last executing test programs: 4m52.101044604s ago: executing program 1 (id=9652): socket$kcm(0x21, 0x2, 0x2) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8924, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf\xc8>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r6}, &(0x7f0000000180)=0x20000, &(0x7f00000001c0)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r6}, &(0x7f0000000500)=0x2000000, &(0x7f0000000540)}, 0x20) 4m49.593364774s ago: executing program 1 (id=9658): bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x3, 0x4, 0x8, 0x0, 0x1}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000700)=@bpf_ext={0x1c, 0x8, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, 0x0, 0x7, 0x4, &(0x7f00000005c0)=""/4, 0x40f00, 0x14, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000640)={0x3, 0xf, 0x6d, 0x7}, 0x10, 0x17e76, r2, 0x1, &(0x7f0000000680)=[r0], &(0x7f00000006c0)=[{0x1, 0x5, 0xb, 0x6}], 0x10, 0xcce}, 0x94) bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) syz_clone(0x0, &(0x7f0000000040)="0260cfcd7c38f9b69eaee980979fa3003c9aa32a0d03be", 0x17, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)="48562a79188d9dd58e1e281f53f6c2647d429464e13de6b1c704fe1b2b2d4b54edfbe8f0843f2ee54a2555f40592dc9e4e059b075436047b07be4914f3965af9019863e290915fed34eb06374e266ac123450170d9d9f2110299956a6c7f5f549030289282d2259b3c52b47f1ea40f8ae665933bf06ea9a7caae8f6fa1e138e49173f00b23b5065ff5257b5e51a1031caf4641238540dde8f5a7eb74ab358ddd3d2c0c9c9f5f27216cbbfcef4dbb739e") bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) 4m48.976610504s ago: executing program 1 (id=9662): socket$kcm(0x1e, 0x2, 0x0) socketpair(0x1e, 0x1, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getpid() r0 = perf_event_open$cgroup(&(0x7f0000000000)={0x2, 0x80, 0x2, 0x4, 0x4a, 0x9, 0x0, 0x80000000, 0x400, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x4, 0x4, @perf_config_ext={0x998a000000000, 0x2f96}, 0xc2, 0x3, 0x7fff, 0x7, 0x100000000, 0x90, 0xfbff, 0x0, 0xa8d, 0x0, 0x4}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) recvmsg$kcm(r1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x18, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$OBJ_PIN_PROG(0x11, &(0x7f0000000240)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000000)) r3 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r3, 0x0, 0x41) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x41100}, 0x94) close(r4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x13, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77c4, 0x0, 0x0, 0x0, 0xc}, {}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='syzkaller\x00', 0xfffffff3, 0x17, &(0x7f0000000280)=""/23, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0xf, 0x3, 0x40}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0x5, 0x2, 0x10}, {0x5, 0x3, 0x7, 0x9}, {0x5, 0x4, 0xd, 0x2}, {0x4, 0x1, 0x3, 0x9}], 0x10, 0x7}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000010000003f00000040"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000780), &(0x7f0000001a40), 0x1007, r6}, 0x38) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x90, 0x0, 0xc2ba, 0x0, 0x0, 0x6}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) 4m46.382972167s ago: executing program 1 (id=9669): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x50, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000640), 0xa}, 0x8210, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061105a000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r1 = socket$kcm(0x22, 0x2, 0x26) close(r1) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000100)=[{0x35, 0x0, 0x3}, {0x34, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x6}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x8, r0}, 0x18) (async) socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x10c002, 0xac5d, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r3, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffff6bd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3}, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000005c0)={0x1, 0x58, &(0x7f0000000540)}, 0x10) (async) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000600), 0x8) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000002"], 0x48) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0xffff0000, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) (async) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="06000000040000000800000007"], 0x50) close(r6) (async) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000030000000e8900000010"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000005000085000000b00000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000000200f8ff0000090000000000000000000700000000000000b703000008000000b704000000210000850095000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r7}, 0xc) (async) r8 = socket$kcm(0x2b, 0x3, 0x0) sendmsg$inet(r8, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) (async) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101041, 0x0) ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000100)={'veth0_to_bond\x00', 0x4000}) (async) sendmsg$sock(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000380)='b', 0x1}], 0x1, &(0x7f0000000140)=[@timestamping={{0x14, 0x1, 0x25, 0x303}}], 0x18}, 0x4000081) (async) recvmsg(r8, &(0x7f0000000c80)={0x0, 0x0, 0x0}, 0x2000) 4m46.102835236s ago: executing program 1 (id=9670): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001f80)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000002b000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f17e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b534dfd8e012e79578e51bc53099e90f4580d660551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b6fbce3f897226c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a0806000000020000000000230048f941b13d924bcf334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c063f7130856f756436303767d2e24f29e5dad9796edb697a6ea1182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c50500721fc7aa2a583726c64c0fb6ca996d278fb00bba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a411f450f173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75ee93f9959e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef660200a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749feaecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f54d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cd2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ed65af3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8989d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501ae03002af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0b2e9f3bb90613508c00a292a0c5b87a4f8ff35eba73ce9ebf77d0c842063a7b42c757d828678d38e6a868eaead4f19cdeb7cfc10"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0x8e, 0x0, &(0x7f0000000380)="88000000000000002a5b8b6ccd1a751d5378188aa558445d1f410adcbeeb7808a6d54372a9e6f4a1b7d3c92c30a8d877a191d62d854466111cfdf75bda8e16921c4f5bdf18e8fa46161dc579987ca7c5a569d9dbfb85bee1d69fd781666cb43652c9cd50de129f87b878dffd6e66636741ffcae9afc12fdc3cf2a9782c5a0c453f17ea385d256efe8bb47cdc4077", 0x0, 0x3ff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m45.865028634s ago: executing program 1 (id=9672): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000600)=ANY=[@ANYRES16], &(0x7f0000000340)='syzkaller\x00'}, 0x94) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000001340)=@hci={0x1f, 0x8e88, 0x47}, 0x80, 0x0}, 0x0) socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x10c012, 0xac5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000120000000000000000"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x142f1bfb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x10000a3f}, 0x50) r3 = perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000d0000000000180100002020732500000000002020207b1a00fe00000000bea104000000000007010000f8ffffffb702000008000000b703000000000028850000007600000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x98, &(0x7f00000001c0)=""/152, 0x0, 0xa}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x5ae) r6 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{r1}, &(0x7f00000000c0), &(0x7f00000001c0)='%-5lx \x00'}, 0x20) socketpair(0x15, 0x5, 0x0, &(0x7f0000000500)) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="170000000000000004025a9fff0000002e0000001126078f39b52d89f6fa0b83ff40c17ef57cec2d0f76a8c1829bec8355c379c44c32e54f8fe7ca6b82e3c3d34cd6daa3ebed0779fcb90acbb4199889ae9cda14dee23f5a698d09f0aa3a0d9a5e2423e77138f4b3bdd1c24d0cee4cdb9cbb6df138362de9f4774c461afb8f5a973af29f1d822f86bab67762e8dc6229971f9fd9627bb26a0f0d8a1085", @ANYRES8=r5, @ANYBLOB="8700"/20, @ANYRESDEC=r2, @ANYRESOCT=r6], 0x48) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000100)="5c00000015006b05c84e21000af32c6e0a7875f80e000000400002007a17d34460bc24eab556a705251e6182949a", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2100, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r7}, 0x0, &(0x7f0000000480)=r0}, 0x20) r8 = socket$kcm(0x23, 0x5, 0x0) sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x10004000) ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89ed, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = openat$cgroup_int(r9, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) r11 = openat$cgroup_procs(r9, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r11, &(0x7f0000000380), 0x12) write$cgroup_int(r10, &(0x7f0000000040), 0x1) 4m30.748279758s ago: executing program 32 (id=9672): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000600)=ANY=[@ANYRES16], &(0x7f0000000340)='syzkaller\x00'}, 0x94) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000001340)=@hci={0x1f, 0x8e88, 0x47}, 0x80, 0x0}, 0x0) socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x10c012, 0xac5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000120000000000000000"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x142f1bfb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x10000a3f}, 0x50) r3 = perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000d0000000000180100002020732500000000002020207b1a00fe00000000bea104000000000007010000f8ffffffb702000008000000b703000000000028850000007600000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x98, &(0x7f00000001c0)=""/152, 0x0, 0xa}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$PERF_EVENT_IOC_RESET(r3, 0x2403, 0x5ae) r6 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{r1}, &(0x7f00000000c0), &(0x7f00000001c0)='%-5lx \x00'}, 0x20) socketpair(0x15, 0x5, 0x0, &(0x7f0000000500)) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="170000000000000004025a9fff0000002e0000001126078f39b52d89f6fa0b83ff40c17ef57cec2d0f76a8c1829bec8355c379c44c32e54f8fe7ca6b82e3c3d34cd6daa3ebed0779fcb90acbb4199889ae9cda14dee23f5a698d09f0aa3a0d9a5e2423e77138f4b3bdd1c24d0cee4cdb9cbb6df138362de9f4774c461afb8f5a973af29f1d822f86bab67762e8dc6229971f9fd9627bb26a0f0d8a1085", @ANYRES8=r5, @ANYBLOB="8700"/20, @ANYRESDEC=r2, @ANYRESOCT=r6], 0x48) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000100)="5c00000015006b05c84e21000af32c6e0a7875f80e000000400002007a17d34460bc24eab556a705251e6182949a", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x2100, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r7}, 0x0, &(0x7f0000000480)=r0}, 0x20) r8 = socket$kcm(0x23, 0x5, 0x0) sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x10004000) ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89ed, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = openat$cgroup_int(r9, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) r11 = openat$cgroup_procs(r9, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r11, &(0x7f0000000380), 0x12) write$cgroup_int(r10, &(0x7f0000000040), 0x1) 7.331969515s ago: executing program 2 (id=11252): socket$kcm(0x10, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000a80)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) syz_clone(0x50902000, &(0x7f0000000180)="412fa7f59fc18d094468d50d26438a1a003a1d93da201b2394eb689ad85fc02d1f0d8ac1b6db4605e764ba6c91e15d092736b9585a2d1244614d185728721f36a46af695f862c5c6b8da2d239da9d4e0190d6430dbee138e351bf22012d6dc45c6392bbf94b9d1c554508d59a638d10f9568ea95c7", 0x75, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000380)="cbd424e96aa533d64378bbb83a16d33f111c81fa9110dd5537c2e859d497de9bb8d4f6f3e25c3e22581576720dbc8c77cddcc84c27ae82afe412ad78c2b41359") socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @link_local}) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4000801) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x4, 0x8, 0x9}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r2}, &(0x7f0000000500), &(0x7f0000000540)='%ps \x00'}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000001ac0)={r3, 0x0, 0x0}, 0x10) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029"], 0x66) 6.55211795s ago: executing program 0 (id=11260): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000040)={'ip_vti0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b30, &(0x7f0000000240)={'wlan1\x00', @multicast}) 5.765889595s ago: executing program 5 (id=11264): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e8c}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)=@o_path={&(0x7f0000000380)='\x00', 0x0, 0x0, r0}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2eae00000038000511de5a80698c63940d0124fc602f6e35400c000200001ec00037153e370a05018025641d00d1", 0x4f}], 0x3f, 0x0, 0x0, 0x39c}, 0x40000) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x20, &(0x7f0000000300)={&(0x7f0000000200)=""/131, 0x83, 0x0, &(0x7f00000002c0)=""/22, 0x16}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0x4, &(0x7f0000001480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x56}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_clone(0x4000000, &(0x7f00000000c0)="d41b71ea3306cf236f53d9d9618027873424fc66f6f45f3cf119facfbafba5724bd74cf04d", 0x25, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="2b6d4f72bbc30a0b80d58f5195cdbdce51f46ea1f8cd757fd1d52d6a9f768b6cbd06e40fe938226ea6169b4be0d3218af662d0bd86c666836cecf66062344747debe2642c7218397ab41adb53a8f2883fbb8d503e32e675f1d15aa5bb545ac4155987cb64d633ed95186") perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e8c}, 0x94) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)=@o_path={&(0x7f0000000380)='\x00', 0x0, 0x0, r0}, 0x18) (async) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) socket$kcm(0x10, 0x2, 0x10) (async) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2eae00000038000511de5a80698c63940d0124fc602f6e35400c000200001ec00037153e370a05018025641d00d1", 0x4f}], 0x3f, 0x0, 0x0, 0x39c}, 0x40000) (async) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x20, &(0x7f0000000300)={&(0x7f0000000200)=""/131, 0x83, 0x0, &(0x7f00000002c0)=""/22, 0x16}}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0x4, &(0x7f0000001480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x56}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) syz_clone(0x4000000, &(0x7f00000000c0)="d41b71ea3306cf236f53d9d9618027873424fc66f6f45f3cf119facfbafba5724bd74cf04d", 0x25, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="2b6d4f72bbc30a0b80d58f5195cdbdce51f46ea1f8cd757fd1d52d6a9f768b6cbd06e40fe938226ea6169b4be0d3218af662d0bd86c666836cecf66062344747debe2642c7218397ab41adb53a8f2883fbb8d503e32e675f1d15aa5bb545ac4155987cb64d633ed95186") (async) 5.764980826s ago: executing program 4 (id=11265): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x1c092, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xb3e, 0xfffffffffffffff8}, 0x840, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xb, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000002000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000008000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) 5.543146302s ago: executing program 4 (id=11267): socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x10c002, 0xac5d, 0x0, 0x0, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x4880, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001200)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) 5.350700179s ago: executing program 5 (id=11269): socket$kcm(0x21, 0x2, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8924, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf\xc8>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000180)=0x20000, &(0x7f00000001c0)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r3}, &(0x7f0000000500)=0x2000000, &(0x7f0000000540)}, 0x20) 2.253288558s ago: executing program 0 (id=11274): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000200007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000480)={r1}, 0xc) 2.18292993s ago: executing program 4 (id=11275): r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x91f, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848100000005e140602000003000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 2.18186608s ago: executing program 2 (id=11276): r0 = socket$kcm(0x10, 0x2, 0x4) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r1) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r3 = socket$kcm(0x21, 0x2, 0x2) socket$kcm(0xa, 0x2, 0x3a) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$sock_attach_bpf(r4, 0x29, 0x3c, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20008000) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r5 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff, 0x4}, 0x0, 0x0, 0x0, 0x8, 0xd, 0xfffffffc}, 0x0, 0x100000000, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000012006b04000000d86e6c1d000a887ea6ea65670000000000000090f9c3dc90f8f41f8ecff32c6e020075e300250045586c8da718ad4b4460bc24eab55600000000000000bf9367b4fa51f60a64c9f4d4938037e786a6d0bd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 2.159145661s ago: executing program 5 (id=11277): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000001880)=ANY=[@ANYBLOB="186600000a0000000000000008000000cf43affe0000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000402600007b8af8ff00000000bfa200000000000007020000f8ffffffb7599b3a1a678492303733859d03000008002f90870000b704000001000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000009148feffffffffff186000000200000000000000ecf5ffff"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x93, &(0x7f0000000140)=""/147, 0x40f00, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000240)={0x0, 0x5, 0x3786, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x1, 0x5, 0x7, 0xb}], 0x10, 0x4d8f}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000440)=r1, 0x4) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000011008188040f80ec59acbc0413a181000a000000000100000010001f0e0027000f00000000800200121f", 0x2e}], 0x1}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001940)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)=r1}, 0x20) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f00000004000000080000000500008000000000", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000f700000000000000"], 0x50) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000006c0)={r4, 0x58, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001180)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0xb, '\x00', 0x0, r4, 0x7ff, 0x3, 0x2}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x18, 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB="186300000d00000000000800000000009500000000000000da63092e437ac0cdf71860a300a78105b6bc3d4736b89da6dca1526ece95a1bb2f2d8eeab379df23f3f916de66b5f492d623a91af5bb14dba73aacf8927a26d3610c4e2790589964a0a1f2120407efd88ce714e6f62d62de4653838fcc7c332c6b52a37d84aa1a838d"], &(0x7f0000000340)='syzkaller\x00', 0x8, 0xad, &(0x7f0000000380)=""/173, 0x41100, 0x1, '\x00', r5, 0x0, r4, 0x8, &(0x7f0000000700)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000740)={0x2, 0xe, 0x3, 0xffffff80}, 0x10, 0x0, 0x0, 0x8, &(0x7f00000008c0)=[r4, r4, r6, r4], &(0x7f0000000900)=[{0x3, 0x2, 0x9, 0x55134e6ea0079c75}, {0x0, 0x3, 0x6, 0x6}, {0x1, 0x3, 0xc, 0xc}, {0x2, 0x1, 0xc, 0xc}, {0x0, 0x2, 0xe, 0x9}, {0x1, 0x1, 0xd, 0x3}, {0x2, 0x5, 0xb, 0x4}, {0x0, 0x3, 0x4, 0x4}], 0x10, 0x800}, 0x94) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0xf0d, '\x00', r5, r4, 0x0, 0x0, 0x3}, 0x50) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000001d00)=0x1, 0x12) write$cgroup_int(r8, &(0x7f0000000080), 0x12) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001b80)={0xffffffffffffffff, 0x4, 0x8}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x18, 0xc, &(0x7f0000001980)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x1000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000001a00)='syzkaller\x00', 0x8, 0xb6, &(0x7f0000001a40)=""/182, 0x40f00, 0x8, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001b00)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000001b40)={0x4, 0x9, 0x8001, 0x3}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000001bc0)=[r8, r9, r0], &(0x7f0000001c00)=[{0x0, 0x4, 0x8, 0xb}, {0x1, 0x4, 0x4, 0x8}], 0x10, 0xd}, 0x94) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="4a3bc529c8462e"], 0x50) r11 = socket$kcm(0x29, 0x7, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r12, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x10102) write$cgroup_subtree(r13, &(0x7f0000000040)=ANY=[], 0x2) ioctl$TUNSETLINK(r13, 0x400454cd, 0x323) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000040)={r11}) r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001780)={0x18, 0x2b, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, [@func={0x85, 0x0, 0x1, 0x0, 0x7}, @ringbuf_query, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r10}}, @alu={0x7, 0x1, 0x4, 0x0, 0x6, 0x1, 0xfffffffffffffff0}, @map_idx={0x18, 0x2, 0x5, 0x0, 0xc}, @generic={0xd, 0x9, 0x8, 0x6c, 0x5}, @cb_func={0x18, 0x0, 0x4, 0x0, 0x6}]}, &(0x7f0000000640)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000000680)=""/4096, 0x41100, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000001680)={0x6, 0x4}, 0x8, 0x10, &(0x7f00000016c0)={0x1, 0xa, 0x7, 0x6}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001700)=[r0, r10, 0xffffffffffffffff], &(0x7f0000001740)=[{0x4, 0x2, 0x8}, {0x5, 0x1, 0x3}, {0x1, 0x2, 0x3, 0x8}, {0x3, 0x2, 0x6, 0x8}], 0x10, 0x8}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f0000001840)={r14, r10}, 0xc) 2.158912891s ago: executing program 3 (id=11278): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[], 0x0}, 0x94) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000001c0)={0xffffffffffffffff}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x1f}, 0x107412, 0x0, 0x0, 0x3d603c7d87ed2789, 0x22c000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000035090100000000009500000000000000bf9800000000000056080000020000008500000007000000b7000d00000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x46, 0x0, 0x8003fffe, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0x5}, 0x8807, 0x0, 0x2, 0x8, 0x6, 0x1, 0xffff, 0x0, 0x6, 0x0, 0x10074}, 0x0, 0x4, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r2 = socket$kcm(0x2, 0x1, 0x84) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r3, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f97e24fc6004030e000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x74000000}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f00000007c0)=@generic={0x25, "0100000000000000aed3a1cfe696346585c6f323aa1d0d73ad589fbfdd2c9274aa85bdc12718f2a1f439a55fcbe56fa514f165984e09fb7317019c69b1a14013db732cacb677bb3b00f0070039cc33016d8a6a3d141050c92220a92133f836530d61dd080096e21ba8375477051a79403d257fb778b6b3e788b3c51c388a"}, 0x80, 0x0}, 0x8000) syz_clone(0x20100000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0xc, &(0x7f00000013c0)=ANY=[@ANYBLOB="180200001000000000000000000000001801000020696c2500000000002020207b2af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000087000000000000009500"], 0x0, 0x2, 0xd2, &(0x7f0000000040)=""/210}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000400)=@isdn={0x22, 0x0, 0xa, 0x8, 0xc}, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffd4}, 0x240000c4) setsockopt$sock_attach_bpf(r2, 0x84, 0x9, &(0x7f0000000380), 0x98) r6 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000000040)={r1}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000000)) 2.048506134s ago: executing program 0 (id=11279): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xdc101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x1, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000100000000000000000000850000007500000095"], 0x0}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000020000000000000000000000020000000000"], 0xffffffffffffffff, 0x1a, 0x0, 0x2}, 0x28) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r2, &(0x7f0000000000), 0x2a979d) 1.894628719s ago: executing program 4 (id=11280): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) r2 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext={0xc7b, 0x7fffffffffffffff}, 0x11508d, 0x89, 0x0, 0x5, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r3, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x2}, 0x0, 0x0, 0xfffffffd, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xfffffbffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xd, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES8=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000b80)=ANY=[], 0x0, 0x26}, 0x28) socket$kcm(0x10, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000200)={r2}) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000029000b05d25a806f8c6394f90424fc60", 0x14}], 0x1}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000180)=r7, 0x4) sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x54, 0x0}, 0x20000000) 1.608112759s ago: executing program 2 (id=11281): r0 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x0, 0x0, 0x0, 0xa6, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000700)=[{0x2, 0x5, 0x6, 0x5}, {0x2, 0x1, 0x8, 0xa}, {0x4, 0x5, 0x1, 0x9}], 0x10, 0x7}, 0x94) socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x9, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x3}, 0x58c8, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0f00000004000000080000000b00000000000000", @ANYRESOCT=r3, @ANYBLOB="000000000000000000000000000000000000000090b6aecdc2242342657c3d458d09071bebaa3c4d2477a3ca822f078bd72426785aa84ddb84db83fcdbb378f8cce368df2edc9b762b95bfebe097a5130503e4e2234ea6567d84003abcde8e35bef4b0500de26f2303fbd30eef9627af3e8ecb8cd4bf512bae76f634e374d9fdaf0d414fd57c1e6ff408b70e4476c0c86f6cafd43bc62d7e53c2dc11a59a4aca8b4b2aa4f4657715e0e23fa34937dd0079cdf410f1b004511dca9e3cbd39bdf2916292f950f744a49dac9fcb3523a551b266fe21f6d14df9b209fe59c04d1d900a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r5, &(0x7f0000000200)="ba"}, 0x20) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000040)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r4, 0xc008240a, &(0x7f0000000100)=ANY=[@ANYBLOB="04000000000000000000000000000000000000008ad0e0d8"]) write$cgroup_subtree(r7, &(0x7f0000000040)=ANY=[], 0x6a) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffe1a) r8 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r8, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r8, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b8825fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) sendmsg$kcm(r2, &(0x7f0000003680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x20000804) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @multicast}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000080)) socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x0, 0x1}, 0x201, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r9 = socket$kcm(0x1e, 0x5, 0x0) sendmsg$kcm(r9, &(0x7f00000014c0)={&(0x7f0000001540)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x0, 0x0, 0x4, {0xa, 0x4e24, 0x2f5e7122, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2010001}}}, 0x80, 0x0}, 0x0) 1.514456982s ago: executing program 3 (id=11282): socket$kcm(0x21, 0x2, 0x2) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x200000007ff}, 0x10022, 0xac5f, 0x0, 0x0, 0x0, 0x67af}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3314dbeaa1ae8efd}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe24, &(0x7f0000000000)='/proc/3\x00\xff\xff\xffat\x00AE\xf44.