last executing test programs: 6.9316826s ago: executing program 1 (id=4474): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x3502, 0x400000000007}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="180000003f0a0000000000000900000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b703001ad90000008500000083000000bf0900000000000055090100000000009500000000000000bf910040000e000000130000000000008500000084000000b7000000000000f0684039043637febe"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x18, 0xfffffffffffffffc, 0x0, 0x30, '\x00', 0x0, 0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x26) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="1000000000000f000007be3a735f24e47a115b00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000700)={&(0x7f0000000500)="ee8244331e7d9e980502b3e153176553a80bbc93772a7368222d3360c6cda8a2aa85b61c137e657fb6133cc0416bcad4f773b47bacbee0acc45ee1270b3224a1c402db8b394cb9814f51f432f1ae4704c5e00d171de23170", &(0x7f0000000580)=""/46, &(0x7f00000005c0)="1011be9b6e90bc070bc9467397458f1339b0d4bcf35b6efb999b311625d3a23970b649d1ecd901d715e5777402a56dd65da914f144170c4e6b665cd56ca4c7bc25f7921815d945baba6fde16fcf7d9a0e76c8ce04176bfc32dfbcdaca25f71c56b6840e79336cde6c62638c9508f91af70de2b64128024ed71dd9b428a06d54711ef985a9f6df935d7c9087caa79675caa05bafbad63", &(0x7f0000000680)="ab4f304355dd81856c7e095438bbb5dfe0766b57c4d3cd3dd696925949c253c6e9212f5ece076f5edacb4d9dae9b3c432a3b7f258edcc0b9f3684f01f8a2918469af2d66df84b770af2959070e98394e87", 0x7, r0}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x13, 0x1, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x180, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x4000000000000, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x10040) write$cgroup_subtree(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce818d033200fefdfff500000200875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000029c0)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$kcm(0x2a, 0x2, 0x0) syz_clone(0x41064400, 0x0, 0x0, 0x0, 0x0, 0x0) 6.729833642s ago: executing program 0 (id=4476): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000300000000000000000000030000000003000000020000000000000000000000000000010500000010000000010000000000000800000000005f"], 0x0, 0x4f}, 0x20) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf94b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_bp={0x0}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x200003, 0x6, 0x9, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x9, 0x80, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x6}, 0x19000, 0x1, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x4000000, r1, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e1406027fffffff0e000a001000000002", 0x29}], 0x1}, 0x84) 5.968868784s ago: executing program 0 (id=4477): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x1ff, 0x200}, 0x8000, 0xcdd, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100)=@ieee802154={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0002}}}, 0x80, &(0x7f0000000480)=[{&(0x7f00000007c0)="27031c0016001400020000000000000006e1f0000000890900000002ee1680ca82973d2bd4b836954268e611c00aab9715", 0x31}, {&(0x7f0000001980)="7d586d16062b1e1b9685b88189e0093982f6994b8df2fe56386ed999f1b34b06f2f69618bf033adc88f5360397a115f725e1165f4333f06cbce55a5f20f3095d1492f30e34c2e78534aa2059bcdd5e6c215f8a1d23f5b78a8119bd6c6c6e104923606c286343b114791a0a866bcccd0fb4fa8a960d6e7a59fd52884294b949a1a028d0fd8aefa6ee1070863365ffdfc3ab2876f7423594e3ff0182a3b92a1d51842ad30dab67f17c9938c758102e63c18870f229e0ffd2398686915f863c49fdc6e949856be1d47dac4f6d56e49c9fe34ec3306a64761d6fce755e911854ad8aaf1eb5411bdd83773c3dbf8a774f02e39ce9a13692a2e62e497588697b3406011dff49e483b7af2e2ab2324cdb0854dd9c05fcd9f7891d3f4d166b88a26a1463ac7f87ab1108eb14620661c1eb302caa7417ef79e463c0447f90f85a5b7c8dfed05edcd6cd56eb526a10b859e6e23f7e8d0911defae5937f74d4b60e05992585a3a88d7234c77a5038ae4c84942a6dd682094421a9d22e412f8500823a9482dcddef53022db0e12a7ba36547b7a62e5a22279966bf8c9783d5ca2ebcff237bbbc50ae48f87e4bca97b69279826358efe838bd7a503a2d42ee1989e9302a221882e5d149588122a48becb9d21da437bd16fb3f5de45b8a2098d7597c2d12229f5887719ffeacbf702dd2ca8d3208c56f125a4e90207112d664a279eefb37ed3bd9cd4087a1ade4f8afb23bdf540d2342c714425a382c9c70dc444caa1cccb4f378851829702787c5386caed6b9361e8525cb6b25a8caaf3c6090b43a981f03dcc806caaf5d70750859be2de86be08795188b55538e5bb687bacd577d8d8c12dbdd6fb1f180a19012a052d563fef0ed3a87b3df41a64331db2bf12473d38e03160cc18210425e4aeb63766899824508ba8bdf44f97351d1c9d0fd503863bc10443ec1636cd29a611cc2df523eb995d909d1a4f2807853f6f3dc238d59306367fb25ef0b43be8b4b74d49eb1e0a5fd0b2d682b9f42203026c279b470e31da23e41bfa3fb17fcdeca7b27a14a9fcc1b0e6d41efe6f5b357eaff60460cf61fe3ddddb1cf9b19569f98dc79f1280ae1e163f5b2d8efee979ec17d6108d82443189cffb15baca91855646745d319bae3d6cae9dfbb9bbe70d20e74ac9e55b06bf40eb987112f8cd370f212f03c996baf884d4dab522a23d98bd3699fa244c5abac50a9650d199d9ef94ea932edf2153e02c9ec9c2d3d516a128584e4071b6f8aa04727f2703e80523504880b921d4326d648ba677bc920567e5282e4630c0e414b24e5c0799ca1ced216f86aec82fe9687b3f924dfef531b3bc2686a1e3042885bfe23445a7c15dce0090a7eb0ebd69be730c01bca3125e0e17f6e6d3496e599ee2ac90c6d6bb21d2e42ce7cb018ec5d8097d074393a5700c646f7c7ca8d0a81f3d6babdf028ef740f2272a5f2bf8f6978c3c6167f49fb5383e286e603ea58251409f6eb9412387fba434d6a2adae5d87ad5b3eae0b990f4a2860d4eaf4f36cd16762361514b9a5b20523c57771b87b921631113d5a1400de65766c57a2b94939cb4170afbd9cbd1be74832bcb81a8c2ceff17bdb76751ca2b7a2aed7f880ee1e3064271b456bd78f1e7cdf192ddc495a9356ce36d95d75b01616528bfdca5523ab300b1221b1690cb76bc41125b67fed8d04d6115cd2afd8569c1c5c25a007ab9638168d6c16ff4bb4e62cb4f723f43758675e7139c12690ecb34fb9334cf54aefd4d91adda73842bccd2e4d5ce192a92a8a6984156df13fef823cbdcf87ca87dd4d6a1d7a61ce161d319c72a0936a05b0da86fa08091436af30ea6234bffe2c163f9b521c2f886aef8b715a7e48055204172228ad64278968ccd01db0df89806cc8557e5f8a66fcf1dadae893f0b51db73c8035846fee2461fb272546d3b6b96ff24d0beff07ef96c2d157fd751d76079276effada716a933be58bf3ffc4b16fcea0736a508fb73e92cffdf72a7be5accce5fe0d62d79f7776945c474339c89452cc7e02ea69585d2451a1b21b8c3d9f785e62eb55e4927435165e95d807144f82355a8ab35c144c2e9cbfb7e7880344960fbe96283b828a403279d6aefcef8a9d88f615a3ee576d86c6d708d65b959d5954b95ace30f1e6beb145e0d41f544f78791034f325b12af763004ecb9f045c66f9a6812ab148a3ca4d28076c81829e7e41f2dbc65d814c6561cf9209e7d723917fb3e657a3d9f60d65ebac8d7e7e7fe94ddf8e3cf360cb65097d1ac76b893fd730ce923cf96cb6b6e5782b83b10f289621b82c37cafe04c8c5a521d3c6a43f6d15941aaa428bc22db8d53255aa217ffe8e0b02334a2bade0960066e9c84f9713b9912cfb55223d3bd17f3d3df7825bc03e3739a7cdf7e1a3ce0b77df0c6b3bb566922f52e85fbfb3f9dbcd46bf18f1a6734a3ca727a316f750d1d03eaad603674fecb1ec7d879e771c1c37b6c97b098717b40553a13d6a4831c557ab449614f780e68becfeffb8c2af86a3be388658ae1a86d4715f0c7892ffc39158d2f8348ce98eed5fe0ab1afcbd256a5f464867ddcfd077f12f6c8716859c9a46b007191455558efe2f5c4c816104f4515e96d461331d9e69dbdfa6d8e23bb9c5b8012726819f365d50f258ef30d675876fd95e06791864af2e6b4fc08e0f8162341c0cc0f5d238bd8b25e1036ef8f111c69818391237571330e174793350c9c2aada62f21108e144abe0b86ae2711e5f81cf0c1c7b9f89d36b144feada6aae488fc2f613d3868e388a141794162268b33aa35a50962", 0x7c0}], 0x2}, 0x24000008) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], 0x0, 0x26}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r2, 0x29, &(0x7f0000003fc0)}, 0x10) 5.68968106s ago: executing program 0 (id=4480): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x10, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x4637bba83ceb394a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xfca804a0, 0x5, 0x8, &(0x7f00000002c0)="b800000500", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_CREATE(0x0, 0x0, 0x2e) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext, 0x0, 0x5, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x0, 0x106) setsockopt$sock_attach_bpf(r1, 0x6, 0x9, &(0x7f0000000c40)=r1, 0x4) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0x2, 0x1, 0x84) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xffffffffffffffd6) socketpair$unix(0x1, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0xff, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd36, 0x7, 0x9, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x28) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000f2dcc6d0e5bfb6ecc27477a80d1fcf4b137d054bd61743b079bac97f2141d9f3fc65776a653c4ec621d3c20287f5605901decf24849b329a36c04e4b9ed84e68605ca797889c2552b819a920c3ea749c4760aa70f09c9c56b6a43f7c5b6d22e5b85ad8359b1ca3ce6562fb42785fa4a7fee635efcaa4ba6fab659971224383e4bf1c"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f00000000c0)={0x3, 0x1}, 0x8}, 0x94) r4 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x30, 0x0, 0x20000) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r3, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x9e, 0x8, 0x0, 0x0}}, 0x10) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, @perf_config_ext={0x5, 0x20000000000}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000200000000000000000000090400000000000000000000010500001208000000000000000000000300000000040000000200000012000000000000000000000b"], 0x0, 0x5a}, 0x28) socket$kcm(0x10, 0x2, 0x0) r5 = socket$kcm(0x15, 0x5, 0x0) sendmsg$kcm(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0}, 0x0) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$TUNGETFILTER(r6, 0x801054db, &(0x7f0000000180)) socket$kcm(0xa, 0x3, 0x73) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00'}, 0x18) socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x7, 0x7b84}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 5.34102715s ago: executing program 0 (id=4484): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="180000003f0a0000000000000900000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b703001ad90000008500000083000000bf0900000000000055090100000000009500000000000000bf910040000e000000130000000000008500000084000000b7000000000000f0684039043637febe"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x18, 0xfffffffffffffffc, 0x0, 0x30, '\x00', 0x0, 0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x26) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="1000000000000f000007be3a735f24e47a115b00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000700)={&(0x7f0000000500)="ee8244331e7d9e980502b3e153176553a80bbc93772a7368222d3360c6cda8a2aa85b61c137e657fb6133cc0416bcad4f773b47bacbee0acc45ee1270b3224a1c402db8b394cb9814f51f432f1ae4704c5e00d171de23170", &(0x7f0000000580)=""/46, &(0x7f00000005c0)="1011be9b6e90bc070bc9467397458f1339b0d4bcf35b6efb999b311625d3a23970b649d1ecd901d715e5777402a56dd65da914f144170c4e6b665cd56ca4c7bc25f7921815d945baba6fde16fcf7d9a0e76c8ce04176bfc32dfbcdaca25f71c56b6840e79336cde6c62638c9508f91af70de2b64128024ed71dd9b428a06d54711ef985a9f6df935d7c9087caa79675caa05bafbad63", &(0x7f0000000680)="ab4f304355dd81856c7e095438bbb5dfe0766b57c4d3cd3dd696925949c253c6e9212f5ece076f5edacb4d9dae9b3c432a3b7f258edcc0b9f3684f01f8a2918469af2d66df84b770af2959070e98394e87", 0x7, r0}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x13, 0x1, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x180, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x4000000000000, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x10040) write$cgroup_subtree(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce818d033200fefdfff500000200875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000029c0)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$kcm(0x2a, 0x2, 0x0) syz_clone(0x41064400, 0x0, 0x0, 0x0, 0x0, 0x0) 2.256796544s ago: executing program 2 (id=4485): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000300000000000000000000030000000003000000020000000000000000000000000000010500000010000000010000000000000800000000005f"], 0x0, 0x4f}, 0x20) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf94b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_bp={0x0}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x200003, 0x6, 0x9, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x9, 0x80, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x6}, 0x19000, 0x1, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x4000000, r1, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e1406027fffffff0e000a001000000002800000", 0x2c}], 0x1}, 0x84) 2.113375922s ago: executing program 2 (id=4487): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20008044) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe000032"], 0xfe33) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x1, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100, 0x400000, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r3 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_pid(r3, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{}, 0x0, 0x0}, 0x20) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000240)=@generic={&(0x7f0000000040)='./file0\x00', r1}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1}, &(0x7f0000000280), &(0x7f00000002c0)=r1}, 0x20) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r4, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000000000000070000009500000000000000fcacf068d3cf44a168321ad894c3bbd875c31ebe9c5df5f88593d7c49143ac547451febf6dc5247ed7561ff2afe1270f8b4a6e7501ef8377fede75a10314441ea5ec30aad516d43e860b46b2a6c4999e287a9a62d6aaf8158a4f5cd5464cc02960daf0f4af33b7f835d3b897d1a5a8b37ac9290ed4e07915c3aed87f8f72e62bea5d2a7555b2c89e8bbc6b844eefb9a0e9e1f8032d398c7c8db37d30d7e5d389d1d8da21fad20382854975ed7fc72e986cfc6313df59259f5099f4ff389cf200fc28b3eb1ceb190ffb5ef1"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r5}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x91, 0xac, 0x3, 0x0, 0x0, 0xffff, 0x8a410, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x8}, 0x8018, 0x0, 0x3, 0x2, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x0, 0x2, r2, 0x1) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x1, 0x8, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r6, 0x29, 0x23, &(0x7f0000000040), 0xcf) close(r6) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000500), 0x4) 1.872921225s ago: executing program 3 (id=4489): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e0400001d008104e40f80ecdb4cb9f207c804a00d000000880802fb0a0002000afbda00c50083b85b6d28cecac508047209f92bfa252e2d6a5395d9c8307134145b9dd08f7f462b458dfd4f8ee1dc0d9a34f212fb81d6c78ca74819129c2962d2dfd5f3f15ff00b2088c7d864805e27851868341786de4b6304d4e097ca067c188b1d404ea114de8e89b21da7", 0x8d}], 0x1, 0x0, 0x0, 0x5865}, 0xc09d0) 1.77412341s ago: executing program 2 (id=4490): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000200000000000000000000030000000000000000000000000000000000000000000000010502"], 0x0, 0x42}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x8004003a, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.661057577s ago: executing program 3 (id=4491): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x42}, 0x28) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2b8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000b1f8306e05d1e4aab009c16b5c05077115d0749619ca39f89974785ae0619b77c6585f678ac92a3b6b4148f56b43c3dd75d75f97c8f92f60a2def458df05e2fbfb3e849b2b3cffd4f29446ae60dd76654b2639b2bc14350706214a6ab7a712d4317fbc3ca01d0d3ed6110b3775903141a5091a4d3db8eb335414fbdb288aba73aaf6d18000a3a2a069cf7f9402e1425bb6bc370576aa1faea0fe222671ecf99038fce8dba53dcb11f87cca"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) socket$kcm(0x2, 0x3, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x2, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1f, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0xa, 0x2, 0x88) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r4], 0x0, 0x10000002, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="1c0000001d008103e00f80ecdb4cb9f207", 0x11}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r5 = socket$kcm(0x10, 0x400000002, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r3}, 0x8) write$cgroup_subtree(r5, &(0x7f0000000200)=ANY=[], 0xfdef) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000040), &(0x7f0000000140)=r6}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r6}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000040)}, 0x20) sendmsg$unix(r2, &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="00000000fc477586020c003bac4492dd0ad4edaba1d5aaebca9d95e3d77957ae2326a3f645cd7c016a7a66513da3c082610287b604ba8d87cf2852c9ba4b0e06497cef55889891f094382ade8bac388b6b2c58d45609b015f76f40e17bf318ee2807d0300d35ca56d3ed2d9ccdcb2f293dce0db1e0c971aeb2a3ad22144f8841da20359a2d91fec96d6f1dfe40cb9d5122ee2f7285d2b0c6971a31ed"], 0x18, 0x44080}, 0x20000001) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000400006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) 1.615472779s ago: executing program 1 (id=4492): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f00fff00401a80008000800114004080000055c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe144ecc447c65e206d25b4084121d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d", 0xa2}], 0x1}, 0x4000000) 1.536384744s ago: executing program 1 (id=4493): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x42}, 0x28) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2b8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000b1f8306e05d1e4aab009c16b5c05077115d0749619ca39f89974785ae0619b77c6585f678ac92a3b6b4148f56b43c3dd75d75f97c8f92f60a2def458df05e2fbfb3e849b2b3cffd4f29446ae60dd76654b2639b2bc14350706214a6ab7a712d4317fbc3ca01d0d3ed6110b3775903141a5091a4d3db8eb335414fbdb288aba73aaf6d18000a3a2a069cf7f9402e1425bb6bc370576aa1faea0fe222671ecf99038fce8dba53dcb11f87cca"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) socket$kcm(0x2, 0x3, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x2, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1f, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0xa, 0x2, 0x88) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r4], 0x0, 0x10000002, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="1c0000001d008103e00f80ecdb4cb9f207", 0x11}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r5 = socket$kcm(0x10, 0x400000002, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r3}, 0x8) write$cgroup_subtree(r5, &(0x7f0000000200)=ANY=[], 0xfdef) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000040), &(0x7f0000000140)=r6}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r6}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000040)}, 0x20) sendmsg$unix(r2, &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="00000000fc477586020c003bac4492dd0ad4edaba1d5aaebca9d95e3d77957ae2326a3f645cd7c016a7a66513da3c082610287b604ba8d87cf2852c9ba4b0e06497cef55889891f094382ade8bac388b6b2c58d45609b015f76f40e17bf318ee2807d0300d35ca56d3ed2d9ccdcb2f293dce0db1e0c971aeb2a3ad22144f8841da20359a2d91fec96d6f1dfe40cb9d5122ee2f7285d2b0c6971a31ed"], 0x18, 0x44080}, 0x20000001) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000400006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) 829.066704ms ago: executing program 2 (id=4494): r0 = socket$kcm(0x2, 0x2, 0x73) sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f0000000040)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000640)=ANY=[], 0x14f8}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff8}, [@map_fd, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffff9}, @map_val={0x18, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffff001}, @map_fd={0x18, 0x1}]}, &(0x7f0000000300)='syzkaller\x00', 0x532f3dbc, 0xee, &(0x7f00000013c0)=""/238, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000014c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000001500)={0x0, 0x8, 0x5, 0x8a78}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001540)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x200}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000001640)={r0, r1}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8927, &(0x7f0000000080)) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda9, 0x1, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r3, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)='%-5lx \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r4, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r5}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x1, 0x2}, 0x48) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001a80)={0x2, 0x4, 0x8, 0x1, 0x80, r5, 0xd3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002d40)=@bpf_lsm={0x1d, 0x0, &(0x7f0000001900), &(0x7f0000001940)='syzkaller\x00', 0x8, 0x77, &(0x7f0000001980)=""/119, 0x40f00, 0x12, '\x00', 0x0, 0x1b, r6, 0x8, &(0x7f0000001a00)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000001a40)={0x3, 0x3, 0xffffff7f, 0x1000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000002b80)=[r3, r7, r4], &(0x7f0000002bc0)=[{0x2, 0x5, 0xf, 0x2}], 0x10, 0x10000}, 0x94) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r8 