448.374022][T12809] ? security_socket_sendmsg+0x80/0xa0 [ 448.379610][T12809] ? netlink_getsockopt+0x590/0x590 [ 448.385044][T12809] ____sys_sendmsg+0x5ba/0x960 [ 448.389850][T12809] ? __asan_memset+0x22/0x40 [ 448.394641][T12809] ? __sys_sendmsg_sock+0x30/0x30 [ 448.399847][T12809] ? __import_iovec+0x5f2/0x850 [ 448.405076][T12809] ? import_iovec+0x73/0xa0 [ 448.410082][T12809] ___sys_sendmsg+0x2a6/0x360 [ 448.415090][T12809] ? __sys_sendmsg+0x2a0/0x2a0 [ 448.420179][T12809] ? __lock_acquire+0x7d40/0x7d40 [ 448.425362][T12809] __se_sys_sendmsg+0x1c2/0x2b0 [ 448.430235][T12809] ? __x64_sys_sendmsg+0x80/0x80 [ 448.435307][T12809] ? lockdep_hardirqs_on+0x98/0x150 [ 448.440644][T12809] do_syscall_64+0x55/0xa0 [ 448.445104][T12809] ? clear_bhb_loop+0x40/0x90 [ 448.449982][T12809] ? clear_bhb_loop+0x40/0x90 [ 448.454875][T12809] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 448.461114][T12809] RIP: 0033:0x7fe3e7d9c819 [ 448.465652][T12809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 448.485560][T12809] RSP: 002b:00007fe3e8ced028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 448.494330][T12809] RAX: ffffffffffffffda RBX: 00007fe3e8015fa0 RCX: 00007fe3e7d9c819 [ 448.502620][T12809] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 448.511146][T12809] RBP: 00007fe3e8ced090 R08: 0000000000000000 R09: 0000000000000000 [ 448.519393][T12809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 448.527633][T12809] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 448.536005][T12809] [ 449.612673][T12815] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 452.028714][T12845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 453.360645][T12879] : renamed from bond_slave_0 [ 453.378410][ C0] ================================================================== [ 453.378426][ C0] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900 [ 453.378469][ C0] Write of size 48 at addr ffff88802bda7f10 by task syz.2.2164/12878 [ 453.378484][ C0] [ 453.378490][ C0] CPU: 0 PID: 12878 Comm: syz.2.2164 Not tainted syzkaller #0 [ 453.378506][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 453.378516][ C0] Call Trace: [ 453.378523][ C0] <#DB> [ 453.378530][ C0] dump_stack_lvl+0x18c/0x250 [ 453.378562][ C0] ? __lock_acquire+0x7d40/0x7d40 [ 453.378584][ C0] ? show_regs_print_info+0x20/0x20 [ 453.378609][ C0] ? load_image+0x420/0x420 [ 453.378632][ C0] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 453.378656][ C0] ? __virt_addr_valid+0x18c/0x540 [ 453.378676][ C0] ? __virt_addr_valid+0x469/0x540 [ 453.378697][ C0] print_report+0xa8/0x210 [ 453.378718][ C0] ? __bpf_get_stackid+0x6bf/0x900 [ 453.378736][ C0] kasan_report+0x117/0x150 [ 453.378760][ C0] ? __bpf_get_stackid+0x6bf/0x900 [ 453.378788][ C0] kasan_check_range+0x241/0x290 [ 453.378807][ C0] ? __bpf_get_stackid+0x6bf/0x900 [ 453.378829][ C0] __asan_memcpy+0x40/0x70 [ 453.378852][ C0] __bpf_get_stackid+0x6bf/0x900 [ 453.378883][ C0] bpf_get_stackid_pe+0x343/0x410 [ 453.378912][ C0] bpf_prog_ebdd8313a69a195f+0x30/0x45 [ 453.378932][ C0] bpf_overflow_handler+0x1fc/0x510 [ 453.378956][ C0] ? perf_prepare_header+0x1e0/0x1e0 [ 453.378976][ C0] ? bpf_overflow_handler+0xde/0x510 [ 453.378997][ C0] ? tp_perf_event_destroy+0x20/0x20 [ 453.379017][ C0] ? lock_release+0xb5/0x8c0 [ 453.379042][ C0] ? __perf_event_account_interrupt+0x187/0x280 [ 453.379063][ C0] __perf_event_overflow+0x447/0x630 [ 453.379091][ C0] perf_swevent_event+0x319/0x570 [ 453.379114][ C0] ? perf_tp_event+0x1520/0x1520 [ 453.379130][ C0] ? trace_call_bpf+0x5e9/0x6c0 [ 453.379167][ C0] perf_bp_event+0x319/0x430 [ 453.379188][ C0] ? perf_event_free_bpf_prog+0x120/0x120 [ 453.379206][ C0] ? perf_trace_run_bpf_submit+0x125/0x1c0 [ 453.379254][ C0] ? lock_acquire+0x2c2/0x420 [ 453.379279][ C0] hw_breakpoint_exceptions_notify+0x23e/0x670 [ 453.379307][ C0] notifier_call_chain+0x197/0x380 [ 453.379332][ C0] ? atomic_notifier_call_chain+0x26/0x180 [ 453.379354][ C0] atomic_notifier_call_chain+0xda/0x180 [ 453.379378][ C0] notify_die+0x145/0x1a0 [ 453.379402][ C0] ? srcu_init_notifier_head+0x90/0x90 [ 453.379431][ C0] ? rcu_is_watching+0x15/0xb0 [ 453.379462][ C0] notify_debug+0x2e/0x50 [ 453.379479][ C0] exc_debug+0xde/0x140 [ 453.379499][ C0] asm_exc_debug+0x1e/0x40 [ 453.379518][ C0] RIP: 0010:strncpy_from_user+0x103/0x2d0 [ 453.379538][ C0] Code: d3 65 2a fd 49 83 fd 07 0f 86 a1 00 00 00 4c 89 74 24 08 48 c7 44 24 10 f8 ff ff ff 45 31 e4 4c 89 3c 24 49 89 de 4f 8b 3c 27 <48> b8 ff fe fe fe fe fe fe fe 49 8d 1c 07 4c 89 fd 48 f7 d5 48 b8 [ 453.379552][ C0] RSP: 0018:ffffc9000edefe60 EFLAGS: 00040216 [ 453.379568][ C0] RAX: ffffffff845cc102 RBX: ffff88805278b320 RCX: 0000000000080000 [ 453.379580][ C0] RDX: ffffc9000cb89000 RSI: 00000000000001cd RDI: 00000000000001ce [ 453.379591][ C0] RBP: 0000000000000000 R08: ffffea000149e207 R09: 1ffffd4000293c40 [ 453.379602][ C0] R10: dffffc0000000000 R11: fffff94000293c41 R12: 0000000000000300 [ 453.379614][ C0] R13: 0000000000000fe0 R14: ffff88805278b320 R15: 6161616161616161 [ 453.379634][ C0] ? strncpy_from_user+0x172/0x2d0 [ 453.379660][ C0] [ 453.379665][ C0] [ 453.379677][ C0] getname_flags+0xf6/0x500 [ 453.379704][ C0] __x64_sys_mkdir+0x5f/0x80 [ 453.379722][ C0] do_syscall_64+0x55/0xa0 [ 453.379735][ C0] ? clear_bhb_loop+0x40/0x90 [ 453.379753][ C0] ? clear_bhb_loop+0x40/0x90 [ 453.379773][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 453.379791][ C0] RIP: 0033:0x7fe3e7d9c819 [ 453.379805][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.379818][ C0] RSP: 002b:00007fe3e8ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 453.379834][ C0] RAX: ffffffffffffffda RBX: 00007fe3e8015fa0 RCX: 00007fe3e7d9c819 [ 453.379846][ C0] RDX: 0000000000000000 RSI: 0000000000000043 RDI: 0000200000000000 [ 453.379857][ C0] RBP: 00007fe3e7e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 453.379867][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.379877][ C0] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 453.379906][ C0] [ 453.379912][ C0] [ 453.379914][ C0] Allocated by task 12878: [ 453.379927][ C0] kasan_set_track+0x4e/0x70 [ 453.379944][ C0] __kasan_kmalloc+0x8f/0xa0 [ 453.379959][ C0] __kmalloc_node+0xb4/0x230 [ 453.379979][ C0] bpf_map_area_alloc+0x5e/0x110 [ 453.379996][ C0] prealloc_elems_and_freelist+0x86/0x1c0 [ 453.380013][ C0] stack_map_alloc+0x33a/0x4c0 [ 453.380027][ C0] map_create+0x877/0x12f0 [ 453.380042][ C0] __sys_bpf+0x651/0x890 [ 453.380054][ C0] __x64_sys_bpf+0x7c/0x90 [ 453.380067][ C0] do_syscall_64+0x55/0xa0 [ 