\xab%j'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219b"], &(0x7f0000000340)='syzkaller\x00'}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = perf_event_open(&(0x7f0000000400)={0x3, 0x80, 0xf, 0x5, 0x9, 0x1, 0x0, 0x3eb, 0x90444, 0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5, 0x4, @perf_config_ext={0x2, 0x1}, 0x2448, 0x4, 0xeff, 0x9, 0x9, 0x400, 0x9, 0x0, 0x5, 0x0, 0xd1a2}, 0x0, 0xc, r0, 0x13) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000540)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x53, 0x0, &(0x7f0000000740)="f56a5f0e025f0bc1f97733066459a2194d73791aef7400040000009cefe90c225f74fa2911e1aac745387221f2b9f2b8eaa848431e4efee8c5dc78d3776b4098b71ddc0a84b65d33f8fe4ceecd923f685bdb73", 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 1.375918876s ago: executing program 0 (id=11283): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0x11, &(0x7f0000000700)=@framed={{0x18, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x407}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}, @call={0x85, 0x0, 0x0, 0x8}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000340)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000002c0)={@cgroup, r2, 0x2f, 0x2008, 0x4, @value=r3}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0x7, 0x0, &(0x7f0000000300)="882f1242a03c3f", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.375516326s ago: executing program 4 (id=11284): socket$kcm(0x1e, 0x2, 0x0) socketpair(0x1e, 0x1, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) recvmsg$kcm(r1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x18, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$OBJ_PIN_PROG(0x11, &(0x7f0000000240)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18) socketpair(0x1, 0x20000000000001, 0x0, 0x0) r3 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r3, 0x0, 0x41) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x41100}, 0x94) close(0xffffffffffffffff) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x13, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77c4, 0x0, 0x0, 0x0, 0xc}, {}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='syzkaller\x00', 0xfffffff3, 0x17, &(0x7f0000000280)=""/23, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0xf, 0x3, 0x40}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x5, 0x2, 0x10}, {0x5, 0x4, 0xd, 0x2}, {0x4, 0x1, 0x3, 0x9}], 0x10, 0x7}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000010000003f00000040"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000780), &(0x7f0000001a40), 0x1007, r5}, 0x38) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x90, 0x0, 0xc2ba, 0x0, 0x0, 0x6}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) 1.374711266s ago: executing program 2 (id=11285): socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x10c002, 0xac5d, 0x0, 0x0, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x4880, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001200)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) 1.050365636s ago: executing program 5 (id=11286): r0 = socket$kcm(0x29, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080), 0x1, 0x0, 0xffffff2e, 0x74000000}, 0x4008000) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200010000800000000000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r1}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000740)={r3, &(0x7f0000000080)}, 0x20) (async) socket$kcm(0x21, 0x2, 0x2) (async) r4 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r4, &(0x7f0000000200)='FROZEN\x00', 0x28) (async) socket$kcm(0x2b, 0x1, 0x0) (async, rerun: 64) bpf$MAP_CREATE(0x0, 0x0, 0x50) (rerun: 64) r5 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200, 0x9}, 0x100808, 0x0, 0x8000, 0x0, 0x0, 0x800000, 0x4, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r5, 0x4008240b, 0x0) (async) socket$kcm(0x2, 0x5, 0x84) (async) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, 0x0, 0x0) (async) socket$kcm(0x10, 0x2, 0x0) (async) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x7) (async, rerun: 32) mkdir(&(0x7f0000000000)='./file0\x00', 0x20) (async, rerun: 32) r7 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="364000001a00913a"], 0x82d7) (async) r8 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r8, 0x29, 0x3c, &(0x7f0000000040), 0xcf) (async, rerun: 64) recvmsg$unix(r8, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x41) (async, rerun: 64) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000680)="e0b9547ed387dbe9abc89b6f5bff", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) recvmsg(r7, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32) recvmsg(r7, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e02360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e8a9b", 0xd8}], 0x1}, 0x0) 1.050145916s ago: executing program 0 (id=11287): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}, 0x40, 0x0, 0x9, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a"], &(0x7f0000000000)='GPL\x00', 0x5}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) syz_open_procfs$namespace(r0, 0x0) (fail_nth: 2) 939.95849ms ago: executing program 2 (id=11288): socket$kcm(0x21, 0x2, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8924, &(0x7f0000000cc0)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf\xc8>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\xe1\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000180)=0x20000, &(0x7f00000001c0)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r3}, &(0x7f0000000500)=0x2000000, &(0x7f0000000540)}, 0x20) 916.170281ms ago: executing program 3 (id=11289): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000200007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000480)={r1}, 0xc) 722.301227ms ago: executing program 5 (id=11290): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x7b64, &(0x7f0000000280)=[{&(0x7f0000000100)="5c00000012006bab9e3fe3d8fd8978f45225d9ee000000007ea60860160af36504fe0100080ec000000002009ee517c356a7b0251e61e659ad3af435cf01c937e786a6d0bdd7fcf50e4509c5cc68b7ed9c232d786c35fe000fff0000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 643.014839ms ago: executing program 3 (id=11291): r0 = socket$kcm(0x10, 0x2, 0x4) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r1) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r3 = socket$kcm(0x21, 0x2, 0x2) socket$kcm(0xa, 0x2, 0x3a) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$sock_attach_bpf(r4, 0x29, 0x3c, 0x0, 0x0) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r5 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff, 0x4}, 0x0, 0x0, 0x0, 0x8, 0xd, 0xfffffffc}, 0x0, 0x100000000, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000012006b04000000d86e6c1d000a887ea6ea65670000000000000090f9c3dc90f8f41f8ecff32c6e020075e300250045586c8da718ad4b4460bc24eab55600000000000000bf9367b4fa51f60a64c9f4d4938037e786a6d0bd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 257.817751ms ago: executing program 2 (id=11292): openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000007c0), 0x2, 0x0) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x5d, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x18}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) sendmsg$kcm(r0, &(0x7f0000000880)={&(0x7f0000000640)=@in6={0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00', 0x4}, 0x80, &(0x7f00000007c0), 0x0, &(0x7f0000000800)=[{0x50, 0x104, 0xc, "b3b28ae6c262280c8db3842646d6a60a3957f40188c841d7cab9c5546fa12da58e0eb5a40984637457f14be22ee04360d663eaf9612c23a384745ec2"}], 0x50}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xbd, &(0x7f000000cf3d)=""/189, 0x41000, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1}, 0x94) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001) 180.472234ms ago: executing program 5 (id=11293): socket$kcm(0x1e, 0x2, 0x0) socketpair(0x1e, 0x1, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) recvmsg$kcm(r1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x18, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$OBJ_PIN_PROG(0x11, &(0x7f0000000240)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18) socketpair(0x1, 0x20000000000001, 0x0, 0x0) r3 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r3, 0x0, 0x41) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x41100}, 0x94) close(0xffffffffffffffff) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x13, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77c4, 0x0, 0x0, 0x0, 0xc}, {}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='syzkaller\x00', 0xfffffff3, 0x17, &(0x7f0000000280)=""/23, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0xf, 0x3, 0x40}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x5, 0x4, 0xd, 0x2}, {0x4, 0x1, 0x3, 0x9}], 0x10, 0x7}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000010000003f00000040"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000780), &(0x7f0000001a40), 0x1007, r5}, 0x38) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x90, 0x0, 0xc2ba, 0x0, 0x0, 0x6}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) 179.010664ms ago: executing program 4 (id=11294): socket$kcm(0x1e, 0x2, 0x0) socketpair(0x1e, 0x1, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r1, 0x0, 0x0) recvmsg$kcm(r1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d0e, 0x80218, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x2005, 0x0, 0x51, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x18, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$OBJ_PIN_PROG(0x11, &(0x7f0000000240)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18) socketpair(0x1, 0x20000000000001, 0x0, 0x0) r3 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r3, 0x0, 0x41) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x41100}, 0x94) close(0xffffffffffffffff) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x13, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x77c4, 0x0, 0x0, 0x0, 0xc}, {}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='syzkaller\x00', 0xfffffff3, 0x17, &(0x7f0000000280)=""/23, 0x41100, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0xf, 0x3, 0x40}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x5, 0x4, 0xd, 0x2}, {0x4, 0x1, 0x3, 0x9}], 0x10, 0x7}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000010000003f00000040"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000780), &(0x7f0000001a40), 0x1007, r5}, 0x38) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x90, 0x0, 0xc2ba, 0x0, 0x0, 0x6}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) 155.388305ms ago: executing program 3 (id=11295): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x12, &(0x7f00000001c0)=[{&(0x7f0000000500)="d8000018200081044e81f782db44b90402000000e8fe55a1180015000600142603600e1209000b000000043542c92f50c85a929e01a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8cbf7a7ff4841ef62b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b10d614f00004d9db22fe7c9f8775730d16a4683f1aea4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d", 0xd8}], 0x1}, 0x40004000) 46.762549ms ago: executing program 0 (id=11296): r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x4, &(0x7f0000000300)=@framed={{}, [@ldst={0x3, 0x0, 0x6, 0x0, 0x0, 0x0, 0x18}]}, &(0x7f0000000380)='GPL\x00', 0x7, 0x9c, &(0x7f00000003c0)=""/156}, 0x80) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002c000b05d25a806f8c6394f90424fc602f0017090a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x8102000) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000240)="2e0400001c008102e00f80ecdb4cb9f207c804a010000000880808fb0a0002001000000000000000c500c50083b8e44485a5b9d70adf568a4f0d2493bf89d325e6ecd07c0c7a7a170d37120d38061bef5f71c5ebba976817ce65bf30a4af9529a601bca7b8e9b2ed1317f755eb57549148730c3a20ccd96a32905f7905d418b46e946ab67b4b58f86f9347a3a29ceb74a8d316220ee8bf7a2159ff6f3aedd96653fd12ad36828d899c08f673e7c89e14c5a3e3780339890efa229244440a22629cacab91eccf62355c7f95f9bc05b15acd124144cd2a43a2433de84cf905ffbc36753e0905096987f26c65eb3934bf6bb141c7da67fb11873538e8d250b520384a4afde187d4b1b8db03d879b06791ea4d84eb716c6f8c06807801aeb68cef68cb35e7c19b72a34a22df936b2682983c064cbad35b59a5793c749f9c", 0x13c}, {&(0x7f0000000380)="e5b45403e478a2cb943ae968d43d447dcf4ef16d1daefaaa891447ea0a182d014ee1de3e97d573d0b0c51f96e85f325fd11cc30b6a493a4f832c9dc250ce3b79ec75901f30fa370c1f6b3cdce17184455d80b334c8449cf293dc0f4943c12659ac3f89e13f7a2e5485dc47b2e429e52ea9a8ba5185d2e306684c4d9c29bba79e07d32202e8985a411dcd544b1df8a7cb3bbaec120c2dc8bf09bb3dd9fb9a192f7456658d9c34dd1688e5330914478aac213d9a6aeb42d2e7b54ceebabb0216fc5fe834f0a2fb332a2baaa9f070a6c135213f6931721936b2a0659077c64bdd6135177d860e89274e5c7baafccddde39d7af1f27ac3014dded5eceee450b5d73ae2db245560e4dfff1430d9c0a24d69cca1c97b6916db35a156c641e05ae64e580c0a96eff53aebb4e5c9294ce418155ac4c934fd325b2d1f8d48f9637b2ce5d719a827a361f498477416ec279676b5274969810a9a47076f1f2ca342f7d1d0f60a483b4b9ce01301b1c381bfdf6c67271554f773d2df41e14199f43e08d0803ac0f11cc68ba59fbd709bddad162f8fc05376678db863e3b23a8d619beebf95090066abd786b501dee118a4fc541cf3199eaf433ef4ef32f0c4bf67c192b04f80200806397eb0e6b65fb88678c9b524a841a4f257523fa8dfbc177a0b25cd25562ede441a8b402c77f66d90d4190988c6ae2f1c7c4245fe655762851484bf494988b426b2e5754215b83de8006b86edc00d3391448daa2fdce19c058b787e50424652300d5364602112c335cee6db5e5006c2968658c170d375803ccc9706f7a9c5eb4ccc3a38a8e7f3e8a29fddb7a1847498b82ac6e1450e7f52238f1082a69adc9e6c66823d139caa089577803b4fa045fbb659fa968a9c16f9ae8bd70c6eb608f4928e4845b0f1a6612fdc9e3a2f525783fc860fc6f522e90e5e2d7c51a87c35e3959887f070031e7769430c7305f28ab49a741c23a794bbf162e8be7a76a058289183b92244b7cd0b724cea78dff829db5a8c0c62b64e03ad55af3371542c7b63a6daf0ad81c5ad10639704cd9860101a", 0x2f2}], 0x2, 0x0, 0x0, 0x5865}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f00000000c0)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x7, 0x12) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @remote, 0xfffffffe}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000c40)="3282db78e0ea55c52d87bc2a166b9e46818f5faca0b3a411e056b7928ccacd30019d925e47ecd2f92675d1d80000000000000004007d002ae35902b5d768e71db355cf220bb96b7a64e1d2629c3e21c5decd0e2e6f107e35a8081587d3dc42a0bc0d0c5e85c355c9cbadd6e8f8014acb52d24b961a3989d5102d540829ad660fdca299e7e74a71ed264d75a3e1dfb8331f1b441972bc5941fa418cfee6139c15eda91b1ecf8887e108b15c4c7505c31efe205c875a7c854aa65bcc2e04ea6739f968547df4ae455ecd6b0566ef52705630df27d81e2a544ecc09f8c73cec559d206644acdc56c717e19f04613456b8d7a386c0a700c032d0165c3b3f5716aa7f24e6fca522f91350793d13ba7f887e7b48cd3e6e41139d0d04000000ac59bf750ce0000000000000000000000000f18d233cdc36efdead60d008963851bc819e1b4551b3f13bbf6c18ea0165c66f5261c9ec61f0914c6ffb8506596b61392aa5d906994608b36096a2f5c0f3fef95bf6ddb78c8d07eee5e815c9a2a3d21a054e6fd032be118e9a3f4d016db35b5048e20f1859680e5571822934769e6f9361babb4766dc073d1dabfb220daa1cf4e7206b2b8aa7b55d1396273690ec7a8d36ffbfe2a68a9547758d3ece744be07d320147c0e92e0b63f9bc6ec163917bee3f5602f840a1759670ea43b7f596b347d8b9116506356d0279d21f6a0cab3056c27dec074e8dac12c1d99afcd84f82a47a0cb5093c7a221f7fb624e2f6e9eeca4e5050fc3be50bbdc62d41333b4243336a5590e49658a10b5c8624eb2410d68e64f230fdcf4689495ca41e818d4808b18592610bf62403c2eaad20d1d8fb185ebefac64aa0eb1d36ccacf61ec28b4ec24dba53b21ed5c5f727cccb0d614884908957138d2c30560e88f128af21ccc9fd64d229f35b2f76d0ee9e25f9e4390a55a8600449774ca116e3ba523c9c5d39abcf09a76127c17fc6194711f20307ead0d5bbbe2aa3f677156b8856411a8045159df771ac3e3d5828e359c24a59d65e92f4112fb697ab825536751f82e9d55e89853a03c693d418c4d2cccb61c6f60ad304a68d15fc20edaec9af4725f47c8e1724cfd5099a59147bcc872fafe7565f98c3c3edb83c96b0aff30779783467d4348d5e28d9afd5e77ce5dabc1c4d5d790339490703d9050ef8d919d5d5f71a26bd9b72ea53933eecb6cd8a09bc67f5a6b0450fbfcce6837ab696975ba8387815bfa1c497f37ed8b9151bb1105d5efbf3b5034e5bdde5fdb60f996c1fcf75201c52d47ab3b31a4112d6cb61c3beaeb97d03744cfb01409dd1b1258e0d5856df535c241017509a193043296e202834cc4eb50417c56f93093ca61a9c1373904faa2564ad469d8329dd1256f9648af69d6007d8bca7b566cee8a263c07021e9f71b82c07ca8fbe3", 0x3f3}, {&(0x7f0000002b40)="da752f575198baaac222d34e85893d37a6bd281687872ed9151c56f415698f3fecf56eebf5edb42ed5d54e0419b2a13128d3ad19b6eed6b450aad46baaa57203e0d4f567d8d79fe07e7b3142de43e55cf69c65db2469175cf60c82f49d0f9dc4c4dde733a14d57f4117ed2f46aea5950ff0176d73349c2808eee62ce1c7d846ffdf65211f3192dabe5b3ac1516ad90e618d0ca9e4ac2778acabeac244f2f90af2616647e5cf8ab5e2ac404ebf2a866c8a73f68ae2cc4523e63e3a1aa5ab60a23e4c47534bda546042120c5333d91fefc68226bc9149d282937797a2fe036a58c9ecd19e54bcfb85d3f75ec7c74d86be94ef6b9191e0fa86d2a9330af3f592e24bc30b84632e5121bf04abc0e12f4073f6678ad97b786cc73b8175e35eda542e3631d283a3ca6fef91607ec7dee1b4a62bae169cc8fb64e8bdef95474f0b3c526f69ce55281e18016a4785875ba99e313fd63f66cfd36234bcc6048f25bce8cce39cf709eb10e1ea88497ff7401aae0d4a7e07f14691b6c4b75dc16e2586744317ffbb9966d8bfb16efcdf6ab308426e5c1aec6a6636122ffaca89af3b03834612b93989d0bbb251a42c1b48b86ac7162ad8d5cbf3d6cfccdc590724ff6caa85320f9", 0x1c2}], 0x2}, 0x8400) sendmsg$inet(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000640)="a1cac048decc07180339b0435d79ad4fa65e0858f1ae5129d4c6330073058c379b25fcf1a5fcbf4d37e52c640ded5f6babd6e1236971bf9779dd0690fe23781239f8d0e9e684cf633ab1c17ab47d8b0abbd6d1493c551a2e62109ad8595680fca04ade38176eeacb6fdcfd049dd041e42c54b9a4774c4ea5c228a16441eff7204d1b2ea7fe947c77c1686f74ae296f50b0eaad946c62e984e70db2f24f34279d48b7d3127cddb5656fcfa451e9da5cd44a3a2423cc46e28824e46c475ec172539e26e2e4a111f50ac9117d214d731a36ad05bd346ab2d5b1d483f1414a89c50836e3ae5532acd125f9237b851f9f6d879490f9a91d51052abd28a6be1394dcbdd6794013e96b94f2321135eef96e81bfe20e7ea0b68fc5755e7d31beb0283e21499d8fcd83f514a8a6eea618ec21120ef062cc0017a73204e33702fde7e1d3fe010f895a8ade4de79ffa763dd069d3af78cf49a32719099b16510a416b47fa0bebaaa1726f60ccc19bfdd9f0bdafa74517eace278604079136310609e34a7519e840af9acb923e74f932eb88aab4a7c49c479e5be61086e77140f94015a8e7e9985ae8822bb2b06c5badadae50f0efb849a2227f0e8b6112c7fa63f7609fb3902acc6544ba14925ad235bc7d16b90854dd5bea48d9687f4474cf4d9f39b8d0a54b06ac6cbdfb18a33d3eb9de47a3b9acbecb8eef97335c7f55e97bd4cc89c020a1a618859e8d8980b4fadcebe26ad234d0777d4b7c6c4f1b11c45530ab78e2100945452978fc8cc349fe919b8b4fb53a594f3f10201e1d3146ad706109649e4ff2e59354ebfbe6f068a72a9b18215efa0e7a6f4bd73e715fc73618972aff440c3ba526309f3866043f731ab8a9e455ef0b5684976dac37b8f7686be3ec322056e452b5cdda7a10415ce148af5df96fecb10228fa0994c9d25702fb894634661f26dcfed8809ee0a409ccab1325665c1524a4ebe533fef9ab39ca29fb2cb64dd20ba9fcdf2f3c7716847ff88cb601000000000000e2e10e6745422f770e9e5c9aa8634857e5d43eff8a76228e0556f99f848cac1a587664c1ea7c46374d4c1d7b142d403c1906840c6a027ee837b50da72e549867b9c52ad138880c59c997d0410375c96625d841995575e722768e0106f5768da4ebea4f2bea2ce333ad81597f4bd7708c833a54cb3604e1da14de5573d2e326dedeb0041cd416fc5d48ea47571e89ff8eeb45c505f0c1e035e830290235e16439c57bf53c7e7f8603243dd7870040457e06ef6c19c676082272b1a77ed41548ca758068b75a49025bbd4e5b3cecc8a95afeedcbcccf3ee3cf874843ef79b0bb4cc01f9856e2da367fc39e35a5b84cbef5804a5004eda41123071760ef447b09c9a0cb395007429fd25df4b5d339c25ff919121571298ca491f6de0c3474f586ccde072988342bc952a29d97fa6b9c3301cab65e01ff242d21e5a705fd3fe0f0a874b431babaf36ea0805830273de0f97a81c08ec89827c0e9f3643686be8a5cc0f80efd176c2fef7653eaec4ecedf0ce860b99dca23e4b4d9662d184ad9c607c0e0baaab5b2d8ad63d4fff719ea69c46b6731b917b002dfc81a1e18cf9bd57bfa3a60d6ca45f28caeca4133487a0adc36513e3e3b0f1b1253d97830d74051659d2420b3c736d7118610009a64676933c65b71d05f84e41b7d1b491d9aacb1276ab65b1480986f4d9302e7d50ececc557e95a0e15a842623d8cafc92df63198e41fc3de42ba1b802476c5987fd56286e4541fa48e344b10d953250f18b99414aa5b7fb33cbf3c3eb69176db2d3d9f71504e8324d7525ad8310f634485130aeb7c23ce650d032fb76ef282bfb51e46eb7b2affa1e0f2d1f8b39b1b2463978872c0aed7fa5c2db88e906d0f710365e468d0d99ce166f30fff8987439fa35456ff36e78fbe838824d21a419115b3101f7e142468b16e00e44ec24ad339a1063717c2d4bb152228a963869412309cb77985c228d9901fb543bd4b64cb167681ab0d136a9d51ff6c7867c286a1f42c893ac59c40847ccd4a0f1ef57b7a811eb", 0x5b0}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/4096, 0x1000}], 0x1}, 0x40010040) 0s ago: executing program 3 (id=11297): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r2 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r1}, 0x8) close(r2) (async) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000740)=@generic={&(0x7f00000000c0)='./file0\x00', r2}, 0x18) write$cgroup_pressure(r2, &(0x7f0000000040)={'full', 0x20, 0x1, 0x20, 0xffffffff}, 0x2f) ioctl$SIOCSIFHWADDR(r0, 0x8947, &(0x7f0000000080)={'vlan0\x00'}) kernel console output (not intermixed with test programs): 1753.152028][ T1543] ? __sctp_connect+0xd80/0xd80 [ 1753.156953][ T1543] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 1753.162576][ T1543] ? security_sctp_bind_connect+0x85/0xb0 [ 1753.168367][ T1543] sctp_sendmsg+0x165d/0x2a40 [ 1753.173145][ T1543] ? sctp_getsockopt+0x8a0/0x8a0 [ 1753.178189][ T1543] ? __lock_acquire+0x7d10/0x7d10 [ 1753.183286][ T1543] ? aa_af_perm+0x340/0x340 [ 1753.187858][ T1543] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 1753.194354][ T1543] ? inet_sendmsg+0xe5/0x2f0 [ 1753.199022][ T1543] ? inet_send_prepare+0x260/0x260 [ 1753.204238][ T1543] ____sys_sendmsg+0x5be/0x970 [ 1753.209069][ T1543] ? __sys_sendmsg_sock+0x30/0x30 [ 1753.214155][ T1543] ? __import_iovec+0x315/0x500 [ 1753.219093][ T1543] ? import_iovec+0x6f/0xa0 [ 1753.223796][ T1543] ___sys_sendmsg+0x2a2/0x360 [ 1753.228713][ T1543] ? __sys_sendmsg+0x290/0x290 [ 1753.233557][ T1543] ? rcu_is_watching+0x11/0xa0 [ 1753.238430][ T1543] __se_sys_sendmsg+0x1bb/0x2a0 [ 1753.243339][ T1543] ? __x64_sys_sendmsg+0x80/0x80 [ 1753.248364][ T1543] ? lockdep_hardirqs_on+0x94/0x140 [ 1753.253691][ T1543] do_syscall_64+0x4c/0xa0 [ 1753.258159][ T1543] ? clear_bhb_loop+0x60/0xb0 [ 1753.262911][ T1543] ? clear_bhb_loop+0x60/0xb0 [ 1753.267668][ T1543] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1753.273630][ T1543] RIP: 0033:0x7f049ad9ce59 [ 1753.278095][ T1543] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1753.297758][ T1543] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1753.306275][ T1543] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1753.314311][ T1543] RDX: 0000000000000041 RSI: 0000200000000600 RDI: 000000000000000c [ 1753.322343][ T1543] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1753.330391][ T1543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1753.338439][ T1543] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1753.346623][ T1543] [ 1753.634222][ T1553] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.9707'. [ 1753.922804][ T1558] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9709'. [ 1753.966222][ T1558] tc_dump_action: action bad kind [ 1754.232990][ T1567] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.9712'. [ 1754.548061][ T1568] netlink: 'syz.4.9712': attribute type 11 has an invalid length. [ 1754.561413][ T1571] netlink: 'syz.0.9713': attribute type 21 has an invalid length. [ 1754.617943][ T1571] netlink: 156 bytes leftover after parsing attributes in process `syz.0.9713'. [ 1754.639758][ T1568] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.9712'. [ 1754.963753][ T1562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1755.937531][ T1590] netlink: 'syz.2.9721': attribute type 10 has an invalid length. [ 1756.431743][ T1602] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9723'. [ 1756.472062][ T1602] tc_dump_action: action bad kind [ 1756.652873][ T1608] netlink: 'syz.2.9727': attribute type 21 has an invalid length. [ 1756.675223][ T1608] netlink: 156 bytes leftover after parsing attributes in process `syz.2.9727'. [ 1758.075666][ T1623] netlink: 'syz.4.9730': attribute type 21 has an invalid length. [ 1758.104546][ T1623] netlink: 156 bytes leftover after parsing attributes in process `syz.4.9730'. [ 1758.278586][T31215] Bluetooth: hci1: command 0x0406 tx timeout [ 1760.709985][ T1652] netlink: 152 bytes leftover after parsing attributes in process `syz.2.9739'. [ 1760.785213][ T1652] tc_dump_action: action bad kind [ 1761.650026][T31215] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1761.659773][T31215] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1761.669388][T31215] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1761.677785][T31215] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1761.687237][T31215] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1761.694872][T31215] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1761.842181][ T1684] FAULT_INJECTION: forcing a failure. [ 1761.842181][ T1684] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.918689][ T1684] CPU: 0 PID: 1684 Comm: syz.4.9751 Not tainted syzkaller #0 [ 1761.926172][ T1684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1761.936309][ T1684] Call Trace: [ 1761.939638][ T1684] [ 1761.942633][ T1684] dump_stack_lvl+0x188/0x24e [ 1761.947417][ T1684] ? show_regs_print_info+0x12/0x12 [ 1761.952689][ T1684] ? load_image+0x400/0x400 [ 1761.957264][ T1684] ? __might_sleep+0xd0/0xd0 [ 1761.961919][ T1684] ? __lock_acquire+0x7d10/0x7d10 [ 1761.967015][ T1684] should_fail_ex+0x399/0x4d0 [ 1761.971766][ T1684] should_failslab+0x5/0x20 [ 1761.976335][ T1684] slab_pre_alloc_hook+0x59/0x310 [ 1761.981429][ T1684] ? __schedule+0x119d/0x40e0 [ 1761.986161][ T1684] ? rtnl_newlink+0x10c/0x20a0 [ 1761.990982][ T1684] __kmem_cache_alloc_node+0x4f/0x260 [ 1761.996428][ T1684] ? rtnl_newlink+0x10c/0x20a0 [ 1762.001226][ T1684] kmalloc_trace+0x26/0xe0 [ 1762.005704][ T1684] ? rtnl_setlink+0x510/0x510 [ 1762.010413][ T1684] rtnl_newlink+0x10c/0x20a0 [ 1762.015066][ T1684] ? __schedule+0x11d9/0x40e0 [ 1762.019880][ T1684] ? __mutex_lock+0x806/0xaf0 [ 1762.024592][ T1684] ? __lock_acquire+0x7d10/0x7d10 [ 1762.029664][ T1684] ? do_raw_spin_lock+0x128/0x2f0 [ 1762.034724][ T1684] ? rtnl_setlink+0x510/0x510 [ 1762.039433][ T1684] ? __rwlock_init+0x140/0x140 [ 1762.044234][ T1684] ? do_raw_spin_unlock+0x11d/0x230 [ 1762.049479][ T1684] ? __mutex_lock+0x810/0xaf0 [ 1762.054192][ T1684] ? __mutex_lock+0x3b2/0xaf0 [ 1762.058903][ T1684] ? rtnetlink_rcv_msg+0x824/0xfc0 [ 1762.064050][ T1684] ? mutex_lock_nested+0x10/0x10 [ 1762.069047][ T1684] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 1762.074240][ T1684] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 1762.079430][ T1684] ? rtnl_setlink+0x510/0x510 [ 1762.084175][ T1684] rtnetlink_rcv_msg+0x87c/0xfc0 [ 1762.089163][ T1684] ? rtnetlink_bind+0x80/0x80 [ 1762.093870][ T1684] ? __local_bh_enable_ip+0x136/0x1c0 [ 1762.099467][ T1684] ? lockdep_hardirqs_on+0x94/0x140 [ 1762.104722][ T1684] ? __local_bh_enable_ip+0x136/0x1c0 [ 1762.110129][ T1684] ? _local_bh_enable+0xa0/0xa0 [ 1762.115044][ T1684] ? __dev_queue_xmit+0x26b/0x37c0 [ 1762.120194][ T1684] ? __dev_queue_xmit+0x26b/0x37c0 [ 1762.125342][ T1684] ? __dev_queue_xmit+0x1cd2/0x37c0 [ 1762.130588][ T1684] ? __dev_queue_xmit+0x26b/0x37c0 [ 1762.135757][ T1684] ? perf_trace_lock+0xf8/0x390 [ 1762.140647][ T1684] ? __copy_skb_header+0x3ba/0x4f0 [ 1762.145827][ T1684] ? trace_event_raw_event_lock+0x250/0x250 [ 1762.151761][ T1684] ? __skb_clone+0x480/0x790 [ 1762.156397][ T1684] netlink_rcv_skb+0x1fb/0x450 [ 1762.161199][ T1684] ? rtnetlink_bind+0x80/0x80 [ 1762.165912][ T1684] ? netlink_ack+0x1170/0x1170 [ 1762.170720][ T1684] ? netlink_deliver_tap+0x2e/0x1b0 [ 1762.175957][ T1684] netlink_unicast+0x74d/0x8d0 [ 1762.180777][ T1684] netlink_sendmsg+0x8ad/0xbd0 [ 1762.185593][ T1684] ? netlink_getsockopt+0x550/0x550 [ 1762.190839][ T1684] ? aa_sock_msg_perm+0x94/0x150 [ 1762.195811][ T1684] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1762.201131][ T1684] ? security_socket_sendmsg+0x7c/0xa0 [ 1762.206641][ T1684] ? netlink_getsockopt+0x550/0x550 [ 1762.211881][ T1684] ____sys_sendmsg+0x5be/0x970 [ 1762.216725][ T1684] ? __sys_sendmsg_sock+0x30/0x30 [ 1762.221791][ T1684] ? __import_iovec+0x315/0x500 [ 1762.226691][ T1684] ? import_iovec+0x6f/0xa0 [ 1762.231260][ T1684] ___sys_sendmsg+0x2a2/0x360 [ 1762.236004][ T1684] ? __sys_sendmsg+0x290/0x290 [ 1762.240824][ T1684] ? __lock_acquire+0x7d10/0x7d10 [ 1762.245921][ T1684] __se_sys_sendmsg+0x1bb/0x2a0 [ 1762.250807][ T1684] ? ct_nmi_exit+0x145/0x1c0 [ 1762.255438][ T1684] ? __x64_sys_sendmsg+0x80/0x80 [ 1762.260427][ T1684] ? lockdep_hardirqs_on+0x94/0x140 [ 1762.265679][ T1684] do_syscall_64+0x4c/0xa0 [ 1762.270160][ T1684] ? clear_bhb_loop+0x60/0xb0 [ 1762.274889][ T1684] ? clear_bhb_loop+0x60/0xb0 [ 1762.279627][ T1684] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1762.285566][ T1684] RIP: 0033:0x7f049ad9ce59 [ 1762.290018][ T1684] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1762.309764][ T1684] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1762.318217][ T1684] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1762.326227][ T1684] RDX: 0000000020008800 RSI: 0000200000000600 RDI: 0000000000000003 [ 1762.334253][ T1684] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1762.342286][ T1684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1762.350309][ T1684] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1762.358372][ T1684] [ 1762.438619][ T1682] netlink: 'syz.2.9750': attribute type 39 has an invalid length. [ 1762.720124][ T1688] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9753'. [ 1762.769002][ T1690] netlink: 'syz.3.9752': attribute type 10 has an invalid length. [ 1762.862410][ T1678] chnl_net:caif_netlink_parms(): no params data found [ 1763.143525][ T1678] bridge0: port 1(bridge_slave_0) entered blocking state [ 1763.195280][ T1678] bridge0: port 1(bridge_slave_0) entered disabled state [ 1763.211170][ T1678] device bridge_slave_0 entered promiscuous mode [ 1763.230139][ T1698] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9755'. [ 1763.268640][ T1698] tc_dump_action: action bad kind [ 1763.278799][ T1678] bridge0: port 2(bridge_slave_1) entered blocking state [ 1763.298661][ T1678] bridge0: port 2(bridge_slave_1) entered disabled state [ 1763.307669][ T1678] device bridge_slave_1 entered promiscuous mode [ 1763.409688][ T1678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1763.477361][ T1678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1763.552929][ T1678] team0: Port device team_slave_0 added [ 1763.578251][ T1678] team0: Port device team_slave_1 added [ 1763.640327][ T1678] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1763.655355][ T1678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1763.718625][ T4288] Bluetooth: hci3: command 0x0409 tx timeout [ 1763.757035][ T1678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1763.778227][ T1678] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1763.797437][ T1678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1763.880439][ C1] bridge0: port 3(dummy0) entered learning state [ 1763.898188][ T1678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1764.128148][ T1678] device hsr_slave_0 entered promiscuous mode [ 1764.158379][ T1678] device hsr_slave_1 entered promiscuous mode [ 1764.178038][ T1678] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1764.203529][ T1678] Cannot create hsr debugfs directory [ 1764.609663][ T1724] netlink: 'syz.3.9763': attribute type 10 has an invalid length. [ 1764.618337][ T1724] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9763'. [ 1764.749077][ T1724] device team0 entered promiscuous mode [ 1764.865292][ T1724] device team_slave_0 entered promiscuous mode [ 1764.958379][ T1724] device team_slave_1 entered promiscuous mode [ 1765.018698][ T1724] bridge0: port 4(team0) entered blocking state [ 1765.080159][ T1724] bridge0: port 4(team0) entered disabled state [ 1765.206438][ T1724] bridge0: port 4(team0) entered blocking state [ 1765.212944][ T1724] bridge0: port 4(team0) entered listening state [ 1765.347024][ T1733] netlink: 'syz.2.9764': attribute type 10 has an invalid length. [ 1765.365850][ T1733] device netdevsim0 entered promiscuous mode [ 1765.798517][ T4288] Bluetooth: hci3: command 0x041b tx timeout [ 1766.915601][ T1678] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1767.008346][ T1678] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1767.878580][ T4288] Bluetooth: hci3: command 0x040f tx timeout [ 1767.940221][ T1678] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1768.073337][ T1678] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1768.441431][ T1678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1768.477408][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1768.492597][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1768.508208][ T1678] 8021q: adding VLAN 0 to HW filter on device team0 [ 1768.554646][T20472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1768.584171][T20472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1768.604292][T20472] bridge0: port 1(bridge_slave_0) entered blocking state [ 1768.611552][T20472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1768.650235][T20472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1768.675211][T20472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1768.696437][T20472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1768.716857][T20472] bridge0: port 2(bridge_slave_1) entered blocking state [ 1768.724158][T20472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1768.777611][T20472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1768.824528][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1768.869238][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1768.897978][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1768.919950][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1768.987570][ T1678] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1769.018628][ T1678] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1769.053054][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1769.073175][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1769.109891][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1769.124107][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1769.134928][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1769.167325][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1769.183525][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1769.959338][ T4288] Bluetooth: hci3: command 0x0419 tx timeout [ 1770.046157][ T1779] netlink: 'syz.4.9778': attribute type 21 has an invalid length. [ 1770.054630][ T1779] netlink: 156 bytes leftover after parsing attributes in process `syz.4.9778'. [ 1770.086660][ T1790] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.9780'. [ 1770.715984][ T1802] netlink: 'syz.4.9784': attribute type 10 has an invalid length. [ 1770.801694][ T1802] team0: Device veth1_vlan failed to register rx_handler [ 1771.370957][ T1678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1771.391013][T20484] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1771.408061][T20484] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1771.444994][ T1817] netlink: 'syz.4.9787': attribute type 10 has an invalid length. [ 1771.464689][ T1817] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9787'. [ 1771.499707][ T1817] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1771.595468][ T1810] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9786'. [ 1771.621410][ T1810] tc_dump_action: action bad kind [ 1772.085692][ T1833] FAULT_INJECTION: forcing a failure. [ 1772.085692][ T1833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1772.301448][ T1833] CPU: 1 PID: 1833 Comm: syz.0.9791 Not tainted syzkaller #0 [ 1772.308934][ T1833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1772.319052][ T1833] Call Trace: [ 1772.322382][ T1833] [ 1772.325365][ T1833] dump_stack_lvl+0x188/0x24e [ 1772.330108][ T1833] ? show_regs_print_info+0x12/0x12 [ 1772.335361][ T1833] ? load_image+0x400/0x400 [ 1772.339932][ T1833] ? __might_fault+0xa6/0x120 [ 1772.344677][ T1833] should_fail_ex+0x399/0x4d0 [ 1772.349946][ T1833] copyin+0x1b/0x120 [ 1772.353894][ T1833] _copy_from_iter+0x447/0x1130 [ 1772.358844][ T1833] ? copyout_mc+0x110/0x110 [ 1772.363403][ T1833] ? __virt_addr_valid+0x188/0x540 [ 1772.368592][ T1833] ? __virt_addr_valid+0x188/0x540 [ 1772.373767][ T1833] ? __virt_addr_valid+0x465/0x540 [ 1772.378935][ T1833] ? __check_object_size+0x500/0xa40 [ 1772.384307][ T1833] pfkey_sendmsg+0x1ff/0x1090 [ 1772.389054][ T1833] ? __might_sleep+0xd0/0xd0 [ 1772.393721][ T1833] ? pfkey_release+0x310/0x310 [ 1772.398550][ T1833] ? aa_sk_perm+0x81f/0x950 [ 1772.403126][ T1833] ? __might_fault+0xa6/0x120 [ 1772.407870][ T1833] ? aa_af_perm+0x340/0x340 [ 1772.412431][ T1833] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 1772.418943][ T1833] ? aa_sock_msg_perm+0x94/0x150 [ 1772.423939][ T1833] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1772.429277][ T1833] ? security_socket_sendmsg+0x7c/0xa0 [ 1772.434798][ T1833] ? pfkey_release+0x310/0x310 [ 1772.439618][ T1833] ____sys_sendmsg+0x5be/0x970 [ 1772.444443][ T1833] ? __sys_sendmsg_sock+0x30/0x30 [ 1772.449517][ T1833] ? __import_iovec+0x315/0x500 [ 1772.454443][ T1833] ? import_iovec+0x6f/0xa0 [ 1772.459006][ T1833] ___sys_sendmsg+0x2a2/0x360 [ 1772.463781][ T1833] ? __sys_sendmsg+0x290/0x290 [ 1772.468611][ T1833] ? __lock_acquire+0x7d10/0x7d10 [ 1772.473735][ T1833] __se_sys_sendmsg+0x1bb/0x2a0 [ 1772.478641][ T1833] ? __x64_sys_sendmsg+0x80/0x80 [ 1772.483656][ T1833] ? lockdep_hardirqs_on+0x94/0x140 [ 1772.488952][ T1833] do_syscall_64+0x4c/0xa0 [ 1772.493423][ T1833] ? clear_bhb_loop+0x60/0xb0 [ 1772.498158][ T1833] ? clear_bhb_loop+0x60/0xb0 [ 1772.502898][ T1833] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1772.508846][ T1833] RIP: 0033:0x7f03c759ce59 [ 1772.513400][ T1833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1772.533059][ T1833] RSP: 002b:00007f03c83ff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1772.541961][ T1833] RAX: ffffffffffffffda RBX: 00007f03c7815fa0 RCX: 00007f03c759ce59 [ 1772.549984][ T1833] RDX: 0000000000000000 RSI: 0000200000003780 RDI: 0000000000000003 [ 1772.558025][ T1833] RBP: 00007f03c83ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1772.566068][ T1833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1772.574085][ T1833] R13: 00007f03c7816038 R14: 00007f03c7815fa0 R15: 00007ffffb1fdef8 [ 1772.582125][ T1833] [ 1772.973330][T20480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1773.019637][T20480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1773.075462][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1773.097747][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1773.133289][ T1678] device veth0_vlan entered promiscuous mode [ 1773.149464][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1773.178135][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1773.224242][ T1678] device veth1_vlan entered promiscuous mode [ 1773.307274][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1773.332917][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1773.359984][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1773.390401][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1773.424414][ T1678] device veth0_macvtap entered promiscuous mode [ 1773.445234][ T1678] device veth1_macvtap entered promiscuous mode [ 1773.513071][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1773.524372][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1773.553761][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1773.574684][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1773.607406][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1773.633410][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1773.668483][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1773.686581][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1773.714222][ T1678] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1773.732539][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1773.743007][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1773.768309][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1773.799998][T19607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1773.853606][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1773.884153][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1773.908732][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1773.931669][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1773.950356][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1773.974185][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1773.994903][ T1678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1774.018510][ T1678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1774.047427][ T1678] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1774.079963][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1774.101236][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1774.135590][ T1864] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9800'. [ 1774.169249][ T1864] tc_dump_action: action bad kind [ 1774.178132][ T1678] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1774.207021][ T1678] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1774.248530][ T1678] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1774.257322][ T1678] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1774.577375][T20486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1774.626380][T20486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1774.672182][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1774.787171][T20486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1774.807670][T20486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1774.828336][T20486] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1775.729747][ T1891] netlink: 'syz.5.9742': attribute type 21 has an invalid length. [ 1775.799345][ T1891] netlink: 156 bytes leftover after parsing attributes in process `syz.5.9742'. [ 1775.941783][ T1897] netlink: 'syz.4.9808': attribute type 1 has an invalid length. [ 1775.982192][ T1897] netlink: 'syz.4.9808': attribute type 3 has an invalid length. [ 1775.997302][ T1897] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9808'. [ 1778.413943][ T1913] netlink: 'syz.0.9811': attribute type 21 has an invalid length. [ 1778.428194][ T1913] netlink: 156 bytes leftover after parsing attributes in process `syz.0.9811'. [ 1778.450193][ T1916] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9812'. [ 1778.598818][ T1916] tc_dump_action: action bad kind [ 1778.620722][ T1917] netlink: 'syz.5.9813': attribute type 21 has an invalid length. [ 1778.636006][ T1917] netlink: 156 bytes leftover after parsing attributes in process `syz.5.9813'. [ 1779.238541][ C1] bridge0: port 3(dummy0) entered forwarding state [ 1779.245206][ C1] bridge0: topology change detected, propagating [ 1780.407261][ T1944] netlink: 'syz.3.9822': attribute type 21 has an invalid length. [ 1780.464613][ T1944] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9822'. [ 1780.519701][ C0] bridge0: port 4(team0) entered learning state [ 1780.738087][ T1957] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9826'. [ 1780.757621][ T1957] tc_dump_action: action bad kind [ 1781.677521][ T1968] netlink: 'syz.2.9831': attribute type 21 has an invalid length. [ 1781.820016][ T1968] netlink: 156 bytes leftover after parsing attributes in process `syz.2.9831'. [ 1782.484563][ T1984] netlink: 'syz.5.9836': attribute type 1 has an invalid length. [ 1782.524400][ T1984] netlink: 127868 bytes leftover after parsing attributes in process `syz.5.9836'. [ 1782.566332][ T1985] netlink: 'syz.5.9836': attribute type 29 has an invalid length. [ 1782.596698][ T1985] netlink: 'syz.5.9836': attribute type 29 has an invalid length. [ 1782.627882][ T1984] netlink: 60 bytes leftover after parsing attributes in process `syz.5.9836'. [ 1783.365881][ T1989] FAULT_INJECTION: forcing a failure. [ 1783.365881][ T1989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1783.550150][ T1989] CPU: 0 PID: 1989 Comm: syz.3.9838 Not tainted syzkaller #0 [ 1783.557698][ T1989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1783.567810][ T1989] Call Trace: [ 1783.571177][ T1989] [ 1783.574170][ T1989] dump_stack_lvl+0x188/0x24e [ 1783.578913][ T1989] ? show_regs_print_info+0x12/0x12 [ 1783.584237][ T1989] ? load_image+0x400/0x400 [ 1783.588863][ T1989] ? asm_sysvec_call_function_single+0x16/0x20 [ 1783.595095][ T1989] should_fail_ex+0x399/0x4d0 [ 1783.599834][ T1989] _copy_to_user+0x2c/0x130 [ 1783.604404][ T1989] bpf_test_finish+0x198/0x600 [ 1783.609253][ T1989] ? dst_hold+0xb0/0xb0 [ 1783.613462][ T1989] ? convert_skb_to___skb+0x420/0x420 [ 1783.618884][ T1989] bpf_prog_test_run_xdp+0x80a/0xf10 [ 1783.624232][ T1989] ? dev_put+0x80/0x80 [ 1783.628363][ T1989] ? dev_put+0x80/0x80 [ 1783.632482][ T1989] bpf_prog_test_run+0x31e/0x390 [ 1783.637468][ T1989] __sys_bpf+0x62b/0x780 [ 1783.641804][ T1989] ? bpf_link_show_fdinfo+0x380/0x380 [ 1783.647262][ T1989] ? lock_chain_count+0x20/0x20 [ 1783.652162][ T1989] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1783.658206][ T1989] __x64_sys_bpf+0x78/0x90 [ 1783.662671][ T1989] do_syscall_64+0x4c/0xa0 [ 1783.667122][ T1989] ? clear_bhb_loop+0x60/0xb0 [ 1783.671862][ T1989] ? clear_bhb_loop+0x60/0xb0 [ 1783.676971][ T1989] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1783.682920][ T1989] RIP: 0033:0x7f6f9d79ce59 [ 1783.687378][ T1989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1783.707027][ T1989] RSP: 002b:00007f6f9e618028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1783.715507][ T1989] RAX: ffffffffffffffda RBX: 00007f6f9da16090 RCX: 00007f6f9d79ce59 [ 1783.723517][ T1989] RDX: 0000000000000050 RSI: 0000200000000200 RDI: 000000000000000a [ 1783.731522][ T1989] RBP: 00007f6f9e618090 R08: 0000000000000000 R09: 0000000000000000 [ 1783.739529][ T1989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1783.747555][ T1989] R13: 00007f6f9da16128 R14: 00007f6f9da16090 R15: 00007ffdf21ec258 [ 1783.755693][ T1989] [ 1784.068405][ T2000] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9843'. [ 1784.090013][ T2000] tc_dump_action: action bad kind [ 1785.946989][ T2022] netlink: 126288 bytes leftover after parsing attributes in process `syz.4.9849'. [ 1786.405749][ T2034] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1787.587206][ T2047] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9856'. [ 1787.615589][ T2047] tc_dump_action: action bad kind [ 1787.910210][ T2054] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.9860'. [ 1788.031392][ T2060] netlink: 'syz.5.9861': attribute type 11 has an invalid length. [ 1788.076731][ T2060] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.9861'. [ 1788.124819][ T2060] netlink: 'syz.5.9861': attribute type 3 has an invalid length. [ 1788.174545][ T2060] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.9861'. [ 1788.211893][ T2065] FAULT_INJECTION: forcing a failure. [ 1788.211893][ T2065] name failslab, interval 1, probability 0, space 0, times 0 [ 1788.243888][ T2059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1788.288988][ T2065] CPU: 0 PID: 2065 Comm: syz.0.9872 Not tainted syzkaller #0 [ 1788.296508][ T2065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1788.306651][ T2065] Call Trace: [ 1788.310271][ T2065] [ 1788.313288][ T2065] dump_stack_lvl+0x188/0x24e [ 1788.318071][ T2065] ? show_regs_print_info+0x12/0x12 [ 1788.323365][ T2065] ? load_image+0x400/0x400 [ 1788.327972][ T2065] ? perf_trace_lock+0x301/0x390 [ 1788.333040][ T2065] should_fail_ex+0x399/0x4d0 [ 1788.337823][ T2065] should_failslab+0x5/0x20 [ 1788.342451][ T2065] slab_pre_alloc_hook+0x59/0x310 [ 1788.347598][ T2065] kmem_cache_alloc+0x56/0x2f0 [ 1788.352448][ T2065] ? skb_clone+0x1e7/0x370 [ 1788.356981][ T2065] skb_clone+0x1e7/0x370 [ 1788.361329][ T2065] __netlink_deliver_tap+0x3ed/0x800 [ 1788.366727][ T2065] ? netlink_deliver_tap+0x2e/0x1b0 [ 1788.372064][ T2065] netlink_deliver_tap+0x19c/0x1b0 [ 1788.377333][ T2065] netlink_dump+0x832/0xd00 [ 1788.381926][ T2065] ? netlink_lookup+0x200/0x200 [ 1788.386858][ T2065] ? netlink_lookup+0x30/0x200 [ 1788.391693][ T2065] ? netlink_lookup+0x30/0x200 [ 1788.396546][ T2065] __netlink_dump_start+0x537/0x6f0 [ 1788.401829][ T2065] unix_diag_handler_dump+0x1ad/0x910 [ 1788.407280][ T2065] ? sock_diag_lock_handler+0x19/0x280 [ 1788.412808][ T2065] ? __lock_acquire+0x7d10/0x7d10 [ 1788.417906][ T2065] ? __unix_recvmsg+0xb0/0xb0 [ 1788.422641][ T2065] ? __mutex_trylock_common+0x155/0x260 [ 1788.428254][ T2065] ? unix_diag_handler_dump+0x910/0x910 [ 1788.433884][ T2065] ? sock_diag_lock_handler+0x19/0x280 [ 1788.439399][ T2065] ? sock_diag_lock_handler+0x19/0x280 [ 1788.444922][ T2065] ? __unix_recvmsg+0xb0/0xb0 [ 1788.449681][ T2065] sock_diag_rcv_msg+0x3cc/0x5f0 [ 1788.454700][ T2065] netlink_rcv_skb+0x1fb/0x450 [ 1788.459531][ T2065] ? sock_diag_bind+0xa0/0xa0 [ 1788.464288][ T2065] ? netlink_ack+0x1170/0x1170 [ 1788.469171][ T2065] ? netlink_deliver_tap+0x2e/0x1b0 [ 1788.474441][ T2065] sock_diag_rcv+0x26/0x40 [ 1788.478931][ T2065] netlink_unicast+0x74d/0x8d0 [ 1788.483782][ T2065] netlink_sendmsg+0x8ad/0xbd0 [ 1788.488644][ T2065] ? netlink_getsockopt+0x550/0x550 [ 1788.493966][ T2065] ? aa_sock_msg_perm+0x94/0x150 [ 1788.498980][ T2065] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1788.504325][ T2065] ? security_socket_sendmsg+0x7c/0xa0 [ 1788.509849][ T2065] ? netlink_getsockopt+0x550/0x550 [ 1788.515106][ T2065] ____sys_sendmsg+0x5be/0x970 [ 1788.519957][ T2065] ? __sys_sendmsg_sock+0x30/0x30 [ 1788.525035][ T2065] ? __import_iovec+0x315/0x500 [ 1788.529972][ T2065] ? import_iovec+0x6f/0xa0 [ 1788.534543][ T2065] ___sys_sendmsg+0x2a2/0x360 [ 1788.539294][ T2065] ? __sys_sendmsg+0x290/0x290 [ 1788.544175][ T2065] ? __lock_acquire+0x7d10/0x7d10 [ 1788.549337][ T2065] __se_sys_sendmsg+0x1bb/0x2a0 [ 1788.554262][ T2065] ? __x64_sys_sendmsg+0x80/0x80 [ 1788.559560][ T2065] ? lockdep_hardirqs_on+0x94/0x140 [ 1788.565356][ T2065] do_syscall_64+0x4c/0xa0 [ 1788.569825][ T2065] ? clear_bhb_loop+0x60/0xb0 [ 1788.574564][ T2065] ? clear_bhb_loop+0x60/0xb0 [ 1788.579308][ T2065] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1788.585357][ T2065] RIP: 0033:0x7f03c759ce59 [ 1788.589870][ T2065] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1788.609640][ T2065] RSP: 002b:00007f03c83ff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1788.618124][ T2065] RAX: ffffffffffffffda RBX: 00007f03c7815fa0 RCX: 00007f03c759ce59 [ 1788.626159][ T2065] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000005 [ 1788.634186][ T2065] RBP: 00007f03c83ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1788.642213][ T2065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1788.650241][ T2065] R13: 00007f03c7816038 R14: 00007f03c7815fa0 R15: 00007ffffb1fdef8 [ 1788.658336][ T2065] [ 1789.457253][ T2070] netlink: 'syz.2.9863': attribute type 10 has an invalid length. [ 1789.629720][ T2082] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.9868'. [ 1789.690032][ T2082] netlink: zone id is out of range [ 1789.708869][ T2082] netlink: zone id is out of range [ 1789.729062][ T2082] netlink: zone id is out of range [ 1789.748980][ T2082] netlink: zone id is out of range [ 1789.773167][ T2082] netlink: zone id is out of range [ 1789.797999][ T2082] netlink: zone id is out of range [ 1789.818852][ T2082] netlink: zone id is out of range [ 1789.838929][ T2082] netlink: zone id is out of range [ 1789.849076][ T2082] netlink: zone id is out of range [ 1789.875446][ T2082] netlink: zone id is out of range [ 1790.097121][ T2087] netlink: 'syz.5.9869': attribute type 7 has an invalid length. [ 1790.147181][ T2087] netlink: 'syz.5.9869': attribute type 21 has an invalid length. [ 1790.174459][ T2087] netlink: 'syz.5.9869': attribute type 6 has an invalid length. [ 1790.469812][ T2093] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.9870'. [ 