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$kcm(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0}, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000200"/20, @ANYRES32, @ANYBLOB="020000000000000368042c52059501", @ANYRESHEX], 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x890b, &(0x7f0000000100)) 813.797284ms ago: executing program 3 (id=4495): r0 = socket$kcm(0x2, 0x2, 0x73) sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f0000000040)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000640)=ANY=[], 0x14f8}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff8}, [@map_fd, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffff9}, @map_val={0x18, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffff001}, @map_fd={0x18, 0x1}]}, &(0x7f0000000300)='syzkaller\x00', 0x532f3dbc, 0xee, &(0x7f00000013c0)=""/238, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000014c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000001500)={0x0, 0x8, 0x5, 0x8a78}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001540)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x200}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000001640)={r0, r1}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8927, &(0x7f0000000080)) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda9, 0x1, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r3, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)='%-5lx \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r4, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r5}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001a80)={0x2, 0x4, 0x8, 0x1, 0x80, r5, 0xd3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002d40)=@bpf_lsm={0x1d, 0x0, &(0x7f0000001900), &(0x7f0000001940)='syzkaller\x00', 0x8, 0x77, &(0x7f0000001980)=""/119, 0x40f00, 0x12, '\x00', 0x0, 0x1b, r6, 0x8, &(0x7f0000001a00)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000001a40)={0x3, 0x3, 0xffffff7f, 0x1000}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000002b80)=[r3, r7, r4], &(0x7f0000002bc0)=[{0x2, 0x5, 0xf, 0x2}], 0x10, 0x10000}, 0x94) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r8 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$kcm(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0}, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000200"/20, @ANYRES32, @ANYBLOB="020000000000000368042c52059501", @ANYRESHEX], 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x890b, &(0x7f0000000100)) 704.167581ms ago: executing program 1 (id=4496): r0 = socket$kcm(0x2, 0x2, 0x73) sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f0000000040)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000640)=ANY=[], 0x14f8}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff8}, [@map_fd, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffff9}, @map_val={0x18, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffff001}, @map_fd={0x18, 0x1}]}, &(0x7f0000000300)='syzkaller\x00', 0x532f3dbc, 0xee, &(0x7f00000013c0)=""/238, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000014c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000001500)={0x0, 0x8, 0x5, 0x8a78}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000001540)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1], 0x0, 0x10, 0x200}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000001640)={r0, r1}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8927, &(0x7f0000000080)) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda9, 0x1, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r3, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)='%-5lx \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r4, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r5}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x1, 0x2}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={0xffffffffffffffff, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880), 0x8, 0x60, 0x8, 0x8, &(0x7f00000008c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x13, 0x4, &(0x7f00000000c0)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0x1c}]}, &(0x7f0000000380)='GPL\x00', 0x5, 0xc3, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x8, 0x10, 0x0, 0x0, r7}, 0x94) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001a80)={0x2, 0x4, 0x8, 0x1, 0x80, r5, 0xd3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002d40)=@bpf_lsm={0x1d, 0x0, &(0x7f0000001900), &(0x7f0000001940)='syzkaller\x00', 0x8, 0x77, &(0x7f0000001980)=""/119, 0x40f00, 0x12, '\x00', 0x0, 0x1b, r6, 0x8, &(0x7f0000001a00)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000001a40)={0x3, 0x3, 0xffffff7f, 0x1000}, 0x10, r7, 0x0, 0x1, &(0x7f0000002b80)=[r3, r8, r4], &(0x7f0000002bc0)=[{0x2, 0x5, 0xf, 0x2}], 0x10, 0x10000}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0}, 0x20000000) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000200"/20, @ANYRES32, @ANYBLOB="020000000000000368042c52059501", @ANYRESHEX], 0x48) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x890b, &(0x7f0000000100)) 508.974212ms ago: executing program 3 (id=4497): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x1ff, 0x200}, 0x8000, 0xcdd, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000100)=@ieee802154={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0002}}}, 0x80, &(0x7f0000000480)=[{&(0x7f00000007c0)="27031c0016001400020000000000000006e1f0000000890900000002ee1680ca82973d2bd4b836954268e611c00aab9715", 0x31}, {&(0x7f0000001980)="7d586d16062b1e1b9685b88189e0093982f6994b8df2fe56386ed999f1b34b06f2f69618bf033adc88f5360397a115f725e1165f4333f06cbce55a5f20f3095d1492f30e34c2e78534aa2059bcdd5e6c215f8a1d23f5b78a8119bd6c6c6e104923606c286343b114791a0a866bcccd0fb4fa8a960d6e7a59fd52884294b949a1a028d0fd8aefa6ee1070863365ffdfc3ab2876f7423594e3ff0182a3b92a1d51842ad30dab67f17c9938c758102e63c18870f229e0ffd2398686915f863c49fdc6e949856be1d47dac4f6d56e49c9fe34ec3306a64761d6fce755e911854ad8aaf1eb5411bdd83773c3dbf8a774f02e39ce9a13692a2e62e497588697b3406011dff49e483b7af2e2ab2324cdb0854dd9c05fcd9f7891d3f4d166b88a26a1463ac7f87ab1108eb14620661c1eb302caa7417ef79e463c0447f90f85a5b7c8dfed05edcd6cd56eb526a10b859e6e23f7e8d0911defae5937f74d4b60e05992585a3a88d7234c77a5038ae4c84942a6dd682094421a9d22e412f8500823a9482dcddef53022db0e12a7ba36547b7a62e5a22279966bf8c9783d5ca2ebcff237bbbc50ae48f87e4bca97b69279826358efe838bd7a503a2d42ee1989e9302a221882e5d149588122a48becb9d21da437bd16fb3f5de45b8a2098d7597c2d12229f5887719ffeacbf702dd2ca8d3208c56f125a4e90207112d664a279eefb37ed3bd9cd4087a1ade4f8afb23bdf540d2342c714425a382c9c70dc444caa1cccb4f378851829702787c5386caed6b9361e8525cb6b25a8caaf3c6090b43a981f03dcc806caaf5d70750859be2de86be08795188b55538e5bb687bacd577d8d8c12dbdd6fb1f180a19012a052d563fef0ed3a87b3df41a64331db2bf12473d38e03160cc18210425e4aeb63766899824508ba8bdf44f97351d1c9d0fd503863bc10443ec1636cd29a611cc2df523eb995d909d1a4f2807853f6f3dc238d59306367fb25ef0b43be8b4b74d49eb1e0a5fd0b2d682b9f42203026c279b470e31da23e41bfa3fb17fcdeca7b27a14a9fcc1b0e6d41efe6f5b357eaff60460cf61fe3ddddb1cf9b19569f98dc79f1280ae1e163f5b2d8efee979ec17d6108d82443189cffb15baca91855646745d319bae3d6cae9dfbb9bbe70d20e74ac9e55b06bf40eb987112f8cd370f212f03c996baf884d4dab522a23d98bd3699fa244c5abac50a9650d199d9ef94ea932edf2153e02c9ec9c2d3d516a128584e4071b6f8aa04727f2703e80523504880b921d4326d648ba677bc920567e5282e4630c0e414b24e5c0799ca1ced216f86aec82fe9687b3f924dfef531b3bc2686a1e3042885bfe23445a7c15dce0090a7eb0ebd69be730c01bca3125e0e17f6e6d3496e599ee2ac90c6d6bb21d2e42ce7cb018ec5d8097d074393a5700c646f7c7ca8d0a81f3d6babdf028ef740f2272a5f2bf8f6978c3c6167f49fb5383e286e603ea58251409f6eb9412387fba434d6a2adae5d87ad5b3eae0b990f4a2860d4eaf4f36cd16762361514b9a5b20523c57771b87b921631113d5a1400de65766c57a2b94939cb4170afbd9cbd1be74832bcb81a8c2ceff17bdb76751ca2b7a2aed7f880ee1e3064271b456bd78f1e7cdf192ddc495a9356ce36d95d75b01616528bfdca5523ab300b1221b1690cb76bc41125b67fed8d04d6115cd2afd8569c1c5c25a007ab9638168d6c16ff4bb4e62cb4f723f43758675e7139c12690ecb34fb9334cf54aefd4d91adda73842bccd2e4d5ce192a92a8a6984156df13fef823cbdcf87ca87dd4d6a1d7a61ce161d319c72a0936a05b0da86fa08091436af30ea6234bffe2c163f9b521c2f886aef8b715a7e48055204172228ad64278968ccd01db0df89806cc8557e5f8a66fcf1dadae893f0b51db73c8035846fee2461fb272546d3b6b96ff24d0beff07ef96c2d157fd751d76079276effada716a933be58bf3ffc4b16fcea0736a508fb73e92cffdf72a7be5accce5fe0d62d79f7776945c474339c89452cc7e02ea69585d2451a1b21b8c3d9f785e62eb55e4927435165e95d807144f82355a8ab35c144c2e9cbfb7e7880344960fbe96283b828a403279d6aefcef8a9d88f615a3ee576d86c6d708d65b959d5954b95ace30f1e6beb145e0d41f544f78791034f325b12af763004ecb9f045c66f9a6812ab148a3ca4d28076c81829e7e41f2dbc65d814c6561cf9209e7d723917fb3e657a3d9f60d65ebac8d7e7e7fe94ddf8e3cf360cb65097d1ac76b893fd730ce923cf96cb6b6e5782b83b10f289621b82c37cafe04c8c5a521d3c6a43f6d15941aaa428bc22db8d53255aa217ffe8e0b02334a2bade0960066e9c84f9713b9912cfb55223d3bd17f3d3df7825bc03e3739a7cdf7e1a3ce0b77df0c6b3bb566922f52e85fbfb3f9dbcd46bf18f1a6734a3ca727a316f750d1d03eaad603674fecb1ec7d879e771c1c37b6c97b098717b40553a13d6a4831c557ab449614f780e68becfeffb8c2af86a3be388658ae1a86d4715f0c7892ffc39158d2f8348ce98eed5fe0ab1afcbd256a5f464867ddcfd077f12f6c8716859c9a46b007191455558efe2f5c4c816104f4515e96d461331d9e69dbdfa6d8e23bb9c5b8012726819f365d50f258ef30d675876fd95e06791864af2e6b4fc08e0f8162341c0cc0f5d238bd8b25e1036ef8f111c69818391237571330e174793350c9c2aada62f21108e144abe0b86ae2711e5f81cf0c1c7b9f89d36b144feada6aae488fc2f613d3868e388a141794162268b33aa35a50962", 0x7c0}], 0x2}, 0x24000008) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], 0x0, 0x26}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r2, 0x29, &(0x7f0000003fc0)}, 0x10) 501.074622ms ago: executing program 0 (id=4498): perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0xfe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf4, 0x1}, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a8f27e02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6"], 0x0, 0x5}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40682, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x2000}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) sendmsg$unix(r3, &(0x7f0000000900)={&(0x7f0000000300)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000a00)="d79be647a8327e3dda866828753b9931a002b6414969f58a8f362303a6ef65825b73ed1a39bef879e45e43af4caf91eeb43571f8191915541a2fbda1c518a0ce3c2b7b7b22a2fb3d788243df11d98a319bccf70240061957c135b4d5fd248736997fe59f86b43a5e86f4ec55c20eeb1e63c0fcd05763c5814398772217b7578eeed36c24552205470b0ac77b89a10337c1694d6a5adee5c3113956be4b53065c29e84cf15cac9863aabbf5f32edefb8d5b2afaaa23ca79266c3838dcfb96a0cb171054c58d", 0xc5}, {&(0x7f0000000b00)="210c80b6756e3a10640d5f993e9ec6f1bb7b20316c18055cf1495e60c4bdf04d12635eff87a520c5ebcb71a41a4fbe1f387c6365761f2079472357c13e8a3d166e49f9297bbc0f9944952d7243cc2baaa62a50a2dd27e9ae273f587270ed552ad05aa77e5a388ad2715c9ecfbd93376b70c6bf5e1ce15beaab0cce2b786e586511736b7976c2b98a8b3a1a121f3994ad3cfe7d9aa93a83af", 0x98}], 0x2, 0x0, 0x0, 0x40840}, 0x80) socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1eebffffeeffffff0500000001e8ffff00000000", @ANYRES8=r0, @ANYBLOB="0100"/20, @ANYBLOB="f8adbb16f9f549ce7f05085f7c8583d2cc271ffbfcd4d1cdc0e55810207dc51500607d24b8c3839faf0e0a26d30c9de2a8228d7724531f9bdc5898a2ba75cfaf64e5f9d08af2a99fd3ca62537032f5260c5ab538d48bf68466721beb9bd7e81ea946f54817bf91ce465815f8845295df817deb99a61bc3dc06b66a75a49d18b9b47ea8b6c20a4d4d7af6eeefad1d52dc326d43c9be35e89b50b6e199748e610a728c28cae87c0d7fbd577d7fbb6d7af87ddb3ac02e3c1081c0d7f034c278d016032b6a0a119cc8681db6c9d0c1e5d6478925eb7ded6ed373945243e8a2b10555d2", @ANYRES32=r5, @ANYBLOB="0500000005000000040000000e00"/28], 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200}) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x6, 0x2, 0xff, 0x0, 0x0, 0x0, 0x37b05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, @perf_config_ext={0x500}, 0x109391, 0x1, 0x3, 0x4, 0xffffffffffffbbfe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1bffffffffffffc}, 0x0, 0x8005, 0xffffffffffffffff, 0x1) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0200000004000000040000000800000014100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000000000000000000000000000000000000000000000000000b79deee114842b0f55d513bdc0f593b69a04d7dac0157fcba1c1f4bc58101cfc649a0495d44a7d2625c77456a64cf58fe188d622f14ce0a10e95f6a30e83359938884845cf295692d9922b23c22c61f1c27529"], 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0d00000008000000040000000900000008000000", @ANYRES32=r6, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000007adb18a29b5395f27b960e2eeab78d292bac9cdd20c021c5bf7058fa0ac90f9f9720f2bb828019de1ad69c3827ea9c8c549b59a207ff815a07d481f996939247cd55aed0290284eba32147239c3ea0cf9867"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x2000000000000290, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xf, 0x5d, 0xfffffffffffffffe, 0xc3000, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x56, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000003780)={0x0, 0x0, 0x0, 0x0, 0x80000001, r7, 0x4}, 0x38) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f1, &(0x7f0000000a00)) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfb, 0x0, 0x20, 0x12504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x1, @perf_config_ext={0x7, 0x2}, 0x7602, 0x5, 0x0, 0x0, 0x100000000000000, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r8 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700760409"], 0x50) ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x890b, &(0x7f0000000000)) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x301142, 0x0) close(r9) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r1, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0309004d8871ef2885634a8270e7112b0000"], 0xee8a) 408.728437ms ago: executing program 2 (id=4499): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x42, 0x0, &(0x7f0000000200)="e460cdfbef2408002900119386dd6a00000000072feb3014cd3ec8a755c1e1380081ffad000030e8d5000000010000001400000500242c100806d320d98a61a90021", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @remote}}}, @ip_retopts={{0x20, 0x0, 0x7, {[@generic={0x44, 0xd, "09000008ea6e1900000000"}]}}}], 0x40}, 0x20002880) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) close(r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1102, 0x0) (async) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff3) write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[], 0xc) 368.93528ms ago: executing program 3 (id=4500): r0 = socket$kcm(0x10, 0x3, 0x0) write$cgroup_subtree(r0, &(0x7f0000001ec0)=ANY=[@ANYBLOB="13120000120091ef"], 0xfe33) recvmsg$kcm(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000040)=""/20, 0x4f}, {&(0x7f0000001f00)=""/4100, 0xa83}, {&(0x7f0000000bc0)=""/209, 0xa5}, {&(0x7f0000000900)=""/204, 0xcc}, {&(0x7f0000000340)=""/108, 0x9a}, {&(0x7f0000000600)=""/239, 0xef}, {&(0x7f00000001c0)=""/154, 0xaa}, {&(0x7f0000001c40)=""/219, 0xdb}, {&(0x7f0000000700)=""/171, 0x500}, {&(0x7f0000000800)=""/206}, {&(0x7f0000000280)=""/124}], 0x8}, 0x102) 169.231141ms ago: executing program 1 (id=4501): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f00fff00401a80008000800114004080000055c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe144ecc447c65e206d25b4084121d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4", 0xbd}], 0x1}, 0x4000000) 136.907543ms ago: executing program 2 (id=4502): r0 = socket$kcm(0x10, 0x2, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100)) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8264, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x2110, 0x0, 0x0, 0x7, 0x0, 0x6, 0x7, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) close(r1) r2 = socket$kcm(0x2b, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x6, 0xf, 0x8, 0x41}, 0x50) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94) r4 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4044}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') close(r2) socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r1, 0x1, 0xd, &(0x7f0000000080), 0x2cb) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xb, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x6b, 0x1, 0x1, 0x9b}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) close(r2) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000240)=""/224, 0xe0}, {&(0x7f0000003940)=""/4092, 0xffc}, {&(0x7f0000001940)=""/19, 0x13}, {&(0x7f0000001b00)=""/37, 0x25}], 0x4}, 0x2) 131.457203ms ago: executing program 3 (id=4503): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x42}, 0x28) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2b8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000b1f8306e05d1e4aab009c16b5c05077115d0749619ca39f89974785ae0619b77c6585f678ac92a3b6b4148f56b43c3dd75d75f97c8f92f60a2def458df05e2fbfb3e849b2b3cffd4f29446ae60dd76654b2639b2bc14350706214a6ab7a712d4317fbc3ca01d0d3ed6110b3775903141a5091a4d3db8eb335414fbdb288aba73aaf6d18000a3a2a069cf7f9402e1425bb6bc370576aa1faea0fe222671ecf99038fce8dba53dcb11f87cca"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) socket$kcm(0x2, 0x3, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x2, 0x0) r3 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1f, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0xa, 0x2, 0x88) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x4, 0x8, 0x8, 0x0, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r4], 0x0, 0x10000002, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="1c0000001d008103e00f80ecdb4cb9f207", 0x11}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r5 = socket$kcm(0x10, 0x400000002, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r3}, 0x8) write$cgroup_subtree(r5, &(0x7f0000000200)=ANY=[], 0xfdef) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000040), &(0x7f0000000140)=r6}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r6}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000040)}, 0x20) sendmsg$unix(r2, &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="00000000fc477586020c003bac4492dd0ad4edaba1d5aaebca9d95e3d77957ae2326a3f645cd7c016a7a66513da3c082610287b604ba8d87cf2852c9ba4b0e06497cef55889891f094382ade8bac388b6b2c58d45609b015f76f40e17bf318ee2807d0300d35ca56d3ed2d9ccdcb2f293dce0db1e0c971aeb2a3ad22144f8841da20359a2d91fec96d6f1dfe40cb9d5122ee2f7285d2b0c6971a31ed"], 0x18, 0x44080}, 0x20000001) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x746f2f51, &(0x7f0000000080)=[{&(0x7f0000000040)="3f0400001c00810ce00f80ecdb4cb9f207c804a01f000000400006fb0a0002000a0ada1b40d80300000000000000", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) 45.923858ms ago: executing program 0 (id=4504): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@map=r0, 0x11, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000040)=[0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x0, 0x7, 0x22, 0x6426, r0, 0x6, '\x00', r2, r3, 0x1, 0x1, 0x5, 0x4}, 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) (async) r5 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000780)={r4, r6}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeb1, 0x0, 0x0, 0x0, 0x49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x41000, 0x7a, '\x00', r9, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000440)={0x1, 0x10, 0x4d, 0x7}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) (async) r10 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r10, 0x107, 0xf, &(0x7f0000000000), 0x49) (async) sendmsg$kcm(r10, &(0x7f0000000080)={&(0x7f00000001c0)=@phonet={0x23, 0x0, 0x0, 0x6}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000180)="670000001600140006004c78081d", 0xe}, {&(0x7f0000000bc0)="cb4e88a8e5104b098d05b717b6338173cc10268987551878", 0x18}], 0x2}, 0x0) (async) recvmsg$kcm(r10, &(0x7f0000001980)={&(0x7f0000000500)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000580)=""/163, 0xa3}, {&(0x7f0000000640)=""/198, 0xc6}, {&(0x7f0000000880)=""/169, 0xa9}], 0x3, &(0x7f0000000980)=""/4096, 0x1000}, 0x120) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1e, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x8, '\x00', r9, 0x24}, 0x94) 0s ago: executing program 1 (id=4512): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2115, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1, 0x0, 0x3, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000080)='mem\x00\x10\x00\x00\x00\x00\x00\x00I\xa2l') r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) write$cgroup_subtree(r0, &(0x7f00000001c0)=ANY=[], 0x4) kernel console output (not intermixed with test programs): LM_F_CREATE should be set when creating new route [ 788.842728][T17355] IPv6: NLM_F_CREATE should be set when creating new route [ 788.850128][T17355] IPv6: NLM_F_CREATE should be set when creating new route [ 788.887351][T17360] FAULT_INJECTION: forcing a failure. [ 788.887351][T17360] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 788.917994][T17360] CPU: 