453.380079][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 453.380094][ C0] [ 453.380097][ C0] Last potentially related work creation: [ 453.380102][ C0] kasan_save_stack+0x3e/0x60 [ 453.380116][ C0] __kasan_record_aux_stack+0xaf/0xc0 [ 453.380134][ C0] call_rcu+0x153/0x950 [ 453.380151][ C0] __nf_register_net_hook+0x788/0x910 [ 453.380168][ C0] nf_register_net_hook+0xb2/0x190 [ 453.380182][ C0] nf_register_net_hooks+0x44/0x1b0 [ 453.380198][ C0] nf_ct_netns_do_get+0x213/0x5c0 [ 453.380213][ C0] nf_ct_netns_inet_get+0x3b/0x150 [ 453.380228][ C0] nf_conncount_init+0x127/0x380 [ 453.380242][ C0] ovs_ct_init+0x316/0x490 [ 453.380259][ C0] ovs_init_net+0x1e6/0x250 [ 453.380278][ C0] ops_init+0x397/0x640 [ 453.380298][ C0] setup_net+0x3b6/0xa30 [ 453.380317][ C0] copy_net_ns+0x36d/0x5e0 [ 453.380336][ C0] create_new_namespaces+0x3d3/0x6f0 [ 453.380350][ C0] copy_namespaces+0x430/0x4a0 [ 453.380363][ C0] copy_process+0x1724/0x3d80 [ 453.380377][ C0] kernel_clone+0x24b/0x8a0 [ 453.380391][ C0] __x64_sys_clone+0x1b7/0x230 [ 453.380406][ C0] do_syscall_64+0x55/0xa0 [ 453.380418][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 453.380435][ C0] [ 453.380438][ C0] Second to last potentially related work creation: [ 453.380442][ C0] kasan_save_stack+0x3e/0x60 [ 453.380465][ C0] __kasan_record_aux_stack+0xaf/0xc0 [ 453.380480][ C0] call_rcu+0x153/0x950 [ 453.380495][ C0] __nf_register_net_hook+0x788/0x910 [ 453.380512][ C0] nf_register_net_hook+0xb2/0x190 [ 453.380528][ C0] nf_register_net_hooks+0x44/0x1b0 [ 453.380543][ C0] nf_ct_netns_do_get+0x213/0x5c0 [ 453.380558][ C0] nf_ct_netns_inet_get+0x3b/0x150 [ 453.380575][ C0] nf_conncount_init+0x127/0x380 [ 453.380588][ C0] ovs_ct_init+0x316/0x490 [ 453.380604][ C0] ovs_init_net+0x1e6/0x250 [ 453.380622][ C0] ops_init+0x397/0x640 [ 453.380640][ C0] setup_net+0x3b6/0xa30 [ 453.380658][ C0] copy_net_ns+0x36d/0x5e0 [ 453.380676][ C0] create_new_namespaces+0x3d3/0x6f0 [ 453.380691][ C0] copy_namespaces+0x430/0x4a0 [ 453.380705][ C0] copy_process+0x1724/0x3d80 [ 453.380719][ C0] kernel_clone+0x24b/0x8a0 [ 453.380732][ C0] __x64_sys_clone+0x1b7/0x230 [ 453.380746][ C0] do_syscall_64+0x55/0xa0 [ 453.380758][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 453.380773][ C0] [ 453.380776][ C0] The buggy address belongs to the object at ffff88802bda7f00 [ 453.380776][ C0] which belongs to the cache kmalloc-cg-64 of size 64 [ 453.380790][ C0] The buggy address is located 16 bytes inside of [ 453.380790][ C0] allocated 40-byte region [ffff88802bda7f00, ffff88802bda7f28) [ 453.380806][ C0] [ 453.380809][ C0] The buggy address belongs to the physical page: [ 453.380823][ C0] page:ffffea0000af69c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2bda7 [ 453.380841][ C0] memcg:ffff888030c44e01 [ 453.380847][ C0] anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 453.380862][ C0] page_type: 0xffffffff() [ 453.380875][ C0] raw: 00fff00000000800 ffff888017c4da00 0000000000000000 dead000000000001 [ 453.380887][ C0] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff888030c44e01 [ 453.380895][ C0] page dumped because: kasan: bad access detected [ 453.380906][ C0] page_owner tracks the page as allocated [ 453.380910][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3443, tgid 3443 (kworker/u4:9), ts 93373162487, free_ts 92504589918 [ 453.380934][ C0] post_alloc_hook+0x1c1/0x200 [ 453.380955][ C0] get_page_from_freelist+0x1951/0x19e0 [ 453.380969][ C0] __alloc_pages+0x1f0/0x460 [ 453.380980][ C0] alloc_slab_page+0x5d/0x160 [ 453.380993][ C0] new_slab+0x87/0x2d0 [ 453.381004][ C0] ___slab_alloc+0xc5d/0x12f0 [ 453.381025][ C0] __kmem_cache_alloc_node+0x19e/0x250 [ 453.381045][ C0] __kmalloc_node+0xa4/0x230 [ 453.381064][ C0] kvmalloc_node+0x70/0x180 [ 453.381081][ C0] __nf_hook_entries_try_shrink+0x310/0x6d0 [ 453.381099][ C0] __nf_unregister_net_hook+0x4e1/0x6e0 [ 453.381116][ C0] nf_unregister_net_hooks+0xcb/0x130 [ 453.381133][ C0] nf_ct_netns_put+0x36d/0x520 [ 453.381149][ C0] nf_conncount_destroy+0x41/0x150 [ 453.381164][ C0] ovs_ct_exit+0x9c/0x200 [ 453.381178][ C0] ovs_exit_net+0xed/0x7a0 [ 453.381196][ C0] page last free stack trace: [ 453.381199][ C0] free_unref_page_prepare+0x7b2/0x8c0 [ 453.381219][ C0] free_unref_page_list+0xbe/0x860 [ 453.381238][ C0] release_pages+0x1f7a/0x2200 [ 453.381253][ C0] tlb_flush_mmu+0x379/0x510 [ 453.381272][ C0] tlb_finish_mmu+0xf9/0x220 [ 453.381291][ C0] exit_mmap+0x428/0xb90 [ 453.381308][ C0] __mmput+0x118/0x3c0 [ 453.381320][ C0] exit_mm+0x1f2/0x2c0 [ 453.381339][ C0] do_exit+0x8dd/0x2460 [ 453.381357][ C0] do_group_exit+0x21b/0x2d0 [ 453.381376][ C0] get_signal+0x12fc/0x13f0 [ 453.381389][ C0] arch_do_signal_or_restart+0xc2/0x800 [ 453.381410][ C0] exit_to_user_mode_loop+0x70/0x110 [ 453.381430][ C0] exit_to_user_mode_prepare+0xee/0x180 [ 453.381455][ C0] syscall_exit_to_user_mode+0x1a/0x50 [ 453.381473][ C0] do_syscall_64+0x61/0xa0 [ 453.381486][ C0] [ 453.381489][ C0] Memory state around the buggy address: [ 453.381497][ C0] ffff88802bda7e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 453.381508][ C0] ffff88802bda7e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 453.381519][ C0] >ffff88802bda7f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 453.381526][ C0] ^ [ 453.381534][ C0] ffff88802bda7f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 453.381544][ C0] ffff88802bda8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 453.381552][ C0] ================================================================== [ 453.381570][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 453.381577][ C0] CPU: 0 PID: 12878 Comm: syz.2.2164 Not tainted syzkaller #0 [ 453.381593][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 453.381602][ C0] Call Trace: [ 453.381608][ C0] <#DB> [ 453.381614][ C0] dump_stack_lvl+0x18c/0x250 [ 453.381643][ C0] ? show_regs_print_info+0x20/0x20 [ 453.381668][ C0] ? load_image+0x420/0x420 [ 453.381703][ C0] panic+0x2dc/0x730 [ 453.381721][ C0] ? __lock_acquire+0x7d40/0x7d40 [ 453.381743][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 453.381770][ C0] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 453.381789][ C0] ? _raw_spin_unlock+0x40/0x40 [ 453.381811][ C0] ? __bpf_get_stackid+0x6bf/0x900 [ 453.381826][ C0] check_panic_on_warn+0x84/0xa0 [ 453.381845][ C0] ? __bpf_get_stackid+0x6bf/0x900 [ 453.381862][ C0] end_report+0x6f/0x130 [ 453.381881][ C0] kasan_report+0x128/0x150 [ 453.381903][ C0] ? __bpf_get_stackid+0x6bf/0x900 [ 453.381930][ C0] kasan_check_range+0x241/0x290 [ 453.381949][ C0] ? __bpf_get_stackid+0x6bf/0x900 [ 453.381970][ C0] __asan_memcpy+0x40/0x70 [ 453.381993][ C0] __bpf_get_stackid+0x6bf/0x900 [ 453.382024][ C0] bpf_get_stackid_pe+0x343/0x410 [ 453.382050][ C0] bpf_prog_ebdd8313a69a195f+0x30/0x45 [ 453.382069][ C0] bpf_overflow_handler+0x1fc/0x510 [ 453.382092][ C0] ? perf_prepare_header+0x1e0/0x1e0 [ 453.382110][ C0] ? bpf_overflow_handler+0xde/0x510 [ 453.382132][ C0] ? tp_perf_event_destroy+0x20/0x20 [ 453.382147][ C0] ? lock_release+0xb5/0x8c0 [ 453.382170][ C0] ? __perf_event_account_interrupt+0x187/0x280 [ 453.382192][ C0] __perf_event_overflow+0x447/0x630 [ 453.382219][ C0] perf_swevent_event+0x319/0x570 [ 453.382242][ C0] ? perf_tp_event+0x1520/0x1520 [ 453.382258][ C0] ? trace_call_bpf+0x5e9/0x6c0 [ 453.382296][ C0] perf_bp_event+0x319/0x430 [ 453.382321][ C0] ? perf_event_free_bpf_prog+0x120/0x120 [ 453.382340][ C0] ? perf_trace_run_bpf_submit+0x125/0x1c0 [ 453.382392][ C0] ? lock_acquire+0x2c2/0x420 [ 453.382420][ C0] hw_breakpoint_exceptions_notify+0x23e/0x670 [ 453.382448][ C0] notifier_call_chain+0x197/0x380 [ 453.382479][ C0] ? atomic_notifier_call_chain+0x26/0x180 [ 453.382502][ C0] atomic_notifier_call_chain+0xda/0x180 [ 453.382524][ C0] notify_die+0x145/0x1a0 [ 453.382547][ C0] ? srcu_init_notifier_head+0x90/0x90 [ 453.382577][ C0] ? rcu_is_watching+0x15/0xb0 [ 453.382601][ C0] notify_debug+0x2e/0x50 [ 453.382617][ C0] exc_debug+0xde/0x140 [ 453.382637][ C0] asm_exc_debug+0x1e/0x40 [ 453.382655][ C0] RIP: 0010:strncpy_from_user+0x103/0x2d0 [ 453.382675][ C0] Code: d3 65 2a fd 49 83 fd 07 0f 86 a1 00 00 00 4c 89 74 24 08 48 c7 44 24 10 f8 ff ff ff 45 31 e4 4c 89 3c 24 49 89 de 4f 8b 3c 27 <48> b8 ff fe fe fe fe fe fe fe 49 8d 1c 07 4c 89 fd 48 f7 d5 48 b8 [ 453.382689][ C0] RSP: 0018:ffffc9000edefe60 EFLAGS: 00040216 [ 453.382703][ C0] RAX: ffffffff845cc102 RBX: ffff88805278b320 RCX: 0000000000080000 [ 453.382715][ C0] RDX: ffffc9000cb89000 RSI: 00000000000001cd RDI: 00000000000001ce [ 453.382726][ C0] RBP: 0000000000000000 R08: ffffea000149e207 R09: 1ffffd4000293c40 [ 453.382736][ C0] R10: dffffc0000000000 R11: fffff94000293c41 R12: 0000000000000300 [ 453.382747][ C0] R13: 0000000000000fe0 R14: ffff88805278b320 R15: 6161616161616161 [ 453.382768][ C0] ? strncpy_from_user+0x172/0x2d0 [ 453.382793][ C0] [ 453.382797][ C0] [ 453.382809][ C0] getname_flags+0xf6/0x500 [ 453.382838][ C0] __x64_sys_mkdir+0x5f/0x80 [ 453.382856][ C0] do_syscall_64+0x55/0xa0 [ 453.382870][ C0] ? clear_bhb_loop+0x40/0x90 [ 453.382889][ C0] ? clear_bhb_loop+0x40/0x90 [ 453.382910][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 453.382928][ C0] RIP: 0033:0x7fe3e7d9c819 [ 453.382941][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.382955][ C0] RSP: 002b:00007fe3e8ced028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 453.382971][ C0] RAX: ffffffffffffffda RBX: 00007fe3e8015fa0 RCX: 00007fe3e7d9c819 [ 453.382983][ C0] RDX: 0000000000000000 RSI: 0000000000000043 RDI: 0000200000000000 [ 453.382993][ C0] RBP: 00007fe3e7e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 453.383003][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.383012][ C0] R13: 00007fe3e8016038 R14: 00007fe3e8015fa0 R15: 00007fff54c42c18 [ 453.383042][ C0] [ 453.383681][ C0] Kernel Offset: disabled