1790.858834][ T2106] netlink: 'syz.0.9877': attribute type 2 has an invalid length. [ 1790.867066][ T2106] netlink: 17267 bytes leftover after parsing attributes in process `syz.0.9877'. [ 1791.310036][ T2113] netlink: 'syz.2.9880': attribute type 21 has an invalid length. [ 1791.339067][ T2113] netlink: 156 bytes leftover after parsing attributes in process `syz.2.9880'. [ 1792.539711][ T2135] netlink: 156 bytes leftover after parsing attributes in process `syz.5.9890'. [ 1794.090771][ T2151] mac80211_hwsim hwsim277 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1794.127937][ T2156] netlink: 'syz.3.9895': attribute type 11 has an invalid length. [ 1794.205647][ T2156] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.9895'. [ 1794.319720][ T2152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1794.439046][ T2162] netlink: 'syz.2.9897': attribute type 21 has an invalid length. [ 1794.460358][ T2162] netlink: 156 bytes leftover after parsing attributes in process `syz.2.9897'. [ 1794.549039][ T2169] netlink: 'syz.5.9900': attribute type 4 has an invalid length. [ 1794.556884][ T2169] netlink: 152 bytes leftover after parsing attributes in process `syz.5.9900'. [ 1795.880199][ C0] bridge0: port 4(team0) entered forwarding state [ 1795.886858][ C0] bridge0: topology change detected, propagating [ 1796.209046][T20486] wlan1: Trigger new scan to find an IBSS to join [ 1796.576949][ T2207] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.9914'. [ 1796.611368][ T2207] net_ratelimit: 288 callbacks suppressed [ 1796.611436][ T2207] netlink: zone id is out of range [ 1796.682547][ T2207] netlink: zone id is out of range [ 1796.758366][ T2207] netlink: zone id is out of range [ 1796.785161][ T2207] netlink: zone id is out of range [ 1796.818187][ T2207] netlink: zone id is out of range [ 1796.824961][ T2207] netlink: zone id is out of range [ 1796.847969][ T2207] netlink: zone id is out of range [ 1796.854773][ T2207] netlink: zone id is out of range [ 1796.878932][ T2207] netlink: zone id is out of range [ 1796.897111][ T2207] netlink: zone id is out of range [ 1796.995547][ T2211] netlink: 'syz.0.9917': attribute type 21 has an invalid length. [ 1797.038858][ T2211] netlink: 156 bytes leftover after parsing attributes in process `syz.0.9917'. [ 1797.162928][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1797.169380][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1797.840156][ T2231] netlink: 10 bytes leftover after parsing attributes in process `syz.0.9926'. [ 1798.235840][ T2243] netlink: 'syz.4.9928': attribute type 11 has an invalid length. [ 1798.258707][ T2243] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.9928'. [ 1798.309436][ T2241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1798.582905][ T2252] netlink: 'syz.5.9931': attribute type 10 has an invalid length. [ 1798.618512][ T2252] bridge0: port 2(bridge_slave_1) entered disabled state [ 1798.629320][ T2252] bridge0: port 1(bridge_slave_0) entered disabled state [ 1798.763549][ T2252] bridge0: port 2(bridge_slave_1) entered blocking state [ 1798.772093][ T2252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1798.783298][ T2252] bridge0: port 1(bridge_slave_0) entered blocking state [ 1798.791198][ T2252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1798.903289][ T2252] team0: Port device bridge0 added [ 1798.936725][ T2254] netlink: 'syz.4.9932': attribute type 21 has an invalid length. [ 1798.964933][ T2254] netlink: 156 bytes leftover after parsing attributes in process `syz.4.9932'. [ 1799.100830][ T2261] netlink: 126288 bytes leftover after parsing attributes in process `syz.2.9933'. [ 1799.155763][ T2271] netlink: 'syz.3.9937': attribute type 27 has an invalid length. [ 1799.269881][ T2271] netlink: 'syz.3.9937': attribute type 4 has an invalid length. [ 1799.391077][ T2278] netlink: 'syz.4.9939': attribute type 11 has an invalid length. [ 1799.418718][ T2271] netlink: 152 bytes leftover after parsing attributes in process `syz.3.9937'. [ 1799.477871][ T2278] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.9939'. [ 1799.574098][ T2274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1800.688201][ T2301] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9947'. [ 1801.239334][T20472] wlan1: Trigger new scan to find an IBSS to join [ 1802.177426][T20486] wlan1: Creating new IBSS network, BSSID b2:73:01:e3:06:b0 [ 1802.259758][ T2330] netlink: 'syz.4.9956': attribute type 21 has an invalid length. [ 1802.361490][ T2330] netlink: 156 bytes leftover after parsing attributes in process `syz.4.9956'. [ 1802.653897][ T2339] netlink: 'syz.0.9958': attribute type 27 has an invalid length. [ 1802.692695][ T2339] netlink: 'syz.0.9958': attribute type 4 has an invalid length. [ 1802.754014][ T2339] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9958'. [ 1803.438194][ T2357] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.9962'. [ 1803.668886][ T2357] net_ratelimit: 288 callbacks suppressed [ 1803.668909][ T2357] netlink: zone id is out of range [ 1803.818166][ T2357] netlink: zone id is out of range [ 1803.948818][ T2357] netlink: zone id is out of range [ 1803.989176][ T2357] netlink: zone id is out of range [ 1803.994788][ T2357] netlink: zone id is out of range [ 1804.108658][ T2357] netlink: zone id is out of range [ 1804.113902][ T2357] netlink: zone id is out of range [ 1804.219977][ T2357] netlink: zone id is out of range [ 1804.225212][ T2357] netlink: zone id is out of range [ 1804.257789][ T2369] netlink: 'syz.0.9967': attribute type 10 has an invalid length. [ 1804.276427][ T2369] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9967'. [ 1804.297098][ T2369] bridge0: port 3(team0) entered blocking state [ 1804.303742][ T2357] netlink: zone id is out of range [ 1804.325454][ T2369] bridge0: port 3(team0) entered disabled state [ 1804.348840][ T2369] device team0 entered promiscuous mode [ 1804.366486][ T2369] device team_slave_0 entered promiscuous mode [ 1804.381073][ T2369] device team_slave_1 entered promiscuous mode [ 1804.397950][ T2369] bridge0: port 3(team0) entered blocking state [ 1804.404558][ T2369] bridge0: port 3(team0) entered forwarding state [ 1804.424707][ T2370] netlink: 'syz.3.9966': attribute type 10 has an invalid length. [ 1804.458866][ T2370] netlink: 2 bytes leftover after parsing attributes in process `syz.3.9966'. [ 1804.900301][ T2383] netlink: 'syz.3.9971': attribute type 21 has an invalid length. [ 1804.920464][ T2383] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9971'. [ 1804.960539][ T2385] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9973'. [ 1805.436522][ T2406] netlink: 'syz.2.9977': attribute type 10 has an invalid length. [ 1805.492419][ T2406] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9977'. [ 1805.631050][ T2406] device team0 entered promiscuous mode [ 1805.688776][ T2406] device team_slave_0 entered promiscuous mode [ 1805.780302][ T2406] device team_slave_1 entered promiscuous mode [ 1806.095135][ T2406] 8021q: adding VLAN 0 to HW filter on device team0 [ 1806.540704][ T2406] bond0: (slave team0): Releasing backup interface [ 1806.853009][ T2417] netlink: 'syz.5.9980': attribute type 27 has an invalid length. [ 1806.869190][ T2417] netlink: 'syz.5.9980': attribute type 4 has an invalid length. [ 1806.898165][ T2417] netlink: 152 bytes leftover after parsing attributes in process `syz.5.9980'. [ 1807.799417][ T2448] netlink: 'syz.2.9990': attribute type 3 has an invalid length. [ 1807.918732][ T2448] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.9990'. [ 1809.112198][ T2488] netlink: 'syz.0.10003': attribute type 2 has an invalid length. [ 1809.148731][ T2488] netlink: 'syz.0.10003': attribute type 8 has an invalid length. [ 1809.157194][ T2488] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10003'. [ 1809.735454][ T2514] netlink: 'syz.0.10007': attribute type 10 has an invalid length. [ 1809.794509][ T2514] bridge0: port 3(team0) entered disabled state [ 1809.803219][ T2514] bridge0: port 2(bridge_slave_1) entered disabled state [ 1809.813787][ T2514] bridge0: port 1(bridge_slave_0) entered disabled state [ 1809.955590][ T2514] team0: Device bridge0 is already an upper device of the team interface [ 1810.257638][ T2528] netlink: 'syz.3.10013': attribute type 10 has an invalid length. [ 1810.281135][ T2528] device hsr0 entered promiscuous mode [ 1810.346676][ T2528] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1810.419154][ T2528] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 1810.473926][ T2528] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1810.532438][ T2528] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 1811.434260][ T2563] netlink: 'syz.0.10020': attribute type 39 has an invalid length. [ 1812.203747][ T2577] netlink: 'syz.2.10027': attribute type 10 has an invalid length. [ 1813.515298][ T2615] netlink: 'syz.3.10048': attribute type 21 has an invalid length. [ 1813.631205][ T2623] netlink: 'syz.2.10039': attribute type 17 has an invalid length. [ 1813.669679][ T2623] netlink: 'syz.2.10039': attribute type 16 has an invalid length. [ 1813.698028][ T2623] netlink: 152 bytes leftover after parsing attributes in process `syz.2.10039'. [ 1813.877086][ T2629] FAULT_INJECTION: forcing a failure. [ 1813.877086][ T2629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1813.937219][ T2629] CPU: 1 PID: 2629 Comm: syz.0.10040 Not tainted syzkaller #0 [ 1813.944792][ T2629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1813.954907][ T2629] Call Trace: [ 1813.958235][ T2629] [ 1813.961215][ T2629] dump_stack_lvl+0x188/0x24e [ 1813.965959][ T2629] ? show_regs_print_info+0x12/0x12 [ 1813.971208][ T2629] ? load_image+0x400/0x400 [ 1813.975783][ T2629] ? __lock_acquire+0x7d10/0x7d10 [ 1813.980871][ T2629] ? __kmem_cache_alloc_node+0x140/0x260 [ 1813.986567][ T2629] ? __virt_addr_valid+0x188/0x540 [ 1813.991759][ T2629] should_fail_ex+0x399/0x4d0 [ 1813.996550][ T2629] _copy_from_user+0x2c/0x170 [ 1814.001295][ T2629] map_update_elem+0x454/0x680 [ 1814.006131][ T2629] __sys_bpf+0x4ec/0x780 [ 1814.010442][ T2629] ? bpf_link_show_fdinfo+0x380/0x380 [ 1814.015900][ T2629] ? lock_chain_count+0x20/0x20 [ 1814.020828][ T2629] __x64_sys_bpf+0x78/0x90 [ 1814.025307][ T2629] do_syscall_64+0x4c/0xa0 [ 1814.029774][ T2629] ? clear_bhb_loop+0x60/0xb0 [ 1814.034619][ T2629] ? clear_bhb_loop+0x60/0xb0 [ 1814.039378][ T2629] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1814.045336][ T2629] RIP: 0033:0x7f03c759ce59 [ 1814.049809][ T2629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1814.069473][ T2629] RSP: 002b:00007f03c83ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1814.077951][ T2629] RAX: ffffffffffffffda RBX: 00007f03c7815fa0 RCX: 00007f03c759ce59 [ 1814.085982][ T2629] RDX: 0000000000000022 RSI: 0000200000000100 RDI: 0000000000000002 [ 1814.094023][ T2629] RBP: 00007f03c83ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1814.102048][ T2629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1814.110076][ T2629] R13: 00007f03c7816038 R14: 00007f03c7815fa0 R15: 00007ffffb1fdef8 [ 1814.118115][ T2629] [ 1814.731015][ T2642] netlink: 'syz.5.10043': attribute type 10 has an invalid length. [ 1814.757782][ T2642] device hsr0 entered promiscuous mode [ 1814.854574][ T2642] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1814.898623][ T2642] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 1814.942965][ T2642] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1815.000276][ T2642] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 1815.169318][ T2671] netlink: 'syz.4.10054': attribute type 10 has an invalid length. [ 1815.178771][ T2669] FAULT_INJECTION: forcing a failure. [ 1815.178771][ T2669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1815.195446][ T2669] CPU: 0 PID: 2669 Comm: syz.3.10053 Not tainted syzkaller #0 [ 1815.202991][ T2669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1815.213121][ T2669] Call Trace: [ 1815.216457][ T2669] [ 1815.219448][ T2669] dump_stack_lvl+0x188/0x24e [ 1815.224197][ T2669] ? show_regs_print_info+0x12/0x12 [ 1815.229456][ T2669] ? load_image+0x400/0x400 [ 1815.234044][ T2669] ? __lock_acquire+0x7d10/0x7d10 [ 1815.239165][ T2669] should_fail_ex+0x399/0x4d0 [ 1815.243924][ T2669] _copy_from_user+0x2c/0x170 [ 1815.248677][ T2669] iovec_from_user+0x143/0x360 [ 1815.253516][ T2669] __import_iovec+0x6d/0x500 [ 1815.258195][ T2669] import_iovec+0x6f/0xa0 [ 1815.262594][ T2669] ___sys_sendmsg+0x252/0x360 [ 1815.267357][ T2669] ? __sys_sendmsg+0x290/0x290 [ 1815.272231][ T2669] ? __lock_acquire+0x7d10/0x7d10 [ 1815.277383][ T2669] __se_sys_sendmsg+0x1bb/0x2a0 [ 1815.282355][ T2669] ? __x64_sys_sendmsg+0x80/0x80 [ 1815.287388][ T2669] ? lockdep_hardirqs_on+0x94/0x140 [ 1815.292685][ T2669] do_syscall_64+0x4c/0xa0 [ 1815.297190][ T2669] ? clear_bhb_loop+0x60/0xb0 [ 1815.301985][ T2669] ? clear_bhb_loop+0x60/0xb0 [ 1815.306826][ T2669] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1815.312804][ T2669] RIP: 0033:0x7f6f9d79ce59 [ 1815.317306][ T2669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1815.336979][ T2669] RSP: 002b:00007f6f9e639028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1815.345473][ T2669] RAX: ffffffffffffffda RBX: 00007f6f9da15fa0 RCX: 00007f6f9d79ce59 [ 1815.353514][ T2669] RDX: 0000000024000000 RSI: 00002000000001c0 RDI: 000000000000000f [ 1815.361559][ T2669] RBP: 00007f6f9e639090 R08: 0000000000000000 R09: 0000000000000000 [ 1815.369599][ T2669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1815.377727][ T2669] R13: 00007f6f9da16038 R14: 00007f6f9da15fa0 R15: 00007ffdf21ec258 [ 1815.385811][ T2669] [ 1815.570012][ T2671] device team_slave_0 left promiscuous mode [ 1815.615607][ T2671] team0 (unregistering): Port device team_slave_0 removed [ 1815.652289][ T2671] device team_slave_1 left promiscuous mode [ 1815.762741][ T2671] team0 (unregistering): Port device team_slave_1 removed [ 1816.341025][ T2692] netlink: 'syz.4.10059': attribute type 21 has an invalid length. [ 1816.385478][ T2692] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10059'. [ 1816.664792][ T2707] netlink: 168 bytes leftover after parsing attributes in process `syz.0.10064'. [ 1816.771977][ T2709] netlink: 'syz.4.10065': attribute type 10 has an invalid length. [ 1816.837922][ T2709] device hsr0 entered promiscuous mode [ 1816.920054][ T2709] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1816.972273][ T2709] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 1817.055957][ T2709] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1817.131678][ T2709] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 1820.272965][ T2741] FAULT_INJECTION: forcing a failure. [ 1820.272965][ T2741] name failslab, interval 1, probability 0, space 0, times 0 [ 1820.345776][ T2741] CPU: 0 PID: 2741 Comm: syz.2.10072 Not tainted syzkaller #0 [ 1820.353343][ T2741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1820.363459][ T2741] Call Trace: [ 1820.366783][ T2741] [ 1820.369760][ T2741] dump_stack_lvl+0x188/0x24e [ 1820.374515][ T2741] ? show_regs_print_info+0x12/0x12 [ 1820.379772][ T2741] ? load_image+0x400/0x400 [ 1820.384343][ T2741] ? verify_lock_unused+0x140/0x140 [ 1820.389617][ T2741] should_fail_ex+0x399/0x4d0 [ 1820.394353][ T2741] should_failslab+0x5/0x20 [ 1820.398912][ T2741] slab_pre_alloc_hook+0x59/0x310 [ 1820.404009][ T2741] kmem_cache_alloc+0x56/0x2f0 [ 1820.408854][ T2741] ? skb_clone+0x1e7/0x370 [ 1820.413333][ T2741] skb_clone+0x1e7/0x370 [ 1820.417636][ T2741] __netlink_deliver_tap+0x3ed/0x800 [ 1820.423004][ T2741] ? netlink_deliver_tap+0x2e/0x1b0 [ 1820.428273][ T2741] netlink_deliver_tap+0x19c/0x1b0 [ 1820.433447][ T2741] netlink_unicast+0x728/0x8d0 [ 1820.438282][ T2741] netlink_sendmsg+0x8ad/0xbd0 [ 1820.443111][ T2741] ? netlink_getsockopt+0x550/0x550 [ 1820.448372][ T2741] ? aa_sock_msg_perm+0x94/0x150 [ 1820.453364][ T2741] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1820.458713][ T2741] ? security_socket_sendmsg+0x7c/0xa0 [ 1820.464225][ T2741] ? netlink_getsockopt+0x550/0x550 [ 1820.469483][ T2741] ____sys_sendmsg+0x5be/0x970 [ 1820.474309][ T2741] ? __sys_sendmsg_sock+0x30/0x30 [ 1820.479384][ T2741] ? __import_iovec+0x315/0x500 [ 1820.484299][ T2741] ? import_iovec+0x6f/0xa0 [ 1820.488901][ T2741] ___sys_sendmsg+0x2a2/0x360 [ 1820.493644][ T2741] ? __sys_sendmsg+0x290/0x290 [ 1820.498486][ T2741] ? __lock_acquire+0x7d10/0x7d10 [ 1820.503617][ T2741] __se_sys_sendmsg+0x1bb/0x2a0 [ 1820.508549][ T2741] ? __x64_sys_sendmsg+0x80/0x80 [ 1820.513560][ T2741] ? lockdep_hardirqs_on+0x94/0x140 [ 1820.518823][ T2741] do_syscall_64+0x4c/0xa0 [ 1820.523299][ T2741] ? clear_bhb_loop+0x60/0xb0 [ 1820.528077][ T2741] ? clear_bhb_loop+0x60/0xb0 [ 1820.532824][ T2741] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1820.538796][ T2741] RIP: 0033:0x7f11ef19ce59 [ 1820.543265][ T2741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1820.562929][ T2741] RSP: 002b:00007f11efff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1820.571412][ T2741] RAX: ffffffffffffffda RBX: 00007f11ef415fa0 RCX: 00007f11ef19ce59 [ 1820.579444][ T2741] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000003 [ 1820.587456][ T2741] RBP: 00007f11efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1820.595521][ T2741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1820.603545][ T2741] R13: 00007f11ef416038 R14: 00007f11ef415fa0 R15: 00007fff942642c8 [ 1820.611639][ T2741] [ 1821.108802][ T2763] netlink: 'syz.3.10080': attribute type 1 has an invalid length. [ 1821.159608][ T2763] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10080'. [ 1821.211266][ T2763] netlink: 'syz.3.10080': attribute type 3 has an invalid length. [ 1821.302941][ T2763] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10080'. [ 1821.353419][ T2770] netlink: 16211 bytes leftover after parsing attributes in process `syz.3.10080'. [ 1823.431361][ T2834] netlink: 'syz.0.10097': attribute type 21 has an invalid length. [ 1823.563717][ T2834] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10097'. [ 1823.894116][ T2843] FAULT_INJECTION: forcing a failure. [ 1823.894116][ T2843] name failslab, interval 1, probability 0, space 0, times 0 [ 1823.936116][ T2843] CPU: 0 PID: 2843 Comm: syz.5.10101 Not tainted syzkaller #0 [ 1823.943695][ T2843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1823.953801][ T2843] Call Trace: [ 1823.957163][ T2843] [ 1823.960127][ T2843] dump_stack_lvl+0x188/0x24e [ 1823.964858][ T2843] ? show_regs_print_info+0x12/0x12 [ 1823.970097][ T2843] ? load_image+0x400/0x400 [ 1823.974650][ T2843] ? __might_sleep+0xd0/0xd0 [ 1823.979291][ T2843] ? __lock_acquire+0x7d10/0x7d10 [ 1823.984365][ T2843] should_fail_ex+0x399/0x4d0 [ 1823.989082][ T2843] should_failslab+0x5/0x20 [ 1823.993621][ T2843] slab_pre_alloc_hook+0x59/0x310 [ 1823.998694][ T2843] ? end_current_label_crit_section+0x170/0x170 [ 1824.004975][ T2843] kmem_cache_alloc_node+0x5a/0x320 [ 1824.010212][ T2843] ? __alloc_skb+0xfc/0x7e0 [ 1824.014753][ T2843] __alloc_skb+0xfc/0x7e0 [ 1824.019150][ T2843] ? apparmor_capable+0x12c/0x190 [ 1824.024231][ T2843] tipc_get_err_tlv+0x41/0x340 [ 1824.029162][ T2843] tipc_nl_compat_recv+0x7d9/0xaf0 [ 1824.034493][ T2843] ? ct_nmi_exit+0x145/0x1c0 [ 1824.039132][ T2843] ? tipc_netlink_compat_stop+0x20/0x20 [ 1824.044751][ T2843] ? __mutex_trylock_common+0x155/0x260 [ 1824.050347][ T2843] ? rcu_is_watching+0x11/0xa0 [ 1824.055190][ T2843] ? trace_contention_end+0x5f/0x170 [ 1824.060521][ T2843] genl_family_rcv_msg_doit+0x22a/0x330 [ 1824.066154][ T2843] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 1824.072107][ T2843] ? memset+0x1e/0x40 [ 1824.076132][ T2843] ? genl_get_cmd+0x55f/0x8b0 [ 1824.080855][ T2843] genl_rcv_msg+0x604/0x790 [ 1824.085413][ T2843] ? genl_bind+0x360/0x360 [ 1824.089875][ T2843] ? tipc_netlink_compat_stop+0x20/0x20 [ 1824.095515][ T2843] netlink_rcv_skb+0x1fb/0x450 [ 1824.100344][ T2843] ? genl_bind+0x360/0x360 [ 1824.104804][ T2843] ? netlink_ack+0x1170/0x1170 [ 1824.109730][ T2843] ? down_read+0x1a8/0x2d0 [ 1824.114187][ T2843] genl_rcv+0x24/0x40 [ 1824.118214][ T2843] netlink_unicast+0x74d/0x8d0 [ 1824.123027][ T2843] netlink_sendmsg+0x8ad/0xbd0 [ 1824.127842][ T2843] ? netlink_getsockopt+0x550/0x550 [ 1824.133088][ T2843] ? aa_sock_msg_perm+0x94/0x150 [ 1824.138072][ T2843] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1824.143409][ T2843] ? security_socket_sendmsg+0x7c/0xa0 [ 1824.148921][ T2843] ? netlink_getsockopt+0x550/0x550 [ 1824.154190][ T2843] ____sys_sendmsg+0x5be/0x970 [ 1824.159090][ T2843] ? __sys_sendmsg_sock+0x30/0x30 [ 1824.164152][ T2843] ? __import_iovec+0x315/0x500 [ 1824.169054][ T2843] ? import_iovec+0x6f/0xa0 [ 1824.173605][ T2843] ___sys_sendmsg+0x2a2/0x360 [ 1824.178331][ T2843] ? __sys_sendmsg+0x290/0x290 [ 1824.183157][ T2843] ? __lock_acquire+0x7d10/0x7d10 [ 1824.188253][ T2843] __se_sys_sendmsg+0x1bb/0x2a0 [ 1824.193152][ T2843] ? ct_nmi_exit+0x145/0x1c0 [ 1824.197786][ T2843] ? __x64_sys_sendmsg+0x80/0x80 [ 1824.202772][ T2843] ? lockdep_hardirqs_on+0x94/0x140 [ 1824.208017][ T2843] do_syscall_64+0x4c/0xa0 [ 1824.212478][ T2843] ? clear_bhb_loop+0x60/0xb0 [ 1824.217209][ T2843] ? clear_bhb_loop+0x60/0xb0 [ 1824.221943][ T2843] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1824.227886][ T2843] RIP: 0033:0x7fe63839ce59 [ 1824.232337][ T2843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1824.252080][ T2843] RSP: 002b:00007fe63920b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1824.260534][ T2843] RAX: ffffffffffffffda RBX: 00007fe638615fa0 RCX: 00007fe63839ce59 [ 1824.268797][ T2843] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1824.276804][ T2843] RBP: 00007fe63920b090 R08: 0000000000000000 R09: 0000000000000000 [ 1824.284987][ T2843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1824.293026][ T2843] R13: 00007fe638616038 R14: 00007fe638615fa0 R15: 00007fff888f8f88 [ 1824.301053][ T2843] [ 1824.559221][ T2853] netlink: 'syz.5.10105': attribute type 10 has an invalid length. [ 1824.587796][ T2853] netlink: 40 bytes leftover after parsing attributes in process `syz.5.10105'. [ 1824.662372][ T2853] device team0 entered promiscuous mode [ 1824.674689][ T2853] device team_slave_0 entered promiscuous mode [ 1824.683196][ T2853] device team_slave_1 entered promiscuous mode [ 1824.711221][ T2853] device bridge0 entered promiscuous mode [ 1824.767119][ T2853] net_ratelimit: 289 callbacks suppressed [ 1824.767141][ T2853] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1825.036242][ T2856] netlink: 'syz.3.10106': attribute type 7 has an invalid length. [ 1825.140939][ T2865] netlink: 76 bytes leftover after parsing attributes in process `syz.4.10109'. [ 1825.722208][ T2884] netlink: 'syz.4.10116': attribute type 3 has an invalid length. [ 1825.748650][ T2884] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.10116'. [ 1826.069576][ T2892] netlink: 'syz.5.10120': attribute type 22 has an invalid length. [ 1826.088513][ T2892] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10120'. [ 1826.735432][ T2915] netlink: 'syz.3.10129': attribute type 22 has an invalid length. [ 1826.784415][ T2915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10129'. [ 1826.846114][ T2915] FAULT_INJECTION: forcing a failure. [ 1826.846114][ T2915] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.908599][ T2915] CPU: 0 PID: 2915 Comm: syz.3.10129 Not tainted syzkaller #0 [ 1826.916154][ T2915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1826.926255][ T2915] Call Trace: [ 1826.929587][ T2915] [ 1826.932606][ T2915] dump_stack_lvl+0x188/0x24e [ 1826.937341][ T2915] ? show_regs_print_info+0x12/0x12 [ 1826.942599][ T2915] ? load_image+0x400/0x400 [ 1826.947164][ T2915] ? __might_sleep+0xd0/0xd0 [ 1826.951809][ T2915] ? __lock_acquire+0x7d10/0x7d10 [ 1826.956900][ T2915] should_fail_ex+0x399/0x4d0 [ 1826.961632][ T2915] should_failslab+0x5/0x20 [ 1826.966185][ T2915] slab_pre_alloc_hook+0x59/0x310 [ 1826.971279][ T2915] kmem_cache_alloc_node+0x5a/0x320 [ 1826.976537][ T2915] ? __dev_queue_xmit+0x26b/0x37c0 [ 1826.981722][ T2915] ? __alloc_skb+0xfc/0x7e0 [ 1826.986285][ T2915] __alloc_skb+0xfc/0x7e0 [ 1826.990677][ T2915] netlink_ack+0x372/0x1170 [ 1826.995250][ T2915] ? ref_tracker_free+0x68c/0x840 [ 1827.000339][ T2915] ? __copy_skb_header+0x3ba/0x4f0 [ 1827.005569][ T2915] ? refcount_inc+0x70/0x70 [ 1827.010135][ T2915] ? memcpy+0x3c/0x60 [ 1827.014169][ T2915] ? netlink_dump+0xd00/0xd00 [ 1827.018901][ T2915] ? __copy_skb_header+0x3ba/0x4f0 [ 1827.024062][ T2915] ? __skb_clone+0x480/0x790 [ 1827.028707][ T2915] netlink_rcv_skb+0x280/0x450 [ 1827.033527][ T2915] ? rtnetlink_bind+0x80/0x80 [ 1827.038291][ T2915] ? netlink_ack+0x1170/0x1170 [ 1827.043119][ T2915] ? netlink_deliver_tap+0x2e/0x1b0 [ 1827.048405][ T2915] netlink_unicast+0x74d/0x8d0 [ 1827.053270][ T2915] netlink_sendmsg+0x8ad/0xbd0 [ 1827.058131][ T2915] ? netlink_getsockopt+0x550/0x550 [ 1827.063411][ T2915] ? aa_sock_msg_perm+0x94/0x150 [ 1827.068407][ T2915] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1827.073781][ T2915] ? security_socket_sendmsg+0x7c/0xa0 [ 1827.079302][ T2915] ? netlink_getsockopt+0x550/0x550 [ 1827.084558][ T2915] ____sys_sendmsg+0x5be/0x970 [ 1827.089411][ T2915] ? __sys_sendmsg_sock+0x30/0x30 [ 1827.094487][ T2915] ? __import_iovec+0x315/0x500 [ 1827.099404][ T2915] ? import_iovec+0x6f/0xa0 [ 1827.103964][ T2915] ___sys_sendmsg+0x2a2/0x360 [ 1827.108708][ T2915] ? __sys_sendmsg+0x290/0x290 [ 1827.113556][ T2915] ? __lock_acquire+0x7d10/0x7d10 [ 1827.118670][ T2915] __se_sys_sendmsg+0x1bb/0x2a0 [ 1827.123581][ T2915] ? ct_nmi_exit+0x145/0x1c0 [ 1827.128224][ T2915] ? __x64_sys_sendmsg+0x80/0x80 [ 1827.133239][ T2915] ? lockdep_hardirqs_on+0x94/0x140 [ 1827.138501][ T2915] do_syscall_64+0x4c/0xa0 [ 1827.142982][ T2915] ? clear_bhb_loop+0x60/0xb0 [ 1827.147726][ T2915] ? clear_bhb_loop+0x60/0xb0 [ 1827.152501][ T2915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1827.158464][ T2915] RIP: 0033:0x7f6f9d79ce59 [ 1827.163034][ T2915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1827.182744][ T2915] RSP: 002b:00007f6f9e639028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1827.191217][ T2915] RAX: ffffffffffffffda RBX: 00007f6f9da15fa0 RCX: 00007f6f9d79ce59 [ 1827.199281][ T2915] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000003 [ 1827.207304][ T2915] RBP: 00007f6f9e639090 R08: 0000000000000000 R09: 0000000000000000 [ 1827.215360][ T2915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1827.223463][ T2915] R13: 00007f6f9da16038 R14: 00007f6f9da15fa0 R15: 00007ffdf21ec258 [ 1827.231598][ T2915] [ 1829.525803][ T2932] netlink: 'syz.2.10136': attribute type 10 has an invalid length. [ 1829.580924][ T2932] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10136'. [ 1829.625853][ T2932] 8021q: adding VLAN 0 to HW filter on device team0 [ 1829.664084][ T2932] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1832.228717][T20472] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1832.324716][ T4288] Bluetooth: hci4: ISO packet for unknown connection handle 3849 [ 1832.824376][ T2981] netlink: 'syz.3.10154': attribute type 21 has an invalid length. [ 1832.881847][ T2981] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10154'. [ 1833.488198][ T2999] netlink: 'syz.2.10160': attribute type 3 has an invalid length. [ 1833.518962][ T2999] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.10160'. [ 1833.796435][ T3005] netlink: 'syz.4.10161': attribute type 16 has an invalid length. [ 1833.852376][ T3005] netlink: 132 bytes leftover after parsing attributes in process `syz.4.10161'. [ 1833.864024][ T3014] netlink: 'syz.4.10161': attribute type 10 has an invalid length. [ 1834.144083][ T3021] netlink: 'syz.0.10167': attribute type 29 has an invalid length. [ 1834.154050][ T3021] netlink: 'syz.0.10167': attribute type 29 has an invalid length. [ 1834.171290][ T3021] netlink: 'syz.0.10167': attribute type 29 has an invalid length. [ 1834.185347][ T3021] netlink: 'syz.0.10167': attribute type 29 has an invalid length. [ 1835.142429][ T3052] netlink: 'syz.4.10178': attribute type 21 has an invalid length. [ 1835.241463][ T3052] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10178'. [ 1836.307609][ T3079] netlink: 'syz.5.10197': attribute type 21 has an invalid length. [ 1836.335223][ T3079] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10197'. [ 1836.700274][ T3088] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.10190'. [ 1837.082184][ T3099] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10195'. [ 1838.644495][ T3124] validate_nla: 2 callbacks suppressed [ 1838.645331][ T3124] netlink: 'syz.3.10206': attribute type 16 has an invalid length. [ 1838.797108][ T3129] netlink: 'syz.3.10206': attribute type 10 has an invalid length. [ 1838.833011][ T3124] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10206'. [ 1838.912204][ T3138] netlink: 'syz.2.10208': attribute type 10 has an invalid length. [ 1838.996786][ T3138] device wg1 entered promiscuous mode [ 1839.018705][ T3138] team0: Device wg1 is of different type [ 1839.435876][ T3154] netlink: 'syz.4.10213': attribute type 21 has an invalid length. [ 1839.566137][ T3154] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10213'. [ 1839.825270][ T3161] FAULT_INJECTION: forcing a failure. [ 1839.825270][ T3161] name failslab, interval 1, probability 0, space 0, times 0 [ 1839.865749][ T3161] CPU: 1 PID: 3161 Comm: syz.0.10216 Not tainted syzkaller #0 [ 1839.873308][ T3161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1839.883491][ T3161] Call Trace: [ 1839.886849][ T3161] [ 1839.889835][ T3161] dump_stack_lvl+0x188/0x24e [ 1839.894574][ T3161] ? show_regs_print_info+0x12/0x12 [ 1839.899831][ T3161] ? load_image+0x400/0x400 [ 1839.904531][ T3161] ? __local_bh_enable_ip+0x136/0x1c0 [ 1839.909965][ T3161] ? lockdep_hardirqs_on+0x94/0x140 [ 1839.915225][ T3161] ? __local_bh_enable_ip+0x136/0x1c0 [ 1839.920672][ T3161] should_fail_ex+0x399/0x4d0 [ 1839.925419][ T3161] should_failslab+0x5/0x20 [ 1839.929983][ T3161] slab_pre_alloc_hook+0x59/0x310 [ 1839.935089][ T3161] ? sctp_get_port_local+0xd75/0x1510 [ 1839.940545][ T3161] ? sctp_add_bind_addr+0x89/0x350 [ 1839.945768][ T3161] __kmem_cache_alloc_node+0x4f/0x260 [ 1839.951230][ T3161] ? sctp_add_bind_addr+0x89/0x350 [ 1839.956417][ T3161] kmalloc_trace+0x26/0xe0 [ 1839.961008][ T3161] sctp_add_bind_addr+0x89/0x350 [ 1839.966004][ T3161] sctp_do_bind+0x616/0x990 [ 1839.970581][ T3161] sctp_connect_new_asoc+0x266/0x6a0 [ 1839.975974][ T3161] ? __sctp_connect+0xd80/0xd80 [ 1839.980883][ T3161] ? __local_bh_enable_ip+0x136/0x1c0 [ 1839.986324][ T3161] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 1839.991936][ T3161] ? security_sctp_bind_connect+0x85/0xb0 [ 1839.997734][ T3161] sctp_sendmsg+0x165d/0x2a40 [ 1840.002495][ T3161] ? sctp_getsockopt+0x8a0/0x8a0 [ 1840.007524][ T3161] ? __might_fault+0xa6/0x120 [ 1840.012259][ T3161] ? aa_af_perm+0x340/0x340 [ 1840.016820][ T3161] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 1840.023478][ T3161] ? inet_sendmsg+0xe5/0x2f0 [ 1840.028130][ T3161] ? inet_send_prepare+0x260/0x260 [ 1840.033298][ T3161] ____sys_sendmsg+0x5be/0x970 [ 1840.038132][ T3161] ? __sys_sendmsg_sock+0x30/0x30 [ 1840.043218][ T3161] ? __import_iovec+0x315/0x500 [ 1840.048137][ T3161] ? import_iovec+0x6f/0xa0 [ 1840.052716][ T3161] ___sys_sendmsg+0x2a2/0x360 [ 1840.057467][ T3161] ? __sys_sendmsg+0x290/0x290 [ 1840.062324][ T3161] ? __lock_acquire+0x7d10/0x7d10 [ 1840.067438][ T3161] __se_sys_sendmsg+0x1bb/0x2a0 [ 1840.072351][ T3161] ? __x64_sys_sendmsg+0x80/0x80 [ 1840.077369][ T3161] ? lockdep_hardirqs_on+0x94/0x140 [ 1840.082633][ T3161] do_syscall_64+0x4c/0xa0 [ 1840.087104][ T3161] ? clear_bhb_loop+0x60/0xb0 [ 1840.091853][ T3161] ? clear_bhb_loop+0x60/0xb0 [ 1840.096604][ T3161] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1840.103106][ T3161] RIP: 0033:0x7f03c759ce59 [ 1840.107579][ T3161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1840.127250][ T3161] RSP: 002b:00007f03c83ff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1840.135726][ T3161] RAX: ffffffffffffffda RBX: 00007f03c7815fa0 RCX: 00007f03c759ce59 [ 1840.143751][ T3161] RDX: 0000000000000041 RSI: 0000200000000600 RDI: 0000000000000003 [ 1840.151790][ T3161] RBP: 00007f03c83ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1840.159824][ T3161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1840.167859][ T3161] R13: 00007f03c7816038 R14: 00007f03c7815fa0 R15: 00007ffffb1fdef8 [ 1840.175914][ T3161] [ 1840.713184][ T3181] netlink: 'syz.5.10223': attribute type 16 has an invalid length. [ 1840.792315][ T3182] netlink: 'syz.5.10223': attribute type 10 has an invalid length. [ 1840.792883][ T3181] netlink: 132 bytes leftover after parsing attributes in process `syz.5.10223'. [ 1841.253489][ T3182] device macvlan0 entered promiscuous mode [ 1841.307554][ T3182] team0: Port device macvlan0 added [ 1841.725848][ T3195] netlink: 'syz.0.10228': attribute type 21 has an invalid length. [ 1841.779071][ T3195] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10228'. [ 1842.051041][ T3204] netlink: 'syz.0.10232': attribute type 10 has an invalid length. [ 1842.155244][ T3204] device team0 left promiscuous mode [ 1842.161211][ T3204] device team_slave_0 left promiscuous mode [ 1842.183843][ T3204] device team_slave_1 left promiscuous mode [ 1842.217927][ T3204] bridge0: port 3(team0) entered disabled state [ 1842.253993][ T3204] 8021q: adding VLAN 0 to HW filter on device team0 [ 1842.283337][ T3204] bond0: (slave team0): Enslaving as an active interface with an up link [ 1842.715987][ T3220] netlink: 14 bytes leftover after parsing attributes in process `syz.0.10238'. [ 1843.059359][ T3227] netlink: 'syz.5.10242': attribute type 21 has an invalid length. [ 1843.068062][ T3227] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10242'. [ 1843.439080][ T3237] netlink: 'syz.3.10246': attribute type 19 has an invalid length. [ 1843.460306][ T3237] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10246'. [ 1844.067096][ T3251] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.10251'. [ 1844.393929][ T3257] netlink: 'syz.4.10255': attribute type 275 has an invalid length. [ 1844.840681][ T3267] netlink: 14 bytes leftover after parsing attributes in process `syz.4.10258'. [ 1845.319020][T22177] Bluetooth: hci2: command 0x0406 tx timeout [ 1845.430565][T22177] Bluetooth: hci1: ISO packet for unknown connection handle 59 [ 1845.856467][ T3305] netlink: 65039 bytes leftover after parsing attributes in process `syz.5.10271'. [ 1847.384354][ T3353] netlink: 'syz.3.10286': attribute type 21 has an invalid length. [ 1847.423728][ T3353] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10286'. [ 1847.874159][ T3362] netlink: 'syz.5.10290': attribute type 21 has an invalid length. [ 1847.897484][ T3362] device bridge_slave_1 left promiscuous mode [ 1847.906776][ T3362] bridge0: port 2(bridge_slave_1) entered disabled state [ 1847.953481][ T3362] device bridge_slave_0 left promiscuous mode [ 1847.967231][ T3362] bridge0: port 1(bridge_slave_0) entered disabled state [ 1848.168179][ T3362] device bridge0 left promiscuous mode [ 1848.298392][ T3362] team0: Port device bridge0 removed [ 1849.035255][ T3381] netlink: 'syz.3.10296': attribute type 21 has an invalid length. [ 1849.049458][ T3381] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10296'. [ 1849.068845][ T3383] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1849.083763][ T3383] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1849.115893][ T3383] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1849.148578][ T3383] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1849.600589][ T3396] netlink: 'syz.0.10303': attribute type 41 has an invalid length. [ 1850.244847][ T3404] netlink: 'syz.5.10305': attribute type 21 has an invalid length. [ 1850.285260][ T3404] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10305'. [ 1850.739484][ T3423] netlink: 65023 bytes leftover after parsing attributes in process `syz.5.10311'. [ 1850.749432][ T3417] netlink: 'syz.0.10310': attribute type 21 has an invalid length. [ 1850.749500][ T3417] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10310'. [ 1850.817880][ T3423] device macsec0 entered promiscuous mode [ 1852.066929][ T3454] netlink: 'syz.0.10323': attribute type 21 has an invalid length. [ 1852.113301][ T3454] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10323'. [ 1852.470360][ T3467] FAULT_INJECTION: forcing a failure. [ 1852.470360][ T3467] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1852.493876][ T3467] CPU: 0 PID: 3467 Comm: syz.5.10330 Not tainted syzkaller #0 [ 1852.501429][ T3467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1852.511895][ T3467] Call Trace: [ 1852.515223][ T3467] [ 1852.518202][ T3467] dump_stack_lvl+0x188/0x24e [ 1852.522944][ T3467] ? show_regs_print_info+0x12/0x12 [ 1852.528202][ T3467] ? load_image+0x400/0x400 [ 1852.532768][ T3467] ? __lock_acquire+0x7d10/0x7d10 [ 1852.537857][ T3467] should_fail_ex+0x399/0x4d0 [ 1852.542594][ T3467] _copy_to_user+0x2c/0x130 [ 1852.547145][ T3467] bpf_prog_test_run_syscall+0x332/0x4a0 [ 1852.552832][ T3467] ? sock_gen_cookie+0x60/0x60 [ 1852.557643][ T3467] ? sock_gen_cookie+0x60/0x60 [ 1852.562451][ T3467] bpf_prog_test_run+0x31e/0x390 [ 1852.567455][ T3467] __sys_bpf+0x62b/0x780 [ 1852.571764][ T3467] ? bpf_link_show_fdinfo+0x380/0x380 [ 1852.577233][ T3467] ? lock_chain_count+0x20/0x20 [ 1852.582154][ T3467] __x64_sys_bpf+0x78/0x90 [ 1852.586618][ T3467] do_syscall_64+0x4c/0xa0 [ 1852.591063][ T3467] ? clear_bhb_loop+0x60/0xb0 [ 1852.595784][ T3467] ? clear_bhb_loop+0x60/0xb0 [ 1852.600521][ T3467] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1852.606457][ T3467] RIP: 0033:0x7fe63839ce59 [ 1852.611683][ T3467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1852.631320][ T3467] RSP: 002b:00007fe63920b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1852.639775][ T3467] RAX: ffffffffffffffda RBX: 00007fe638615fa0 RCX: 00007fe63839ce59 [ 1852.647783][ T3467] RDX: 0000000000000010 RSI: 0000200000000400 RDI: 000000000000000a [ 1852.655793][ T3467] RBP: 00007fe63920b090 R08: 0000000000000000 R09: 0000000000000000 [ 1852.663801][ T3467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1852.671807][ T3467] R13: 00007fe638616038 R14: 00007fe638615fa0 R15: 00007fff888f8f88 [ 1852.679833][ T3467] [ 1853.280564][ T3490] netlink: 'syz.4.10337': attribute type 21 has an invalid length. [ 1853.339098][ T3490] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10337'. [ 1855.425890][ T3536] netlink: 'syz.0.10351': attribute type 21 has an invalid length. [ 1855.446721][ T3536] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10351'. [ 1855.733912][ T3539] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10353'. [ 1855.791004][ T3539] device caif0 entered promiscuous mode [ 1855.797015][ T3539] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1855.958200][ T3546] device sit0 entered promiscuous mode [ 1856.259074][T22177] Bluetooth: hci2: ISO packet for unknown connection handle 7 [ 1856.553695][ T3561] netlink: 'syz.5.10362': attribute type 21 has an invalid length. [ 1856.737749][ T3559] netlink: 126632 bytes leftover after parsing attributes in process `syz.2.10359'. [ 1857.370465][ T3575] netlink: 14 bytes leftover after parsing attributes in process `syz.0.10366'. [ 1857.428515][ T3575] openvswitch: netlink: Message has 6 unknown bytes. [ 1857.917292][ T3559] netlink: 8192 bytes leftover after parsing attributes in process `syz.2.10359'. [ 1858.043172][ T3582] netlink: 'syz.0.10368': attribute type 21 has an invalid length. [ 1858.059429][ T3582] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10368'. [ 1858.604665][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1858.611147][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1859.035668][ T3599] FAULT_INJECTION: forcing a failure. [ 1859.035668][ T3599] name failslab, interval 1, probability 0, space 0, times 0 [ 1859.105110][ T3599] CPU: 1 PID: 3599 Comm: syz.4.10374 Not tainted syzkaller #0 [ 1859.112683][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1859.122795][ T3599] Call Trace: [ 1859.126215][ T3599] [ 1859.129226][ T3599] dump_stack_lvl+0x188/0x24e [ 1859.133987][ T3599] ? show_regs_print_info+0x12/0x12 [ 1859.139243][ T3599] ? load_image+0x400/0x400 [ 1859.143865][ T3599] ? __might_sleep+0xd0/0xd0 [ 1859.148508][ T3599] ? __lock_acquire+0x7d10/0x7d10 [ 1859.153593][ T3599] ? mark_lock+0x94/0x320 [ 1859.158265][ T3599] should_fail_ex+0x399/0x4d0 [ 1859.163095][ T3599] should_failslab+0x5/0x20 [ 1859.167672][ T3599] slab_pre_alloc_hook+0x59/0x310 [ 1859.172792][ T3599] ? __get_vm_area_node+0x122/0x330 [ 1859.178054][ T3599] __kmem_cache_alloc_node+0x4f/0x260 [ 1859.183496][ T3599] ? __get_vm_area_node+0x122/0x330 [ 1859.188866][ T3599] kmalloc_node_trace+0x22/0xe0 [ 1859.193799][ T3599] __get_vm_area_node+0x122/0x330 [ 1859.198891][ T3599] __vmalloc_node_range+0x357/0x13b0 [ 1859.204255][ T3599] ? bpf_prog_alloc_no_stats+0x3a/0x3a0 [ 1859.209990][ T3599] ? perf_trace_preemptirq_template+0x268/0x320 [ 1859.216525][ T3599] ? free_vm_area+0x50/0x50 [ 1859.221102][ T3599] ? end_current_label_crit_section+0x170/0x170 [ 1859.227420][ T3599] ? bpf_prog_alloc_no_stats+0x3a/0x3a0 [ 1859.233038][ T3599] __vmalloc+0x76/0x80 [ 1859.237168][ T3599] ? bpf_prog_alloc_no_stats+0x3a/0x3a0 [ 1859.242801][ T3599] bpf_prog_alloc_no_stats+0x3a/0x3a0 [ 1859.248269][ T3599] ? bpf_lsm_capable+0x5/0x10 [ 1859.253052][ T3599] bpf_prog_alloc+0x1c/0x1b0 [ 1859.257808][ T3599] bpf_prog_load+0x7c9/0x1560 [ 1859.262581][ T3599] ? map_freeze+0x390/0x390 [ 1859.267153][ T3599] ? __might_fault+0xa6/0x120 [ 1859.271924][ T3599] ? __might_fault+0xa6/0x120 [ 1859.276746][ T3599] ? __might_fault+0xc2/0x120 [ 1859.281500][ T3599] ? __might_fault+0xa6/0x120 [ 1859.286347][ T3599] ? bpf_lsm_bpf+0x5/0x10 [ 1859.290751][ T3599] ? security_bpf+0x7a/0xa0 [ 1859.295335][ T3599] __sys_bpf+0x5b8/0x780 [ 1859.299798][ T3599] ? bpf_link_show_fdinfo+0x380/0x380 [ 1859.305261][ T3599] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1859.311558][ T3599] __x64_sys_bpf+0x78/0x90 [ 1859.316039][ T3599] do_syscall_64+0x4c/0xa0 [ 1859.320519][ T3599] ? clear_bhb_loop+0x60/0xb0 [ 1859.325284][ T3599] ? clear_bhb_loop+0x60/0xb0 [ 1859.330034][ T3599] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1859.335994][ T3599] RIP: 0033:0x7f049ad9ce59 [ 1859.340465][ T3599] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1859.360131][ T3599] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1859.368612][ T3599] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1859.376646][ T3599] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 1859.385473][ T3599] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1859.393503][ T3599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1859.401530][ T3599] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1859.409575][ T3599] [ 1859.676412][ T3599] syz.4.10374: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1859.711594][ T3599] CPU: 1 PID: 3599 Comm: syz.4.10374 Not tainted syzkaller #0 [ 1859.719933][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1859.730044][ T3599] Call Trace: [ 1859.733370][ T3599] [ 1859.736473][ T3599] dump_stack_lvl+0x188/0x24e [ 1859.741216][ T3599] ? cpuset_print_current_mems_allowed+0x1b/0x360 [ 1859.747699][ T3599] ? show_regs_print_info+0x12/0x12 [ 1859.752982][ T3599] ? load_image+0x400/0x400 [ 1859.757564][ T3599] ? cpuset_print_current_mems_allowed+0x1b/0x360 [ 1859.764050][ T3599] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 1859.770719][ T3599] warn_alloc+0x242/0x330 [ 1859.775130][ T3599] ? __get_vm_area_node+0x122/0x330 [ 1859.780402][ T3599] ? zone_watermark_ok_safe+0x270/0x270 [ 1859.786071][ T3599] ? rcu_is_watching+0x11/0xa0 [ 1859.790916][ T3599] ? __get_vm_area_node+0x318/0x330 [ 1859.796183][ T3599] __vmalloc_node_range+0x37c/0x13b0 [ 1859.801538][ T3599] ? perf_trace_preemptirq_template+0x268/0x320 [ 1859.807860][ T3599] ? free_vm_area+0x50/0x50 [ 1859.812426][ T3599] ? end_current_label_crit_section+0x170/0x170 [ 1859.818719][ T3599] ? bpf_prog_alloc_no_stats+0x3a/0x3a0 [ 1859.824323][ T3599] __vmalloc+0x76/0x80 [ 1859.828435][ T3599] ? bpf_prog_alloc_no_stats+0x3a/0x3a0 [ 1859.834037][ T3599] bpf_prog_alloc_no_stats+0x3a/0x3a0 [ 1859.839456][ T3599] ? bpf_lsm_capable+0x5/0x10 [ 1859.844185][ T3599] bpf_prog_alloc+0x1c/0x1b0 [ 1859.848832][ T3599] bpf_prog_load+0x7c9/0x1560 [ 1859.853555][ T3599] ? map_freeze+0x390/0x390 [ 1859.858100][ T3599] ? __might_fault+0xa6/0x120 [ 1859.862922][ T3599] ? __might_fault+0xa6/0x120 [ 1859.867643][ T3599] ? __might_fault+0xc2/0x120 [ 1859.872357][ T3599] ? __might_fault+0xa6/0x120 [ 1859.877203][ T3599] ? bpf_lsm_bpf+0x5/0x10 [ 1859.881619][ T3599] ? security_bpf+0x7a/0xa0 [ 1859.886188][ T3599] __sys_bpf+0x5b8/0x780 [ 1859.890486][ T3599] ? bpf_link_show_fdinfo+0x380/0x380 [ 1859.896018][ T3599] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1859.902247][ T3599] __x64_sys_bpf+0x78/0x90 [ 1859.906853][ T3599] do_syscall_64+0x4c/0xa0 [ 1859.911313][ T3599] ? clear_bhb_loop+0x60/0xb0 [ 1859.916041][ T3599] ? clear_bhb_loop+0x60/0xb0 [ 1859.921039][ T3599] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1859.926998][ T3599] RIP: 0033:0x7f049ad9ce59 [ 1859.931451][ T3599] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1859.951354][ T3599] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1859.959893][ T3599] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1859.967915][ T3599] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 1859.975931][ T3599] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1859.984039][ T3599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1859.992064][ T3599] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1860.000109][ T3599] [ 1860.308782][ T3599] Mem-Info: [ 1860.316944][ T3599] active_anon:45151 inactive_anon:0 isolated_anon:0 [ 1860.316944][ T3599] active_file:22270 inactive_file:40668 isolated_file:0 [ 1860.316944][ T3599] unevictable:768 dirty:133 writeback:0 [ 1860.316944][ T3599] slab_reclaimable:22291 slab_unreclaimable:97429 [ 1860.316944][ T3599] mapped:49434 shmem:31143 pagetables:780 [ 1860.316944][ T3599] sec_pagetables:0 bounce:0 [ 1860.316944][ T3599] kernel_misc_reclaimable:0 [ 1860.316944][ T3599] free:1263389 free_pcp:7757 free_cma:0 [ 1860.733392][ T3599] Node 0 active_anon:186604kB inactive_anon:0kB active_file:89080kB inactive_file:162468kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:193636kB dirty:532kB writeback:0kB shmem:129236kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:10576kB pagetables:3020kB sec_pagetables:0kB all_unreclaimable? no [ 1860.885427][ T3599] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1861.053233][ T3599] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1861.186282][ T3627] netlink: 'syz.0.10382': attribute type 21 has an invalid length. [ 1861.226561][ T3627] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10382'. [ 1861.234407][ T3599] lowmem_reserve[]: 0 2527 2528 2528 2528 [ 1861.317599][ T3599] Node 0 DMA32 free:1138616kB boost:0kB min:34692kB low:43364kB high:52036kB reserved_highatomic:0KB active_anon:193340kB inactive_anon:0kB active_file:89080kB inactive_file:162476kB unevictable:1536kB writepending:712kB present:3129332kB managed:2592944kB mlocked:0kB bounce:0kB free_pcp:4344kB local_pcp:960kB free_cma:0kB [ 1861.808664][ T3599] lowmem_reserve[]: 0 0 1 1 1 [ 1861.830304][ T3599] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:1424kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB [ 1862.013628][ T3599] lowmem_reserve[]: 0 0 0 0 0 [ 1862.038884][ T3599] Node 1 Normal free:3907552kB boost:0kB min:55192kB low:68988kB high:82784kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:5800kB local_pcp:5800kB free_cma:0kB [ 1862.080046][ T3635] netlink: 126632 bytes leftover after parsing attributes in process `syz.3.10383'. [ 1862.219221][ T3635] netlink: 8192 bytes leftover after parsing attributes in process `syz.3.10383'. [ 1862.300141][ T3599] lowmem_reserve[]: 0 0 0 0 0 [ 1862.416256][ T3599] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1862.563459][ T3644] netlink: 'syz.5.10386': attribute type 39 has an invalid length. [ 1862.611019][ T3599] Node 0 DMA32: 415*4kB (UM) 420*8kB (UE) 294*16kB (UME) 3204*32kB (UME) 1337*64kB (UME) 563*128kB (UME) 115*256kB (UME) 77*512kB (UM) 33*1024kB (UME) 9*2048kB (UME) 180*4096kB (UM) = 1128252kB [ 1862.720599][ T3599] Node 0 Normal: 4*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1862.893906][ T3599] Node 1 Normal: 224*4kB (UE) 60*8kB (UE) 34*16kB (UME) 189*32kB (UME) 71*64kB (UME) 20*128kB (UME) 11*256kB (UME) 5*512kB (UME) 0*1024kB 2*2048kB (UE) 948*4096kB (M) = 3907552kB [ 1862.912527][ T3599] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1862.923494][ T3599] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1862.933237][ T3599] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1862.964180][ T3599] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1863.015204][ T3599] 99426 total pagecache pages [ 1863.028624][ T3599] 0 pages in swap cache [ 1863.065142][ T3599] Free swap = 124996kB [ 1863.108975][ T3599] Total swap = 124996kB [ 1863.131298][ T3599] 2097051 pages RAM [ 1863.135225][ T3599] 0 pages HighMem/MovableOnly [ 1863.228777][ T3599] 415214 pages reserved [ 1863.245327][ T62] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1863.285848][ T3599] 0 pages cma reserved [ 1864.565509][ T3665] device syzkaller0 entered promiscuous mode [ 1864.658251][ T3676] netlink: 'syz.3.10391': attribute type 10 has an invalid length. [ 1864.732390][ T3676] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10391'. [ 1867.536920][ T3680] netlink: 'syz.4.10395': attribute type 21 has an invalid length. [ 1867.545168][ T3680] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10395'. [ 1867.832977][ T3700] FAULT_INJECTION: forcing a failure. [ 1867.832977][ T3700] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.847320][ T3700] CPU: 1 PID: 3700 Comm: syz.4.10401 Not tainted syzkaller #0 [ 1867.854859][ T3700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1867.865005][ T3700] Call Trace: [ 1867.868503][ T3700] [ 1867.871575][ T3700] dump_stack_lvl+0x188/0x24e [ 1867.876317][ T3700] ? show_regs_print_info+0x12/0x12 [ 1867.881575][ T3700] ? load_image+0x400/0x400 [ 1867.886148][ T3700] ? __might_sleep+0xd0/0xd0 [ 1867.890794][ T3700] ? __lock_acquire+0x7d10/0x7d10 [ 1867.895884][ T3700] should_fail_ex+0x399/0x4d0 [ 1867.900617][ T3700] should_failslab+0x5/0x20 [ 1867.905170][ T3700] slab_pre_alloc_hook+0x59/0x310 [ 1867.910254][ T3700] kmem_cache_alloc_node+0x5a/0x320 [ 1867.915503][ T3700] ? __dev_queue_xmit+0x26b/0x37c0 [ 1867.920679][ T3700] ? __alloc_skb+0xfc/0x7e0 [ 1867.925235][ T3700] __alloc_skb+0xfc/0x7e0 [ 1867.929617][ T3700] netlink_ack+0x372/0x1170 [ 1867.934183][ T3700] ? ref_tracker_free+0x68c/0x840 [ 1867.939273][ T3700] ? __copy_skb_header+0x3ba/0x4f0 [ 1867.944436][ T3700] ? refcount_inc+0x70/0x70 [ 1867.948996][ T3700] ? memcpy+0x3c/0x60 [ 1867.953048][ T3700] ? netlink_dump+0xd00/0xd00 [ 1867.957778][ T3700] ? __copy_skb_header+0x3ba/0x4f0 [ 1867.962978][ T3700] ? __skb_clone+0x480/0x790 [ 1867.967632][ T3700] netlink_rcv_skb+0x280/0x450 [ 1867.972463][ T3700] ? rtnetlink_bind+0x80/0x80 [ 1867.977200][ T3700] ? netlink_ack+0x1170/0x1170 [ 1867.982037][ T3700] ? netlink_deliver_tap+0x2e/0x1b0 [ 1867.987293][ T3700] netlink_unicast+0x74d/0x8d0 [ 1867.992293][ T3700] netlink_sendmsg+0x8ad/0xbd0 [ 1867.997115][ T3700] ? netlink_getsockopt+0x550/0x550 [ 1868.002379][ T3700] ? aa_sock_msg_perm+0x94/0x150 [ 1868.007368][ T3700] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1868.012708][ T3700] ? security_socket_sendmsg+0x7c/0xa0 [ 1868.018217][ T3700] ? netlink_getsockopt+0x550/0x550 [ 1868.023514][ T3700] ____sys_sendmsg+0x5be/0x970 [ 1868.028343][ T3700] ? __sys_sendmsg_sock+0x30/0x30 [ 1868.033418][ T3700] ? __import_iovec+0x315/0x500 [ 1868.038331][ T3700] ? import_iovec+0x6f/0xa0 [ 1868.042888][ T3700] ___sys_sendmsg+0x2a2/0x360 [ 1868.047620][ T3700] ? __sys_sendmsg+0x290/0x290 [ 1868.052459][ T3700] ? __lock_acquire+0x7d10/0x7d10 [ 1868.057614][ T3700] __se_sys_sendmsg+0x1bb/0x2a0 [ 1868.062518][ T3700] ? ct_nmi_exit+0x145/0x1c0 [ 1868.067158][ T3700] ? __x64_sys_sendmsg+0x80/0x80 [ 1868.072175][ T3700] ? lockdep_hardirqs_on+0x94/0x140 [ 1868.077445][ T3700] do_syscall_64+0x4c/0xa0 [ 1868.081902][ T3700] ? clear_bhb_loop+0x60/0xb0 [ 1868.086610][ T3700] ? clear_bhb_loop+0x60/0xb0 [ 1868.091339][ T3700] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1868.097298][ T3700] RIP: 0033:0x7f049ad9ce59 [ 1868.101765][ T3700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1868.121507][ T3700] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1868.129954][ T3700] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1868.137971][ T3700] RDX: 000000000004a046 RSI: 0000200000000040 RDI: 0000000000000003 [ 1868.146013][ T3700] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1868.154071][ T3700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1868.162071][ T3700] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1868.170084][ T3700] [ 1868.259525][ T3705] device bond_slave_1 entered promiscuous mode [ 1868.279091][ T3707] netlink: 'syz.3.10404': attribute type 2 has an invalid length. [ 1868.297278][ T3707] netlink: 10 bytes leftover after parsing attributes in process `syz.3.10404'. [ 1868.325789][ T3707] netlink: 140 bytes leftover after parsing attributes in process `syz.3.10404'. [ 1868.345511][ T3707] netlink: 10 bytes leftover after parsing attributes in process `syz.3.10404'. [ 1868.369182][ T3707] bond0: (slave bond_slave_0): Releasing backup interface [ 1868.425276][ T3707] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 1869.797907][ T3732] FAULT_INJECTION: forcing a failure. [ 1869.797907][ T3732] name failslab, interval 1, probability 0, space 0, times 0 [ 1869.866859][ T3732] CPU: 0 PID: 3732 Comm: syz.5.10411 Not tainted syzkaller #0 [ 1869.874431][ T3732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1869.884548][ T3732] Call Trace: [ 1869.887891][ T3732] [ 1869.890865][ T3732] dump_stack_lvl+0x188/0x24e [ 1869.895597][ T3732] ? show_regs_print_info+0x12/0x12 [ 1869.900848][ T3732] ? load_image+0x400/0x400 [ 1869.905416][ T3732] ? __might_sleep+0xd0/0xd0 [ 1869.910057][ T3732] ? __lock_acquire+0x7d10/0x7d10 [ 1869.915147][ T3732] should_fail_ex+0x399/0x4d0 [ 1869.919877][ T3732] should_failslab+0x5/0x20 [ 1869.924418][ T3732] slab_pre_alloc_hook+0x59/0x310 [ 1869.929492][ T3732] ? __get_vm_area_node+0x122/0x330 [ 1869.934739][ T3732] __kmem_cache_alloc_node+0x4f/0x260 [ 1869.940195][ T3732] ? __get_vm_area_node+0x122/0x330 [ 1869.945452][ T3732] kmalloc_node_trace+0x22/0xe0 [ 1869.950372][ T3732] __get_vm_area_node+0x122/0x330 [ 1869.955444][ T3732] ? __local_bh_enable_ip+0x136/0x1c0 [ 1869.960868][ T3732] __vmalloc_node_range+0x357/0x13b0 [ 1869.966227][ T3732] ? netlink_sendmsg+0x5ec/0xbd0 [ 1869.971225][ T3732] ? netlink_insert+0x1034/0x13c0 [ 1869.976325][ T3732] ? free_vm_area+0x50/0x50 [ 1869.980977][ T3732] ? netlink_sendmsg+0x5ec/0xbd0 [ 1869.985953][ T3732] vmalloc+0x75/0x80 [ 1869.989892][ T3732] ? netlink_sendmsg+0x5ec/0xbd0 [ 1869.994874][ T3732] netlink_sendmsg+0x5ec/0xbd0 [ 1869.999704][ T3732] ? netlink_getsockopt+0x550/0x550 [ 1870.005046][ T3732] ? aa_sock_msg_perm+0x94/0x150 [ 1870.010032][ T3732] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1870.015356][ T3732] ? security_socket_sendmsg+0x7c/0xa0 [ 1870.020863][ T3732] ? netlink_getsockopt+0x550/0x550 [ 1870.026103][ T3732] ____sys_sendmsg+0x5be/0x970 [ 1870.030929][ T3732] ? __sys_sendmsg_sock+0x30/0x30 [ 1870.035998][ T3732] ? __import_iovec+0x315/0x500 [ 1870.040911][ T3732] ? import_iovec+0x6f/0xa0 [ 1870.045465][ T3732] ___sys_sendmsg+0x2a2/0x360 [ 1870.050192][ T3732] ? __sys_sendmsg+0x290/0x290 [ 1870.055027][ T3732] ? __lock_acquire+0x7d10/0x7d10 [ 1870.060141][ T3732] __se_sys_sendmsg+0x1bb/0x2a0 [ 1870.065044][ T3732] ? __x64_sys_sendmsg+0x80/0x80 [ 1870.070052][ T3732] ? lockdep_hardirqs_on+0x94/0x140 [ 1870.075333][ T3732] do_syscall_64+0x4c/0xa0 [ 1870.079790][ T3732] ? clear_bhb_loop+0x60/0xb0 [ 1870.084517][ T3732] ? clear_bhb_loop+0x60/0xb0 [ 1870.089251][ T3732] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1870.095226][ T3732] RIP: 0033:0x7fe63839ce59 [ 1870.099717][ T3732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1870.119365][ T3732] RSP: 002b:00007fe63920b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1870.127914][ T3732] RAX: ffffffffffffffda RBX: 00007fe638615fa0 RCX: 00007fe63839ce59 [ 1870.135984][ T3732] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1870.144018][ T3732] RBP: 00007fe63920b090 R08: 0000000000000000 R09: 0000000000000000 [ 1870.152033][ T3732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1870.160039][ T3732] R13: 00007fe638616038 R14: 00007fe638615fa0 R15: 00007fff888f8f88 [ 1870.168088][ T3732] [ 1870.315029][ T3738] netlink: 'syz.0.10412': attribute type 21 has an invalid length. [ 1870.326311][ T3738] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10412'. [ 1870.349089][ T3732] syz.5.10411: vmalloc error: size 213312, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz5,mems_allowed=0-1 [ 1870.395518][ T3732] CPU: 1 PID: 3732 Comm: syz.5.10411 Not tainted syzkaller #0 [ 1870.403180][ T3732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1870.413310][ T3732] Call Trace: [ 1870.416666][ T3732] [ 1870.419687][ T3732] dump_stack_lvl+0x188/0x24e [ 1870.424434][ T3732] ? cpuset_print_current_mems_allowed+0x1b/0x360 [ 1870.430929][ T3732] ? show_regs_print_info+0x12/0x12 [ 1870.436205][ T3732] ? load_image+0x400/0x400 [ 1870.440805][ T3732] ? cpuset_print_current_mems_allowed+0x1b/0x360 [ 1870.447302][ T3732] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 1870.453872][ T3732] warn_alloc+0x242/0x330 [ 1870.458257][ T3732] ? __get_vm_area_node+0x122/0x330 [ 1870.463513][ T3732] ? zone_watermark_ok_safe+0x270/0x270 [ 1870.469120][ T3732] ? rcu_is_watching+0x11/0xa0 [ 1870.473945][ T3732] ? __get_vm_area_node+0x318/0x330 [ 1870.479190][ T3732] ? __local_bh_enable_ip+0x136/0x1c0 [ 1870.484614][ T3732] __vmalloc_node_range+0x37c/0x13b0 [ 1870.489956][ T3732] ? netlink_insert+0x1034/0x13c0 [ 1870.495055][ T3732] ? free_vm_area+0x50/0x50 [ 1870.499620][ T3732] ? netlink_sendmsg+0x5ec/0xbd0 [ 1870.504619][ T3732] vmalloc+0x75/0x80 [ 1870.508568][ T3732] ? netlink_sendmsg+0x5ec/0xbd0 [ 1870.513544][ T3732] netlink_sendmsg+0x5ec/0xbd0 [ 1870.518366][ T3732] ? netlink_getsockopt+0x550/0x550 [ 1870.523660][ T3732] ? aa_sock_msg_perm+0x94/0x150 [ 1870.528643][ T3732] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1870.533977][ T3732] ? security_socket_sendmsg+0x7c/0xa0 [ 1870.539478][ T3732] ? netlink_getsockopt+0x550/0x550 [ 1870.544715][ T3732] ____sys_sendmsg+0x5be/0x970 [ 1870.549534][ T3732] ? __sys_sendmsg_sock+0x30/0x30 [ 1870.554595][ T3732] ? __import_iovec+0x315/0x500 [ 1870.559509][ T3732] ? import_iovec+0x6f/0xa0 [ 1870.564061][ T3732] ___sys_sendmsg+0x2a2/0x360 [ 1870.568793][ T3732] ? __sys_sendmsg+0x290/0x290 [ 1870.573733][ T3732] ? __lock_acquire+0x7d10/0x7d10 [ 1870.578923][ T3732] __se_sys_sendmsg+0x1bb/0x2a0 [ 1870.583860][ T3732] ? __x64_sys_sendmsg+0x80/0x80 [ 1870.588888][ T3732] ? lockdep_hardirqs_on+0x94/0x140 [ 1870.594151][ T3732] do_syscall_64+0x4c/0xa0 [ 1870.598607][ T3732] ? clear_bhb_loop+0x60/0xb0 [ 1870.603337][ T3732] ? clear_bhb_loop+0x60/0xb0 [ 1870.608065][ T3732] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1870.614011][ T3732] RIP: 0033:0x7fe63839ce59 [ 1870.618474][ T3732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1870.638124][ T3732] RSP: 002b:00007fe63920b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1870.646594][ T3732] RAX: ffffffffffffffda RBX: 00007fe638615fa0 RCX: 00007fe63839ce59 [ 1870.654615][ T3732] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1870.662645][ T3732] RBP: 00007fe63920b090 R08: 0000000000000000 R09: 0000000000000000 [ 1870.670659][ T3732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1870.678674][ T3732] R13: 00007fe638616038 R14: 00007fe638615fa0 R15: 00007fff888f8f88 [ 1870.686724][ T3732] [ 1870.923785][ T3735] IPv6: pim6reg1: Disabled Multicast RS [ 1871.012614][ T3732] Mem-Info: [ 1871.015826][ T3732] active_anon:16549 inactive_anon:0 isolated_anon:0 [ 1871.015826][ T3732] active_file:22270 inactive_file:40672 isolated_file:0 [ 1871.015826][ T3732] unevictable:768 dirty:280 writeback:0 [ 1871.015826][ T3732] slab_reclaimable:22259 slab_unreclaimable:97300 [ 1871.015826][ T3732] mapped:36624 shmem:2661 pagetables:695 [ 1871.015826][ T3732] sec_pagetables:0 bounce:0 [ 1871.015826][ T3732] kernel_misc_reclaimable:0 [ 1871.015826][ T3732] free:1295923 free_pcp:3830 free_cma:0 [ 1871.078730][ T3732] Node 0 active_anon:66296kB inactive_anon:0kB active_file:89080kB inactive_file:162484kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:146496kB dirty:1120kB writeback:0kB shmem:9108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:10472kB pagetables:2780kB sec_pagetables:0kB all_unreclaimable? no [ 1871.178489][ T3732] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1871.254355][ T3732] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1871.312535][ T3732] lowmem_reserve[]: 0 2527 2528 2528 2528 [ 1871.329027][ T3732] Node 0 DMA32 free:1257740kB boost:0kB min:34692kB low:43364kB high:52036kB reserved_highatomic:0KB active_anon:69404kB inactive_anon:0kB active_file:89080kB inactive_file:162484kB unevictable:1536kB writepending:1120kB present:3129332kB managed:2592944kB mlocked:0kB bounce:0kB free_pcp:8676kB local_pcp:6208kB free_cma:0kB [ 1871.378637][ T3732] lowmem_reserve[]: 0 0 1 1 1 [ 1871.383471][ T3732] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:1424kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB [ 1871.473224][ T3732] lowmem_reserve[]: 0 0 0 0 0 [ 1871.478085][ T3732] Node 1 Normal free:3907584kB boost:0kB min:55192kB low:68988kB high:82784kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:5800kB local_pcp:0kB free_cma:0kB [ 1871.589136][ T3732] lowmem_reserve[]: 0 0 0 0 0 [ 1871.594069][ T3732] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1871.638189][ T3732] Node 0 DMA32: 6*4kB (U) 2420*8kB (UME) 1930*16kB (UME) 3597*32kB (UME) 1725*64kB (UME) 788*128kB (UME) 187*256kB (UME) 74*512kB (UM) 34*1024kB (UME) 8*2048kB (UME) 181*4096kB (UM) = 1254968kB [ 1871.744602][ T3770] netlink: 160 bytes leftover after parsing attributes in process `syz.0.10423'. [ 1871.769985][ T3732] Node 0 Normal: 4*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1871.846818][ T3732] Node 1 Normal: 224*4kB (UE) 60*8kB (UE) 34*16kB (UME) 190*32kB (UME) 71*64kB (UME) 20*128kB (UME) 11*256kB (UME) 5*512kB (UME) 0*1024kB 2*2048kB (UE) 948*4096kB (M) = 3907584kB [ 1871.887324][ T3732] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1871.918186][ T3732] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1871.939847][ T3732] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1871.976564][ T3732] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1871.998264][ T3732] 67933 total pagecache pages [ 1872.003615][ T3732] 0 pages in swap cache [ 1872.007832][ T3732] Free swap = 124996kB [ 1872.029971][ T3732] Total swap = 124996kB [ 1872.034459][ T3732] 2097051 pages RAM [ 1872.038320][ T3732] 0 pages HighMem/MovableOnly [ 1872.050061][ T3732] 415214 pages reserved [ 1872.054925][ T3732] 0 pages cma reserved [ 1875.580793][ T3814] netlink: 'syz.3.10438': attribute type 3 has an invalid length. [ 1875.594380][ T3814] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10438'. [ 1875.915998][ T3822] netlink: 154020 bytes leftover after parsing attributes in process `syz.0.10441'. [ 1876.076212][ T3822] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16) [ 1876.842533][ T3830] FAULT_INJECTION: forcing a failure. [ 1876.842533][ T3830] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1876.856076][ T3830] CPU: 1 PID: 3830 Comm: syz.0.10444 Not tainted syzkaller #0 [ 1876.863596][ T3830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1876.873720][ T3830] Call Trace: [ 1876.877070][ T3830] [ 1876.880054][ T3830] dump_stack_lvl+0x188/0x24e [ 1876.884804][ T3830] ? show_regs_print_info+0x12/0x12 [ 1876.890063][ T3830] ? load_image+0x400/0x400 [ 1876.894643][ T3830] ? __lock_acquire+0x7d10/0x7d10 [ 1876.899751][ T3830] should_fail_ex+0x399/0x4d0 [ 1876.904498][ T3830] _copy_from_user+0x2c/0x170 [ 1876.909247][ T3830] generic_map_update_batch+0x4a1/0x810 [ 1876.914866][ T3830] ? rcu_read_unlock+0xa0/0xa0 [ 1876.919706][ T3830] ? __fdget+0x17c/0x200 [ 1876.924028][ T3830] ? rcu_read_unlock+0xa0/0xa0 [ 1876.928859][ T3830] bpf_map_do_batch+0x466/0x600 [ 1876.933782][ T3830] __sys_bpf+0x6f7/0x780 [ 1876.938139][ T3830] ? bpf_link_show_fdinfo+0x380/0x380 [ 1876.943691][ T3830] ? lock_chain_count+0x20/0x20 [ 1876.948644][ T3830] __x64_sys_bpf+0x78/0x90 [ 1876.953107][ T3830] do_syscall_64+0x4c/0xa0 [ 1876.957618][ T3830] ? clear_bhb_loop+0x60/0xb0 [ 1876.962333][ T3830] ? clear_bhb_loop+0x60/0xb0 [ 1876.967057][ T3830] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1876.973009][ T3830] RIP: 0033:0x7f03c759ce59 [ 1876.977462][ T3830] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1876.997122][ T3830] RSP: 002b:00007f03c83ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1877.005578][ T3830] RAX: ffffffffffffffda RBX: 00007f03c7815fa0 RCX: 00007f03c759ce59 [ 1877.013612][ T3830] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a [ 1877.021635][ T3830] RBP: 00007f03c83ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1877.029674][ T3830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1877.037695][ T3830] R13: 00007f03c7816038 R14: 00007f03c7815fa0 R15: 00007ffffb1fdef8 [ 1877.045741][ T3830] [ 1877.109121][ T3827] tun0: tun_chr_ioctl cmd 1074025675 [ 1877.114500][ T3827] tun0: persist enabled [ 1877.191459][ T3831] tun0: tun_chr_ioctl cmd 1074025675 [ 1877.196852][ T3831] tun0: persist enabled [ 1877.232135][ T3828] tun0: tun_chr_ioctl cmd 1074025675 [ 1877.237528][ T3828] tun0: persist enabled [ 1877.674846][ T3848] netlink: 'syz.0.10451': attribute type 29 has an invalid length. [ 1877.697371][ T3848] netlink: 'syz.0.10451': attribute type 29 has an invalid length. [ 1877.743686][ T3852] netlink: 'syz.0.10451': attribute type 29 has an invalid length. [ 1877.766824][ T3851] netlink: 132 bytes leftover after parsing attributes in process `syz.2.10450'. [ 1877.937365][ T3848] netlink: 'syz.0.10451': attribute type 29 has an invalid length. [ 1877.971575][ T3848] netlink: 'syz.0.10451': attribute type 29 has an invalid length. [ 1878.394786][ T3860] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.10454'. [ 1878.465885][ T3860] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10454'. [ 1878.558232][ T3860] tc_dump_action: action bad kind [ 1879.623480][ T3883] FAULT_INJECTION: forcing a failure. [ 1879.623480][ T3883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1879.695681][ T3883] CPU: 1 PID: 3883 Comm: syz.3.10461 Not tainted syzkaller #0 [ 1879.703244][ T3883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1879.713350][ T3883] Call Trace: [ 1879.716680][ T3883] [ 1879.719651][ T3883] dump_stack_lvl+0x188/0x24e [ 1879.724465][ T3883] ? show_regs_print_info+0x12/0x12 [ 1879.729710][ T3883] ? load_image+0x400/0x400 [ 1879.734283][ T3883] ? __lock_acquire+0x7d10/0x7d10 [ 1879.739376][ T3883] should_fail_ex+0x399/0x4d0 [ 1879.744142][ T3883] _copy_from_user+0x2c/0x170 [ 1879.748879][ T3883] __sys_bpf+0x2ea/0x780 [ 1879.753193][ T3883] ? bpf_link_show_fdinfo+0x380/0x380 [ 1879.758647][ T3883] ? lock_chain_count+0x20/0x20 [ 1879.763566][ T3883] __x64_sys_bpf+0x78/0x90 [ 1879.768047][ T3883] do_syscall_64+0x4c/0xa0 [ 1879.772610][ T3883] ? clear_bhb_loop+0x60/0xb0 [ 1879.777441][ T3883] ? clear_bhb_loop+0x60/0xb0 [ 1879.782188][ T3883] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1879.788138][ T3883] RIP: 0033:0x7f6f9d79ce59 [ 1879.792612][ T3883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1879.812361][ T3883] RSP: 002b:00007f6f9e639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1879.820832][ T3883] RAX: ffffffffffffffda RBX: 00007f6f9da15fa0 RCX: 00007f6f9d79ce59 [ 1879.828866][ T3883] RDX: 0000000000000050 RSI: 0000200000000680 RDI: 000000000000000a [ 1879.836917][ T3883] RBP: 00007f6f9e639090 R08: 0000000000000000 R09: 0000000000000000 [ 1879.844973][ T3883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1879.853009][ T3883] R13: 00007f6f9da16038 R14: 00007f6f9da15fa0 R15: 00007ffdf21ec258 [ 1879.861059][ T3883] [ 1880.603706][ T3908] netlink: 'syz.5.10471': attribute type 10 has an invalid length. [ 1880.616843][ T3908] device hsr0 left promiscuous mode [ 1880.626844][ T3908] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1881.009217][ T3923] netlink: 55631 bytes leftover after parsing attributes in process `syz.5.10473'. [ 1881.091589][ T3923] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10473'. [ 1881.145712][ T3923] tc_dump_action: action bad kind [ 1881.276410][ T3929] netlink: 'syz.3.10477': attribute type 1 has an invalid length. [ 1881.333250][ T3929] netlink: 152 bytes leftover after parsing attributes in process `syz.3.10477'. [ 1882.724828][ T3971] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10493'. [ 1883.186397][ T3985] netlink: 'syz.0.10496': attribute type 19 has an invalid length. [ 1883.406969][ T3994] netlink: 'syz.2.10498': attribute type 21 has an invalid length. [ 1883.447383][ T3994] netlink: 156 bytes leftover after parsing attributes in process `syz.2.10498'. [ 1884.280937][ T4008] netlink: 132 bytes leftover after parsing attributes in process `syz.5.10505'. [ 1884.600253][ T4006] FAULT_INJECTION: forcing a failure. [ 1884.600253][ T4006] name failslab, interval 1, probability 0, space 0, times 0 [ 1884.614614][ T4006] CPU: 1 PID: 4006 Comm: syz.0.10503 Not tainted syzkaller #0 [ 1884.622160][ T4006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1884.632297][ T4006] Call Trace: [ 1884.635640][ T4006] [ 1884.638665][ T4006] dump_stack_lvl+0x188/0x24e [ 1884.643465][ T4006] ? show_regs_print_info+0x12/0x12 [ 1884.648759][ T4006] ? load_image+0x400/0x400 [ 1884.653363][ T4006] ? perf_trace_preemptirq_template+0x268/0x320 [ 1884.659841][ T4006] ? mark_lock+0x94/0x320 [ 1884.664275][ T4006] should_fail_ex+0x399/0x4d0 [ 1884.669049][ T4006] should_failslab+0x5/0x20 [ 1884.673703][ T4006] slab_pre_alloc_hook+0x59/0x310 [ 1884.678799][ T4006] ? sctp_add_bind_addr+0x89/0x350 [ 1884.684001][ T4006] __kmem_cache_alloc_node+0x4f/0x260 [ 1884.689446][ T4006] ? sctp_add_bind_addr+0x89/0x350 [ 1884.694615][ T4006] kmalloc_trace+0x26/0xe0 [ 1884.699135][ T4006] sctp_add_bind_addr+0x89/0x350 [ 1884.704139][ T4006] sctp_copy_local_addr_list+0x311/0x4e0 [ 1884.709878][ T4006] ? sctp_copy_local_addr_list+0xa1/0x4e0 [ 1884.715718][ T4006] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 1884.721931][ T4006] ? sctp_v6_is_any+0x60/0x70 [ 1884.726696][ T4006] ? sctp_copy_one_addr+0x93/0x660 [ 1884.731880][ T4006] sctp_bind_addr_copy+0xaf/0x3c0 [ 1884.736959][ T4006] ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190 [ 1884.743350][ T4006] sctp_connect_new_asoc+0x2f5/0x6a0 [ 1884.748708][ T4006] ? __sctp_connect+0xd80/0xd80 [ 1884.753610][ T4006] ? __local_bh_enable_ip+0x136/0x1c0 [ 1884.759069][ T4006] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 1884.764673][ T4006] ? security_sctp_bind_connect+0x85/0xb0 [ 1884.770464][ T4006] sctp_sendmsg+0x165d/0x2a40 [ 1884.775257][ T4006] ? sctp_getsockopt+0x8a0/0x8a0 [ 1884.780260][ T4006] ? __lock_acquire+0x7d10/0x7d10 [ 1884.785437][ T4006] ? aa_af_perm+0x340/0x340 [ 1884.790007][ T4006] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 1884.796510][ T4006] ? inet_sendmsg+0xe5/0x2f0 [ 1884.801166][ T4006] ? inet_send_prepare+0x260/0x260 [ 1884.806340][ T4006] ____sys_sendmsg+0x5be/0x970 [ 1884.811195][ T4006] ? __sys_sendmsg_sock+0x30/0x30 [ 1884.816291][ T4006] ? __import_iovec+0x315/0x500 [ 1884.821230][ T4006] ? import_iovec+0x6f/0xa0 [ 1884.825807][ T4006] ___sys_sendmsg+0x2a2/0x360 [ 1884.830652][ T4006] ? __sys_sendmsg+0x290/0x290 [ 1884.835526][ T4006] ? perf_trace_run_bpf_submit+0xf3/0x1c0 [ 1884.841383][ T4006] __se_sys_sendmsg+0x1bb/0x2a0 [ 1884.846328][ T4006] ? __x64_sys_sendmsg+0x80/0x80 [ 1884.851393][ T4006] ? syscall_enter_from_user_mode+0x2a/0x80 [ 1884.857353][ T4006] do_syscall_64+0x4c/0xa0 [ 1884.861819][ T4006] ? clear_bhb_loop+0x60/0xb0 [ 1884.866552][ T4006] ? clear_bhb_loop+0x60/0xb0 [ 1884.871297][ T4006] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1884.877244][ T4006] RIP: 0033:0x7f03c759ce59 [ 1884.881710][ T4006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1884.901542][ T4006] RSP: 002b:00007f03c83ff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1884.910014][ T4006] RAX: ffffffffffffffda RBX: 00007f03c7815fa0 RCX: 00007f03c759ce59 [ 1884.918042][ T4006] RDX: 0000000000000041 RSI: 0000200000000600 RDI: 000000000000000c [ 1884.926156][ T4006] RBP: 00007f03c83ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1884.934178][ T4006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1884.942194][ T4006] R13: 00007f03c7816038 R14: 00007f03c7815fa0 R15: 00007ffffb1fdef8 [ 1884.950257][ T4006] [ 1885.562533][ T4020] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.10508'. [ 1885.614267][ T4023] netlink: 'syz.3.10510': attribute type 29 has an invalid length. [ 1885.831547][ T4032] netlink: 'syz.0.10513': attribute type 10 has an invalid length. [ 1885.919292][ T4028] netlink: 'syz.5.10511': attribute type 21 has an invalid length. [ 1885.927671][ T4028] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10511'. [ 1886.282166][ T4288] Bluetooth: hci3: command 0x0406 tx timeout [ 1886.346229][ T4049] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.10520'. [ 1886.364728][ T4049] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10520'. [ 1886.375907][ T4049] tc_dump_action: action bad kind [ 1886.656798][ T4057] FAULT_INJECTION: forcing a failure. [ 1886.656798][ T4057] name failslab, interval 1, probability 0, space 0, times 0 [ 1886.707598][ T4057] CPU: 1 PID: 4057 Comm: syz.4.10522 Not tainted syzkaller #0 [ 1886.715178][ T4057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1886.725330][ T4057] Call Trace: [ 1886.728683][ T4057] [ 1886.731690][ T4057] dump_stack_lvl+0x188/0x24e [ 1886.736464][ T4057] ? show_regs_print_info+0x12/0x12 [ 1886.741757][ T4057] ? load_image+0x400/0x400 [ 1886.746424][ T4057] ? verify_lock_unused+0x140/0x140 [ 1886.751721][ T4057] ? perf_trace_lock+0x301/0x390 [ 1886.756766][ T4057] should_fail_ex+0x399/0x4d0 [ 1886.761544][ T4057] should_failslab+0x5/0x20 [ 1886.766146][ T4057] slab_pre_alloc_hook+0x59/0x310 [ 1886.771287][ T4057] kmem_cache_alloc+0x56/0x2f0 [ 1886.776155][ T4057] ? skb_clone+0x1e7/0x370 [ 1886.780674][ T4057] skb_clone+0x1e7/0x370 [ 1886.785012][ T4057] __netlink_deliver_tap+0x3ed/0x800 [ 1886.790458][ T4057] ? netlink_deliver_tap+0x2e/0x1b0 [ 1886.795763][ T4057] netlink_deliver_tap+0x19c/0x1b0 [ 1886.800968][ T4057] netlink_unicast+0x728/0x8d0 [ 1886.805835][ T4057] netlink_sendmsg+0x8ad/0xbd0 [ 1886.810680][ T4057] ? netlink_getsockopt+0x550/0x550 [ 1886.815938][ T4057] ? aa_sock_msg_perm+0x94/0x150 [ 1886.820929][ T4057] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1886.826273][ T4057] ? security_socket_sendmsg+0x7c/0xa0 [ 1886.831809][ T4057] ? netlink_getsockopt+0x550/0x550 [ 1886.837055][ T4057] ____sys_sendmsg+0x5be/0x970 [ 1886.841916][ T4057] ? __sys_sendmsg_sock+0x30/0x30 [ 1886.846999][ T4057] ? __import_iovec+0x315/0x500 [ 1886.851958][ T4057] ? import_iovec+0x6f/0xa0 [ 1886.856539][ T4057] ___sys_sendmsg+0x2a2/0x360 [ 1886.861297][ T4057] ? __sys_sendmsg+0x290/0x290 [ 1886.866198][ T4057] ? __lock_acquire+0x7d10/0x7d10 [ 1886.871367][ T4057] __se_sys_sendmsg+0x1bb/0x2a0 [ 1886.876266][ T4057] ? ct_nmi_exit+0x145/0x1c0 [ 1886.880914][ T4057] ? __x64_sys_sendmsg+0x80/0x80 [ 1886.885946][ T4057] ? lockdep_hardirqs_on+0x94/0x140 [ 1886.891212][ T4057] do_syscall_64+0x4c/0xa0 [ 1886.895673][ T4057] ? clear_bhb_loop+0x60/0xb0 [ 1886.900406][ T4057] ? clear_bhb_loop+0x60/0xb0 [ 1886.905149][ T4057] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1886.911109][ T4057] RIP: 0033:0x7f049ad9ce59 [ 1886.915576][ T4057] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1886.935240][ T4057] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1886.943707][ T4057] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1886.951773][ T4057] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 1886.959794][ T4057] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1886.967816][ T4057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1886.975828][ T4057] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1886.983896][ T4057] [ 1886.995628][ T4057] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10522'. [ 1887.414049][ T4067] netlink: 'syz.2.10525': attribute type 3 has an invalid length. [ 1887.462150][ T4067] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.10525'. [ 1888.007290][ T4084] netlink: 'syz.5.10528': attribute type 21 has an invalid length. [ 1888.043902][ T4084] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10528'. [ 1888.519576][ T4097] FAULT_INJECTION: forcing a failure. [ 1888.519576][ T4097] name failslab, interval 1, probability 0, space 0, times 0 [ 1888.568841][ T4097] CPU: 1 PID: 4097 Comm: syz.2.10533 Not tainted syzkaller #0 [ 1888.576421][ T4097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1888.586567][ T4097] Call Trace: [ 1888.589911][ T4097] [ 1888.592930][ T4097] dump_stack_lvl+0x188/0x24e [ 1888.597726][ T4097] ? show_regs_print_info+0x12/0x12 [ 1888.602995][ T4097] ? load_image+0x400/0x400 [ 1888.607609][ T4097] ? __might_sleep+0xd0/0xd0 [ 1888.612267][ T4097] ? __lock_acquire+0x7d10/0x7d10 [ 1888.617382][ T4097] should_fail_ex+0x399/0x4d0 [ 1888.622150][ T4097] should_failslab+0x5/0x20 [ 1888.626715][ T4097] slab_pre_alloc_hook+0x59/0x310 [ 1888.631815][ T4097] ? file_end_write+0x156/0x250 [ 1888.636878][ T4097] kmem_cache_alloc+0x56/0x2f0 [ 1888.641719][ T4097] ? getname_flags+0xb7/0x500 [ 1888.646491][ T4097] getname_flags+0xb7/0x500 [ 1888.651066][ T4097] do_sys_openat2+0xdd/0x4b0 [ 1888.655732][ T4097] ? ct_nmi_exit+0x145/0x1c0 [ 1888.660394][ T4097] ? ct_irq_exit_irqson+0x113/0x170 [ 1888.665733][ T4097] ? do_sys_open+0xe0/0xe0 [ 1888.670228][ T4097] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1888.676292][ T4097] ? lock_chain_count+0x20/0x20 [ 1888.681271][ T4097] __x64_sys_openat+0x135/0x160 [ 1888.686299][ T4097] do_syscall_64+0x4c/0xa0 [ 1888.690789][ T4097] ? clear_bhb_loop+0x60/0xb0 [ 1888.695553][ T4097] ? clear_bhb_loop+0x60/0xb0 [ 1888.700317][ T4097] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1888.706971][ T4097] RIP: 0033:0x7f11ef15d68e [ 1888.711522][ T4097] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1888.731217][ T4097] RSP: 002b:00007f11efff5ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1888.739703][ T4097] RAX: ffffffffffffffda RBX: 00007f11efff66c0 RCX: 00007f11ef15d68e [ 1888.747767][ T4097] RDX: 0000000000000002 RSI: 00007f11efff5f90 RDI: ffffffffffffff9c [ 1888.755798][ T4097] RBP: 00007f11efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1888.763996][ T4097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1888.772014][ T4097] R13: 00007f11ef416038 R14: 00007f11ef415fa0 R15: 00007fff942642c8 [ 1888.780058][ T4097] [ 1889.303743][ T4128] netlink: 'syz.2.10541': attribute type 21 has an invalid length. [ 1889.322184][ T4128] netlink: 156 bytes leftover after parsing attributes in process `syz.2.10541'. [ 1889.622233][ T4143] netlink: 'syz.2.10546': attribute type 10 has an invalid length. [ 