1 PID: 17360 Comm: syz.3.3713 Not tainted syzkaller #0 [ 788.925546][T17360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 788.935654][T17360] Call Trace: [ 788.938984][T17360] [ 788.941974][T17360] dump_stack_lvl+0x18c/0x250 [ 788.946709][T17360] ? show_regs_print_info+0x20/0x20 [ 788.951962][T17360] ? load_image+0x420/0x420 [ 788.956514][T17360] ? __lock_acquire+0x7d40/0x7d40 [ 788.961686][T17360] should_fail_ex+0x39d/0x4d0 [ 788.966591][T17360] prepare_alloc_pages+0x1e2/0x5f0 [ 788.971761][T17360] __alloc_pages+0x134/0x460 [ 788.976480][T17360] ? rcu_is_watching+0x15/0xb0 [ 788.981289][T17360] ? zone_statistics+0x170/0x170 [ 788.986357][T17360] ? __build_skb_around+0x255/0x3d0 [ 788.991609][T17360] alloc_skb_with_frags+0x23c/0x7b0 [ 788.996891][T17360] sock_alloc_send_pskb+0x883/0x9a0 [ 789.002157][T17360] ? sock_kzfree_s+0x50/0x50 [ 789.006824][T17360] tun_get_user+0x82c/0x3ca0 [ 789.011485][T17360] ? aa_file_perm+0x11b/0xee0 [ 789.016222][T17360] ? rcu_read_unlock+0xa0/0xa0 [ 789.021135][T17360] ? tun_get+0x1c/0x2e0 [ 789.025331][T17360] ? __lock_acquire+0x7d40/0x7d40 [ 789.030403][T17360] ? tun_get+0x1c/0x2e0 [ 789.034610][T17360] tun_chr_write_iter+0x119/0x200 [ 789.039730][T17360] vfs_write+0x46c/0x990 [ 789.044116][T17360] ? file_end_write+0x250/0x250 [ 789.049041][T17360] ksys_write+0x150/0x260 [ 789.053415][T17360] ? __ia32_sys_read+0x90/0x90 [ 789.058364][T17360] ? lockdep_hardirqs_on+0x98/0x150 [ 789.063650][T17360] do_syscall_64+0x55/0xa0 [ 789.068148][T17360] ? clear_bhb_loop+0x40/0x90 [ 789.072865][T17360] ? clear_bhb_loop+0x40/0x90 [ 789.077599][T17360] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 789.083541][T17360] RIP: 0033:0x7fc44f99c819 [ 789.088013][T17360] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 789.107663][T17360] RSP: 002b:00007fc45087a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 789.116128][T17360] RAX: ffffffffffffffda RBX: 00007fc44fc15fa0 RCX: 00007fc44f99c819 [ 789.124301][T17360] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 00000000000000c8 [ 789.132323][T17360] RBP: 00007fc45087a090 R08: 0000000000000000 R09: 0000000000000000 [ 789.140344][T17360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 789.148545][T17360] R13: 00007fc44fc16038 R14: 00007fc44fc15fa0 R15: 00007fffdbb83c98 [ 789.156592][T17360] [ 789.545909][T17368] netlink: 'syz.0.3715': attribute type 10 has an invalid length. [ 789.689281][T17368] team0: Device bond0 is already an upper device of the team interface [ 789.931157][T17375] netlink: 'syz.2.3719': attribute type 39 has an invalid length. [ 790.542921][T17379] netlink: 'syz.0.3721': attribute type 25 has an invalid length. [ 791.239970][T17414] __nla_validate_parse: 3 callbacks suppressed [ 791.239992][T17414] netlink: 668 bytes leftover after parsing attributes in process `syz.2.3729'. [ 791.267222][T17414] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 791.286412][T17414] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 791.576076][T17418] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3731'. [ 791.592168][T17418] bridge_slave_1: default FDB implementation only supports local addresses [ 792.775505][T17429] netlink: 'syz.2.3735': attribute type 39 has an invalid length. [ 792.960036][T17432] netlink: 'syz.1.3734': attribute type 39 has an invalid length. [ 793.385675][T17430] netlink: 'syz.0.3741': attribute type 25 has an invalid length. [ 793.601566][T17446] netlink: 668 bytes leftover after parsing attributes in process `syz.2.3740'. [ 793.612472][T17446] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 793.626630][T17444] netlink: 'syz.1.3739': attribute type 1 has an invalid length. [ 793.648227][T17446] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 793.670337][T17444] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.3739'. [ 794.324475][T17461] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.3743'. [ 794.377905][T17461] bridge_slave_1: default FDB implementation only supports local addresses [ 794.503809][T17458] netlink: 'syz.3.3744': attribute type 15 has an invalid length. [ 794.528694][T17458] netlink: 'syz.3.3744': attribute type 7 has an invalid length. [ 794.561008][T17463] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3755'. [ 794.568249][T17458] delete_channel: no stack [ 794.578883][T17463] bridge_slave_1: default FDB implementation only supports local addresses [ 795.114981][T17468] netlink: 'syz.2.3747': attribute type 25 has an invalid length. [ 795.315044][T17474] netlink: 'syz.0.3749': attribute type 39 has an invalid length. [ 795.771510][T17486] netlink: 'syz.1.3756': attribute type 1 has an invalid length. [ 795.782119][T17486] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.3756'. [ 795.984538][T17494] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3758'. [ 796.017152][T17494] bridge_slave_1: default FDB implementation only supports local addresses [ 796.084005][T17497] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3759'. [ 796.098383][T17497] bridge_slave_1: default FDB implementation only supports local addresses [ 796.502673][T17499] netlink: 'syz.1.3760': attribute type 25 has an invalid length. [ 797.032067][T17506] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 797.131300][T17516] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3767'. [ 797.166015][T17516] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 797.564734][T17522] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.3770'. [ 797.967099][T17531] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3771'. [ 797.990638][T17531] bridge_slave_1: default FDB implementation only supports local addresses [ 798.043137][T17532] netlink: 144 bytes leftover after parsing attributes in process `syz.3.3773'. [ 798.054508][T17532] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 798.240698][T17539] validate_nla: 2 callbacks suppressed [ 798.240719][T17539] netlink: 'syz.0.3775': attribute type 10 has an invalid length. [ 798.258212][T17539] team0: Device bond0 is already an upper device of the team interface [ 798.278316][T17543] netlink: 'syz.2.3778': attribute type 2 has an invalid length. [ 798.303524][T17543] netlink: 198112 bytes leftover after parsing attributes in process `syz.2.3778'. [ 798.342757][T17541] FAULT_INJECTION: forcing a failure. [ 798.342757][T17541] name failslab, interval 1, probability 0, space 0, times 0 [ 798.362628][T17541] CPU: 1 PID: 17541 Comm: syz.3.3777 Not tainted syzkaller #0 [ 798.370252][T17541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 798.380344][T17541] Call Trace: [ 798.383648][T17541] [ 798.386604][T17541] dump_stack_lvl+0x18c/0x250 [ 798.391315][T17541] ? show_regs_print_info+0x20/0x20 [ 798.396798][T17541] ? load_image+0x420/0x420 [ 798.401328][T17541] ? __might_sleep+0xe0/0xe0 [ 798.406023][T17541] ? __lock_acquire+0x7d40/0x7d40 [ 798.411071][T17541] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 798.417075][T17541] should_fail_ex+0x39d/0x4d0 [ 798.421779][T17541] should_failslab+0x9/0x20 [ 798.426303][T17541] slab_pre_alloc_hook+0x59/0x310 [ 798.431532][T17541] ? lockdep_hardirqs_on+0x98/0x150 [ 798.436745][T17541] ? ioctl_standard_iw_point+0x51a/0xcf0 [ 798.442427][T17541] ? ioctl_standard_iw_point+0x51a/0xcf0 [ 798.448082][T17541] __kmem_cache_alloc_node+0x53/0x250 [ 798.453481][T17541] ? ioctl_standard_iw_point+0x51a/0xcf0 [ 798.459140][T17541] __kmalloc+0xa4/0x230 [ 798.463323][T17541] ioctl_standard_iw_point+0x51a/0xcf0 [ 798.468817][T17541] ? cfg80211_rehash_bss+0x530/0x530 [ 798.474123][T17541] ? iw_handler_get_iwstats+0x110/0x110 [ 798.479688][T17541] ? wext_ioctl_dispatch+0x115/0x600 [ 798.484994][T17541] ? dev_load+0x21/0x1f0 [ 798.489346][T17541] ? mutex_lock_nested+0x20/0x20 [ 798.494387][T17541] ? strcmp+0x31/0xb0 [ 798.498395][T17541] ? cfg80211_rehash_bss+0x530/0x530 [ 798.503703][T17541] ioctl_standard_call+0xb7/0x2b0 [ 798.508851][T17541] ? cfg80211_rehash_bss+0x530/0x530 [ 798.514249][T17541] wext_ioctl_dispatch+0x1cb/0x600 [ 798.519400][T17541] ? wext_ioctl_dispatch+0x600/0x600 [ 798.524714][T17541] ? iw_handler_get_private+0x1f0/0x1f0 [ 798.530287][T17541] ? wext_handle_ioctl+0x1d0/0x1d0 [ 798.535607][T17541] ? __might_fault+0xaa/0x120 [ 798.540387][T17541] ? __might_fault+0xc6/0x120 [ 798.545085][T17541] ? __might_fault+0xaa/0x120 [ 798.549783][T17541] wext_handle_ioctl+0x117/0x1d0 [ 798.554759][T17541] ? call_commit_handler+0xf0/0xf0 [ 798.559889][T17541] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 798.565913][T17541] sock_ioctl+0x15d/0x7e0 [ 798.570351][T17541] ? sock_poll+0x3e0/0x3e0 [ 798.574796][T17541] ? bpf_lsm_file_ioctl+0x9/0x10 [ 798.579859][T17541] ? security_file_ioctl+0x80/0xa0 [ 798.584986][T17541] ? sock_poll+0x3e0/0x3e0 [ 798.589424][T17541] __se_sys_ioctl+0xfd/0x170 [ 798.594124][T17541] do_syscall_64+0x55/0xa0 [ 798.598553][T17541] ? clear_bhb_loop+0x40/0x90 [ 798.603332][T17541] ? clear_bhb_loop+0x40/0x90 [ 798.608034][T17541] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 798.613961][T17541] RIP: 0033:0x7fc44f99c819 [ 798.618398][T17541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 798.638025][T17541] RSP: 002b:00007fc45087a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 798.646466][T17541] RAX: ffffffffffffffda RBX: 00007fc44fc15fa0 RCX: 00007fc44f99c819 [ 798.654454][T17541] RDX: 0000200000000000 RSI: 0000000000008b18 RDI: 0000000000000008 [ 798.662453][T17541] RBP: 00007fc45087a090 R08: 0000000000000000 R09: 0000000000000000 [ 798.670528][T17541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 798.678513][T17541] R13: 00007fc44fc16038 R14: 00007fc44fc15fa0 R15: 00007fffdbb83c98 [ 798.686520][T17541] [ 798.941509][T17556] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3783'. [ 798.974119][T17556] bridge_slave_1: default FDB implementation only supports local addresses [ 799.074724][T17554] netlink: 'syz.1.3782': attribute type 1 has an invalid length. [ 799.088326][T17554] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.3782'. [ 799.279444][T17568] netlink: 'syz.3.3787': attribute type 10 has an invalid length. [ 799.522585][T17561] netlink: 'syz.2.3785': attribute type 1 has an invalid length. [ 799.571557][T17561] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.3785'. [ 800.182354][T17594] netlink: 'syz.2.3798': attribute type 10 has an invalid length. [ 800.288382][T17591] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3796'. [ 800.313461][T17591] bridge_slave_1: default FDB implementation only supports local addresses [ 800.587011][T17599] netlink: 'syz.1.3799': attribute type 1 has an invalid length. [ 800.667286][T17604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3800'. [ 801.311107][T17614] netlink: 'syz.3.3802': attribute type 1 has an invalid length. [ 801.379693][T17626] netlink: 'syz.2.3808': attribute type 10 has an invalid length. [ 801.604068][T17628] bridge_slave_1: default FDB implementation only supports local addresses [ 801.667622][T17630] netlink: 'syz.1.3811': attribute type 1 has an invalid length. [ 801.872726][T17632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 802.484650][T17656] team0: Device bond0 is already an upper device of the team interface [ 802.897070][T17660] __nla_validate_parse: 4 callbacks suppressed [ 802.897092][T17660] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.3821'. [ 803.037554][T17660] bridge_slave_1: default FDB implementation only supports local addresses [ 803.217547][T17663] netlink: 15743 bytes leftover after parsing attributes in process `syz.0.3823'. [ 803.293733][T17666] validate_nla: 3 callbacks suppressed [ 803.293770][T17666] netlink: 'syz.1.3825': attribute type 1 has an invalid length. [ 803.312470][T17666] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.3825'. [ 803.788284][T17682] netlink: 'syz.2.3831': attribute type 10 has an invalid length. [ 803.922201][T17686] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.3832'. [ 803.951222][T17686] bridge_slave_1: default FDB implementation only supports local addresses [ 804.017444][T17688] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3833'. [ 804.066600][T17688] bridge_slave_1: default FDB implementation only supports local addresses [ 804.341020][T17692] netlink: 'syz.1.3835': attribute type 1 has an invalid length. [ 804.396084][T17692] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.3835'. [ 804.500986][T17696] netlink: 'syz.2.3836': attribute type 1 has an invalid length. [ 804.669627][T17696] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.3836'. [ 805.014636][T17710] netlink: 'syz.3.3842': attribute type 10 has an invalid length. [ 805.445795][T17721] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.3845'. [ 805.459895][T17721] bridge_slave_1: default FDB implementation only supports local addresses [ 805.741187][T17723] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3847'. [ 805.766315][T17723] bridge_slave_1: default FDB implementation only supports local addresses [ 806.190991][T17726] netlink: 'syz.0.3848': attribute type 25 has an invalid length. [ 806.371261][T17736] netlink: 'syz.0.3852': attribute type 10 has an invalid length. [ 806.388324][T17736] team0: Device bond0 is already an upper device of the team interface [ 806.707900][T17742] netlink: 'syz.0.3853': attribute type 1 has an invalid length. [ 806.769915][T17742] netlink: 15743 bytes leftover after parsing attributes in process `syz.0.3853'. [ 807.998831][T17750] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.3857'. [ 808.027361][T17750] bridge_slave_1: default FDB implementation only supports local addresses [ 808.334365][T17763] sctp: [Deprecated]: syz.1.3860 (pid 17763) Use of int in maxseg socket option. [ 808.334365][T17763] Use struct sctp_assoc_value instead [ 808.551466][T17767] netlink: 'syz.0.3863': attribute type 10 has an invalid length. [ 808.566457][T17767] team0: Device bond0 is already an upper device of the team interface [ 808.700666][T17762] netlink: 'syz.2.3861': attribute type 25 has an invalid length. [ 809.046563][T17781] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3869'. [ 809.056413][T17781] bridge_slave_1: default FDB implementation only supports local addresses [ 809.103553][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.110098][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.302195][T17787] netlink: 'syz.3.3870': attribute type 1 has an invalid length. [ 809.309196][T17785] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3878'. [ 809.319957][T17787] netlink: 15743 bytes leftover after parsing attributes in process `syz.3.3870'. [ 809.325341][T17785] bridge_slave_1: default FDB implementation only supports local addresses [ 809.361747][T17791] netlink: 'syz.2.3872': attribute type 10 has an invalid length. [ 809.873697][T17792] netlink: 'syz.1.3873': attribute type 25 has an invalid length. [ 809.965466][T17801] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3876'. [ 809.986133][T17801] bridge_slave_1: default FDB implementation only supports local addresses [ 810.128636][T17803] netlink: 'syz.2.3877': attribute type 1 has an invalid length. [ 810.161984][T17803] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.3877'. [ 810.553955][T17812] FAULT_INJECTION: forcing a failure. [ 810.553955][T17812] name failslab, interval 1, probability 0, space 0, times 0 [ 810.592105][T17812] CPU: 0 PID: 17812 Comm: syz.3.3880 Not tainted syzkaller #0 [ 810.599654][T17812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 810.609837][T17812] Call Trace: [ 810.613193][T17812] [ 810.616248][T17812] dump_stack_lvl+0x18c/0x250 [ 810.620994][T17812] ? show_regs_print_info+0x20/0x20 [ 810.626262][T17812] ? load_image+0x420/0x420 [ 810.630822][T17812] ? __might_sleep+0xe0/0xe0 [ 810.635465][T17812] ? __lock_acquire+0x7d40/0x7d40 [ 810.640538][T17812] should_fail_ex+0x39d/0x4d0 [ 810.645277][T17812] should_failslab+0x9/0x20 [ 810.649831][T17812] slab_pre_alloc_hook+0x59/0x310 [ 810.654917][T17812] ? register_netdevice+0x573/0x1bb0 [ 810.660249][T17812] __kmem_cache_alloc_node+0x53/0x250 [ 810.665685][T17812] ? register_netdevice+0x573/0x1bb0 [ 810.671019][T17812] kmalloc_trace+0x2a/0xe0 [ 810.675484][T17812] register_netdevice+0x573/0x1bb0 [ 810.680607][T17812] ? __phys_addr+0xba/0x170 [ 810.685117][T17812] ? __kasan_kmalloc_large+0x8b/0xa0 [ 810.690440][T17812] ? kvmalloc_node+0x70/0x180 [ 810.695379][T17812] ? netif_stacked_transfer_operstate+0x210/0x210 [ 810.701927][T17812] ? __asan_memset+0x22/0x40 [ 810.706572][T17812] ? tun_net_initialize+0x1ac/0x480 [ 810.711815][T17812] ? tun_not_capable+0x1f0/0x1f0 [ 810.716790][T17812] ? alloc_netdev_mqs+0xc34/0x1040 [ 810.721947][T17812] tun_set_iff+0x848/0xed0 [ 810.726518][T17812] __tun_chr_ioctl+0x7ee/0x2000 [ 810.731423][T17812] ? tun_flow_create+0x310/0x310 [ 810.736435][T17812] ? bpf_lsm_file_ioctl+0x9/0x10 [ 810.741417][T17812] ? security_file_ioctl+0x80/0xa0 [ 810.746660][T17812] ? tun_chr_poll+0x630/0x630 [ 810.751387][T17812] __se_sys_ioctl+0xfd/0x170 [ 810.756203][T17812] do_syscall_64+0x55/0xa0 [ 810.760694][T17812] ? clear_bhb_loop+0x40/0x90 [ 810.765424][T17812] ? clear_bhb_loop+0x40/0x90 [ 810.770197][T17812] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 810.776217][T17812] RIP: 0033:0x7fc44f99c819 [ 810.780671][T17812] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 810.800410][T17812] RSP: 002b:00007fc45087a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 810.809052][T17812] RAX: ffffffffffffffda RBX: 00007fc44fc15fa0 RCX: 00007fc44f99c819 [ 810.817050][T17812] RDX: 0000200000000180 RSI: 00000000400454ca RDI: 0000000000000004 [ 810.825039][T17812] RBP: 00007fc45087a090 R08: 0000000000000000 R09: 0000000000000000 [ 810.833125][T17812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 810.841150][T17812] R13: 00007fc44fc16038 R14: 00007fc44fc15fa0 R15: 00007fffdbb83c98 [ 810.849196][T17812] [ 810.899285][T17807] netlink: 'syz.0.3887': attribute type 25 has an invalid length. [ 811.061120][T17820] netlink: 'syz.2.3883': attribute type 10 has an invalid length. [ 811.242202][T17826] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3884'. [ 811.264528][T17826] bridge_slave_1: default FDB implementation only supports local addresses [ 812.260458][T17849] FAULT_INJECTION: forcing a failure. [ 812.260458][T17849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 812.296372][T17849] CPU: 1 PID: 17849 Comm: syz.0.3892 Not tainted syzkaller #0 [ 812.303915][T17849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 812.314110][T17849] Call Trace: [ 812.317428][T17849] [ 812.320393][T17849] dump_stack_lvl+0x18c/0x250 [ 812.325137][T17849] ? show_regs_print_info+0x20/0x20 [ 812.330396][T17849] ? load_image+0x420/0x420 [ 812.334963][T17849] ? __might_fault+0xaa/0x120 [ 812.339699][T17849] ? __lock_acquire+0x7d40/0x7d40 [ 812.344773][T17849] ? unix_ioctl+0x261/0x670 [ 812.349329][T17849] should_fail_ex+0x39d/0x4d0 [ 812.354061][T17849] _copy_from_user+0x2f/0xe0 [ 812.358676][T17849] sock_do_ioctl+0x190/0x310 [ 812.363378][T17849] ? sock_show_fdinfo+0xb0/0xb0 [ 812.368259][T17849] sock_ioctl+0x5ba/0x7e0 [ 812.372607][T17849] ? sock_poll+0x3e0/0x3e0 [ 812.377048][T17849] ? bpf_lsm_file_ioctl+0x9/0x10 [ 812.382085][T17849] ? security_file_ioctl+0x80/0xa0 [ 812.387211][T17849] ? sock_poll+0x3e0/0x3e0 [ 812.391921][T17849] __se_sys_ioctl+0xfd/0x170 [ 812.396544][T17849] do_syscall_64+0x55/0xa0 [ 812.401146][T17849] ? clear_bhb_loop+0x40/0x90 [ 812.405857][T17849] ? clear_bhb_loop+0x40/0x90 [ 812.410557][T17849] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 812.416467][T17849] RIP: 0033:0x7fccd319c819 [ 812.420896][T17849] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 812.440604][T17849] RSP: 002b:00007fccd4060028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 812.449047][T17849] RAX: ffffffffffffffda RBX: 00007fccd3415fa0 RCX: 00007fccd319c819 [ 812.457122][T17849] RDX: 0000200000000040 RSI: 0000000000008946 RDI: 0000000000000003 [ 812.465109][T17849] RBP: 00007fccd4060090 R08: 0000000000000000 R09: 0000000000000000 [ 812.473093][T17849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 812.481075][T17849] R13: 00007fccd3416038 R14: 00007fccd3415fa0 R15: 00007ffc00f43e28 [ 812.489077][T17849] [ 812.634672][T17857] netlink: 'syz.1.3895': attribute type 10 has an invalid length. [ 812.788559][T17864] netlink: 'syz.2.3899': attribute type 21 has an invalid length. [ 812.807414][T17866] FAULT_INJECTION: forcing a failure. [ 812.807414][T17866] name failslab, interval 1, probability 0, space 0, times 0 [ 812.828308][T17866] CPU: 1 PID: 17866 Comm: syz.3.3896 Not tainted syzkaller #0 [ 812.835891][T17866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 812.846013][T17866] Call Trace: [ 812.849441][T17866] [ 812.852425][T17866] dump_stack_lvl+0x18c/0x250 [ 812.857190][T17866] ? show_regs_print_info+0x20/0x20 [ 812.862446][T17866] ? load_image+0x420/0x420 [ 812.867184][T17866] ? __might_sleep+0xe0/0xe0 [ 812.871826][T17866] ? __lock_acquire+0x7d40/0x7d40 [ 812.877076][T17866] should_fail_ex+0x39d/0x4d0 [ 812.881813][T17866] should_failslab+0x9/0x20 [ 812.886366][T17866] slab_pre_alloc_hook+0x59/0x310 [ 812.891443][T17866] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 812.897041][T17866] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 812.902724][T17866] __kmem_cache_alloc_node+0x53/0x250 [ 812.908331][T17866] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 812.913921][T17866] __kmalloc+0xa4/0x230 [ 812.918124][T17866] bpf_prog_test_run_skb+0x238/0x12b0 [ 812.923534][T17866] ? __fget_files+0x28/0x4b0 [ 812.928166][T17866] ? __fget_files+0x28/0x4b0 [ 812.932809][T17866] ? __fget_files+0x43d/0x4b0 [ 812.937568][T17866] ? cpu_online+0x60/0x60 [ 812.941948][T17866] bpf_prog_test_run+0x321/0x390 [ 812.946943][T17866] __sys_bpf+0x49d/0x890 [ 812.951233][T17866] ? bpf_link_show_fdinfo+0x390/0x390 [ 812.956662][T17866] ? lock_chain_count+0x20/0x20 [ 812.961576][T17866] __x64_sys_bpf+0x7c/0x90 [ 812.966042][T17866] do_syscall_64+0x55/0xa0 [ 812.970498][T17866] ? clear_bhb_loop+0x40/0x90 [ 812.975227][T17866] ? clear_bhb_loop+0x40/0x90 [ 812.979958][T17866] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 812.985897][T17866] RIP: 0033:0x7fc44f99c819 [ 812.990361][T17866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 813.010394][T17866] RSP: 002b:00007fc450859028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 813.018871][T17866] RAX: ffffffffffffffda RBX: 00007fc44fc16090 RCX: 00007fc44f99c819 [ 813.027144][T17866] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 813.035337][T17866] RBP: 00007fc450859090 R08: 0000000000000000 R09: 0000000000000000 [ 813.043445][T17866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 813.051461][T17866] R13: 00007fc44fc16128 R14: 00007fc44fc16090 R15: 00007fffdbb83c98 [ 813.059675][T17866] [ 813.543843][T17884] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3901'. [ 813.591723][T17884] bridge_slave_1: default FDB implementation only supports local addresses [ 813.637006][T17883] validate_nla: 2 callbacks suppressed [ 813.637026][T17883] netlink: 'syz.2.3904': attribute type 10 has an invalid length. [ 813.660320][T17883] netlink: 55 bytes leftover after parsing attributes in process `syz.2.3904'. [ 814.177574][T17889] netlink: 'syz.3.3906': attribute type 10 has an invalid length. [ 814.191708][T17889] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3906'. [ 814.202293][T17889] batadv0: entered promiscuous mode [ 814.207781][T17889] batadv0: entered allmulticast mode [ 814.215469][T17889] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 814.253908][T17896] netlink: 'syz.0.3908': attribute type 10 has an invalid length. [ 814.262134][T17896] team0: Device bond0 is already an upper device of the team interface [ 814.441536][T17901] FAULT_INJECTION: forcing a failure. [ 814.441536][T17901] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 814.456621][T17901] CPU: 1 PID: 17901 Comm: syz.3.3909 Not tainted syzkaller #0 [ 814.464133][T17901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 814.474233][T17901] Call Trace: [ 814.477586][T17901] [ 814.480548][T17901] dump_stack_lvl+0x18c/0x250 [ 814.485295][T17901] ? show_regs_print_info+0x20/0x20 [ 814.490572][T17901] ? load_image+0x420/0x420 [ 814.495131][T17901] ? __might_fault+0xaa/0x120 [ 814.499848][T17901] ? __lock_acquire+0x7d40/0x7d40 [ 814.505617][T17901] should_fail_ex+0x39d/0x4d0 [ 814.510352][T17901] _copy_from_user+0x2f/0xe0 [ 814.514983][T17901] ___sys_recvmsg+0x176/0x590 [ 814.519713][T17901] ? __sys_recvmsg+0x2a0/0x2a0 [ 814.524523][T17901] ? ksys_write+0x1c4/0x260 [ 814.529087][T17901] ? __fget_files+0x43d/0x4b0 [ 814.533840][T17901] __x64_sys_recvmsg+0x20c/0x2e0 [ 814.538823][T17901] ? ___sys_recvmsg+0x590/0x590 [ 814.543739][T17901] ? lockdep_hardirqs_on+0x98/0x150 [ 814.549099][T17901] do_syscall_64+0x55/0xa0 [ 814.553565][T17901] ? clear_bhb_loop+0x40/0x90 [ 814.558293][T17901] ? clear_bhb_loop+0x40/0x90 [ 814.563014][T17901] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 814.569031][T17901] RIP: 0033:0x7fc44f99c819 [ 814.573460][T17901] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 814.593262][T17901] RSP: 002b:00007fc450859028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 814.601708][T17901] RAX: ffffffffffffffda RBX: 00007fc44fc16090 RCX: 00007fc44f99c819 [ 814.609787][T17901] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000008 [ 814.617996][T17901] RBP: 00007fc450859090 R08: 0000000000000000 R09: 0000000000000000 [ 814.625996][T17901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 814.633978][T17901] R13: 00007fc44fc16128 R14: 00007fc44fc16090 R15: 00007fffdbb83c98 [ 814.641983][T17901] [ 815.143145][T17905] netlink: 'syz.0.3911': attribute type 25 has an invalid length. [ 815.346576][T17922] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3915'. [ 815.365165][T17922] bridge_slave_1: default FDB implementation only supports local addresses [ 816.656347][T17944] netlink: 'syz.2.3923': attribute type 25 has an invalid length. [ 817.032377][T17957] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3928'. [ 817.074253][T17957] bridge_slave_1: default FDB implementation only supports local addresses [ 820.715868][T17984] netlink: 'syz.0.3938': attribute type 25 has an invalid length. [ 820.727213][T17998] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3943'. [ 820.740477][T17998] bridge_slave_1: default FDB implementation only supports local addresses [ 821.060473][T18000] syzkaller0: entered promiscuous mode [ 821.072000][T18000] syzkaller0: entered allmulticast mode [ 826.787941][T18038] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.3955'. [ 826.801131][T18038] bridge_slave_1: default FDB implementation only supports local addresses [ 826.822287][T18043] netlink: 'syz.1.3956': attribute type 21 has an invalid length. [ 826.832746][T18043] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3956'. [ 826.860734][T18043] netlink: 'syz.1.3956': attribute type 12 has an invalid length. [ 826.870059][T18043] netlink: 14585 bytes leftover after parsing attributes in process `syz.1.3956'. [ 827.020917][T18046] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.3956'. [ 827.095899][T18052] netlink: 'syz.0.3961': attribute type 1 has an invalid length. [ 827.118220][T18052] netlink: 15743 bytes leftover after parsing attributes in process `syz.0.3961'. [ 827.821975][T18069] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.3967'. [ 827.832314][T18069] bridge_slave_1: default FDB implementation only supports local addresses [ 828.535661][T18080] netlink: 'syz.2.3971': attribute type 1 has an invalid length. [ 828.562472][T18080] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.3971'. [ 829.131223][T18088] netlink: 'syz.1.3973': attribute type 39 has an invalid length. [ 829.181782][T18090] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3975'. [ 829.462133][T18093] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3976'. [ 829.474227][T18093] bridge_slave_1: default FDB implementation only supports local addresses [ 829.677400][T18100] netlink: 'syz.0.3977': attribute type 10 has an invalid length. [ 829.718091][T18100] team0: Device bond0 is already an upper device of the team interface [ 830.343367][T18102] netlink: 'syz.1.3978': attribute type 25 has an invalid length. [ 830.363177][T18108] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3980'. [ 830.408400][T18108] FAULT_INJECTION: forcing a failure. [ 830.408400][T18108] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 830.448200][T18108] CPU: 0 PID: 18108 Comm: syz.0.3980 Not tainted syzkaller #0 [ 830.455794][T18108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 830.465950][T18108] Call Trace: [ 830.469303][T18108] [ 830.472403][T18108] dump_stack_lvl+0x18c/0x250 [ 830.477284][T18108] ? show_regs_print_info+0x20/0x20 [ 830.482670][T18108] ? load_image+0x420/0x420 [ 830.487281][T18108] ? __lock_acquire+0x7d40/0x7d40 [ 830.492491][T18108] ? snprintf+0xe9/0x140 [ 830.496840][T18108] should_fail_ex+0x39d/0x4d0 [ 830.501992][T18108] _copy_to_user+0x2f/0xa0 [ 830.506501][T18108] simple_read_from_buffer+0xe7/0x150 [ 830.511979][T18108] proc_fail_nth_read+0x1e8/0x260 [ 830.517070][T18108] ? proc_fault_inject_write+0x360/0x360 [ 830.522774][T18108] ? fsnotify_perm+0x271/0x5e0 [ 830.527595][T18108] ? proc_fault_inject_write+0x360/0x360 [ 830.533364][T18108] vfs_read+0x28b/0x970 [ 830.537677][T18108] ? kernel_read+0x1e0/0x1e0 [ 830.542415][T18108] ? __fget_files+0x28/0x4b0 [ 830.547075][T18108] ? __fget_files+0x28/0x4b0 [ 830.551711][T18108] ? __fget_files+0x43d/0x4b0 [ 830.556476][T18108] ? __fdget_pos+0x2a3/0x330 [ 830.561104][T18108] ? ksys_read+0x75/0x260 [ 830.565491][T18108] ksys_read+0x150/0x260 [ 830.569785][T18108] ? vfs_write+0x990/0x990 [ 830.574342][T18108] ? lockdep_hardirqs_on+0x98/0x150 [ 830.579592][T18108] do_syscall_64+0x55/0xa0 [ 830.584035][T18108] ? clear_bhb_loop+0x40/0x90 [ 830.588836][T18108] ? clear_bhb_loop+0x40/0x90 [ 830.593559][T18108] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 830.599571][T18108] RIP: 0033:0x7fccd315d04e [ 830.604111][T18108] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 830.624368][T18108] RSP: 002b:00007fccd405ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 830.633000][T18108] RAX: ffffffffffffffda RBX: 00007fccd40606c0 RCX: 00007fccd315d04e [ 830.641038][T18108] RDX: 000000000000000f RSI: 00007fccd40600a0 RDI: 0000000000000006 [ 830.649045][T18108] RBP: 00007fccd4060090 R08: 0000000000000000 R09: 0000000000000000 [ 830.657050][T18108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 830.665153][T18108] R13: 00007fccd3416038 R14: 00007fccd3415fa0 R15: 00007ffc00f43e28 [ 830.673220][T18108] [ 831.093015][T18120] netlink: 'syz.0.3984': attribute type 1 has an invalid length. [ 831.563666][T18132] bridge_slave_1: default FDB implementation only supports local addresses [ 831.829568][T18142] netlink: 'syz.3.3991': attribute type 10 has an invalid length. [ 832.019850][T18146] FAULT_INJECTION: forcing a failure. [ 832.019850][T18146] name failslab, interval 1, probability 0, space 0, times 0 [ 832.078217][T18146] CPU: 0 PID: 18146 Comm: syz.1.3992 Not tainted syzkaller #0 [ 832.085772][T18146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 832.096070][T18146] Call Trace: [ 832.099475][T18146] [ 832.102445][T18146] dump_stack_lvl+0x18c/0x250 [ 832.107165][T18146] ? sctp_sendmsg+0x1575/0x28c0 [ 832.112081][T18146] ? ___sys_sendmsg+0x2a6/0x360 [ 832.117065][T18146] ? show_regs_print_info+0x20/0x20 [ 832.122305][T18146] ? load_image+0x420/0x420 [ 832.127370][T18146] should_fail_ex+0x39d/0x4d0 [ 832.132077][T18146] should_failslab+0x9/0x20 [ 832.136704][T18146] slab_pre_alloc_hook+0x59/0x310 [ 832.141854][T18146] ? sctp_add_bind_addr+0x8c/0x360 [ 832.147157][T18146] __kmem_cache_alloc_node+0x53/0x250 [ 832.152554][T18146] ? sctp_add_bind_addr+0x8c/0x360 [ 832.157779][T18146] kmalloc_trace+0x2a/0xe0 [ 832.162307][T18146] sctp_add_bind_addr+0x8c/0x360 [ 832.167268][T18146] sctp_copy_local_addr_list+0x315/0x4f0 [ 832.172934][T18146] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 832.178675][T18146] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 832.184763][T18146] ? sctp_v4_is_any+0x35/0x60 [ 832.189467][T18146] ? sctp_copy_one_addr+0x8c/0x350 [ 832.194603][T18146] sctp_bind_addr_copy+0xb3/0x3c0 [ 832.199654][T18146] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 832.206026][T18146] sctp_connect_new_asoc+0x2f9/0x6a0 [ 832.211428][T18146] ? __sctp_connect+0xd80/0xd80 [ 832.216303][T18146] ? sctp_sendmsg+0x1555/0x28c0 [ 832.221385][T18146] sctp_sendmsg+0x1575/0x28c0 [ 832.226096][T18146] ? sctp_getsockopt+0xb60/0xb60 [ 832.231049][T18146] ? lock_chain_count+0x20/0x20 [ 832.236009][T18146] ? aa_sk_perm+0x83c/0x970 [ 832.240629][T18146] ? lockdep_hardirqs_on+0x98/0x150 [ 832.245858][T18146] ? sock_rps_record_flow+0x19/0x3f0 [ 832.251298][T18146] ? inet_sendmsg+0xe9/0x2f0 [ 832.255922][T18146] ? inet_send_prepare+0x260/0x260 [ 832.261066][T18146] ____sys_sendmsg+0x5ba/0x960 [ 832.265861][T18146] ? __asan_memset+0x22/0x40 [ 832.270490][T18146] ? __sys_sendmsg_sock+0x30/0x30 [ 832.275532][T18146] ? __import_iovec+0x5f2/0x850 [ 832.280422][T18146] ? import_iovec+0x73/0xa0 [ 832.284954][T18146] ___sys_sendmsg+0x2a6/0x360 [ 832.289743][T18146] ? __sys_sendmsg+0x2a0/0x2a0 [ 832.294657][T18146] ? __lock_acquire+0x7d40/0x7d40 [ 832.299903][T18146] __se_sys_sendmsg+0x1c2/0x2b0 [ 832.304777][T18146] ? __x64_sys_sendmsg+0x80/0x80 [ 832.309751][T18146] ? lockdep_hardirqs_on+0x98/0x150 [ 832.315024][T18146] do_syscall_64+0x55/0xa0 [ 832.319456][T18146] ? clear_bhb_loop+0x40/0x90 [ 832.324269][T18146] ? clear_bhb_loop+0x40/0x90 [ 832.328972][T18146] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 832.335180][T18146] RIP: 0033:0x7fe09379c819 [ 832.339630][T18146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 832.359370][T18146] RSP: 002b:00007fe0946cf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 832.367889][T18146] RAX: ffffffffffffffda RBX: 00007fe093a15fa0 RCX: 00007fe09379c819 [ 832.376050][T18146] RDX: 0000000000008054 RSI: 0000200000000ac0 RDI: 0000000000000005 [ 832.384124][T18146] RBP: 00007fe0946cf090 R08: 0000000000000000 R09: 0000000000000000 [ 832.392131][T18146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 832.400121][T18146] R13: 00007fe093a16038 R14: 00007fe093a15fa0 R15: 00007ffcb39b8fd8 [ 832.408220][T18146] [ 832.563902][T18140] netlink: 'syz.0.3990': attribute type 25 has an invalid length. [ 832.595116][T18156] FAULT_INJECTION: forcing a failure. [ 832.595116][T18156] name failslab, interval 1, probability 0, space 0, times 0 [ 832.630685][T18156] CPU: 0 PID: 18156 Comm: syz.3.3995 Not tainted syzkaller #0 [ 832.638421][T18156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 832.648728][T18156] Call Trace: [ 832.652051][T18156] [ 832.655031][T18156] dump_stack_lvl+0x18c/0x250 [ 832.659773][T18156] ? sctp_sendmsg+0x1575/0x28c0 [ 832.664681][T18156] ? ___sys_sendmsg+0x2a6/0x360 [ 832.669675][T18156] ? show_regs_print_info+0x20/0x20 [ 832.674989][T18156] ? load_image+0x420/0x420 [ 832.679555][T18156] should_fail_ex+0x39d/0x4d0 [ 832.684290][T18156] should_failslab+0x9/0x20 [ 832.688841][T18156] slab_pre_alloc_hook+0x59/0x310 [ 832.694001][T18156] ? sctp_add_bind_addr+0x8c/0x360 [ 832.699261][T18156] __kmem_cache_alloc_node+0x53/0x250 [ 832.704715][T18156] ? sctp_add_bind_addr+0x8c/0x360 [ 832.709882][T18156] kmalloc_trace+0x2a/0xe0 [ 832.714371][T18156] sctp_add_bind_addr+0x8c/0x360 [ 832.719535][T18156] sctp_copy_local_addr_list+0x315/0x4f0 [ 832.725223][T18156] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 832.731048][T18156] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 832.737186][T18156] ? sctp_v4_is_any+0x35/0x60 [ 832.741925][T18156] ? sctp_copy_one_addr+0x8c/0x350 [ 832.747275][T18156] sctp_bind_addr_copy+0xb3/0x3c0 [ 832.752357][T18156] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 832.758755][T18156] sctp_connect_new_asoc+0x2f9/0x6a0 [ 832.764195][T18156] ? __sctp_connect+0xd80/0xd80 [ 832.769106][T18156] ? __local_bh_enable_ip+0x13a/0x1c0 [ 832.774564][T18156] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 832.780257][T18156] ? security_sctp_bind_connect+0x89/0xb0 [ 832.786125][T18156] sctp_sendmsg+0x1575/0x28c0 [ 832.790877][T18156] ? sctp_getsockopt+0xb60/0xb60 [ 832.795936][T18156] ? aa_sk_perm+0x83c/0x970 [ 832.800534][T18162] netlink: 'syz.0.3997': attribute type 1 has an invalid length. [ 832.800550][T18156] ? aa_af_perm+0x330/0x330 [ 832.812895][T18156] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 832.818256][T18162] __nla_validate_parse: 2 callbacks suppressed [ 832.818292][T18162] netlink: 15743 bytes leftover after parsing attributes in process `syz.0.3997'. [ 832.819351][T18156] ? sock_rps_record_flow+0x19/0x3f0 [ 832.819388][T18156] ? inet_sendmsg+0xe9/0x2f0 [ 832.819412][T18156] ? inet_send_prepare+0x260/0x260 [ 832.819439][T18156] ____sys_sendmsg+0x5ba/0x960 [ 832.819464][T18156] ? __lock_acquire+0x7d40/0x7d40 [ 832.819493][T18156] ? __asan_memset+0x22/0x40 [ 832.819521][T18156] ? __sys_sendmsg_sock+0x30/0x30 [ 832.819539][T18156] ? __import_iovec+0x5f2/0x850 [ 832.819570][T18156] ? import_iovec+0x73/0xa0 [ 832.819594][T18156] ___sys_sendmsg+0x2a6/0x360 [ 832.883851][T18156] ? get_pid_task+0x20/0x1e0 [ 832.888591][T18156] ? __sys_sendmsg+0x2a0/0x2a0 [ 832.893429][T18156] ? __lock_acquire+0x7d40/0x7d40 [ 832.898522][T18156] __se_sys_sendmsg+0x1c2/0x2b0 [ 832.903411][T18156] ? __x64_sys_sendmsg+0x80/0x80 [ 832.908408][T18156] ? lockdep_hardirqs_on+0x98/0x150 [ 832.913640][T18156] do_syscall_64+0x55/0xa0 [ 832.918083][T18156] ? clear_bhb_loop+0x40/0x90 [ 832.922796][T18156] ? clear_bhb_loop+0x40/0x90 [ 832.927520][T18156] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 832.933451][T18156] RIP: 0033:0x7fc44f99c819 [ 832.937912][T18156] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 832.957848][T18156] RSP: 002b:00007fc45087a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 832.966309][T18156] RAX: ffffffffffffffda RBX: 00007fc44fc15fa0 RCX: 00007fc44f99c819 [ 832.974313][T18156] RDX: 0000000000000040 RSI: 00002000000003c0 RDI: 0000000000000003 [ 832.982314][T18156] RBP: 00007fc45087a090 R08: 0000000000000000 R09: 0000000000000000 [ 832.990316][T18156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 832.998317][T18156] R13: 00007fc44fc16038 R14: 00007fc44fc15fa0 R15: 00007fffdbb83c98 [ 833.006342][T18156] [ 833.273871][T18172] netlink: 'syz.2.4001': attribute type 10 has an invalid length. [ 833.316880][T18170] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.3999'. [ 833.331067][T18170] bridge_slave_1: default FDB implementation only supports local addresses [ 834.136109][T18182] netlink: 'syz.0.4005': attribute type 25 has an invalid length. [ 834.247157][T18191] netlink: 'syz.1.4008': attribute type 1 has an invalid length. [ 834.280903][T18191] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.4008'. [ 834.510466][T18200] netlink: 'syz.2.4010': attribute type 10 has an invalid length. [ 834.746410][T18206] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.4013'. [ 834.768447][T18206] bridge_slave_1: default FDB implementation only supports local addresses [ 836.174477][T18239] netlink: 'syz.3.4021': attribute type 10 has an invalid length. [ 836.189223][T18236] netlink: 'syz.0.4020': attribute type 1 has an invalid length. [ 836.197865][T18236] netlink: 15743 bytes leftover after parsing attributes in process `syz.0.4020'. [ 836.563775][T18248] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4025'. [ 836.640541][T18248] bridge_slave_1: default FDB implementation only supports local addresses [ 837.003419][T18251] netlink: 'syz.1.4026': attribute type 25 has an invalid length. [ 838.468533][T18267] FAULT_INJECTION: forcing a failure. [ 838.468533][T18267] name failslab, interval 1, probability 0, space 0, times 0 [ 838.502387][T18267] CPU: 1 PID: 18267 Comm: syz.2.4030 Not tainted syzkaller #0 [ 838.509942][T18267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 838.520154][T18267] Call Trace: [ 838.523473][T18267] [ 838.526439][T18267] dump_stack_lvl+0x18c/0x250 [ 838.531156][T18267] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 838.537459][T18267] ? show_regs_print_info+0x20/0x20 [ 838.542718][T18267] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 838.548951][T18267] should_fail_ex+0x39d/0x4d0 [ 838.553779][T18267] should_failslab+0x9/0x20 [ 838.558512][T18267] slab_pre_alloc_hook+0x59/0x310 [ 838.563593][T18267] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 838.569329][T18267] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 838.575239][T18267] __kmem_cache_alloc_node+0x53/0x250 [ 838.580737][T18267] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 838.586585][T18267] __kmalloc+0xa4/0x230 [ 838.591072][T18267] tomoyo_realpath_from_path+0xe3/0x5d0 [ 838.596692][T18267] tomoyo_path_number_perm+0x248/0x620 [ 838.602215][T18267] ? tomoyo_path_number_perm+0x217/0x620 [ 838.607870][T18267] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 838.613354][T18267] ? ksys_write+0x1c4/0x260 [ 838.617909][T18267] ? __fget_files+0x28/0x4b0 [ 838.622952][T18267] ? __fget_files+0x28/0x4b0 [ 838.627747][T18267] security_file_ioctl+0x70/0xa0 [ 838.632704][T18267] __se_sys_ioctl+0x48/0x170 [ 838.637606][T18267] do_syscall_64+0x55/0xa0 [ 838.642087][T18267] ? clear_bhb_loop+0x40/0x90 [ 838.646909][T18267] ? clear_bhb_loop+0x40/0x90 [ 838.651623][T18267] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 838.657629][T18267] RIP: 0033:0x7f0dc839c819 [ 838.662072][T18267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 838.681703][T18267] RSP: 002b:00007f0dc92e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 838.690153][T18267] RAX: ffffffffffffffda RBX: 00007f0dc8615fa0 RCX: 00007f0dc839c819 [ 838.698142][T18267] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000025 [ 838.706225][T18267] RBP: 00007f0dc92e5090 R08: 0000000000000000 R09: 0000000000000000 [ 838.714475][T18267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 838.722456][T18267] R13: 00007f0dc8616038 R14: 00007f0dc8615fa0 R15: 00007ffe20a05718 [ 838.730466][T18267] [ 838.737489][T18276] netlink: 'syz.1.4032': attribute type 10 has an invalid length. [ 838.766310][T18275] netlink: 'syz.3.4031': attribute type 29 has an invalid length. [ 838.784418][T18275] netlink: 'syz.3.4031': attribute type 29 has an invalid length. [ 838.794126][T18267] ERROR: Out of memory at tomoyo_realpath_from_path. [ 838.825817][T18277] netlink: 'syz.3.4031': attribute type 29 has an invalid length. [ 838.975769][T18279] netlink: 'syz.1.4033': attribute type 1 has an invalid length. [ 838.990221][T18279] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.4033'. [ 839.151066][T18275] netlink: 'syz.3.4031': attribute type 27 has an invalid length. [ 839.176716][T18275] netlink: 'syz.3.4031': attribute type 4 has an invalid length. [ 839.248713][T18275] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4031'. [ 839.454763][T18287] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4035'. [ 839.481021][T18287] bridge_slave_1: default FDB implementation only supports local addresses [ 840.009300][T18295] netlink: 'syz.1.4038': attribute type 25 has an invalid length. [ 840.305979][T18307] netlink: 'syz.1.4041': attribute type 10 has an invalid length. [ 840.500362][T18311] netlink: 15743 bytes leftover after parsing attributes in process `syz.3.4043'. [ 840.511617][T18319] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4045'. [ 840.588621][T18319] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4045'. [ 840.675694][T18321] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4045'. [ 840.859305][T18328] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4048'. [ 843.409729][T18330] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.4046'. [ 843.419317][T18330] bridge_slave_1: default FDB implementation only supports local addresses [ 843.428110][T18332] validate_nla: 2 callbacks suppressed [ 843.428127][T18332] netlink: 'syz.1.4049': attribute type 15 has an invalid length. [ 843.447464][T18332] netlink: 'syz.1.4049': attribute type 7 has an invalid length. [ 843.584408][T18343] netlink: 'syz.2.4052': attribute type 10 has an invalid length. [ 843.987763][T18357] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4057'. [ 844.319538][T18357] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4057'. [ 846.649559][T18359] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4057'. [ 846.923546][T18367] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4060'. [ 846.937748][T18367] bridge_slave_1: default FDB implementation only supports local addresses [ 847.411867][T18380] netlink: 'syz.3.4066': attribute type 17 has an invalid length. [ 847.430682][T18380] netlink: 'syz.3.4066': attribute type 16 has an invalid length. [ 847.448178][T18380] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4066'. [ 847.709003][T18390] netlink: 'syz.3.4068': attribute type 3 has an invalid length. [ 847.716919][T18390] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.4068'. [ 847.794286][T18395] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4069'. [ 847.806827][T18395] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4069'. [ 847.838869][T18396] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4077'. [ 847.854457][T18395] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4069'. [ 847.872341][T18396] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4077'. [ 848.147166][T18401] netlink: 'syz.1.4072': attribute type 10 has an invalid length. [ 848.366606][T18400] bridge_slave_1: default FDB implementation only supports local addresses [ 848.693020][T18404] FAULT_INJECTION: forcing a failure. [ 848.693020][T18404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 848.750045][T18404] CPU: 0 PID: 18404 Comm: syz.1.4073 Not tainted syzkaller #0 [ 848.757949][T18404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 848.768137][T18404] Call Trace: [ 848.771450][T18404] [ 848.774436][T18404] dump_stack_lvl+0x18c/0x250 [ 848.779166][T18404] ? show_regs_print_info+0x20/0x20 [ 848.784414][T18404] ? load_image+0x420/0x420 [ 848.788963][T18404] ? __lock_acquire+0x7d40/0x7d40 [ 848.794196][T18404] ? snprintf+0xe9/0x140 [ 848.798486][T18404] should_fail_ex+0x39d/0x4d0 [ 848.803302][T18404] _copy_to_user+0x2f/0xa0 [ 848.807758][T18404] simple_read_from_buffer+0xe7/0x150 [ 848.813187][T18404] proc_fail_nth_read+0x1e8/0x260 [ 848.818279][T18404] ? proc_fault_inject_write+0x360/0x360 [ 848.824142][T18404] ? fsnotify_perm+0x271/0x5e0 [ 848.828952][T18404] ? proc_fault_inject_write+0x360/0x360 [ 848.834628][T18404] vfs_read+0x28b/0x970 [ 848.838840][T18404] ? kernel_read+0x1e0/0x1e0 [ 848.843476][T18404] ? __fget_files+0x28/0x4b0 [ 848.848450][T18404] ? __fget_files+0x28/0x4b0 [ 848.853086][T18404] ? __fget_files+0x43d/0x4b0 [ 848.857988][T18404] ? __fdget_pos+0x2a3/0x330 [ 848.862624][T18404] ? ksys_read+0x75/0x260 [ 848.867012][T18404] ksys_read+0x150/0x260 [ 848.871488][T18404] ? vfs_write+0x990/0x990 [ 848.876044][T18404] ? lockdep_hardirqs_on+0x98/0x150 [ 848.881383][T18404] do_syscall_64+0x55/0xa0 [ 848.885836][T18404] ? clear_bhb_loop+0x40/0x90 [ 848.890641][T18404] ? clear_bhb_loop+0x40/0x90 [ 848.895455][T18404] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 848.901386][T18404] RIP: 0033:0x7fe09375d04e [ 848.905842][T18404] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 848.925680][T18404] RSP: 002b:00007fe0946cefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 848.934157][T18404] RAX: ffffffffffffffda RBX: 00007fe0946cf6c0 RCX: 00007fe09375d04e [ 848.942170][T18404] RDX: 000000000000000f RSI: 00007fe0946cf0a0 RDI: 0000000000000003 [ 848.950160][T18404] RBP: 00007fe0946cf090 R08: 0000000000000000 R09: 0000000000000000 [ 848.958157][T18404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 848.966269][T18404] R13: 00007fe093a16038 R14: 00007fe093a15fa0 R15: 00007ffcb39b8fd8 [ 848.974477][T18404] [ 849.603827][T18423] __nla_validate_parse: 2 callbacks suppressed [ 849.603896][T18423] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4081'. [ 849.729015][T18423] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4081'. [ 849.790741][T18428] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4081'. [ 850.066200][T18434] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.4085'. [ 850.079568][T18434] bridge_slave_1: default FDB implementation only supports local addresses [ 850.433822][T18437] netlink: 'syz.1.4086': attribute type 1 has an invalid length. [ 850.472526][T18437] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.4086'. [ 850.596322][T18440] FAULT_INJECTION: forcing a failure. [ 850.596322][T18440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 850.611112][T18440] CPU: 1 PID: 18440 Comm: syz.2.4087 Not tainted syzkaller #0 [ 850.618636][T18440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 850.629346][T18440] Call Trace: [ 850.632716][T18440] [ 850.635769][T18440] dump_stack_lvl+0x18c/0x250 [ 850.640486][T18440] ? show_regs_print_info+0x20/0x20 [ 850.645728][T18440] ? load_image+0x420/0x420 [ 850.650345][T18440] ? __might_fault+0xaa/0x120 [ 850.655043][T18440] ? __lock_acquire+0x7d40/0x7d40 [ 850.660099][T18440] should_fail_ex+0x39d/0x4d0 [ 850.664800][T18440] _copy_from_user+0x2f/0xe0 [ 850.669943][T18440] btf_new_fd+0x366/0x9f0 [ 850.674293][T18440] ? bpf_btf_show_fdinfo+0x80/0x80 [ 850.679521][T18440] ? capable+0x88/0xe0 [ 850.683782][T18440] __sys_bpf+0x670/0x890 [ 850.688128][T18440] ? bpf_link_show_fdinfo+0x390/0x390 [ 850.693706][T18440] ? lock_chain_count+0x20/0x20 [ 850.698579][T18440] __x64_sys_bpf+0x7c/0x90 [ 850.703008][T18440] do_syscall_64+0x55/0xa0 [ 850.707438][T18440] ? clear_bhb_loop+0x40/0x90 [ 850.712254][T18440] ? clear_bhb_loop+0x40/0x90 [ 850.716987][T18440] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 850.722912][T18440] RIP: 0033:0x7f0dc839c819 [ 850.727361][T18440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 850.747183][T18440] RSP: 002b:00007f0dc92e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 850.755647][T18440] RAX: ffffffffffffffda RBX: 00007f0dc8615fa0 RCX: 00007f0dc839c819 [ 850.763699][T18440] RDX: 0000000000000028 RSI: 00002000000000c0 RDI: 0000000000000012 [ 850.771685][T18440] RBP: 00007f0dc92e5090 R08: 0000000000000000 R09: 0000000000000000 [ 850.779728][T18440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.787797][T18440] R13: 00007f0dc8616038 R14: 00007f0dc8615fa0 R15: 00007ffe20a05718 [ 850.795805][T18440] [ 851.334213][T18444] netlink: 'syz.1.4088': attribute type 25 has an invalid length. [ 851.382727][T18455] netlink: 'syz.0.4092': attribute type 10 has an invalid length. [ 851.418371][T18455] team0: Device bond0 is already an upper device of the team interface [ 851.471803][T18457] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4093'. [ 851.485103][T18457] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4093'. [ 851.504801][T18457] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4093'. [ 851.692140][T18463] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4095'. [ 851.702046][T18463] bridge_slave_1: default FDB implementation only supports local addresses [ 852.785782][T18481] netlink: 'syz.2.4102': attribute type 10 has an invalid length. [ 852.905542][T18485] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4103'. [ 853.322184][T18479] netlink: 'syz.0.4101': attribute type 25 has an invalid length. [ 853.397921][T18489] bridge_slave_1: default FDB implementation only supports local addresses [ 853.544489][T18495] netlink: 'syz.0.4107': attribute type 21 has an invalid length. [ 853.706311][T18495] netlink: 'syz.0.4107': attribute type 1 has an invalid length. [ 856.936716][T18517] __nla_validate_parse: 3 callbacks suppressed [ 856.936754][T18517] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4113'. [ 856.972432][T18517] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4113'. [ 857.031374][T18516] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4113'. [ 857.259249][T18524] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 857.292520][T18526] FAULT_INJECTION: forcing a failure. [ 857.292520][T18526] name failslab, interval 1, probability 0, space 0, times 0 [ 857.339134][T18526] CPU: 1 PID: 18526 Comm: syz.1.4117 Not tainted syzkaller #0 [ 857.346868][T18526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 857.356981][T18526] Call Trace: [ 857.360309][T18526] [ 857.363293][T18526] dump_stack_lvl+0x18c/0x250 [ 857.368051][T18526] ? show_regs_print_info+0x20/0x20 [ 857.373399][T18526] ? load_image+0x420/0x420 [ 857.377953][T18526] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 857.384076][T18526] ? __asan_memset+0x22/0x40 [ 857.388824][T18526] should_fail_ex+0x39d/0x4d0 [ 857.393567][T18526] should_failslab+0x9/0x20 [ 857.398122][T18526] slab_pre_alloc_hook+0x59/0x310 [ 857.403193][T18526] ? __debug_object_init+0xec/0x450 [ 857.408445][T18526] kmem_cache_alloc+0x5a/0x2d0 [ 857.413316][T18526] ? slab_build_skb+0x2b/0x3f0 [ 857.418118][T18526] slab_build_skb+0x2b/0x3f0 [ 857.422835][T18526] bpf_prog_test_run_skb+0x3c8/0x12b0 [ 857.428335][T18526] ? __fget_files+0x28/0x4b0 [ 857.432971][T18526] ? __fget_files+0x28/0x4b0 [ 857.437628][T18526] ? __fget_files+0x43d/0x4b0 [ 857.442456][T18526] ? cpu_online+0x60/0x60 [ 857.446920][T18526] bpf_prog_test_run+0x321/0x390 [ 857.451897][T18526] __sys_bpf+0x49d/0x890 [ 857.456163][T18526] ? bpf_link_show_fdinfo+0x390/0x390 [ 857.461577][T18526] ? lock_chain_count+0x20/0x20 [ 857.466545][T18526] __x64_sys_bpf+0x7c/0x90 [ 857.471110][T18526] do_syscall_64+0x55/0xa0 [ 857.475562][T18526] ? clear_bhb_loop+0x40/0x90 [ 857.480300][T18526] ? clear_bhb_loop+0x40/0x90 [ 857.485096][T18526] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 857.491100][T18526] RIP: 0033:0x7fe09379c819 [ 857.495535][T18526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 857.515730][T18526] RSP: 002b:00007fe0946cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 857.524522][T18526] RAX: ffffffffffffffda RBX: 00007fe093a15fa0 RCX: 00007fe09379c819 [ 857.532596][T18526] RDX: 0000000000000050 RSI: 0000200000000380 RDI: 000000000000000a [ 857.540676][T18526] RBP: 00007fe0946cf090 R08: 0000000000000000 R09: 0000000000000000 [ 857.548753][T18526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 857.556735][T18526] R13: 00007fe093a16038 R14: 00007fe093a15fa0 R15: 00007ffcb39b8fd8 [ 857.564743][T18526] [ 857.697330][T18523] netlink: 'syz.3.4114': attribute type 1 has an invalid length. [ 857.950121][T18523] netlink: 15743 bytes leftover after parsing attributes in process `syz.3.4114'. [ 860.948391][T18531] netlink: 'syz.2.4116': attribute type 25 has an invalid length. [ 860.972786][T18535] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4118'. [ 860.982614][T18535] bridge_slave_1: default FDB implementation only supports local addresses [ 861.112298][T18543] netlink: 'syz.2.4120': attribute type 21 has an invalid length. [ 861.255891][T18543] netlink: 'syz.2.4120': attribute type 1 has an invalid length. [ 861.556331][T18559] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4125'. [ 861.655526][T18559] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4125'. [ 861.729721][T18560] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4125'. [ 861.785122][T18567] netlink: 'syz.0.4124': attribute type 33 has an invalid length. [ 861.810953][T18567] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4124'. [ 862.148295][T18578] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4130'. [ 862.201341][T18578] bridge_slave_1: default FDB implementation only supports local addresses [ 862.643806][T18576] netlink: 'syz.2.4129': attribute type 25 has an invalid length. [ 862.947064][T18592] netlink: 'syz.1.4134': attribute type 21 has an invalid length. [ 863.091312][T18592] netlink: 'syz.1.4134': attribute type 1 has an invalid length. [ 863.279973][T18603] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4137'. [ 863.319502][T18603] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4137'. [ 863.336036][T18606] netlink: 'syz.0.4138': attribute type 25 has an invalid length. [ 863.346600][T18606] netlink: 'syz.0.4138': attribute type 29 has an invalid length. [ 863.355368][T18608] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4137'. [ 863.466464][T18611] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.4140'. [ 863.715244][T18617] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4143'. [ 863.728357][T18617] bridge_slave_1: default FDB implementation only supports local addresses [ 863.814389][T18618] netlink: 'syz.1.4141': attribute type 33 has an invalid length. [ 863.856282][T18618] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4141'. [ 864.042689][T18615] netlink: 'syz.0.4142': attribute type 25 has an invalid length. [ 864.265667][T18635] netlink: 'syz.3.4148': attribute type 21 has an invalid length. [ 864.293132][T18635] netlink: 'syz.3.4148': attribute type 1 has an invalid length. [ 864.426143][T18639] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4151'. [ 864.468830][T18639] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4151'. [ 864.490532][T18642] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4151'. [ 864.598911][T18647] FAULT_INJECTION: forcing a failure. [ 864.598911][T18647] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 864.619603][T18647] CPU: 1 PID: 18647 Comm: syz.3.4153 Not tainted syzkaller #0 [ 864.627191][T18647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 864.637296][T18647] Call Trace: [ 864.640695][T18647] [ 864.643659][T18647] dump_stack_lvl+0x18c/0x250 [ 864.648387][T18647] ? show_regs_print_info+0x20/0x20 [ 864.653641][T18647] ? load_image+0x420/0x420 [ 864.658193][T18647] ? __might_fault+0xaa/0x120 [ 864.662996][T18647] ? __lock_acquire+0x7d40/0x7d40 [ 864.668066][T18647] should_fail_ex+0x39d/0x4d0 [ 864.672813][T18647] _copy_from_iter+0x1d9/0x12e0 [ 864.677710][T18647] ? __virt_addr_valid+0x18c/0x540 [ 864.682861][T18647] ? __lock_acquire+0x7d40/0x7d40 [ 864.687917][T18647] ? sock_alloc_send_pskb+0x8a1/0x9a0 [ 864.693349][T18647] ? copyout_mc+0x70/0x70 [ 864.697714][T18647] ? __virt_addr_valid+0x18c/0x540 [ 864.702958][T18647] ? __virt_addr_valid+0x18c/0x540 [ 864.708116][T18647] ? __virt_addr_valid+0x469/0x540 [ 864.713265][T18647] ? __check_object_size+0x506/0xa20 [ 864.718627][T18647] skb_copy_datagram_from_iter+0xf4/0x6e0 [ 864.724397][T18647] ? skb_put+0x11b/0x210 [ 864.728680][T18647] unix_stream_sendmsg+0x562/0xbf0 [ 864.734027][T18647] ? unix_show_fdinfo+0x270/0x270 [ 864.739087][T18647] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 864.745634][T18647] ? aa_sock_msg_perm+0x94/0x150 [ 864.750628][T18647] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 864.756053][T18647] ? security_socket_sendmsg+0x80/0xa0 [ 864.761613][T18647] ? unix_show_fdinfo+0x270/0x270 [ 864.766676][T18647] ____sys_sendmsg+0x5ba/0x960 [ 864.771496][T18647] ? __asan_memset+0x22/0x40 [ 864.776132][T18647] ? __sys_sendmsg_sock+0x30/0x30 [ 864.781191][T18647] ? __import_iovec+0x5f2/0x850 [ 864.786085][T18647] ? import_iovec+0x73/0xa0 [ 864.790626][T18647] ___sys_sendmsg+0x2a6/0x360 [ 864.795336][T18647] ? get_pid_task+0x20/0x1e0 [ 864.800023][T18647] ? __sys_sendmsg+0x2a0/0x2a0 [ 864.804947][T18647] ? __lock_acquire+0x7d40/0x7d40 [ 864.810043][T18647] __se_sys_sendmsg+0x1c2/0x2b0 [ 864.814940][T18647] ? __x64_sys_sendmsg+0x80/0x80 [ 864.819939][T18647] ? lockdep_hardirqs_on+0x98/0x150 [ 864.825268][T18647] do_syscall_64+0x55/0xa0 [ 864.829721][T18647] ? clear_bhb_loop+0x40/0x90 [ 864.834539][T18647] ? clear_bhb_loop+0x40/0x90 [ 864.839277][T18647] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 864.845233][T18647] RIP: 0033:0x7fc44f99c819 [ 864.849783][T18647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.869812][T18647] RSP: 002b:00007fc45087a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 864.878612][T18647] RAX: ffffffffffffffda RBX: 00007fc44fc15fa0 RCX: 00007fc44f99c819 [ 864.886708][T18647] RDX: 000000002004c001 RSI: 0000200000001500 RDI: 0000000000000003 [ 864.894819][T18647] RBP: 00007fc45087a090 R08: 0000000000000000 R09: 0000000000000000 [ 864.902824][T18647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 864.910996][T18647] R13: 00007fc44fc16038 R14: 00007fc44fc15fa0 R15: 00007fffdbb83c98 [ 864.919050][T18647] [ 865.468606][T18648] netlink: 'syz.0.4154': attribute type 25 has an invalid length. [ 866.033375][T18669] netlink: 'syz.1.4159': attribute type 21 has an invalid length. [ 868.207371][T18705] FAULT_INJECTION: forcing a failure. [ 868.207371][T18705] name failslab, interval 1, probability 0, space 0, times 0 [ 868.255437][T18705] CPU: 1 PID: 18705 Comm: syz.0.4172 Not tainted syzkaller #0 [ 868.262986][T18705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 868.273084][T18705] Call Trace: [ 868.276414][T18705] [ 868.279403][T18705] dump_stack_lvl+0x18c/0x250 [ 868.284139][T18705] ? show_regs_print_info+0x20/0x20 [ 868.289385][T18705] ? load_image+0x420/0x420 [ 868.293925][T18705] ? __might_sleep+0xe0/0xe0 [ 868.298548][T18705] ? __lock_acquire+0x7d40/0x7d40 [ 868.303594][T18705] should_fail_ex+0x39d/0x4d0 [ 868.308301][T18705] should_failslab+0x9/0x20 [ 868.312834][T18705] slab_pre_alloc_hook+0x59/0x310 [ 868.317876][T18705] ? tomoyo_encode+0x28b/0x540 [ 868.322918][T18705] ? tomoyo_encode+0x28b/0x540 [ 868.327698][T18705] __kmem_cache_alloc_node+0x53/0x250 [ 868.333121][T18705] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 868.339304][T18705] ? tomoyo_encode+0x28b/0x540 [ 868.344185][T18705] __kmalloc+0xa4/0x230 [ 868.348453][T18705] tomoyo_encode+0x28b/0x540 [ 868.353083][T18705] tomoyo_realpath_from_path+0x592/0x5d0 [ 868.358748][T18705] tomoyo_path_number_perm+0x248/0x620 [ 868.364338][T18705] ? tomoyo_path_number_perm+0x217/0x620 [ 868.370003][T18705] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 868.375606][T18705] ? __fget_files+0x28/0x4b0 [ 868.380215][T18705] ? __fget_files+0x28/0x4b0 [ 868.384840][T18705] security_file_ioctl+0x70/0xa0 [ 868.389797][T18705] __se_sys_ioctl+0x48/0x170 [ 868.394427][T18705] do_syscall_64+0x55/0xa0 [ 868.398858][T18705] ? clear_bhb_loop+0x40/0x90 [ 868.403551][T18705] ? clear_bhb_loop+0x40/0x90 [ 868.408243][T18705] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 868.414156][T18705] RIP: 0033:0x7fccd319c819 [ 868.418587][T18705] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 868.438219][T18705] RSP: 002b:00007fccd403f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 868.447016][T18705] RAX: ffffffffffffffda RBX: 00007fccd3416090 RCX: 00007fccd319c819 [ 868.454998][T18705] RDX: 0000200000000040 RSI: 000000004030582b RDI: 0000000000000004 [ 868.462981][T18705] RBP: 00007fccd403f090 R08: 0000000000000000 R09: 0000000000000000 [ 868.470968][T18705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 868.478952][T18705] R13: 00007fccd3416128 R14: 00007fccd3416090 R15: 00007ffc00f43e28 [ 868.486960][T18705] [ 868.548625][T18705] ERROR: Out of memory at tomoyo_realpath_from_path. [ 868.673446][T18707] validate_nla: 4 callbacks suppressed [ 868.673491][T18707] netlink: 'syz.1.4173': attribute type 21 has an invalid length. [ 868.714873][T18711] __nla_validate_parse: 4 callbacks suppressed [ 868.714891][T18711] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4174'. [ 868.832257][T18714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4175'. [ 868.861505][T18714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4175'. [ 868.884834][T18715] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4175'. [ 869.081766][T18719] Dead loop on virtual device ip6_vti0, fix it urgently! [ 870.080529][T18733] netlink: 'syz.2.4179': attribute type 33 has an invalid length. [ 870.162371][T18735] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.4182'. [ 870.191297][T18733] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4179'. [ 870.576352][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.582865][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.473842][T18744] netlink: 'syz.1.4184': attribute type 21 has an invalid length. [ 871.490901][T18746] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4185'. [ 871.536608][T18746] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4185'. [ 871.566400][T18747] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4185'. [ 872.149837][T18764] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4189'. [ 872.178526][T18761] netlink: 'syz.1.4191': attribute type 21 has an invalid length. [ 872.191139][T18761] netlink: 'syz.1.4191': attribute type 6 has an invalid length. [ 873.977345][T18784] netlink: 'syz.1.4198': attribute type 21 has an invalid length. [ 875.236894][T18801] __nla_validate_parse: 5 callbacks suppressed [ 875.236935][T18801] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.4203'. [ 875.510486][T18797] netlink: 'syz.0.4201': attribute type 25 has an invalid length. [ 875.703813][T18815] netlink: 'syz.2.4207': attribute type 21 has an invalid length. [ 875.744578][T18818] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4209'. [ 875.782441][T18818] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4209'. [ 875.821848][T18819] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4209'. [ 876.527838][T18829] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.4212'. [ 877.310881][T18837] netlink: 'syz.2.4214': attribute type 21 has an invalid length. [ 877.409811][T18840] netlink: 'syz.1.4216': attribute type 29 has an invalid length. [ 877.423931][T18840] netlink: 'syz.1.4216': attribute type 29 has an invalid length. [ 877.449984][T18840] netlink: 'syz.1.4216': attribute type 29 has an invalid length. [ 877.498977][T18845] netlink: 'syz.3.4217': attribute type 2 has an invalid length. [ 877.510581][T18841] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4215'. [ 877.538685][T18840] netlink: 'syz.1.4216': attribute type 29 has an invalid length. [ 877.628671][T18840] netlink: 'syz.1.4216': attribute type 29 has an invalid length. [ 878.781722][T18861] bond0 (unregistering): left promiscuous mode [ 878.828551][T18861] bond_slave_0: left promiscuous mode [ 878.986305][T18861] bond_slave_1: left promiscuous mode [ 878.992625][T18861] bond0 (unregistering): left allmulticast mode [ 879.007739][T18861] bond_slave_0: left allmulticast mode [ 879.020916][T18861] bond_slave_1: left allmulticast mode [ 879.031853][T18861] team0: Port device bond0 removed [ 879.051305][T18861] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 879.075237][T18861] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 879.099592][T18861] bond0 (unregistering): Released all slaves [ 879.116966][T18865] validate_nla: 2 callbacks suppressed [ 879.116985][T18865] netlink: 'syz.1.4221': attribute type 25 has an invalid length. [ 879.311045][T18884] FAULT_INJECTION: forcing a failure. [ 879.311045][T18884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 879.327333][T18884] CPU: 1 PID: 18884 Comm: syz.2.4228 Not tainted syzkaller #0 [ 879.334877][T18884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 879.344986][T18884] Call Trace: [ 879.348295][T18884] [ 879.351281][T18884] dump_stack_lvl+0x18c/0x250 [ 879.355994][T18884] ? show_regs_print_info+0x20/0x20 [ 879.361218][T18884] ? load_image+0x420/0x420 [ 879.365747][T18884] ? __might_fault+0xaa/0x120 [ 879.370788][T18884] ? __lock_acquire+0x7d40/0x7d40 [ 879.375833][T18884] should_fail_ex+0x39d/0x4d0 [ 879.380578][T18884] _copy_from_user+0x2f/0xe0 [ 879.385208][T18884] sk_setsockopt+0x2b2/0x2bc0 [ 879.389946][T18884] ? sockopt_capable+0x60/0x60 [ 879.394759][T18884] ? aa_sk_perm+0x83c/0x970 [ 879.399316][T18884] ? __fget_files+0x28/0x4b0 [ 879.403993][T18884] ? aa_af_perm+0x330/0x330 [ 879.408616][T18884] ? __fget_files+0x28/0x4b0 [ 879.413229][T18884] ? __fget_files+0x28/0x4b0 [ 879.417838][T18884] ? aa_sock_opt_perm+0x74/0x100 [ 879.422974][T18884] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 879.428544][T18884] ? security_socket_setsockopt+0x7e/0xa0 [ 879.434376][T18884] do_sock_setsockopt+0x11b/0x1a0 [ 879.439418][T18884] __x64_sys_setsockopt+0x182/0x200 [ 879.444667][T18884] do_syscall_64+0x55/0xa0 [ 879.449098][T18884] ? clear_bhb_loop+0x40/0x90 [ 879.453791][T18884] ? clear_bhb_loop+0x40/0x90 [ 879.458490][T18884] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 879.464495][T18884] RIP: 0033:0x7f0dc839c819 [ 879.469021][T18884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 879.489080][T18884] RSP: 002b:00007f0dc92c4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 879.497598][T18884] RAX: ffffffffffffffda RBX: 00007f0dc8616090 RCX: 00007f0dc839c819 [ 879.505608][T18884] RDX: 0000000000000007 RSI: 0000000000000001 RDI: 0000000000000005 [ 879.514031][T18884] RBP: 00007f0dc92c4090 R08: 0000000000000043 R09: 0000000000000000 [ 879.522027][T18884] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 879.530277][T18884] R13: 00007f0dc8616128 R14: 00007f0dc8616090 R15: 00007ffe20a05718 [ 879.538280][T18884] [ 879.544086][T18883] netlink: 'syz.3.4230': attribute type 29 has an invalid length. [ 879.560055][T18883] netlink: 'syz.3.4230': attribute type 29 has an invalid length. [ 879.569046][T18886] netlink: 'syz.3.4230': attribute type 29 has an invalid length. [ 879.583189][T18883] netlink: 'syz.3.4230': attribute type 29 has an invalid length. [ 879.618746][T18883] netlink: 'syz.3.4230': attribute type 29 has an invalid length. [ 879.652831][T12610] cgroup: fork rejected by pids controller in /syz0 [ 880.925101][ T9834] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 881.103918][ T9834] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 881.208695][ T9834] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 881.352304][ T9834] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 882.039338][T18922] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 882.079359][T18922] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 882.098664][T18922] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 882.112945][T18922] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 882.125424][T18922] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 882.133192][T18922] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 882.546922][T18925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 883.262040][T18919] chnl_net:caif_netlink_parms(): no params data found [ 883.495099][T18945] netlink: 'syz.2.4246': attribute type 25 has an invalid length. [ 883.723131][T18968] netlink: 'syz.3.4250': attribute type 29 has an invalid length. [ 883.736392][T18919] bridge0: port 1(bridge_slave_0) entered blocking state [ 883.744295][T18919] bridge0: port 1(bridge_slave_0) entered disabled state [ 883.755609][T18919] bridge_slave_0: entered allmulticast mode [ 883.763714][T18919] bridge_slave_0: entered promiscuous mode [ 883.776051][T18968] netlink: 'syz.3.4250': attribute type 29 has an invalid length. [ 883.791032][T18919] bridge0: port 2(bridge_slave_1) entered blocking state [ 883.808522][T18919] bridge0: port 2(bridge_slave_1) entered disabled state [ 883.817770][T18968] netlink: 'syz.3.4250': attribute type 29 has an invalid length. [ 883.837149][T18919] bridge_slave_1: entered allmulticast mode [ 883.869137][T18919] bridge_slave_1: entered promiscuous mode [ 884.197991][T18965] validate_nla: 1 callbacks suppressed [ 884.198011][T18965] netlink: 'syz.2.4249': attribute type 25 has an invalid length. [ 884.222499][ T5771] Bluetooth: hci3: command tx timeout [ 884.249737][T18919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 884.314563][T18919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 884.541170][ T9834] hsr_slave_1: left promiscuous mode [ 884.590211][ T9834] bridge0: port 4(team0) entered disabled state [ 884.628652][ T9834] bridge0: port 3(dummy0) entered disabled state [ 884.711370][ T9834] bridge_slave_1: left allmulticast mode [ 884.717197][ T9834] bridge_slave_1: left promiscuous mode [ 884.822534][ T9834] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.882731][ T9834] bridge_slave_0: left promiscuous mode [ 884.888864][ T9834] bridge0: port 1(bridge_slave_0) entered disabled state [ 885.199845][ T9834] veth1_macvtap: left promiscuous mode [ 885.205490][ T9834] veth0_macvtap: left promiscuous mode [ 885.275413][ T9834] veth1_vlan: left promiscuous mode [ 886.298384][ T5771] Bluetooth: hci3: command tx timeout [ 886.771071][ T9834] team_slave_1 (unregistering): left promiscuous mode [ 886.780421][ T9834] team_slave_1 (unregistering): left allmulticast mode [ 886.792238][ T9834] team0 (unregistering): Port device team_slave_1 removed [ 886.877095][ T9834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 887.237781][ T9834] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 887.253532][ T9834] bond0 (unregistering): Released all slaves [ 887.360553][T18919] team0: Port device team_slave_0 added [ 887.376843][T18919] team0: Port device team_slave_1 added [ 887.514636][T18919] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 887.523264][T18919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 887.550158][T18919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 887.566622][T18919] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 887.574870][T18919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 887.601498][T18919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 887.680598][T18919] hsr_slave_0: entered promiscuous mode [ 887.687170][T18919] hsr_slave_1: entered promiscuous mode [ 888.378367][ T5771] Bluetooth: hci3: command tx timeout [ 888.562155][T18919] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 888.584124][T18919] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 888.602712][T18919] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 888.648254][T18919] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 888.753099][T19034] netlink: 'syz.2.4257': attribute type 29 has an invalid length. [ 888.785351][T19034] netlink: 'syz.2.4257': attribute type 29 has an invalid length. [ 888.831410][T19034] netlink: 'syz.2.4257': attribute type 29 has an invalid length. [ 888.856483][T19034] netlink: 'syz.2.4257': attribute type 29 has an invalid length. [ 888.929758][T19034] netlink: 'syz.2.4257': attribute type 29 has an invalid length. [ 889.086740][T18919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 889.180146][T18919] 8021q: adding VLAN 0 to HW filter on device team0 [ 889.232144][T13280] bridge0: port 1(bridge_slave_0) entered blocking state [ 889.239498][T13280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 889.299922][T13280] bridge0: port 2(bridge_slave_1) entered blocking state [ 889.307185][T13280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 889.432377][T18919] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 889.586427][T19038] netlink: 'syz.1.4259': attribute type 25 has an invalid length. [ 889.637707][T19047] netlink: 'syz.2.4261': attribute type 33 has an invalid length. [ 889.647739][T19047] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4261'. [ 889.825924][T19060] FAULT_INJECTION: forcing a failure. [ 889.825924][T19060] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 889.907682][T19060] CPU: 1 PID: 19060 Comm: syz.1.4263 Not tainted syzkaller #0 [ 889.915324][T19060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 889.925583][T19060] Call Trace: [ 889.928905][T19060] [ 889.931876][T19060] dump_stack_lvl+0x18c/0x250 [ 889.936629][T19060] ? show_regs_print_info+0x20/0x20 [ 889.941920][T19060] ? load_image+0x420/0x420 [ 889.946494][T19060] ? __lock_acquire+0x7d40/0x7d40 [ 889.946915][T19062] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 889.952149][T19060] ? lockdep_hardirqs_on+0x98/0x150 [ 889.952183][T19060] should_fail_ex+0x39d/0x4d0 [ 889.952219][T19060] _copy_to_user+0x2f/0xa0 [ 889.952246][T19060] simple_read_from_buffer+0xe7/0x150 [ 889.952285][T19060] proc_fail_nth_read+0x1e8/0x260 [ 889.952318][T19060] ? proc_fault_inject_write+0x360/0x360 [ 889.952351][T19060] ? fsnotify_perm+0x271/0x5e0 [ 889.952379][T19060] ? proc_fault_inject_write+0x360/0x360 [ 889.952409][T19060] vfs_read+0x28b/0x970 [ 889.993160][T18919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 889.998177][T19060] ? kernel_read+0x1e0/0x1e0 [ 889.998221][T19060] ? __fget_files+0x28/0x4b0 [ 889.998253][T19060] ? __fget_files+0x28/0x4b0 [ 889.998279][T19060] ? __fget_files+0x43d/0x4b0 [ 889.998315][T19060] ? __fdget_pos+0x2a3/0x330 [ 889.998338][T19060] ? ksys_read+0x75/0x260 [ 889.998369][T19060] ksys_read+0x150/0x260 [ 889.998399][T19060] ? vfs_write+0x990/0x990 [ 890.056623][T19060] ? syscall_enter_from_user_mode+0x2e/0x80 [ 890.062806][T19060] do_syscall_64+0x55/0xa0 [ 890.067247][T19060] ? clear_bhb_loop+0x40/0x90 [ 890.071940][T19060] ? clear_bhb_loop+0x40/0x90 [ 890.076640][T19060] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 890.082549][T19060] RIP: 0033:0x7fe09375d04e [ 890.087249][T19060] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 890.106969][T19060] RSP: 002b:00007fe0946cefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 890.115753][T19060] RAX: ffffffffffffffda RBX: 00007fe0946cf6c0 RCX: 00007fe09375d04e [ 890.123930][T19060] RDX: 000000000000000f RSI: 00007fe0946cf0a0 RDI: 000000000000000b [ 890.131938][T19060] RBP: 00007fe0946cf090 R08: 0000000000000000 R09: 0000000000000000 [ 890.140039][T19060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 890.148034][T19060] R13: 00007fe093a16038 R14: 00007fe093a15fa0 R15: 00007ffcb39b8fd8 [ 890.156130][T19060] [ 890.209230][T18919] veth0_vlan: entered promiscuous mode [ 890.240570][T18919] veth1_vlan: entered promiscuous mode [ 890.332418][T18919] veth0_macvtap: entered promiscuous mode [ 890.355402][T18919] veth1_macvtap: entered promiscuous mode [ 890.408681][T18919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 890.420064][T18919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.450816][T18919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 890.461539][ T5771] Bluetooth: hci3: command tx timeout [ 890.488686][T18919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.509906][T18919] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 890.541882][T18919] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 890.588119][T18919] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.619843][T18919] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 890.665618][T18919] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 890.695665][T18919] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 890.718075][T18919] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 890.726867][T18919] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.044742][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 891.090906][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 891.143241][T19088] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4271'. [ 891.264257][T13280] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 891.282716][T13280] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 891.434995][T19103] netlink: 'syz.0.4236': attribute type 29 has an invalid length. [ 891.443647][T19103] netlink: 'syz.0.4236': attribute type 29 has an invalid length. [ 891.458353][T19103] netlink: 'syz.0.4236': attribute type 29 has an invalid length. [ 891.480526][T19103] netlink: 'syz.0.4236': attribute type 29 has an invalid length. [ 891.509000][T19103] netlink: 'syz.0.4236': attribute type 29 has an invalid length. [ 891.890906][T19110] netlink: 207508 bytes leftover after parsing attributes in process `syz.2.4277'. [ 892.496150][T19125] netlink: 'syz.2.4281': attribute type 29 has an invalid length. [ 892.556288][T19125] netlink: 'syz.2.4281': attribute type 3 has an invalid length. [ 892.626927][T19130] netlink: 35840 bytes leftover after parsing attributes in process `syz.2.4281'. [ 892.678470][T19125] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4281'. [ 893.601417][T19120] netlink: 'syz.0.4276': attribute type 10 has an invalid length. [ 893.618405][T19120] netlink: 55 bytes leftover after parsing attributes in process `syz.0.4276'. [ 895.978428][T19138] netlink: 'syz.0.4276': attribute type 4 has an invalid length. [ 895.987278][T19151] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4284'. [ 896.196819][T19169] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 896.636665][T19188] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4294'. [ 896.681405][T19188] bridge_slave_1: default FDB implementation only supports local addresses [ 897.355517][T19200] netlink: 'syz.3.4299': attribute type 9 has an invalid length. [ 897.380038][T19200] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.4299'. [ 900.857827][T19228] FAULT_INJECTION: forcing a failure. [ 900.857827][T19228] name failslab, interval 1, probability 0, space 0, times 0 [ 900.904208][T19230] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4306'. [ 900.920768][T19228] CPU: 1 PID: 19228 Comm: syz.1.4305 Not tainted syzkaller #0 [ 900.928407][T19228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 900.932168][T19230] bridge_slave_1: default FDB implementation only supports local addresses [ 900.938918][T19228] Call Trace: [ 900.938934][T19228] [ 900.938962][T19228] dump_stack_lvl+0x18c/0x250 [ 900.939000][T19228] ? show_regs_print_info+0x20/0x20 [ 900.939029][T19228] ? load_image+0x420/0x420 [ 900.939059][T19228] ? __might_sleep+0xe0/0xe0 [ 900.939084][T19228] ? __lock_acquire+0x7d40/0x7d40 [ 900.939112][T19228] should_fail_ex+0x39d/0x4d0 [ 900.939148][T19228] should_failslab+0x9/0x20 [ 900.939184][T19228] slab_pre_alloc_hook+0x59/0x310 [ 900.939216][T19228] ? sk_prot_alloc+0xe7/0x210 [ 900.939243][T19228] ? sk_prot_alloc+0xe7/0x210 [ 900.939266][T19228] __kmem_cache_alloc_node+0x53/0x250 [ 900.939302][T19228] ? sk_prot_alloc+0xe7/0x210 [ 900.939327][T19228] __kmalloc+0xa4/0x230 [ 900.939359][T19228] sk_prot_alloc+0xe7/0x210 [ 900.939383][T19228] ? sk_alloc+0x24/0x360 [ 900.939410][T19228] sk_alloc+0x3a/0x360 [ 900.939435][T19228] ? bpf_ctx_init+0x163/0x1a0 [ 900.939456][T19228] ? bpf_prog_test_run_skb+0x273/0x12b0 [ 900.939482][T19228] bpf_prog_test_run_skb+0x3a5/0x12b0 [ 900.939506][T19228] ? lockdep_hardirqs_on+0x98/0x150 [ 900.939530][T19228] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 900.939570][T19228] ? cpu_online+0x60/0x60 [ 900.939593][T19228] bpf_prog_test_run+0x321/0x390 [ 900.939621][T19228] __sys_bpf+0x49d/0x890 [ 900.939646][T19228] ? bpf_link_show_fdinfo+0x390/0x390 [ 900.939688][T19228] ? lock_chain_count+0x20/0x20 [ 900.939709][T19228] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 901.087880][T19228] __x64_sys_bpf+0x7c/0x90 [ 901.092325][T19228] do_syscall_64+0x55/0xa0 [ 901.096751][T19228] ? clear_bhb_loop+0x40/0x90 [ 901.101443][T19228] ? clear_bhb_loop+0x40/0x90 [ 901.106150][T19228] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 901.112315][T19228] RIP: 0033:0x7fe09379c819 [ 901.116742][T19228] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 901.137277][T19228] RSP: 002b:00007fe0946cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 901.145721][T19228] RAX: ffffffffffffffda RBX: 00007fe093a15fa0 RCX: 00007fe09379c819 [ 901.153805][T19228] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 901.161899][T19228] RBP: 00007fe0946cf090 R08: 0000000000000000 R09: 0000000000000000 [ 901.169898][T19228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 901.177975][T19228] R13: 00007fe093a16038 R14: 00007fe093a15fa0 R15: 00007ffcb39b8fd8 [ 901.186010][T19228] [ 905.008142][T19254] FAULT_INJECTION: forcing a failure. [ 905.008142][T19254] name failslab, interval 1, probability 0, space 0, times 0 [ 905.036243][T19254] CPU: 1 PID: 19254 Comm: syz.2.4314 Not tainted syzkaller #0 [ 905.043799][T19254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 905.053892][T19254] Call Trace: [ 905.057206][T19254] [ 905.060143][T19254] dump_stack_lvl+0x18c/0x250 [ 905.064854][T19254] ? show_regs_print_info+0x20/0x20 [ 905.070104][T19254] ? load_image+0x420/0x420 [ 905.074620][T19254] ? __might_sleep+0xe0/0xe0 [ 905.079230][T19254] ? __lock_acquire+0x7d40/0x7d40 [ 905.084264][T19254] should_fail_ex+0x39d/0x4d0 [ 905.089008][T19254] should_failslab+0x9/0x20 [ 905.093543][T19254] slab_pre_alloc_hook+0x59/0x310 [ 905.098606][T19254] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 905.104397][T19254] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 905.110222][T19254] __kmem_cache_alloc_node+0x53/0x250 [ 905.115698][T19254] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 905.121445][T19254] __kmalloc+0xa4/0x230 [ 905.125638][T19254] tomoyo_realpath_from_path+0xe3/0x5d0 [ 905.131514][T19254] tomoyo_path_number_perm+0x248/0x620 [ 905.137095][T19254] ? tomoyo_path_number_perm+0x217/0x620 [ 905.142852][T19254] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 905.148337][T19254] ? ksys_write+0x1c4/0x260 [ 905.152967][T19254] ? __fget_files+0x28/0x4b0 [ 905.157607][T19254] ? __fget_files+0x28/0x4b0 [ 905.162408][T19254] security_file_ioctl+0x70/0xa0 [ 905.167367][T19254] __se_sys_ioctl+0x48/0x170 [ 905.172040][T19254] do_syscall_64+0x55/0xa0 [ 905.176648][T19254] ? clear_bhb_loop+0x40/0x90 [ 905.181520][T19254] ? clear_bhb_loop+0x40/0x90 [ 905.186296][T19254] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 905.192233][T19254] RIP: 0033:0x7f0dc839c819 [ 905.196785][T19254] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 905.216417][T19254] RSP: 002b:00007f0dc92e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 905.224873][T19254] RAX: ffffffffffffffda RBX: 00007f0dc8615fa0 RCX: 00007f0dc839c819 [ 905.232876][T19254] RDX: 0000000000000000 RSI: 0000000040047440 RDI: 0000000000000003 [ 905.240866][T19254] RBP: 00007f0dc92e5090 R08: 0000000000000000 R09: 0000000000000000 [ 905.248863][T19254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 905.256839][T19254] R13: 00007f0dc8616038 R14: 00007f0dc8615fa0 R15: 00007ffe20a05718 [ 905.264836][T19254] [ 905.288095][T19254] ERROR: Out of memory at tomoyo_realpath_from_path. [ 905.778347][T19270] netlink: 'syz.1.4322': attribute type 10 has an invalid length. [ 905.798188][T19270] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4322'. [ 905.818733][T19270] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 906.644663][T19288] FAULT_INJECTION: forcing a failure. [ 906.644663][T19288] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 906.684535][T19288] CPU: 0 PID: 19288 Comm: syz.1.4328 Not tainted syzkaller #0 [ 906.692070][T19288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 906.702188][T19288] Call Trace: [ 906.705507][T19288] [ 906.708486][T19288] dump_stack_lvl+0x18c/0x250 [ 906.713236][T19288] ? show_regs_print_info+0x20/0x20 [ 906.718478][T19288] ? load_image+0x420/0x420 [ 906.723027][T19288] ? __might_fault+0xaa/0x120 [ 906.727853][T19288] should_fail_ex+0x39d/0x4d0 [ 906.732665][T19288] copyin+0x1a/0x90 [ 906.736636][T19288] _copy_from_iter+0x404/0x12e0 [ 906.741561][T19288] ? copyout_mc+0x70/0x70 [ 906.745956][T19288] ? verify_lock_unused+0x140/0x140 [ 906.751296][T19288] ? dev_get_by_index+0x22/0x2d0 [ 906.756282][T19288] ? dev_get_by_index+0x22/0x2d0 [ 906.761442][T19288] packet_sendmsg+0x2e23/0x4d70 [ 906.766346][T19288] ? aa_sk_perm+0x970/0x970 [ 906.771099][T19288] ? __might_sleep+0xe0/0xe0 [ 906.775740][T19288] ? verify_lock_unused+0x140/0x140 [ 906.780995][T19288] ? mark_lock+0x94/0x320 [ 906.785481][T19288] ? __lock_acquire+0x1273/0x7d40 [ 906.790551][T19288] ? verify_lock_unused+0x140/0x140 [ 906.795806][T19288] ? aa_sk_perm+0x83c/0x970 [ 906.800453][T19288] ? packet_getsockopt+0xad0/0xad0 [ 906.805709][T19288] ? aa_sock_msg_perm+0x94/0x150 [ 906.810682][T19288] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 906.815995][T19288] ? security_socket_sendmsg+0x80/0xa0 [ 906.821493][T19288] ? packet_getsockopt+0xad0/0xad0 [ 906.826699][T19288] ____sys_sendmsg+0x5ba/0x960 [ 906.831492][T19288] ? __lock_acquire+0x7d40/0x7d40 [ 906.836646][T19288] ? __asan_memset+0x22/0x40 [ 906.841346][T19288] ? __sys_sendmsg_sock+0x30/0x30 [ 906.846381][T19288] ? __import_iovec+0x3fa/0x850 [ 906.851342][T19288] ? import_iovec+0x73/0xa0 [ 906.855866][T19288] ___sys_sendmsg+0x2a6/0x360 [ 906.860569][T19288] ? get_pid_task+0x20/0x1e0 [ 906.865186][T19288] ? __sys_sendmsg+0x2a0/0x2a0 [ 906.869991][T19288] ? __lock_acquire+0x7d40/0x7d40 [ 906.875068][T19288] __se_sys_sendmsg+0x1c2/0x2b0 [ 906.879945][T19288] ? __x64_sys_sendmsg+0x80/0x80 [ 906.885093][T19288] ? lockdep_hardirqs_on+0x98/0x150 [ 906.890497][T19288] do_syscall_64+0x55/0xa0 [ 906.894925][T19288] ? clear_bhb_loop+0x40/0x90 [ 906.899617][T19288] ? clear_bhb_loop+0x40/0x90 [ 906.904310][T19288] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 906.910225][T19288] RIP: 0033:0x7fe09379c819 [ 906.914742][T19288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 906.934723][T19288] RSP: 002b:00007fe0946cf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 906.943271][T19288] RAX: ffffffffffffffda RBX: 00007fe093a15fa0 RCX: 00007fe09379c819 [ 906.951364][T19288] RDX: 00000000200400c4 RSI: 0000200000000180 RDI: 0000000000000003 [ 906.959359][T19288] RBP: 00007fe0946cf090 R08: 0000000000000000 R09: 0000000000000000 [ 906.967435][T19288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 906.975444][T19288] R13: 00007fe093a16038 R14: 00007fe093a15fa0 R15: 00007ffcb39b8fd8 [ 906.983452][T19288] [ 908.036290][T19307] netlink: 'syz.2.4333': attribute type 9 has an invalid length. [ 910.906478][T19320] FAULT_INJECTION: forcing a failure. [ 910.906478][T19320] name failslab, interval 1, probability 0, space 0, times 0 [ 910.933033][T19320] CPU: 1 PID: 19320 Comm: syz.2.4338 Not tainted syzkaller #0 [ 910.940672][T19320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 910.951036][T19320] Call Trace: [ 910.954530][T19320] [ 910.957583][T19320] dump_stack_lvl+0x18c/0x250 [ 910.962410][T19320] ? show_regs_print_info+0x20/0x20 [ 910.967656][T19320] ? load_image+0x420/0x420 [ 910.973382][T19320] ? __might_sleep+0xe0/0xe0 [ 910.978043][T19320] ? __lock_acquire+0x7d40/0x7d40 [ 910.983207][T19320] ? is_dynamic_key+0x260/0x260 [ 910.988111][T19320] should_fail_ex+0x39d/0x4d0 [ 910.992841][T19320] should_failslab+0x9/0x20 [ 910.997487][T19320] slab_pre_alloc_hook+0x59/0x310 [ 911.002670][T19320] kmem_cache_alloc_node+0x60/0x320 [ 911.008008][T19320] ? __alloc_skb+0x103/0x2c0 [ 911.012837][T19320] __alloc_skb+0x103/0x2c0 [ 911.017347][T19320] __ip_append_data+0x2b73/0x3d40 [ 911.022394][T19320] ? ip_route_output_key_hash+0x13d/0x330 [ 911.028319][T19320] ? raw_send_hdrinc+0x1170/0x1170 [ 911.033632][T19320] ? mark_lock+0x94/0x320 [ 911.038072][T19320] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 911.044230][T19320] ? ip_setup_cork+0x860/0x860 [ 911.049415][T19320] ? ip_setup_cork+0x530/0x860 [ 911.054199][T19320] ip_append_data+0x10d/0x180 [ 911.058974][T19320] ? raw_send_hdrinc+0x1170/0x1170 [ 911.064100][T19320] raw_sendmsg+0x15c1/0x1c00 [ 911.068744][T19320] ? compat_raw_ioctl+0x70/0x70 [ 911.073612][T19320] ? __lock_acquire+0x1273/0x7d40 [ 911.078741][T19320] ? tomoyo_socket_sendmsg_permission+0x216/0x2f0 [ 911.085172][T19320] ? sock_rps_record_flow+0x19/0x3f0 [ 911.090554][T19320] ? inet_sendmsg+0x7c/0x2f0 [ 911.095146][T19320] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 911.100439][T19320] ? security_socket_sendmsg+0x80/0xa0 [ 911.106009][T19320] ? inet_send_prepare+0x260/0x260 [ 911.111244][T19320] ____sys_sendmsg+0x5ba/0x960 [ 911.116124][T19320] ? __lock_acquire+0x7d40/0x7d40 [ 911.121173][T19320] ? __asan_memset+0x22/0x40 [ 911.125805][T19320] ? __sys_sendmsg_sock+0x30/0x30 [ 911.130921][T19320] ? __import_iovec+0x3fa/0x850 [ 911.135811][T19320] ? import_iovec+0x73/0xa0 [ 911.140518][T19320] ___sys_sendmsg+0x2a6/0x360 [ 911.145383][T19320] ? get_pid_task+0x20/0x1e0 [ 911.150021][T19320] ? __sys_sendmsg+0x2a0/0x2a0 [ 911.154863][T19320] ? __lock_acquire+0x7d40/0x7d40 [ 911.159976][T19320] __se_sys_sendmsg+0x1c2/0x2b0 [ 911.164863][T19320] ? __x64_sys_sendmsg+0x80/0x80 [ 911.169823][T19320] ? lockdep_hardirqs_on+0x98/0x150 [ 911.175032][T19320] do_syscall_64+0x55/0xa0 [ 911.179458][T19320] ? clear_bhb_loop+0x40/0x90 [ 911.184139][T19320] ? clear_bhb_loop+0x40/0x90 [ 911.188910][T19320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 911.194802][T19320] RIP: 0033:0x7f0dc839c819 [ 911.199264][T19320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 911.218978][T19320] RSP: 002b:00007f0dc92e5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 911.227408][T19320] RAX: ffffffffffffffda RBX: 00007f0dc8615fa0 RCX: 00007f0dc839c819 [ 911.235393][T19320] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 911.243385][T19320] RBP: 00007f0dc92e5090 R08: 0000000000000000 R09: 0000000000000000 [ 911.251393][T19320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 911.259559][T19320] R13: 00007f0dc8616038 R14: 00007f0dc8615fa0 R15: 00007ffe20a05718 [ 911.267654][T19320] [ 911.540514][T19326] netlink: 192188 bytes leftover after parsing attributes in process `syz.2.4341'. [ 911.567178][T19326] openvswitch: netlink: Key 9 has unexpected len 3064 expected 4 [ 912.310460][T19341] netlink: 'syz.1.4342': attribute type 9 has an invalid length. [ 912.318735][T19341] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.4342'. [ 912.708282][T19352] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.4354'. [ 912.752649][T19352] bridge_slave_1: default FDB implementation only supports local addresses [ 914.092078][T19387] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.4358'. [ 914.102485][T19387] bridge_slave_1: default FDB implementation only supports local addresses [ 914.357691][T19396] netlink: 'syz.2.4362': attribute type 9 has an invalid length. [ 914.384906][T19396] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.4362'. [ 914.471164][T19403] FAULT_INJECTION: forcing a failure. [ 914.471164][T19403] name failslab, interval 1, probability 0, space 0, times 0 [ 914.520110][T19403] CPU: 1 PID: 19403 Comm: syz.0.4364 Not tainted syzkaller #0 [ 914.527746][T19403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 914.538007][T19403] Call Trace: [ 914.541340][T19403] [ 914.544309][T19403] dump_stack_lvl+0x18c/0x250 [ 914.549038][T19403] ? show_regs_print_info+0x20/0x20 [ 914.554325][T19403] ? load_image+0x420/0x420 [ 914.558962][T19403] ? __might_sleep+0xe0/0xe0 [ 914.563585][T19403] ? __lock_acquire+0x7d40/0x7d40 [ 914.568649][T19403] should_fail_ex+0x39d/0x4d0 [ 914.573374][T19403] should_failslab+0x9/0x20 [ 914.578005][T19403] slab_pre_alloc_hook+0x59/0x310 [ 914.583073][T19403] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 914.588860][T19403] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 914.594619][T19403] __kmem_cache_alloc_node+0x53/0x250 [ 914.600130][T19403] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 914.605888][T19403] __kmalloc+0xa4/0x230 [ 914.610191][T19403] tomoyo_realpath_from_path+0xe3/0x5d0 [ 914.615876][T19403] tomoyo_path_number_perm+0x248/0x620 [ 914.621486][T19403] ? tomoyo_path_number_perm+0x217/0x620 [ 914.627161][T19403] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 914.632731][T19403] ? ksys_write+0x1c4/0x260 [ 914.637319][T19403] ? __fget_files+0x28/0x4b0 [ 914.641955][T19403] ? __fget_files+0x28/0x4b0 [ 914.646618][T19403] security_file_ioctl+0x70/0xa0 [ 914.651603][T19403] __se_sys_ioctl+0x48/0x170 [ 914.656247][T19403] do_syscall_64+0x55/0xa0 [ 914.660696][T19403] ? clear_bhb_loop+0x40/0x90 [ 914.665422][T19403] ? clear_bhb_loop+0x40/0x90 [ 914.670156][T19403] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 914.676096][T19403] RIP: 0033:0x7fabc6b9c819 [ 914.680576][T19403] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 914.700320][T19403] RSP: 002b:00007fabc4df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 914.708794][T19403] RAX: ffffffffffffffda RBX: 00007fabc6e15fa0 RCX: 00007fabc6b9c819 [ 914.716926][T19403] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000003 [ 914.724941][T19403] RBP: 00007fabc4df6090 R08: 0000000000000000 R09: 0000000000000000 [ 914.733032][T19403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 914.741124][T19403] R13: 00007fabc6e16038 R14: 00007fabc6e15fa0 R15: 00007ffc7509b3f8 [ 914.749146][T19403] [ 914.831538][T19403] ERROR: Out of memory at tomoyo_realpath_from_path. [ 916.641591][T19422] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4370'. [ 916.657455][T19422] bridge_slave_1: default FDB implementation only supports local addresses [ 916.832117][T19431] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 917.038798][T19437] veth1_to_bond: entered promiscuous mode [ 917.049205][T19437] veth1_to_bond: entered allmulticast mode [ 917.382666][T19451] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4385'. [ 917.392753][T19451] bridge_slave_1: default FDB implementation only supports local addresses [ 918.379906][T19481] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4395'. [ 918.396206][T19481] bridge_slave_1: default FDB implementation only supports local addresses [ 918.417461][T19477] netlink: 'syz.0.4393': attribute type 27 has an invalid length. [ 918.516629][T19477] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4393'. [ 918.891552][T19487] netlink: 'syz.2.4394': attribute type 46 has an invalid length. [ 918.935486][T19487] netlink: 'syz.2.4394': attribute type 46 has an invalid length. [ 918.945579][T19489] FAULT_INJECTION: forcing a failure. [ 918.945579][T19489] name failslab, interval 1, probability 0, space 0, times 0 [ 918.958864][T19489] CPU: 1 PID: 19489 Comm: syz.3.4397 Not tainted syzkaller #0 [ 918.967206][T19489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 918.978191][T19489] Call Trace: [ 918.981514][T19489] [ 918.984591][T19489] dump_stack_lvl+0x18c/0x250 [ 918.989368][T19489] ? show_regs_print_info+0x20/0x20 [ 918.994712][T19489] ? load_image+0x420/0x420 [ 918.999465][T19489] ? mark_lock+0x94/0x320 [ 919.003875][T19489] should_fail_ex+0x39d/0x4d0 [ 919.008696][T19489] should_failslab+0x9/0x20 [ 919.013253][T19489] slab_pre_alloc_hook+0x59/0x310 [ 919.018524][T19489] kmem_cache_alloc_node+0x60/0x320 [ 919.023773][T19489] ? __alloc_skb+0x103/0x2c0 [ 919.028591][T19489] __alloc_skb+0x103/0x2c0 [ 919.033067][T19489] arp_create+0x19f/0x9f0 [ 919.037542][T19489] ? batadv_primary_if_get_selected+0x7b/0x410 [ 919.043759][T19489] ? arp_send_dst+0x230/0x230 [ 919.048487][T19489] ? batadv_primary_if_get_selected+0x7b/0x410 [ 919.054785][T19489] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 919.060933][T19489] ? batadv_bla_send_claim+0xd7/0xb80 [ 919.066645][T19489] batadv_bla_send_claim+0x16c/0xb80 [ 919.072010][T19489] ? lockdep_hardirqs_on+0x98/0x150 [ 919.077346][T19489] ? batadv_bla_del_backbone_claims+0x350/0x350 [ 919.083717][T19489] ? batadv_bla_get_backbone_gw+0xa88/0xef0 [ 919.089927][T19489] batadv_bla_get_backbone_gw+0xabb/0xef0 [ 919.095802][T19489] ? batadv_bla_send_claim+0xb80/0xb80 [ 919.101390][T19489] ? batadv_bla_rx+0xe60/0xe60 [ 919.106173][T19489] ? __lock_acquire+0x1273/0x7d40 [ 919.111236][T19489] ? batadv_get_vid+0x163/0x280 [ 919.116137][T19489] batadv_bla_tx+0xbe4/0x1390 [ 919.120842][T19489] ? batadv_claim_put+0x1c0/0x1c0 [ 919.125880][T19489] ? skb_network_protocol+0x529/0x780 [ 919.131364][T19489] ? batadv_get_vid+0x163/0x280 [ 919.136410][T19489] batadv_interface_tx+0x567/0x1470 [ 919.141654][T19489] ? batadv_softif_is_valid+0x70/0x70 [ 919.147257][T19489] dev_hard_start_xmit+0x246/0x740 [ 919.152446][T19489] __dev_queue_xmit+0x19a3/0x3660 [ 919.157631][T19489] ? __dev_queue_xmit+0x265/0x3660 [ 919.162762][T19489] ? netdev_core_pick_tx+0x340/0x340 [ 919.168168][T19489] ? skb_release_data+0x1cf/0x800 [ 919.173315][T19489] ? pskb_expand_head+0xbfe/0x1230 [ 919.178506][T19489] __bpf_tx_skb+0x189/0x250 [ 919.183161][T19489] bpf_clone_redirect+0x30f/0x4a0 [ 919.188226][T19489] bpf_prog_dde6c29962cc7727+0x5e/0x63 [ 919.193697][T19489] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 919.200095][T19489] ? lock_chain_count+0x20/0x20 [ 919.205045][T19489] ? seqcount_lockdep_reader_access+0x12b/0x1d0 [ 919.211910][T19489] ? lockdep_softirqs_on+0x580/0x580 [ 919.217207][T19489] ? ktime_get+0x7f/0x280 [ 919.221685][T19489] ? seqcount_lockdep_reader_access+0x191/0x1d0 [ 919.228031][T19489] ? ktime_get_real_ts64+0x440/0x440 [ 919.233609][T19489] ? __x64_sys_bpf+0x7c/0x90 [ 919.238205][T19489] ? __local_bh_disable_ip+0x108/0x1a0 [ 919.243671][T19489] ? __cant_sleep+0x220/0x220 [ 919.248369][T19489] ? read_tsc+0x9/0x20 [ 919.252550][T19489] ? ktime_get+0x24b/0x280 [ 919.257069][T19489] ? bpf_test_run+0x174/0x870 [ 919.261756][T19489] bpf_test_run+0x2df/0x870 [ 919.266470][T19489] ? lock_chain_count+0x20/0x20 [ 919.271507][T19489] ? bpf_test_run+0x174/0x870 [ 919.276450][T19489] ? convert___skb_to_skb+0x590/0x590 [ 919.281858][T19489] ? convert___skb_to_skb+0x3d/0x590 [ 919.287184][T19489] bpf_prog_test_run_skb+0xad2/0x12b0 [ 919.292573][T19489] ? cpu_online+0x60/0x60 [ 919.296911][T19489] bpf_prog_test_run+0x321/0x390 [ 919.301868][T19489] __sys_bpf+0x49d/0x890 [ 919.306126][T19489] ? bpf_link_show_fdinfo+0x390/0x390 [ 919.311517][T19489] ? lock_chain_count+0x20/0x20 [ 919.316411][T19489] __x64_sys_bpf+0x7c/0x90 [ 919.320865][T19489] do_syscall_64+0x55/0xa0 [ 919.325344][T19489] ? clear_bhb_loop+0x40/0x90 [ 919.330042][T19489] ? clear_bhb_loop+0x40/0x90 [ 919.334733][T19489] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 919.340685][T19489] RIP: 0033:0x7fc44f99c819 [ 919.345191][T19489] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 919.364987][T19489] RSP: 002b:00007fc45087a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 919.373785][T19489] RAX: ffffffffffffffda RBX: 00007fc44fc15fa0 RCX: 00007fc44f99c819 [ 919.381958][T19489] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a [ 919.390028][T19489] RBP: 00007fc45087a090 R08: 0000000000000000 R09: 0000000000000000 [ 919.398178][T19489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 919.406179][T19489] R13: 00007fc44fc16038 R14: 00007fc44fc15fa0 R15: 00007fffdbb83c98 [ 919.414263][T19489] [ 919.571390][T19494] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4398'. [ 919.668874][T19502] netlink: 'syz.0.4402': attribute type 10 has an invalid length. [ 919.787528][T19502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 919.814874][T19502] team0: Port device bond0 added [ 920.456763][T19527] FAULT_INJECTION: forcing a failure. [ 920.456763][T19527] name failslab, interval 1, probability 0, space 0, times 0 [ 920.510035][T19527] CPU: 1 PID: 19527 Comm: syz.3.4410 Not tainted syzkaller #0 [ 920.517683][T19527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 920.527913][T19527] Call Trace: [ 920.531239][T19527] [ 920.534350][T19527] dump_stack_lvl+0x18c/0x250 [ 920.539083][T19527] ? show_regs_print_info+0x20/0x20 [ 920.544336][T19527] ? load_image+0x420/0x420 [ 920.548989][T19527] ? __might_sleep+0xe0/0xe0 [ 920.553631][T19527] ? __lock_acquire+0x7d40/0x7d40 [ 920.558697][T19527] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 920.564755][T19527] should_fail_ex+0x39d/0x4d0 [ 920.569492][T19527] should_failslab+0x9/0x20 [ 920.574230][T19527] slab_pre_alloc_hook+0x59/0x310 [ 920.579296][T19527] ? lockdep_hardirqs_on+0x98/0x150 [ 920.584636][T19527] ? kvmalloc_node+0x70/0x180 [ 920.589442][T19527] ? kvmalloc_node+0x70/0x180 [ 920.594246][T19527] __kmem_cache_alloc_node+0x53/0x250 [ 920.599825][T19527] ? kvmalloc_node+0x70/0x180 [ 920.604757][T19527] __kmalloc_node+0xa4/0x230 [ 920.609578][T19527] kvmalloc_node+0x70/0x180 [ 920.614302][T19527] bpf_test_run_xdp_live+0x1c2/0x1b20 [ 920.619725][T19527] ? 0xffffffffa00044c0 [ 920.623919][T19527] ? 0xffffffffa00044c0 [ 920.628105][T19527] ? bpf_dispatcher_change_prog+0xcbf/0xf10 [ 920.634214][T19527] ? 0xffffffffa00044c0 [ 920.638406][T19527] ? xdp_convert_md_to_buff+0x330/0x330 [ 920.644151][T19527] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 920.650441][T19527] ? _copy_from_user+0xa5/0xe0 [ 920.655249][T19527] ? bpf_test_init+0x119/0x140 [ 920.660051][T19527] ? xdp_convert_md_to_buff+0x5b/0x330 [ 920.665562][T19527] bpf_prog_test_run_xdp+0x7ca/0x10e0 [ 920.671107][T19527] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 920.677408][T19527] ? lockdep_hardirqs_on+0x98/0x150 [ 920.682667][T19527] ? dev_put+0x80/0x80 [ 920.686878][T19527] ? dev_put+0x80/0x80 [ 920.690985][T19527] bpf_prog_test_run+0x321/0x390 [ 920.695972][T19527] __sys_bpf+0x49d/0x890 [ 920.700432][T19527] ? bpf_link_show_fdinfo+0x390/0x390 [ 920.705951][T19527] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 920.712166][T19527] __x64_sys_bpf+0x7c/0x90 [ 920.716632][T19527] do_syscall_64+0x55/0xa0 [ 920.721082][T19527] ? clear_bhb_loop+0x40/0x90 [ 920.725801][T19527] ? clear_bhb_loop+0x40/0x90 [ 920.730658][T19527] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 920.736771][T19527] RIP: 0033:0x7fc44f99c819 [ 920.741307][T19527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 920.761023][T19527] RSP: 002b:00007fc45087a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 920.769455][T19527] RAX: ffffffffffffffda RBX: 00007fc44fc15fa0 RCX: 00007fc44f99c819 [ 920.777623][T19527] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 920.785790][T19527] RBP: 00007fc45087a090 R08: 0000000000000000 R09: 0000000000000000 [ 920.793795][T19527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 920.801780][T19527] R13: 00007fc44fc16038 R14: 00007fc44fc15fa0 R15: 00007fffdbb83c98 [ 920.809785][T19527] [ 921.324480][T19534] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4412'. [ 921.349338][T19537] netlink: 'syz.2.4413': attribute type 21 has an invalid length. [ 921.401343][T19534] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4412'. [ 921.421755][T19539] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4412'. [ 922.888916][T19567] netlink: 12611 bytes leftover after parsing attributes in process `syz.0.4422'. [ 923.122327][T19574] syzkaller0: entered promiscuous mode [ 923.128317][T19574] syzkaller0: entered allmulticast mode [ 924.380134][T19584] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4426'. [ 924.653503][T19596] FAULT_INJECTION: forcing a failure. [ 924.653503][T19596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 924.701694][T19596] CPU: 0 PID: 19596 Comm: syz.0.4438 Not tainted syzkaller #0 [ 924.709263][T19596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 924.719577][T19596] Call Trace: [ 924.722981][T19596] [ 924.725941][T19596] dump_stack_lvl+0x18c/0x250 [ 924.730752][T19596] ? show_regs_print_info+0x20/0x20 [ 924.735965][T19596] ? load_image+0x420/0x420 [ 924.740501][T19596] ? __might_fault+0xaa/0x120 [ 924.745188][T19596] ? __lock_acquire+0x7d40/0x7d40 [ 924.750309][T19596] should_fail_ex+0x39d/0x4d0 [ 924.755002][T19596] _copy_from_user+0x2f/0xe0 [ 924.759702][T19596] ___sys_sendmsg+0x1c7/0x360 [ 924.764418][T19596] ? __sys_sendmsg+0x2a0/0x2a0 [ 924.769269][T19596] ? __lock_acquire+0x7d40/0x7d40 [ 924.774361][T19596] __se_sys_sendmsg+0x1c2/0x2b0 [ 924.779282][T19596] ? __x64_sys_sendmsg+0x80/0x80 [ 924.784397][T19596] ? lockdep_hardirqs_on+0x98/0x150 [ 924.789636][T19596] do_syscall_64+0x55/0xa0 [ 924.794072][T19596] ? clear_bhb_loop+0x40/0x90 [ 924.798775][T19596] ? clear_bhb_loop+0x40/0x90 [ 924.803481][T19596] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 924.809748][T19596] RIP: 0033:0x7fabc6b9c819 [ 924.814192][T19596] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 924.833841][T19596] RSP: 002b:00007fabc4df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 924.842414][T19596] RAX: ffffffffffffffda RBX: 00007fabc6e15fa0 RCX: 00007fabc6b9c819 [ 924.850422][T19596] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000000000000004 [ 924.858414][T19596] RBP: 00007fabc4df6090 R08: 0000000000000000 R09: 0000000000000000 [ 924.866405][T19596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 924.874479][T19596] R13: 00007fabc6e16038 R14: 00007fabc6e15fa0 R15: 00007ffc7509b3f8 [ 924.882770][T19596] [ 925.276355][T19605] mac80211_hwsim hwsim28 ..ãc¤±: renamed from wlan1 (while UP) [ 925.536414][T19615] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.4435'. [ 925.584275][T19615] bridge_slave_1: default FDB implementation only supports local addresses [ 926.136130][T19620] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.4446'. [ 926.232818][T19620] bridge_slave_1: default FDB implementation only supports local addresses [ 927.606732][T19643] netlink: 'syz.3.4444': attribute type 10 has an invalid length. [ 927.629249][T19643] veth1_macvtap: left allmulticast mode [ 927.663496][T19643] team0: Device veth1_macvtap failed to register rx_handler [ 927.773764][T19647] netlink: 'syz.1.4447': attribute type 10 has an invalid length. [ 927.809496][T19647] team0: Device veth1_macvtap failed to register rx_handler [ 928.328392][T19658] À: port 1(vlan0) entered blocking state [ 928.338342][T19658] À: port 1(vlan0) entered disabled state [ 928.344738][T19658] vlan0: entered allmulticast mode [ 928.354551][T19658] veth0_vlan: entered allmulticast mode [ 928.366147][T19658] vlan0: entered promiscuous mode [ 928.617360][T19667] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4452'. [ 928.633100][T19667] bridge_slave_1: default FDB implementation only supports local addresses [ 930.365546][T19705] netlink: 'syz.1.4465': attribute type 29 has an invalid length. [ 930.399639][T19705] netlink: 'syz.1.4465': attribute type 29 has an invalid length. [ 930.661567][T19717] FAULT_INJECTION: forcing a failure. [ 930.661567][T19717] name failslab, interval 1, probability 0, space 0, times 0 [ 930.685491][T19717] CPU: 0 PID: 19717 Comm: syz.1.4468 Not tainted syzkaller #0 [ 930.693135][T19717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 930.703309][T19717] Call Trace: [ 930.706618][T19717] [ 930.709755][T19717] dump_stack_lvl+0x18c/0x250 [ 930.714484][T19717] ? show_regs_print_info+0x20/0x20 [ 930.719849][T19717] ? load_image+0x420/0x420 [ 930.724664][T19717] ? __might_sleep+0xe0/0xe0 [ 930.729293][T19717] ? __lock_acquire+0x7d40/0x7d40 [ 930.734357][T19717] should_fail_ex+0x39d/0x4d0 [ 930.739088][T19717] should_failslab+0x9/0x20 [ 930.743629][T19717] slab_pre_alloc_hook+0x59/0x310 [ 930.748692][T19717] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 930.754271][T19717] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 930.760195][T19717] __kmem_cache_alloc_node+0x53/0x250 [ 930.765643][T19717] ? bpf_prog_test_run_skb+0x238/0x12b0 [ 930.771224][T19717] __kmalloc+0xa4/0x230 [ 930.775488][T19717] bpf_prog_test_run_skb+0x238/0x12b0 [ 930.780897][T19717] ? __fget_files+0x28/0x4b0 [ 930.785605][T19717] ? __fget_files+0x28/0x4b0 [ 930.790235][T19717] ? __fget_files+0x43d/0x4b0 [ 930.795070][T19717] ? cpu_online+0x60/0x60 [ 930.799434][T19717] bpf_prog_test_run+0x321/0x390 [ 930.804412][T19717] __sys_bpf+0x49d/0x890 [ 930.808684][T19717] ? bpf_link_show_fdinfo+0x390/0x390 [ 930.814189][T19717] ? lock_chain_count+0x20/0x20 [ 930.819097][T19717] __x64_sys_bpf+0x7c/0x90 [ 930.823540][T19717] do_syscall_64+0x55/0xa0 [ 930.827987][T19717] ? clear_bhb_loop+0x40/0x90 [ 930.832699][T19717] ? clear_bhb_loop+0x40/0x90 [ 930.837497][T19717] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 930.843506][T19717] RIP: 0033:0x7fe09379c819 [ 930.847950][T19717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 930.867767][T19717] RSP: 002b:00007fe0946cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 930.876307][T19717] RAX: ffffffffffffffda RBX: 00007fe093a15fa0 RCX: 00007fe09379c819 [ 930.884308][T19717] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 930.892321][T19717] RBP: 00007fe0946cf090 R08: 0000000000000000 R09: 0000000000000000 [ 930.900409][T19717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 930.908408][T19717] R13: 00007fe093a16038 R14: 00007fe093a15fa0 R15: 00007ffcb39b8fd8 [ 930.916522][T19717] [ 931.662639][T19735] FAULT_INJECTION: forcing a failure. [ 931.662639][T19735] name failslab, interval 1, probability 0, space 0, times 0 [ 931.684397][T19735] CPU: 0 PID: 19735 Comm: syz.2.4475 Not tainted syzkaller #0 [ 931.691970][T19735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 931.702065][T19735] Call Trace: [ 931.705391][T19735] [ 931.708363][T19735] dump_stack_lvl+0x18c/0x250 [ 931.713183][T19735] ? show_regs_print_info+0x20/0x20 [ 931.718517][T19735] ? load_image+0x420/0x420 [ 931.723074][T19735] ? __might_sleep+0xe0/0xe0 [ 931.727710][T19735] ? __lock_acquire+0x7d40/0x7d40 [ 931.732872][T19735] should_fail_ex+0x39d/0x4d0 [ 931.737618][T19735] should_failslab+0x9/0x20 [ 931.742205][T19735] slab_pre_alloc_hook+0x59/0x310 [ 931.747288][T19735] kmem_cache_alloc+0x5a/0x2d0 [ 931.752101][T19735] ? __pmd_alloc+0x111/0x8b0 [ 931.756742][T19735] __pmd_alloc+0x111/0x8b0 [ 931.761298][T19735] ? mt_find+0x169/0x650 [ 931.765593][T19735] ? __lock_acquire+0x7d40/0x7d40 [ 931.770677][T19735] ? __pud_alloc+0x1f0/0x1f0 [ 931.775320][T19735] ? hugepage_vma_check+0x488/0x5a0 [ 931.780669][T19735] handle_mm_fault+0xb5d/0x4c00 [ 931.785559][T19735] ? handle_mm_fault+0xe7/0x4c00 [ 931.790651][T19735] ? numa_migrate_prep+0x350/0x350 [ 931.795835][T19735] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 931.801253][T19735] do_user_addr_fault+0x730/0x12c0 [ 931.806424][T19735] exc_page_fault+0x64/0x100 [ 931.811069][T19735] asm_exc_page_fault+0x26/0x30 [ 931.815960][T19735] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 931.821893][T19735] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 [ 931.841984][T19735] RSP: 0018:ffffc9000451fa10 EFLAGS: 00050216 [ 931.848094][T19735] RAX: ffffffff842a2101 RBX: 0000000000000020 RCX: 0000000000000020 [ 931.856100][T19735] RDX: 0000000000000001 RSI: 000000110c230000 RDI: ffffc9000451fb00 [ 931.864196][T19735] RBP: ffffc9000451fbb0 R08: ffffc9000451fb1f R09: 1ffff920008a3f63 [ 931.872374][T19735] R10: dffffc0000000000 R11: fffff520008a3f64 R12: 000000110c230020 [ 931.880465][T19735] R13: ffffc9000451fd48 R14: ffffc9000451fb00 R15: 000000110c230000 [ 931.888507][T19735] ? _copy_from_user+0x31/0xe0 [ 931.893328][T19735] _copy_from_user+0x8b/0xe0 [ 931.897961][T19735] ioctl_standard_iw_point+0x48f/0xcf0 [ 931.903659][T19735] ? __mutex_lock+0x315/0xcc0 [ 931.908375][T19735] ? cfg80211_wext_giwap+0x120/0x120 [ 931.913709][T19735] ? iw_handler_get_iwstats+0x110/0x110 [ 931.919309][T19735] ? mutex_lock_nested+0x20/0x20 [ 931.924280][T19735] ? apparmor_capable+0x137/0x1a0 [ 931.929366][T19735] ? cfg80211_wext_giwap+0x120/0x120 [ 931.934708][T19735] ioctl_standard_call+0xb7/0x2b0 [ 931.939952][T19735] ? cfg80211_wext_giwap+0x120/0x120 [ 931.945393][T19735] wext_ioctl_dispatch+0x1cb/0x600 [ 931.950657][T19735] ? wext_ioctl_dispatch+0x600/0x600 [ 931.956075][T19735] ? iw_handler_get_private+0x1f0/0x1f0 [ 931.961708][T19735] ? wext_handle_ioctl+0x1d0/0x1d0 [ 931.966876][T19735] ? __might_fault+0xaa/0x120 [ 931.971648][T19735] ? __might_fault+0xc6/0x120 [ 931.976479][T19735] ? __might_fault+0xaa/0x120 [ 931.981292][T19735] wext_handle_ioctl+0x117/0x1d0 [ 931.986375][T19735] ? call_commit_handler+0xf0/0xf0 [ 931.991678][T19735] sock_ioctl+0x15d/0x7e0 [ 931.996070][T19735] ? sock_poll+0x3e0/0x3e0 [ 932.000724][T19735] ? bpf_lsm_file_ioctl+0x9/0x10 [ 932.005705][T19735] ? security_file_ioctl+0x80/0xa0 [ 932.010942][T19735] ? sock_poll+0x3e0/0x3e0 [ 932.015413][T19735] __se_sys_ioctl+0xfd/0x170 [ 932.020055][T19735] do_syscall_64+0x55/0xa0 [ 932.024516][T19735] ? clear_bhb_loop+0x40/0x90 [ 932.029235][T19735] ? clear_bhb_loop+0x40/0x90 [ 932.033960][T19735] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 932.039984][T19735] RIP: 0033:0x7f0dc839c819 [ 932.044475][T19735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 932.064304][T19735] RSP: 002b:00007f0dc92e5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 932.072961][T19735] RAX: ffffffffffffffda RBX: 00007f0dc8615fa0 RCX: 00007f0dc839c819 [ 932.080977][T19735] RDX: 0000200000000000 RSI: 0000000000008b1a RDI: 0000000000000008 [ 932.088991][T19735] RBP: 00007f0dc92e5090 R08: 0000000000000000 R09: 0000000000000000 [ 932.097123][T19735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 932.105220][T19735] R13: 00007f0dc8616038 R14: 00007f0dc8615fa0 R15: 00007ffe20a05718 [ 932.113320][T19735] [ 932.142624][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.152463][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 935.887755][T19762] netlink: 63751 bytes leftover after parsing attributes in process `syz.2.4482'. [ 936.662428][T19781] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4491'. [ 936.672861][T19781] bridge_slave_1: default FDB implementation only supports local addresses [ 936.953420][T19787] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.4493'. [ 936.964156][T19787] bridge_slave_1: default FDB implementation only supports local addresses [ 937.926442][T19815] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4500'. [ 937.951000][T19815] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4500'. [ 937.966568][T19815] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4500'. [ 938.141064][T19823] netlink: 'syz.2.4502': attribute type 29 has an invalid length. [ 938.156280][T19823] netlink: 'syz.2.4502': attribute type 29 has an invalid length. [ 938.261525][T19823] netlink: 'syz.2.4502': attribute type 29 has an invalid length. [ 938.271699][ C1] [ 938.271707][ C1] ================================ [ 938.271713][ C1] WARNING: inconsistent lock state [ 938.271719][ C1] syzkaller #0 Not tainted [ 938.271728][ C1] -------------------------------- [ 938.271733][ C1] inconsistent {INITIAL USE} -> {IN-NMI} usage. [ 938.271741][ C1] syz.2.4502/19823 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 938.271760][ C1] ffff88807b7250f8 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x17d/0x300 [ 938.271809][ C1] {INITIAL USE} state was registered at: [ 938.271816][ C1] lock_acquire+0x19e/0x420 [ 938.271835][ C1] _raw_spin_lock+0x2e/0x40 [ 938.271853][ C1] htab_lock_bucket+0x17d/0x300 [ 938.271869][ C1] htab_map_delete_elem+0x1a4/0x650 [ 938.271885][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 938.271905][ C1] bpf_overflow_handler+0x1fc/0x510 [ 938.271926][ C1] __perf_event_overflow+0x447/0x630 [ 938.271942][ C1] perf_swevent_overflow+0x268/0x340 [ 938.271963][ C1] perf_swevent_event+0x45c/0x570 [ 938.271979][ C1] perf_bp_event+0x319/0x430 [ 938.271996][ C1] hw_breakpoint_exceptions_notify+0x23e/0x670 [ 938.272015][ C1] notifier_call_chain+0x197/0x380 [ 938.272034][ C1] atomic_notifier_call_chain+0xda/0x180 [ 938.272053][ C1] notify_die+0x145/0x1a0 [ 938.272071][ C1] notify_debug+0x2e/0x50 [ 938.272085][ C1] noist_exc_debug+0x77/0x120 [ 938.272100][ C1] asm_exc_debug+0x33/0x40 [ 938.272118][ C1] irq event stamp: 3066 [ 938.272124][ C1] hardirqs last enabled at (3065): [] exc_debug+0xf5/0x140 [ 938.272144][ C1] hardirqs last disabled at (3066): [] exc_debug+0x73/0x140 [ 938.272163][ C1] softirqs last enabled at (3032): [] __dev_queue_xmit+0x265/0x3660 [ 938.272186][ C1] softirqs last disabled at (3026): [] __dev_queue_xmit+0x265/0x3660 [ 938.272204][ C1] [ 938.272204][ C1] other info that might help us debug this: [ 938.272208][ C1] Possible unsafe locking scenario: [ 938.272208][ C1] [ 938.272212][ C1] CPU0 [ 938.272214][ C1] ---- [ 938.272217][ C1] lock(&htab->lockdep_key); [ 938.272225][ C1] [ 938.272228][ C1] lock(&htab->lockdep_key); [ 938.272236][ C1] [ 938.272236][ C1] *** DEADLOCK *** [ 938.272236][ C1] [ 938.272239][ C1] no locks held by syz.2.4502/19823. [ 938.272245][ C1] [ 938.272245][ C1] stack backtrace: [ 938.272249][ C1] CPU: 1 PID: 19823 Comm: syz.2.4502 Not tainted syzkaller #0 [ 938.272261][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 938.272269][ C1] Call Trace: [ 938.272275][ C1] <#DB> [ 938.272289][ C1] dump_stack_lvl+0x18c/0x250 [ 938.272315][ C1] ? show_regs_print_info+0x20/0x20 [ 938.272346][ C1] ? print_usage_bug+0x475/0x690 [ 938.272362][ C1] ? verify_lock_unused+0x18/0x140 [ 938.272385][ C1] lock_acquire+0x2c2/0x420 [ 938.272401][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 938.272419][ C1] ? htab_lock_bucket+0x17d/0x300 [ 938.272438][ C1] ? read_lock_is_recursive+0x20/0x20 [ 938.272453][ C1] ? internal_get_user_pages_fast+0xaa8/0x2760 [ 938.272476][ C1] ? internal_get_user_pages_fast+0x214e/0x2760 [ 938.272505][ C1] _raw_spin_lock+0x2e/0x40 [ 938.272520][ C1] ? htab_lock_bucket+0x17d/0x300 [ 938.272534][ C1] htab_lock_bucket+0x17d/0x300 [ 938.272555][ C1] ? htab_lru_map_delete_node+0x760/0x760 [ 938.272570][ C1] ? look_up_lock_class+0x75/0x140 [ 938.272590][ C1] ? verify_lock_unused+0x18/0x140 [ 938.272609][ C1] ? jhash+0x2e8/0x740 [ 938.272628][ C1] htab_map_delete_elem+0x1a4/0x650 [ 938.272652][ C1] ? htab_map_update_elem+0x1040/0x1040 [ 938.272668][ C1] ? perf_callchain+0x220/0x220 [ 938.272680][ C1] ? rcu_is_watching+0x15/0xb0 [ 938.272697][ C1] ? bpf_overflow_handler+0xde/0x510 [ 938.272714][ C1] ? lock_release+0xb5/0x8c0 [ 938.272736][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 938.272756][ C1] bpf_overflow_handler+0x1fc/0x510 [ 938.272776][ C1] ? perf_tp_event+0x1520/0x1520 [ 938.272792][ C1] ? perf_trace_buf_alloc+0x290/0x290 [ 938.272807][ C1] ? bpf_overflow_handler+0xde/0x510 [ 938.272825][ C1] ? tp_perf_event_destroy+0x20/0x20 [ 938.272855][ C1] ? __perf_event_account_interrupt+0x187/0x280 [ 938.272876][ C1] __perf_event_overflow+0x447/0x630 [ 938.272891][ C1] ? bpf_overflow_handler+0xde/0x510 [ 938.272919][ C1] perf_swevent_overflow+0x268/0x340 [ 938.272942][ C1] ? perf_event_switch_output+0x790/0x790 [ 938.272976][ C1] perf_swevent_event+0x45c/0x570 [ 938.272997][ C1] ? perf_tp_event+0x1520/0x1520 [ 938.273010][ C1] ? trace_call_bpf+0x5e9/0x6c0 [ 938.273030][ C1] ? trace_call_bpf+0xc3/0x6c0 [ 938.273064][ C1] perf_bp_event+0x319/0x430 [ 938.273077][ C1] ? look_up_lock_class+0x75/0x140 [ 938.273101][ C1] ? perf_event_free_bpf_prog+0x120/0x120 [ 938.273164][ C1] ? lock_acquire+0x2c2/0x420 [ 938.273192][ C1] hw_breakpoint_exceptions_notify+0x23e/0x670 [ 938.273217][ C1] notifier_call_chain+0x197/0x380 [ 938.273239][ C1] ? atomic_notifier_call_chain+0x26/0x180 [ 938.273258][ C1] atomic_notifier_call_chain+0xda/0x180 [ 938.273286][ C1] notify_die+0x145/0x1a0 [ 938.273307][ C1] ? srcu_init_notifier_head+0x90/0x90 [ 938.273337][ C1] ? rcu_is_watching+0x15/0xb0 [ 938.273358][ C1] notify_debug+0x2e/0x50 [ 938.273372][ C1] exc_debug+0xde/0x140 [ 938.273392][ C1] asm_exc_debug+0x1e/0x40 [ 938.273407][ C1] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 938.273421][ C1] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01 [ 938.273433][ C1] RSP: 0018:ffffc9000429f630 EFLAGS: 00050206 [ 938.273444][ C1] RAX: ffffffff8427ca01 RBX: 00000000000000e0 RCX: 000000000000001c [ 938.273453][ C1] RDX: 0000000000000000 RSI: ffff8880692b40c4 RDI: 0000200000000304 [ 938.273462][ C1] RBP: ffffc9000429f7c0 R08: ffff8880692b40df R09: 1ffff1100d25681b [ 938.273472][ C1] R10: dffffc0000000000 R11: ffffed100d25681c R12: 0000200000000320 [ 938.273481][ C1] R13: ffffc9000429fe40 R14: 0000200000000240 R15: ffff8880692b4000 [ 938.273502][ C1] ? _copy_to_iter+0x10c1/0x1120 [ 938.273532][ C1] [ 938.273537][ C1] [ 938.273541][ C1] copyout+0x70/0x90 [ 938.273562][ C1] _copy_to_iter+0x432/0x1120 [ 938.273599][ C1] ? iov_iter_init+0x1e0/0x1e0 [ 938.273619][ C1] ? __virt_addr_valid+0x18c/0x540 [ 938.273637][ C1] ? __virt_addr_valid+0x469/0x540 [ 938.273656][ C1] ? __phys_addr_symbol+0x2f/0x70 [ 938.273686][ C1] __skb_datagram_iter+0xdb/0x780 [ 938.273711][ C1] ? skb_copy_datagram_iter+0x200/0x200 [ 938.273737][ C1] skb_copy_datagram_iter+0xb1/0x200 [ 938.273761][ C1] netlink_recvmsg+0x2d4/0xe60 [ 938.273795][ C1] ? netlink_sendmsg+0xbf0/0xbf0 [ 938.273824][ C1] ? aa_af_perm+0x330/0x330 [ 938.273858][ C1] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 938.273874][ C1] ? security_socket_recvmsg+0x89/0xb0 [ 938.273890][ C1] ? netlink_sendmsg+0xbf0/0xbf0 [ 938.273912][ C1] ____sys_recvmsg+0x2ce/0x5e0 [ 938.273951][ C1] ? __sys_recvmsg_sock+0x50/0x50 [ 938.273989][ C1] ? import_iovec+0x73/0xa0 [ 938.274009][ C1] ___sys_recvmsg+0x216/0x590 [ 938.274033][ C1] ? __sys_recvmsg+0x2a0/0x2a0 [ 938.274076][ C1] ? __fget_files+0x43d/0x4b0 [ 938.274117][ C1] __x64_sys_recvmsg+0x20c/0x2e0 [ 938.274137][ C1] ? ___sys_recvmsg+0x590/0x590 [ 938.274175][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 938.274196][ C1] do_syscall_64+0x55/0xa0 [ 938.274208][ C1] ? clear_bhb_loop+0x40/0x90 [ 938.274223][ C1] ? clear_bhb_loop+0x40/0x90 [ 938.274242][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 938.274257][ C1] RIP: 0033:0x7f0dc839c819 [ 938.274269][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 938.274285][ C1] RSP: 002b:00007f0dc92e5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 938.274298][ C1] RAX: ffffffffffffffda RBX: 00007f0dc8615fa0 RCX: 00007f0dc839c819 [ 938.274307][ C1] RDX: 0000000000000002 RSI: 0000200000001c80 RDI: 0000000000000003 [ 938.274316][ C1] RBP: 00007f0dc8432c91 R08: 0000000000000000 R09: 0000000000000000 [ 938.274324][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.274332][ C1] R13: 00007f0dc8616038 R14: 00007f0dc8615fa0 R15: 00007ffe20a05718 [ 938.274364][ C1] [ 938.274570][T19823] netlink: 'syz.2.4502': attribute type 29 has an invalid length. [ 939.127424][T19830] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.4503'. [ 939.150148][T19830] bridge_slave_1: default FDB implementation only supports local addresses