1889.662277][ T4143] FAULT_INJECTION: forcing a failure. [ 1889.662277][ T4143] name failslab, interval 1, probability 0, space 0, times 0 [ 1889.675412][ T4143] CPU: 0 PID: 4143 Comm: syz.2.10546 Not tainted syzkaller #0 [ 1889.682930][ T4143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1889.693049][ T4143] Call Trace: [ 1889.696373][ T4143] [ 1889.699346][ T4143] dump_stack_lvl+0x188/0x24e [ 1889.704085][ T4143] ? show_regs_print_info+0x12/0x12 [ 1889.709339][ T4143] ? load_image+0x400/0x400 [ 1889.713908][ T4143] ? trace_call_bpf+0x5d6/0x6b0 [ 1889.719096][ T4143] ? __bpf_trace_bpf_trace_printk+0x20/0x20 [ 1889.725054][ T4143] should_fail_ex+0x399/0x4d0 [ 1889.729771][ T4143] should_failslab+0x5/0x20 [ 1889.734301][ T4143] slab_pre_alloc_hook+0x59/0x310 [ 1889.739398][ T4143] ? ref_tracker_alloc+0x14e/0x4b0 [ 1889.744553][ T4143] __kmem_cache_alloc_node+0x4f/0x260 [ 1889.749965][ T4143] ? ref_tracker_alloc+0x14e/0x4b0 [ 1889.755120][ T4143] kmalloc_trace+0x26/0xe0 [ 1889.759594][ T4143] ref_tracker_alloc+0x14e/0x4b0 [ 1889.764572][ T4143] ? __rwlock_init+0x140/0x140 [ 1889.769374][ T4143] ? ref_tracker_dir_print+0x150/0x150 [ 1889.774894][ T4143] ? _raw_spin_lock_irqsave+0x8b/0x100 [ 1889.780408][ T4143] ? _raw_spin_lock_irqsave+0x8b/0x100 [ 1889.786028][ T4143] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 1889.791537][ T4143] ? _raw_spin_lock+0x40/0x40 [ 1889.796346][ T4143] ? linkwatch_urgent_event+0x60/0x3d0 [ 1889.801841][ T4143] ? linkwatch_fire_event+0x13/0x210 [ 1889.807160][ T4143] linkwatch_fire_event+0x1a9/0x210 [ 1889.812391][ T4143] ? veth_open+0x230/0x230 [ 1889.816920][ T4143] veth_close+0xc3/0x2d0 [ 1889.821197][ T4143] ? __dev_close_many+0x1cb/0x2b0 [ 1889.826257][ T4143] ? veth_open+0x230/0x230 [ 1889.830709][ T4143] __dev_close_many+0x1d1/0x2b0 [ 1889.835601][ T4143] ? dev_close_many+0x410/0x410 [ 1889.840492][ T4143] __dev_change_flags+0x2d8/0x6a0 [ 1889.845563][ T4143] ? dev_get_flags+0x1c0/0x1c0 [ 1889.850398][ T4143] ? vprintk_emit+0x59f/0x6a0 [ 1889.855148][ T4143] dev_change_flags+0x84/0x1a0 [ 1889.859954][ T4143] do_setlink+0xba1/0x3e60 [ 1889.864417][ T4143] ? _printk+0xda/0x130 [ 1889.868607][ T4143] ? nlmsg_parse_deprecated_strict+0x110/0x110 [ 1889.874798][ T4143] ? load_image+0x400/0x400 [ 1889.879345][ T4143] ? __nla_validate_parse+0x2072/0x2ac0 [ 1889.884923][ T4143] ? netlink_rcv_skb+0x1fb/0x450 [ 1889.889895][ T4143] ? netlink_unicast+0x74d/0x8d0 [ 1889.894865][ T4143] ? netlink_sendmsg+0x8ad/0xbd0 [ 1889.899848][ T4143] ? __nla_validate+0x50/0x50 [ 1889.904579][ T4143] ? validate_linkmsg+0x3db/0x4c0 [ 1889.909650][ T4143] rtnl_newlink+0x17d9/0x20a0 [ 1889.914374][ T4143] ? rtnl_newlink+0x5d1/0x20a0 [ 1889.919189][ T4143] ? rtnl_setlink+0x510/0x510 [ 1889.923896][ T4143] ? trace_raw_output_contention_end+0xd0/0xd0 [ 1889.930086][ T4143] ? trace_call_bpf+0xbf/0x6b0 [ 1889.934894][ T4143] ? rcu_is_watching+0x11/0xa0 [ 1889.939701][ T4143] ? trace_contention_end+0x5f/0x170 [ 1889.945022][ T4143] ? __mutex_lock+0x1ab/0xaf0 [ 1889.949744][ T4143] ? rcu_read_unlock+0x8c/0xa0 [ 1889.954548][ T4143] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 1889.959697][ T4143] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 1889.964929][ T4143] ? rtnl_setlink+0x510/0x510 [ 1889.969667][ T4143] rtnetlink_rcv_msg+0x87c/0xfc0 [ 1889.974653][ T4143] ? rtnetlink_bind+0x80/0x80 [ 1889.979361][ T4143] ? __local_bh_enable_ip+0x136/0x1c0 [ 1889.984771][ T4143] ? lockdep_hardirqs_on+0x94/0x140 [ 1889.990009][ T4143] ? __local_bh_enable_ip+0x136/0x1c0 [ 1889.995410][ T4143] ? _local_bh_enable+0xa0/0xa0 [ 1890.000302][ T4143] ? __dev_queue_xmit+0x26b/0x37c0 [ 1890.005482][ T4143] ? __dev_queue_xmit+0x26b/0x37c0 [ 1890.010635][ T4143] ? __dev_queue_xmit+0x1cd2/0x37c0 [ 1890.015884][ T4143] ? __dev_queue_xmit+0x26b/0x37c0 [ 1890.021036][ T4143] ? ref_tracker_free+0x68c/0x840 [ 1890.026123][ T4143] ? __copy_skb_header+0x3ba/0x4f0 [ 1890.031267][ T4143] ? refcount_inc+0x70/0x70 [ 1890.035808][ T4143] ? memcpy+0x3c/0x60 [ 1890.039824][ T4143] ? __copy_skb_header+0x3ba/0x4f0 [ 1890.044976][ T4143] ? __skb_clone+0x480/0x790 [ 1890.049598][ T4143] netlink_rcv_skb+0x1fb/0x450 [ 1890.054391][ T4143] ? rtnetlink_bind+0x80/0x80 [ 1890.059102][ T4143] ? netlink_ack+0x1170/0x1170 [ 1890.063902][ T4143] ? netlink_deliver_tap+0x2e/0x1b0 [ 1890.069146][ T4143] netlink_unicast+0x74d/0x8d0 [ 1890.074046][ T4143] netlink_sendmsg+0x8ad/0xbd0 [ 1890.078850][ T4143] ? netlink_getsockopt+0x550/0x550 [ 1890.084086][ T4143] ? aa_sock_msg_perm+0x94/0x150 [ 1890.089054][ T4143] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1890.094373][ T4143] ? security_socket_sendmsg+0x7c/0xa0 [ 1890.099860][ T4143] ? netlink_getsockopt+0x550/0x550 [ 1890.105109][ T4143] ____sys_sendmsg+0x5be/0x970 [ 1890.109919][ T4143] ? __sys_sendmsg_sock+0x30/0x30 [ 1890.114980][ T4143] ? __import_iovec+0x315/0x500 [ 1890.119867][ T4143] ? import_iovec+0x6f/0xa0 [ 1890.124405][ T4143] ___sys_sendmsg+0x2a2/0x360 [ 1890.129119][ T4143] ? __sys_sendmsg+0x290/0x290 [ 1890.133980][ T4143] ? trace_call_bpf+0xbf/0x6b0 [ 1890.138803][ T4143] __se_sys_sendmsg+0x1bb/0x2a0 [ 1890.143690][ T4143] ? ct_nmi_exit+0x145/0x1c0 [ 1890.148321][ T4143] ? __x64_sys_sendmsg+0x80/0x80 [ 1890.153305][ T4143] ? lockdep_hardirqs_on+0x94/0x140 [ 1890.158553][ T4143] do_syscall_64+0x4c/0xa0 [ 1890.163009][ T4143] ? clear_bhb_loop+0x60/0xb0 [ 1890.167728][ T4143] ? clear_bhb_loop+0x60/0xb0 [ 1890.172446][ T4143] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1890.178414][ T4143] RIP: 0033:0x7f11ef19ce59 [ 1890.182873][ T4143] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1890.202514][ T4143] RSP: 002b:00007f11efff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1890.211002][ T4143] RAX: ffffffffffffffda RBX: 00007f11ef415fa0 RCX: 00007f11ef19ce59 [ 1890.219006][ T4143] RDX: 0000000020008800 RSI: 0000200000000600 RDI: 0000000000000003 [ 1890.227013][ T4143] RBP: 00007f11efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1890.235013][ T4143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1890.243014][ T4143] R13: 00007f11ef416038 R14: 00007f11ef415fa0 R15: 00007fff942642c8 [ 1890.251032][ T4143] [ 1890.254086][ T4143] memory allocation failure, unreliable refcount tracker. [ 1890.635604][ T4143] team0: Device veth1_vlan failed to register rx_handler [ 1890.686129][ T4148] netlink: 'syz.0.10548': attribute type 5 has an invalid length. [ 1891.028073][ T4157] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10551'. [ 1891.955401][ T4177] netlink: 'syz.0.10556': attribute type 21 has an invalid length. [ 1891.988857][ T4177] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10556'. [ 1892.292149][ T4191] netlink: 40 bytes leftover after parsing attributes in process `syz.5.10562'. [ 1892.787581][ T4205] netlink: 'syz.5.10565': attribute type 10 has an invalid length. [ 1892.828968][ T4205] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1893.225398][ T4208] netlink: 'syz.5.10567': attribute type 5 has an invalid length. [ 1894.114325][ T4223] netlink: 'syz.0.10573': attribute type 21 has an invalid length. [ 1894.148942][ T4223] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10573'. [ 1894.374803][ T62] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1895.078002][ T4234] device syzkaller0 entered promiscuous mode [ 1895.918037][ T4263] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.10585'. [ 1900.817318][ T4265] netlink: 'syz.5.10586': attribute type 21 has an invalid length. [ 1900.819452][ T4263] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 1900.835525][ T4263] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 1900.835700][ T4265] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10586'. [ 1900.855784][ T4263] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1900.864949][ T4269] netlink: 'syz.2.10587': attribute type 39 has an invalid length. [ 1901.053970][ T4272] netlink: 'syz.3.10588': attribute type 5 has an invalid length. [ 1901.262598][ T4281] netlink: 'syz.0.10601': attribute type 21 has an invalid length. [ 1901.285887][ T4281] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10601'. [ 1901.523207][ T4291] FAULT_INJECTION: forcing a failure. [ 1901.523207][ T4291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1901.696984][ T4291] CPU: 1 PID: 4291 Comm: syz.2.10594 Not tainted syzkaller #0 [ 1901.704537][ T4291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1901.714647][ T4291] Call Trace: [ 1901.717991][ T4291] [ 1901.720972][ T4291] dump_stack_lvl+0x188/0x24e [ 1901.725707][ T4291] ? show_regs_print_info+0x12/0x12 [ 1901.730960][ T4291] ? load_image+0x400/0x400 [ 1901.735534][ T4291] ? __lock_acquire+0x7d10/0x7d10 [ 1901.740633][ T4291] should_fail_ex+0x399/0x4d0 [ 1901.745365][ T4291] _copy_from_user+0x2c/0x170 [ 1901.750115][ T4291] __sys_bpf+0x2ea/0x780 [ 1901.754421][ T4291] ? bpf_link_show_fdinfo+0x380/0x380 [ 1901.759881][ T4291] ? lock_chain_count+0x20/0x20 [ 1901.764801][ T4291] __x64_sys_bpf+0x78/0x90 [ 1901.769272][ T4291] do_syscall_64+0x4c/0xa0 [ 1901.773739][ T4291] ? clear_bhb_loop+0x60/0xb0 [ 1901.778485][ T4291] ? clear_bhb_loop+0x60/0xb0 [ 1901.783225][ T4291] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1901.789175][ T4291] RIP: 0033:0x7f11ef19ce59 [ 1901.793633][ T4291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1901.813290][ T4291] RSP: 002b:00007f11efff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1901.821767][ T4291] RAX: ffffffffffffffda RBX: 00007f11ef415fa0 RCX: 00007f11ef19ce59 [ 1901.829793][ T4291] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 1901.837816][ T4291] RBP: 00007f11efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1901.845895][ T4291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1901.853914][ T4291] R13: 00007f11ef416038 R14: 00007f11ef415fa0 R15: 00007fff942642c8 [ 1901.862048][ T4291] [ 1903.137916][ T4322] netlink: 'syz.3.10602': attribute type 10 has an invalid length. [ 1903.294752][ T4322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1903.353592][ T4322] device bond0 entered promiscuous mode [ 1903.368507][ T4322] device bond_slave_1 entered promiscuous mode [ 1903.377552][ T4322] team0: Port device bond0 added [ 1904.003687][ T4342] netlink: 9275 bytes leftover after parsing attributes in process `syz.4.10610'. [ 1904.255451][ T4344] netlink: 'syz.4.10610': attribute type 21 has an invalid length. [ 1904.308523][ T4344] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10610'. [ 1904.353092][ T4348] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1905.993458][ T4385] netlink: 128 bytes leftover after parsing attributes in process `syz.5.10623'. [ 1906.100627][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1906.240140][ T4385] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1906.660455][ T4390] netlink: 'syz.2.10626': attribute type 21 has an invalid length. [ 1907.422541][ T4403] netlink: 152 bytes leftover after parsing attributes in process `syz.0.10629'. [ 1907.675375][ T4415] netlink: 'syz.4.10632': attribute type 21 has an invalid length. [ 1907.684814][ T4415] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10632'. [ 1907.847871][ T4419] netlink: 'syz.5.10634': attribute type 27 has an invalid length. [ 1907.868574][ T4419] netlink: 164 bytes leftover after parsing attributes in process `syz.5.10634'. [ 1907.919622][ T4424] netlink: 10 bytes leftover after parsing attributes in process `syz.2.10636'. [ 1908.769513][ T4441] device sit0 entered promiscuous mode [ 1909.994387][ T4450] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.10643'. [ 1910.152224][ T4450] nicvf0: tun_chr_ioctl cmd 1074025677 [ 1910.183231][ T4450] nicvf0: linktype set to 270 [ 1910.824108][ T4470] netlink: 152 bytes leftover after parsing attributes in process `syz.0.10650'. [ 1910.878245][ T4470] tc_dump_action: action bad kind [ 1911.051484][ T4472] netlink: 152 bytes leftover after parsing attributes in process `syz.3.10652'. [ 1911.093940][ T4472] tc_dump_action: action bad kind [ 1911.655490][ T4482] mac80211_hwsim hwsim280 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1911.935030][ T4487] netlink: 194236 bytes leftover after parsing attributes in process `syz.3.10654'. [ 1911.973246][ T4494] netlink: 'syz.4.10656': attribute type 10 has an invalid length. [ 1912.069213][ T4487] netlink: zone id is out of range [ 1912.075522][ T4487] netlink: zone id is out of range [ 1912.118332][ T4489] netlink: 'syz.4.10656': attribute type 1 has an invalid length. [ 1912.134310][ T4487] netlink: zone id is out of range [ 1912.134334][ T4487] netlink: zone id is out of range [ 1912.135429][ T4487] netlink: zone id is out of range [ 1912.136761][ T4487] netlink: get zone limit has 8 unknown bytes [ 1912.321527][ T4489] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.10656'. [ 1912.705249][ T4506] netlink: 'syz.5.10658': attribute type 11 has an invalid length. [ 1912.760248][ T4506] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.10658'. [ 1912.797287][ T4506] netlink: 'syz.5.10658': attribute type 3 has an invalid length. [ 1912.817815][ T4506] netlink: 105116 bytes leftover after parsing attributes in process `syz.5.10658'. [ 1912.836947][ T4505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1913.205084][ T4520] FAULT_INJECTION: forcing a failure. [ 1913.205084][ T4520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1913.252758][ T4520] CPU: 0 PID: 4520 Comm: syz.4.10662 Not tainted syzkaller #0 [ 1913.260338][ T4520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1913.270473][ T4520] Call Trace: [ 1913.273820][ T4520] [ 1913.276819][ T4520] dump_stack_lvl+0x188/0x24e [ 1913.281615][ T4520] ? show_regs_print_info+0x12/0x12 [ 1913.286902][ T4520] ? load_image+0x400/0x400 [ 1913.291512][ T4520] ? __lock_acquire+0x7d10/0x7d10 [ 1913.296630][ T4520] ? snprintf+0xe5/0x140 [ 1913.300981][ T4520] should_fail_ex+0x399/0x4d0 [ 1913.305761][ T4520] _copy_to_user+0x2c/0x130 [ 1913.310359][ T4520] simple_read_from_buffer+0xe3/0x150 [ 1913.315829][ T4520] proc_fail_nth_read+0x1a6/0x220 [ 1913.320925][ T4520] ? proc_fault_inject_write+0x310/0x310 [ 1913.326634][ T4520] ? fsnotify_perm+0x248/0x550 [ 1913.331466][ T4520] ? proc_fault_inject_write+0x310/0x310 [ 1913.337164][ T4520] vfs_read+0x2de/0xa00 [ 1913.341397][ T4520] ? kernel_read+0x1e0/0x1e0 [ 1913.346054][ T4520] ? __fget_files+0x28/0x4b0 [ 1913.350700][ T4520] ? __fget_files+0x28/0x4b0 [ 1913.355352][ T4520] ? __fget_files+0x43d/0x4b0 [ 1913.360115][ T4520] ? __fdget_pos+0x2ae/0x360 [ 1913.364757][ T4520] ? ksys_read+0x71/0x250 [ 1913.369157][ T4520] ksys_read+0x14c/0x250 [ 1913.373476][ T4520] ? vfs_write+0xa30/0xa30 [ 1913.377968][ T4520] ? lockdep_hardirqs_on+0x94/0x140 [ 1913.383238][ T4520] do_syscall_64+0x4c/0xa0 [ 1913.387711][ T4520] ? clear_bhb_loop+0x60/0xb0 [ 1913.392447][ T4520] ? clear_bhb_loop+0x60/0xb0 [ 1913.397200][ T4520] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1913.403153][ T4520] RIP: 0033:0x7f049ad5d68e [ 1913.407638][ T4520] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1913.427307][ T4520] RSP: 002b:00007f049bb98fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1913.435780][ T4520] RAX: ffffffffffffffda RBX: 00007f049bb996c0 RCX: 00007f049ad5d68e [ 1913.443803][ T4520] RDX: 000000000000000f RSI: 00007f049bb990a0 RDI: 0000000000000008 [ 1913.451822][ T4520] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1913.459843][ T4520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1913.467868][ T4520] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1913.475974][ T4520] [ 1913.751752][ T4529] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10667'. [ 1913.794762][ T4530] FAULT_INJECTION: forcing a failure. [ 1913.794762][ T4530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1913.893030][ T4530] CPU: 1 PID: 4530 Comm: syz.3.10666 Not tainted syzkaller #0 [ 1913.900635][ T4530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1913.910860][ T4530] Call Trace: [ 1913.914227][ T4530] [ 1913.917243][ T4530] dump_stack_lvl+0x188/0x24e [ 1913.922029][ T4530] ? show_regs_print_info+0x12/0x12 [ 1913.927326][ T4530] ? load_image+0x400/0x400 [ 1913.931957][ T4530] ? __lock_acquire+0x7d10/0x7d10 [ 1913.937182][ T4530] ? snprintf+0xe5/0x140 [ 1913.941543][ T4530] should_fail_ex+0x399/0x4d0 [ 1913.946335][ T4530] _copy_to_user+0x2c/0x130 [ 1913.951011][ T4530] simple_read_from_buffer+0xe3/0x150 [ 1913.956502][ T4530] proc_fail_nth_read+0x1a6/0x220 [ 1913.961640][ T4530] ? proc_fault_inject_write+0x310/0x310 [ 1913.967494][ T4530] ? fsnotify_perm+0x248/0x550 [ 1913.972495][ T4530] ? proc_fault_inject_write+0x310/0x310 [ 1913.978232][ T4530] vfs_read+0x2de/0xa00 [ 1913.982516][ T4530] ? kernel_read+0x1e0/0x1e0 [ 1913.987223][ T4530] ? __fget_files+0x28/0x4b0 [ 1913.991905][ T4530] ? __fget_files+0x28/0x4b0 [ 1913.996605][ T4530] ? __fget_files+0x43d/0x4b0 [ 1914.001463][ T4530] ? __fdget_pos+0x2ae/0x360 [ 1914.006238][ T4530] ? ksys_read+0x71/0x250 [ 1914.010678][ T4530] ksys_read+0x14c/0x250 [ 1914.015034][ T4530] ? vfs_write+0xa30/0xa30 [ 1914.019573][ T4530] ? lockdep_hardirqs_on+0x94/0x140 [ 1914.024883][ T4530] do_syscall_64+0x4c/0xa0 [ 1914.029399][ T4530] ? clear_bhb_loop+0x60/0xb0 [ 1914.034176][ T4530] ? clear_bhb_loop+0x60/0xb0 [ 1914.038972][ T4530] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1914.044995][ T4530] RIP: 0033:0x7f6f9d75d68e [ 1914.049536][ T4530] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1914.069245][ T4530] RSP: 002b:00007f6f9e617fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1914.077761][ T4530] RAX: ffffffffffffffda RBX: 00007f6f9e6186c0 RCX: 00007f6f9d75d68e [ 1914.085825][ T4530] RDX: 000000000000000f RSI: 00007f6f9e6180a0 RDI: 0000000000000005 [ 1914.093883][ T4530] RBP: 00007f6f9e618090 R08: 0000000000000000 R09: 0000000000000000 [ 1914.101945][ T4530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1914.110008][ T4530] R13: 00007f6f9da16128 R14: 00007f6f9da16090 R15: 00007ffdf21ec258 [ 1914.118142][ T4530] [ 1914.208921][T20486] wlan1: Trigger new scan to find an IBSS to join [ 1914.329382][ T4535] netlink: 'syz.5.10670': attribute type 46 has an invalid length. [ 1914.446680][ T4540] netlink: 'syz.0.10668': attribute type 21 has an invalid length. [ 1914.489145][ T4540] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10668'. [ 1914.598734][ T4547] netlink: 'syz.2.10672': attribute type 13 has an invalid length. [ 1914.640924][ T4547] netlink: 152 bytes leftover after parsing attributes in process `syz.2.10672'. [ 1914.676604][ T4547] erspan0: refused to change device tx_queue_len [ 1914.711761][ T4547] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1914.877491][ T4554] netlink: 'syz.0.10675': attribute type 7 has an invalid length. [ 1914.930985][ T4554] netlink: 'syz.0.10675': attribute type 6 has an invalid length. [ 1915.131914][ T4558] netlink: 'syz.5.10678': attribute type 4 has an invalid length. [ 1916.010233][ T4584] netlink: 'syz.2.10685': attribute type 21 has an invalid length. [ 1916.029324][ T4584] netlink: 156 bytes leftover after parsing attributes in process `syz.2.10685'. [ 1917.239915][T19607] wlan1: Trigger new scan to find an IBSS to join [ 1917.290536][ T4610] netlink: 'syz.4.10696': attribute type 4 has an invalid length. [ 1918.112839][ T4626] netlink: 'syz.5.10700': attribute type 21 has an invalid length. [ 1918.152148][ T4626] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10700'. [ 1918.894540][ T4650] netlink: 'syz.5.10707': attribute type 10 has an invalid length. [ 1918.924099][ T4650] netlink: 2 bytes leftover after parsing attributes in process `syz.5.10707'. [ 1918.946016][ T4650] device bond0 entered promiscuous mode [ 1918.970664][ T4650] device bond_slave_0 entered promiscuous mode [ 1919.219934][ T4654] netlink: 'syz.3.10708': attribute type 3 has an invalid length. [ 1919.234702][ T4654] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.10708'. [ 1919.454634][ T4656] netlink: 'syz.0.10709': attribute type 4 has an invalid length. [ 1919.534864][ T4656] netlink: 152 bytes leftover after parsing attributes in process `syz.0.10709'. [ 1919.553969][ T4661] netlink: 'syz.4.10712': attribute type 29 has an invalid length. [ 1919.567835][ T4661] netlink: 'syz.4.10712': attribute type 29 has an invalid length. [ 1919.590639][ T4661] netlink: 'syz.4.10712': attribute type 29 has an invalid length. [ 1919.630577][ T4661] netlink: 'syz.4.10712': attribute type 29 has an invalid length. [ 1920.043216][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1920.049736][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1920.070103][ T4672] netlink: 'syz.2.10710': attribute type 4 has an invalid length. [ 1920.209638][ T62] wlan1: Creating new IBSS network, BSSID a2:6b:49:e8:95:70 [ 1922.225845][ T4685] device 0 entered promiscuous mode [ 1922.248218][ T4694] mac80211_hwsim hwsim267 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1922.772641][ T4708] validate_nla: 1 callbacks suppressed [ 1922.772683][ T4708] netlink: 'syz.5.10722': attribute type 10 has an invalid length. [ 1922.813314][ T4708] netlink: 40 bytes leftover after parsing attributes in process `syz.5.10722'. [ 1925.278021][ T4714] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10723'. [ 1925.504641][T20480] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1926.071315][ T4722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10727'. [ 1926.217790][T20486] wlan1: Trigger new scan to find an IBSS to join [ 1926.762532][ T4728] netlink: 'syz.3.10730': attribute type 4 has an invalid length. [ 1927.219324][ T4742] netlink: 'syz.3.10733': attribute type 10 has an invalid length. [ 1927.397176][ T4742] device virt_wifi0 entered promiscuous mode [ 1927.423432][ T4742] team0: Port device virt_wifi0 added [ 1927.455175][ T4748] netlink: 'syz.5.10737': attribute type 21 has an invalid length. [ 1927.521281][ T4748] netlink: 156 bytes leftover after parsing attributes in process `syz.5.10737'. [ 1927.639752][ T4755] netlink: 'syz.2.10739': attribute type 10 has an invalid length. [ 1927.671407][ T4755] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10739'. [ 1927.704414][ T4755] device dummy0 entered promiscuous mode [ 1927.725690][ T4755] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 1928.046692][ T4762] netlink: 126612 bytes leftover after parsing attributes in process `syz.4.10744'. [ 1928.095011][ T4762] netlink: 17 bytes leftover after parsing attributes in process `syz.4.10744'. [ 1928.619924][ T4775] netlink: 'syz.3.10747': attribute type 10 has an invalid length. [ 1928.651566][ T4775] bridge0: port 4(team0) entered disabled state [ 1928.659460][ T4775] bridge0: port 3(dummy0) entered disabled state [ 1928.666742][ T4775] bridge0: port 2(bridge_slave_1) entered disabled state [ 1928.674994][ T4775] bridge0: port 1(bridge_slave_0) entered disabled state [ 1928.822393][ T4775] team0: Device bridge0 is already an upper device of the team interface [ 1929.073537][ T4785] netlink: 'syz.2.10751': attribute type 1 has an invalid length. [ 1929.086970][ T4785] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.10751'. [ 1929.201062][ T4789] mac80211_hwsim hwsim277 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1929.243191][ T4785] netlink: 'syz.2.10751': attribute type 10 has an invalid length. [ 1931.238576][T20472] wlan1: Trigger new scan to find an IBSS to join [ 1931.881318][ T4842] mac80211_hwsim hwsim267 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1932.461809][ T4852] netlink: 'syz.0.10771': attribute type 10 has an invalid length. [ 1932.525389][ T4852] netlink: 40 bytes leftover after parsing attributes in process `syz.0.10771'. [ 1932.546009][ T4852] device dummy0 entered promiscuous mode [ 1932.563759][ T4852] bridge0: port 3(dummy0) entered blocking state [ 1932.598727][ T4852] bridge0: port 3(dummy0) entered disabled state [ 1932.738070][ T4857] netlink: 'syz.4.10774': attribute type 10 has an invalid length. [ 1932.762690][ T4857] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10774'. [ 1933.007508][ T4869] netlink: 'syz.3.10775': attribute type 10 has an invalid length. [ 1933.047005][ T4869] netlink: 2 bytes leftover after parsing attributes in process `syz.3.10775'. [ 1933.219662][ T4879] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10779'. [ 1933.276435][ T4879] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1933.393608][ T4878] netlink: 'syz.5.10776': attribute type 10 has an invalid length. [ 1933.498459][ T4878] netlink: 140 bytes leftover after parsing attributes in process `syz.5.10776'. [ 1933.560314][ T4878] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1934.819483][ T4901] netlink: 'syz.0.10786': attribute type 41 has an invalid length. [ 1935.064392][ T4906] netlink: 'syz.4.10788': attribute type 10 has an invalid length. [ 1935.096061][ T4906] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10788'. [ 1935.128693][ T4906] device dummy0 entered promiscuous mode [ 1935.171920][ T4906] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 1935.767025][ T4918] sock: sock_timestamping_bind_phc: sock not bind to device [ 1938.256088][ T4968] netlink: 152 bytes leftover after parsing attributes in process `syz.4.10810'. [ 1938.298720][ T4968] tc_dump_action: action bad kind [ 1938.766412][ T4972] netlink: 60 bytes leftover after parsing attributes in process `syz.0.10808'. [ 1938.946858][ T4993] netlink: 'syz.5.10817': attribute type 21 has an invalid length. [ 1940.635443][ T5023] netlink: 'syz.3.10826': attribute type 46 has an invalid length. [ 1940.861539][ T5024] netlink: 152 bytes leftover after parsing attributes in process `syz.5.10824'. [ 1940.934732][ T5024] tc_dump_action: action bad kind [ 1941.075009][ T5031] netlink: 'syz.4.10828': attribute type 12 has an invalid length. [ 1941.114685][ T5031] netlink: 132 bytes leftover after parsing attributes in process `syz.4.10828'. [ 1941.189113][ T5032] netlink: 'syz.3.10829': attribute type 13 has an invalid length. [ 1941.214309][ T5032] netlink: 152 bytes leftover after parsing attributes in process `syz.3.10829'. [ 1941.253826][ T5032] syz_tun: refused to change device tx_queue_len [ 1941.285728][ T5032] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 1942.662152][ T5063] netlink: 'syz.3.10839': attribute type 11 has an invalid length. [ 1942.729375][ T5069] FAULT_INJECTION: forcing a failure. [ 1942.729375][ T5069] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1942.823170][ T5069] CPU: 1 PID: 5069 Comm: syz.2.10840 Not tainted syzkaller #0 [ 1942.830734][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1942.840851][ T5069] Call Trace: [ 1942.844184][ T5069] [ 1942.847161][ T5069] dump_stack_lvl+0x188/0x24e [ 1942.851957][ T5069] ? show_regs_print_info+0x12/0x12 [ 1942.857235][ T5069] ? load_image+0x400/0x400 [ 1942.861814][ T5069] ? __lock_acquire+0x7d10/0x7d10 [ 1942.866909][ T5069] ? perf_trace_lock+0xf8/0x390 [ 1942.871840][ T5069] should_fail_ex+0x399/0x4d0 [ 1942.876581][ T5069] prepare_alloc_pages+0x1e2/0x5f0 [ 1942.881811][ T5069] __alloc_pages+0x130/0x4f0 [ 1942.886481][ T5069] ? kasan_populate_vmalloc_pte+0xa4/0xf0 [ 1942.892287][ T5069] ? zone_statistics+0x170/0x170 [ 1942.897304][ T5069] ? __rwlock_init+0x140/0x140 [ 1942.902132][ T5069] ? do_raw_spin_unlock+0x11d/0x230 [ 1942.907397][ T5069] __get_free_pages+0x8/0x30 [ 1942.912063][ T5069] kasan_populate_vmalloc_pte+0x31/0xf0 [ 1942.917670][ T5069] ? __apply_to_page_range+0x977/0xd10 [ 1942.923196][ T5069] __apply_to_page_range+0x989/0xd10 [ 1942.928563][ T5069] ? kasan_populate_vmalloc+0x70/0x70 [ 1942.934007][ T5069] alloc_vmap_area+0x178f/0x18c0 [ 1942.939004][ T5069] ? vm_map_ram+0xab0/0xab0 [ 1942.943549][ T5069] ? rcu_is_watching+0x11/0xa0 [ 1942.948359][ T5069] __get_vm_area_node+0x158/0x330 [ 1942.953451][ T5069] __vmalloc_node_range+0x357/0x13b0 [ 1942.958779][ T5069] ? prealloc_init+0x136/0x860 [ 1942.963691][ T5069] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1942.969729][ T5069] ? free_vm_area+0x50/0x50 [ 1942.974282][ T5069] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 1942.980219][ T5069] ? lockdep_hardirqs_on+0x94/0x140 [ 1942.985464][ T5069] bpf_map_area_alloc+0xd4/0xe0 [ 1942.990364][ T5069] ? prealloc_init+0x136/0x860 [ 1942.995175][ T5069] prealloc_init+0x136/0x860 [ 1942.999808][ T5069] ? __percpu_counter_init+0x21e/0x290 [ 1943.005306][ T5069] htab_map_alloc+0xc7c/0x1110 [ 1943.010134][ T5069] map_create+0x534/0x1000 [ 1943.014589][ T5069] ? bpf_lsm_bpf+0x5/0x10 [ 1943.018989][ T5069] __sys_bpf+0x38b/0x780 [ 1943.023279][ T5069] ? bpf_link_show_fdinfo+0x380/0x380 [ 1943.028733][ T5069] ? lock_chain_count+0x20/0x20 [ 1943.033638][ T5069] __x64_sys_bpf+0x78/0x90 [ 1943.038103][ T5069] do_syscall_64+0x4c/0xa0 [ 1943.042561][ T5069] ? clear_bhb_loop+0x60/0xb0 [ 1943.047290][ T5069] ? clear_bhb_loop+0x60/0xb0 [ 1943.052037][ T5069] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1943.057983][ T5069] RIP: 0033:0x7f11ef19ce59 [ 1943.062476][ T5069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1943.082128][ T5069] RSP: 002b:00007f11efff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1943.090586][ T5069] RAX: ffffffffffffffda RBX: 00007f11ef415fa0 RCX: 00007f11ef19ce59 [ 1943.098707][ T5069] RDX: 0000000000000050 RSI: 0000200000000100 RDI: 0000000000000000 [ 1943.106740][ T5069] RBP: 00007f11efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1943.114775][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1943.122782][ T5069] R13: 00007f11ef416038 R14: 00007f11ef415fa0 R15: 00007fff942642c8 [ 1943.130813][ T5069] [ 1943.450020][ T5077] netlink: 152 bytes leftover after parsing attributes in process `syz.3.10842'. [ 1943.498486][ T5077] tc_dump_action: action bad kind [ 1943.959502][ T5089] netlink: 14 bytes leftover after parsing attributes in process `syz.3.10846'. [ 1943.998511][ T5089] openvswitch: netlink: Flow key attr not present in new flow. [ 1944.557008][ T5095] netlink: 'syz.0.10847': attribute type 21 has an invalid length. [ 1944.685113][ T5095] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10847'. [ 1945.524670][ T5120] netlink: 'syz.3.10857': attribute type 19 has an invalid length. [ 1945.594364][ T5120] netlink: 172 bytes leftover after parsing attributes in process `syz.3.10857'. [ 1946.057403][ T5129] netlink: 'syz.2.10861': attribute type 1 has an invalid length. [ 1946.103978][ T5129] netlink: 'syz.2.10861': attribute type 1 has an invalid length. [ 1946.149760][ T5129] netlink: 116376 bytes leftover after parsing attributes in process `syz.2.10861'. [ 1946.441297][ T5133] tap0: tun_chr_ioctl cmd 1074812118 [ 1946.564094][ T5139] netlink: 'syz.3.10867': attribute type 21 has an invalid length. [ 1946.582613][ T5139] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10867'. [ 1947.353243][ T5148] netlink: 60 bytes leftover after parsing attributes in process `syz.4.10869'. [ 1949.019996][ T5179] netlink: 'syz.4.10878': attribute type 21 has an invalid length. [ 1949.046952][ T5179] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10878'. [ 1951.242055][ T5215] FAULT_INJECTION: forcing a failure. [ 1951.242055][ T5215] name failslab, interval 1, probability 0, space 0, times 0 [ 1951.348961][ T5215] CPU: 0 PID: 5215 Comm: syz.3.10891 Not tainted syzkaller #0 [ 1951.356524][ T5215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1951.366639][ T5215] Call Trace: [ 1951.369965][ T5215] [ 1951.372944][ T5215] dump_stack_lvl+0x188/0x24e [ 1951.377695][ T5215] ? show_regs_print_info+0x12/0x12 [ 1951.383018][ T5215] ? load_image+0x400/0x400 [ 1951.387594][ T5215] ? __lock_acquire+0x7d10/0x7d10 [ 1951.392704][ T5215] should_fail_ex+0x399/0x4d0 [ 1951.397463][ T5215] should_failslab+0x5/0x20 [ 1951.402027][ T5215] slab_pre_alloc_hook+0x59/0x310 [ 1951.407125][ T5215] kmem_cache_alloc_lru+0x49/0x2e0 [ 1951.412302][ T5215] ? __d_alloc+0x31/0x700 [ 1951.416707][ T5215] __d_alloc+0x31/0x700 [ 1951.420914][ T5215] d_alloc_pseudo+0x19/0x70 [ 1951.425473][ T5215] alloc_file_pseudo+0xe0/0x200 [ 1951.430390][ T5215] ? alloc_empty_file_noaccount+0x80/0x80 [ 1951.436218][ T5215] ? _raw_spin_unlock+0x24/0x40 [ 1951.441183][ T5215] ? alloc_fd+0x58f/0x630 [ 1951.445576][ T5215] anon_inode_getfd+0xc6/0x1c0 [ 1951.450526][ T5215] map_create+0xbe8/0x1000 [ 1951.455035][ T5215] __sys_bpf+0x38b/0x780 [ 1951.459347][ T5215] ? bpf_link_show_fdinfo+0x380/0x380 [ 1951.464791][ T5215] ? lock_chain_count+0x20/0x20 [ 1951.469685][ T5215] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1951.475731][ T5215] __x64_sys_bpf+0x78/0x90 [ 1951.480208][ T5215] do_syscall_64+0x4c/0xa0 [ 1951.484682][ T5215] ? clear_bhb_loop+0x60/0xb0 [ 1951.489416][ T5215] ? clear_bhb_loop+0x60/0xb0 [ 1951.494149][ T5215] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1951.500085][ T5215] RIP: 0033:0x7f6f9d79ce59 [ 1951.504545][ T5215] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1951.524213][ T5215] RSP: 002b:00007f6f9e639028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1951.532673][ T5215] RAX: ffffffffffffffda RBX: 00007f6f9da15fa0 RCX: 00007f6f9d79ce59 [ 1951.540695][ T5215] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 0000000000000000 [ 1951.548720][ T5215] RBP: 00007f6f9e639090 R08: 0000000000000000 R09: 0000000000000000 [ 1951.556734][ T5215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1951.564805][ T5215] R13: 00007f6f9da16038 R14: 00007f6f9da15fa0 R15: 00007ffdf21ec258 [ 1951.572843][ T5215] [ 1954.313853][ T5250] netlink: 'syz.4.10904': attribute type 11 has an invalid length. [ 1954.823082][ T5253] netlink: 'syz.5.10903': attribute type 21 has an invalid length. [ 1955.306761][ T5264] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.10906'. [ 1958.160537][ T5279] FAULT_INJECTION: forcing a failure. [ 1958.160537][ T5279] name failslab, interval 1, probability 0, space 0, times 0 [ 1958.264395][ T5279] CPU: 1 PID: 5279 Comm: syz.0.10912 Not tainted syzkaller #0 [ 1958.271953][ T5279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1958.282063][ T5279] Call Trace: [ 1958.285383][ T5279] [ 1958.288355][ T5279] dump_stack_lvl+0x188/0x24e [ 1958.293094][ T5279] ? show_regs_print_info+0x12/0x12 [ 1958.298350][ T5279] ? load_image+0x400/0x400 [ 1958.302971][ T5279] ? verify_lock_unused+0x140/0x140 [ 1958.308245][ T5279] ? perf_trace_lock+0xf8/0x390 [ 1958.313190][ T5279] should_fail_ex+0x399/0x4d0 [ 1958.317944][ T5279] should_failslab+0x5/0x20 [ 1958.322501][ T5279] slab_pre_alloc_hook+0x59/0x310 [ 1958.327609][ T5279] kmem_cache_alloc+0x56/0x2f0 [ 1958.332442][ T5279] ? skb_clone+0x1e7/0x370 [ 1958.336926][ T5279] skb_clone+0x1e7/0x370 [ 1958.341240][ T5279] __netlink_deliver_tap+0x3ed/0x800 [ 1958.346609][ T5279] ? netlink_deliver_tap+0x2e/0x1b0 [ 1958.351886][ T5279] netlink_deliver_tap+0x19c/0x1b0 [ 1958.357162][ T5279] netlink_sendskb+0x64/0x130 [ 1958.362014][ T5279] tipc_nl_compat_recv+0x8fc/0xaf0 [ 1958.367227][ T5279] ? ct_nmi_exit+0x145/0x1c0 [ 1958.371903][ T5279] ? tipc_netlink_compat_stop+0x20/0x20 [ 1958.377508][ T5279] ? __mutex_trylock_common+0x155/0x260 [ 1958.383126][ T5279] ? rcu_is_watching+0x11/0xa0 [ 1958.387955][ T5279] ? trace_contention_end+0x5f/0x170 [ 1958.393300][ T5279] genl_family_rcv_msg_doit+0x22a/0x330 [ 1958.398897][ T5279] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 1958.404869][ T5279] ? memset+0x1e/0x40 [ 1958.408914][ T5279] ? genl_get_cmd+0x55f/0x8b0 [ 1958.413641][ T5279] genl_rcv_msg+0x604/0x790 [ 1958.418208][ T5279] ? genl_bind+0x360/0x360 [ 1958.422680][ T5279] ? tipc_netlink_compat_stop+0x20/0x20 [ 1958.428286][ T5279] netlink_rcv_skb+0x1fb/0x450 [ 1958.433088][ T5279] ? genl_bind+0x360/0x360 [ 1958.437566][ T5279] ? netlink_ack+0x1170/0x1170 [ 1958.442397][ T5279] ? down_read+0x1a8/0x2d0 [ 1958.446862][ T5279] genl_rcv+0x24/0x40 [ 1958.450925][ T5279] netlink_unicast+0x74d/0x8d0 [ 1958.455767][ T5279] netlink_sendmsg+0x8ad/0xbd0 [ 1958.460584][ T5279] ? netlink_getsockopt+0x550/0x550 [ 1958.465817][ T5279] ? aa_sock_msg_perm+0x94/0x150 [ 1958.470788][ T5279] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1958.476176][ T5279] ? security_socket_sendmsg+0x7c/0xa0 [ 1958.481690][ T5279] ? netlink_getsockopt+0x550/0x550 [ 1958.486927][ T5279] ____sys_sendmsg+0x5be/0x970 [ 1958.491744][ T5279] ? __sys_sendmsg_sock+0x30/0x30 [ 1958.496802][ T5279] ? __import_iovec+0x315/0x500 [ 1958.501702][ T5279] ? import_iovec+0x6f/0xa0 [ 1958.506237][ T5279] ___sys_sendmsg+0x2a2/0x360 [ 1958.510968][ T5279] ? __sys_sendmsg+0x290/0x290 [ 1958.515786][ T5279] ? __lock_acquire+0x7d10/0x7d10 [ 1958.520880][ T5279] __se_sys_sendmsg+0x1bb/0x2a0 [ 1958.525769][ T5279] ? __x64_sys_sendmsg+0x80/0x80 [ 1958.530776][ T5279] ? lockdep_hardirqs_on+0x94/0x140 [ 1958.536057][ T5279] do_syscall_64+0x4c/0xa0 [ 1958.540555][ T5279] ? clear_bhb_loop+0x60/0xb0 [ 1958.545297][ T5279] ? clear_bhb_loop+0x60/0xb0 [ 1958.550083][ T5279] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1958.556036][ T5279] RIP: 0033:0x7f03c759ce59 [ 1958.560502][ T5279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1958.580161][ T5279] RSP: 002b:00007f03c83ff028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1958.588630][ T5279] RAX: ffffffffffffffda RBX: 00007f03c7815fa0 RCX: 00007f03c759ce59 [ 1958.596675][ T5279] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1958.604776][ T5279] RBP: 00007f03c83ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1958.612788][ T5279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1958.620793][ T5279] R13: 00007f03c7816038 R14: 00007f03c7815fa0 R15: 00007ffffb1fdef8 [ 1958.628811][ T5279] [ 1960.008153][ T5299] netlink: 'syz.3.10918': attribute type 11 has an invalid length. [ 1960.380288][ T5304] FAULT_INJECTION: forcing a failure. [ 1960.380288][ T5304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1960.419535][ T5304] CPU: 1 PID: 5304 Comm: syz.2.10930 Not tainted syzkaller #0 [ 1960.427098][ T5304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1960.437302][ T5304] Call Trace: [ 1960.440638][ T5304] [ 1960.443622][ T5304] dump_stack_lvl+0x188/0x24e [ 1960.448365][ T5304] ? show_regs_print_info+0x12/0x12 [ 1960.453662][ T5304] ? load_image+0x400/0x400 [ 1960.458236][ T5304] ? __lock_acquire+0x7d10/0x7d10 [ 1960.463337][ T5304] should_fail_ex+0x399/0x4d0 [ 1960.468076][ T5304] _copy_from_user+0x2c/0x170 [ 1960.472819][ T5304] __sys_bpf+0x2ea/0x780 [ 1960.477139][ T5304] ? bpf_link_show_fdinfo+0x380/0x380 [ 1960.482591][ T5304] ? lock_chain_count+0x20/0x20 [ 1960.487518][ T5304] __x64_sys_bpf+0x78/0x90 [ 1960.492000][ T5304] do_syscall_64+0x4c/0xa0 [ 1960.496466][ T5304] ? clear_bhb_loop+0x60/0xb0 [ 1960.501255][ T5304] ? clear_bhb_loop+0x60/0xb0 [ 1960.505995][ T5304] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1960.511997][ T5304] RIP: 0033:0x7f11ef19ce59 [ 1960.516467][ T5304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1960.536134][ T5304] RSP: 002b:00007f11efff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1960.544608][ T5304] RAX: ffffffffffffffda RBX: 00007f11ef415fa0 RCX: 00007f11ef19ce59 [ 1960.552630][ T5304] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a [ 1960.560663][ T5304] RBP: 00007f11efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1960.568692][ T5304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1960.576716][ T5304] R13: 00007f11ef416038 R14: 00007f11ef415fa0 R15: 00007fff942642c8 [ 1960.584753][ T5304] [ 1960.696137][ T5306] netlink: 'syz.0.10922': attribute type 39 has an invalid length. [ 1960.961795][ T5309] netlink: 'syz.4.10920': attribute type 21 has an invalid length. [ 1960.999744][ T5309] netlink: 156 bytes leftover after parsing attributes in process `syz.4.10920'. [ 1961.891696][ T5339] netlink: 'syz.3.10929': attribute type 21 has an invalid length. [ 1961.938772][ T5339] netlink: 156 bytes leftover after parsing attributes in process `syz.3.10929'. [ 1962.879654][ T5354] netlink: 'syz.0.10935': attribute type 11 has an invalid length. [ 1965.432369][ T5360] netlink: 'syz.5.10936': attribute type 2 has an invalid length. [ 1965.504692][ T5360] netlink: 'syz.5.10936': attribute type 3 has an invalid length. [ 1965.606830][ T5360] netlink: 132 bytes leftover after parsing attributes in process `syz.5.10936'. [ 1966.084939][ T5371] netlink: 'syz.0.10938': attribute type 21 has an invalid length. [ 1966.098825][ T5371] netlink: 156 bytes leftover after parsing attributes in process `syz.0.10938'. [ 1967.049287][ T5377] device syzkaller0 entered promiscuous mode [ 1968.476302][ T5410] netlink: 'syz.3.10952': attribute type 46 has an invalid length. [ 1968.670086][ T5418] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.10956'. [ 1968.734021][ T5418] sysfs: cannot create duplicate filename '/class/ieee80211/!!!' [ 1968.804841][ T5418] CPU: 1 PID: 5418 Comm: syz.4.10956 Not tainted syzkaller #0 [ 1968.812446][ T5418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1968.822597][ T5418] Call Trace: [ 1968.825981][ T5418] [ 1968.828992][ T5418] dump_stack_lvl+0x188/0x24e [ 1968.833779][ T5418] ? show_regs_print_info+0x12/0x12 [ 1968.839110][ T5418] ? load_image+0x400/0x400 [ 1968.843850][ T5418] sysfs_warn_dup+0x8a/0xa0 [ 1968.848485][ T5418] sysfs_do_create_link_sd+0xc0/0x110 [ 1968.854008][ T5418] device_add+0x7f6/0x1000 [ 1968.858678][ T5418] wiphy_register+0x1d9f/0x2ac0 [ 1968.863783][ T5418] ? cfg80211_event_work+0x40/0x40 [ 1968.869013][ T5418] ? minstrel_ht_alloc+0x894/0xa20 [ 1968.874305][ T5418] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 1968.880545][ T5418] ieee80211_register_hw+0x2d00/0x39f0 [ 1968.886213][ T5418] ? ieee80211_register_hw+0xec1/0x39f0 [ 1968.891868][ T5418] ? ieee80211_register_hw+0xec1/0x39f0 [ 1968.897588][ T5418] ? ieee80211_tasklet_handler+0x20/0x20 [ 1968.903431][ T5418] ? memset+0x1e/0x40 [ 1968.907546][ T5418] ? __hrtimer_init+0x186/0x270 [ 1968.912563][ T5418] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 1968.918563][ T5418] hwsim_new_radio_nl+0xafa/0xce0 [ 1968.923824][ T5418] genl_family_rcv_msg_doit+0x22a/0x330 [ 1968.929504][ T5418] ? end_current_label_crit_section+0x170/0x170 [ 1968.935903][ T5418] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 1968.942126][ T5418] ? bpf_lsm_capable+0x5/0x10 [ 1968.946927][ T5418] ? security_capable+0x85/0xb0 [ 1968.951970][ T5418] genl_rcv_msg+0x604/0x790 [ 1968.956675][ T5418] ? genl_bind+0x360/0x360 [ 1968.961221][ T5418] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 1968.968015][ T5418] netlink_rcv_skb+0x1fb/0x450 [ 1968.972925][ T5418] ? genl_bind+0x360/0x360 [ 1968.977500][ T5418] ? netlink_ack+0x1170/0x1170 [ 1968.982478][ T5418] ? down_read+0x1a8/0x2d0 [ 1968.987036][ T5418] genl_rcv+0x24/0x40 [ 1968.991153][ T5418] netlink_unicast+0x74d/0x8d0 [ 1968.996131][ T5418] netlink_sendmsg+0x8ad/0xbd0 [ 1969.001089][ T5418] ? netlink_getsockopt+0x550/0x550 [ 1969.006452][ T5418] ? aa_sock_msg_perm+0x94/0x150 [ 1969.011550][ T5418] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1969.016962][ T5418] ? security_socket_sendmsg+0x7c/0xa0 [ 1969.022558][ T5418] ? netlink_getsockopt+0x550/0x550 [ 1969.027884][ T5418] ____sys_sendmsg+0x5be/0x970 [ 1969.032855][ T5418] ? __sys_sendmsg_sock+0x30/0x30 [ 1969.037999][ T5418] ? __import_iovec+0x315/0x500 [ 1969.043134][ T5418] ? import_iovec+0x6f/0xa0 [ 1969.047812][ T5418] ___sys_sendmsg+0x2a2/0x360 [ 1969.052626][ T5418] ? try_to_wake_up+0x67c/0x1080 [ 1969.057739][ T5418] ? __sys_sendmsg+0x290/0x290 [ 1969.063021][ T5418] __se_sys_sendmsg+0x1bb/0x2a0 [ 1969.068040][ T5418] ? __x64_sys_sendmsg+0x80/0x80 [ 1969.073232][ T5418] ? lockdep_hardirqs_on+0x94/0x140 [ 1969.078596][ T5418] do_syscall_64+0x4c/0xa0 [ 1969.083130][ T5418] ? clear_bhb_loop+0x60/0xb0 [ 1969.087925][ T5418] ? clear_bhb_loop+0x60/0xb0 [ 1969.092754][ T5418] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1969.098781][ T5418] RIP: 0033:0x7f049ad9ce59 [ 1969.103319][ T5418] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1969.123044][ T5418] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1969.131610][ T5418] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1969.139714][ T5418] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1969.147809][ T5418] RBP: 00007f049ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1969.155944][ T5418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1969.164037][ T5418] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1969.172254][ T5418] [ 1969.265948][ T5416] netlink: 'syz.0.10954': attribute type 46 has an invalid length. [ 1969.875521][ T5434] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.10960'. [ 1969.983758][ T5434] sysfs: cannot create duplicate filename '/class/ieee80211/!!!' [ 1970.072300][ T5434] CPU: 0 PID: 5434 Comm: syz.4.10960 Not tainted syzkaller #0 [ 1970.079890][ T5434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1970.090046][ T5434] Call Trace: [ 1970.093407][ T5434] [ 1970.096408][ T5434] dump_stack_lvl+0x188/0x24e [ 1970.101188][ T5434] ? show_regs_print_info+0x12/0x12 [ 1970.106470][ T5434] ? load_image+0x400/0x400 [ 1970.111136][ T5434] sysfs_warn_dup+0x8a/0xa0 [ 1970.115741][ T5434] sysfs_do_create_link_sd+0xc0/0x110 [ 1970.121211][ T5434] device_add+0x7f6/0x1000 [ 1970.125736][ T5434] wiphy_register+0x1d9f/0x2ac0 [ 1970.130720][ T5434] ? cfg80211_event_work+0x40/0x40 [ 1970.135921][ T5434] ? minstrel_ht_alloc+0x894/0xa20 [ 1970.141123][ T5434] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 1970.147270][ T5434] ieee80211_register_hw+0x2d00/0x39f0 [ 1970.152826][ T5434] ? ieee80211_register_hw+0xec1/0x39f0 [ 1970.158434][ T5434] ? ieee80211_register_hw+0xec1/0x39f0 [ 1970.164081][ T5434] ? ieee80211_tasklet_handler+0x20/0x20 [ 1970.169808][ T5434] ? memset+0x1e/0x40 [ 1970.173850][ T5434] ? __hrtimer_init+0x186/0x270 [ 1970.178792][ T5434] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 1970.184634][ T5434] hwsim_new_radio_nl+0xafa/0xce0 [ 1970.189763][ T5434] genl_family_rcv_msg_doit+0x22a/0x330 [ 1970.195376][ T5434] ? end_current_label_crit_section+0x170/0x170 [ 1970.201720][ T5434] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 1970.207735][ T5434] ? bpf_lsm_capable+0x5/0x10 [ 1970.212478][ T5434] ? security_capable+0x85/0xb0 [ 1970.217415][ T5434] genl_rcv_msg+0x604/0x790 [ 1970.222009][ T5434] ? genl_bind+0x360/0x360 [ 1970.226569][ T5434] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 1970.233008][ T5434] netlink_rcv_skb+0x1fb/0x450 [ 1970.237836][ T5434] ? genl_bind+0x360/0x360 [ 1970.242436][ T5434] ? netlink_ack+0x1170/0x1170 [ 1970.247314][ T5434] ? down_read+0x1a8/0x2d0 [ 1970.251797][ T5434] genl_rcv+0x24/0x40 [ 1970.255842][ T5434] netlink_unicast+0x74d/0x8d0 [ 1970.260702][ T5434] netlink_sendmsg+0x8ad/0xbd0 [ 1970.265553][ T5434] ? netlink_getsockopt+0x550/0x550 [ 1970.270813][ T5434] ? aa_sock_msg_perm+0x94/0x150 [ 1970.275817][ T5434] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1970.281158][ T5434] ? security_socket_sendmsg+0x7c/0xa0 [ 1970.286676][ T5434] ? netlink_getsockopt+0x550/0x550 [ 1970.291936][ T5434] ____sys_sendmsg+0x5be/0x970 [ 1970.296787][ T5434] ? __sys_sendmsg_sock+0x30/0x30 [ 1970.301859][ T5434] ? __import_iovec+0x315/0x500 [ 1970.306824][ T5434] ? import_iovec+0x6f/0xa0 [ 1970.311394][ T5434] ___sys_sendmsg+0x2a2/0x360 [ 1970.316128][ T5434] ? try_to_wake_up+0x6ae/0x1080 [ 1970.321151][ T5434] ? __sys_sendmsg+0x290/0x290 [ 1970.326111][ T5434] __se_sys_sendmsg+0x1bb/0x2a0 [ 1970.331051][ T5434] ? __x64_sys_sendmsg+0x80/0x80 [ 1970.336120][ T5434] ? lockdep_hardirqs_on+0x94/0x140 [ 1970.341417][ T5434] do_syscall_64+0x4c/0xa0 [ 1970.345892][ T5434] ? clear_bhb_loop+0x60/0xb0 [ 1970.350669][ T5434] ? clear_bhb_loop+0x60/0xb0 [ 1970.355411][ T5434] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1970.361362][ T5434] RIP: 0033:0x7f049ad9ce59 [ 1970.365836][ T5434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1970.385509][ T5434] RSP: 002b:00007f049bb78028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1970.393988][ T5434] RAX: ffffffffffffffda RBX: 00007f049b016090 RCX: 00007f049ad9ce59 [ 1970.402016][ T5434] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 1970.410041][ T5434] RBP: 00007f049ae32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1970.418064][ T5434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1970.426092][ T5434] R13: 00007f049b016128 R14: 00007f049b016090 R15: 00007ffed8a8f348 [ 1970.434173][ T5434] [ 1971.240832][ T5454] netlink: 'syz.2.10964': attribute type 3 has an invalid length. [ 1971.276715][ T5454] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.10964'. [ 1972.001358][ T5463] netlink: 'syz.5.10968': attribute type 46 has an invalid length. [ 1973.029894][ T5467] netlink: 'syz.2.10969': attribute type 2 has an invalid length. [ 1973.037976][ T5467] netlink: 'syz.2.10969': attribute type 3 has an invalid length. [ 1973.085932][ T5467] netlink: 132 bytes leftover after parsing attributes in process `syz.2.10969'. [ 1974.550526][ T5479] netlink: 'syz.4.10972': attribute type 10 has an invalid length. [ 1974.585642][ T5481] netlink: 122896 bytes leftover after parsing attributes in process `syz.5.10971'. [ 1974.660599][ T5481] debugfs: Directory '!!!' with parent 'ieee80211' already present! [ 1975.244291][ T5491] FAULT_INJECTION: forcing a failure. [ 1975.244291][ T5491] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1975.449008][ T5491] CPU: 0 PID: 5491 Comm: syz.2.10976 Not tainted syzkaller #0 [ 1975.456626][ T5491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1975.466766][ T5491] Call Trace: [ 1975.470117][ T5491] [ 1975.473118][ T5491] dump_stack_lvl+0x188/0x24e [ 1975.477893][ T5491] ? show_regs_print_info+0x12/0x12 [ 1975.483326][ T5491] ? load_image+0x400/0x400 [ 1975.487905][ T5491] ? __lock_acquire+0x7d10/0x7d10 [ 1975.493009][ T5491] should_fail_ex+0x399/0x4d0 [ 1975.497766][ T5491] _copy_from_user+0x2c/0x170 [ 1975.502510][ T5491] __sys_bpf+0x2ea/0x780 [ 1975.506824][ T5491] ? bpf_link_show_fdinfo+0x380/0x380 [ 1975.512279][ T5491] ? lock_chain_count+0x20/0x20 [ 1975.517227][ T5491] __x64_sys_bpf+0x78/0x90 [ 1975.521722][ T5491] do_syscall_64+0x4c/0xa0 [ 1975.526198][ T5491] ? clear_bhb_loop+0x60/0xb0 [ 1975.531377][ T5491] ? clear_bhb_loop+0x60/0xb0 [ 1975.536155][ T5491] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1975.542127][ T5491] RIP: 0033:0x7f11ef19ce59 [ 1975.546605][ T5491] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1975.566278][ T5491] RSP: 002b:00007f11efff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1975.574762][ T5491] RAX: ffffffffffffffda RBX: 00007f11ef415fa0 RCX: 00007f11ef19ce59 [ 1975.582829][ T5491] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 1975.590855][ T5491] RBP: 00007f11efff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1975.598883][ T5491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1975.606914][ T5491] R13: 00007f11ef416038 R14: 00007f11ef415fa0 R15: 00007fff942642c8 [ 1975.614962][ T5491] [ 1975.982860][ T5501] netlink: 202920 bytes leftover after parsing attributes in process `syz.4.10978'. [ 1977.360432][ T5519] netlink: 'syz.2.10985': attribute type 21 has an invalid length. [ 1977.391153][ T5519] netlink: 156 bytes leftover after parsing attributes in process `syz.2.10985'. [ 1977.656843][ T5526] netlink: 'syz.5.10986': attribute type 46 has an invalid length. [ 1977.888546][ T5532] netlink: 14 bytes leftover after parsing attributes in process `syz.4.10990'. [ 1978.215572][ T5534] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.10992'. [ 1978.311888][ T5534] debugfs: Directory '!!!' with parent 'ieee80211' already present! [ 1979.539461][ T5556] netlink: 'syz.5.10997': attribute type 275 has an invalid length. [ 1979.859837][ T5568] FAULT_INJECTION: forcing a failure. [ 1979.859837][ T5568] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1979.919232][ T5568] CPU: 0 PID: 5568 Comm: syz.5.11003 Not tainted syzkaller #0 [ 1979.926791][ T5568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1979.936902][ T5568] Call Trace: [ 1979.940229][ T5568] [ 1979.943217][ T5568] dump_stack_lvl+0x188/0x24e [ 1979.947967][ T5568] ? show_regs_print_info+0x12/0x12 [ 1979.953228][ T5568] ? load_image+0x400/0x400 [ 1979.957817][ T5568] ? __lock_acquire+0x7d10/0x7d10 [ 1979.962920][ T5568] should_fail_ex+0x399/0x4d0 [ 1979.967664][ T5568] _copy_from_user+0x2c/0x170 [ 1979.972410][ T5568] __sys_bpf+0x2ea/0x780 [ 1979.976726][ T5568] ? bpf_link_show_fdinfo+0x380/0x380 [ 1979.982184][ T5568] ? lock_chain_count+0x20/0x20 [ 1979.987167][ T5568] __x64_sys_bpf+0x78/0x90 [ 1979.991662][ T5568] do_syscall_64+0x4c/0xa0 [ 1979.996141][ T5568] ? clear_bhb_loop+0x60/0xb0 [ 1980.000882][ T5568] ? clear_bhb_loop+0x60/0xb0 [ 1980.005635][ T5568] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1980.011606][ T5568] RIP: 0033:0x7fe63839ce59 [ 1980.016074][ T5568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1980.035744][ T5568] RSP: 002b:00007fe63920b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1980.044308][ T5568] RAX: ffffffffffffffda RBX: 00007fe638615fa0 RCX: 00007fe63839ce59 [ 1980.052345][ T5568] RDX: 0000000000000050 RSI: 00002000000008c0 RDI: 0000000000000000 [ 1980.060373][ T5568] RBP: 00007fe63920b090 R08: 0000000000000000 R09: 0000000000000000 [ 1980.068394][ T5568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1980.076422][ T5568] R13: 00007fe638616038 R14: 00007fe638615fa0 R15: 00007fff888f8f88 [ 1980.084567][ T5568] [ 1980.154017][ T5571] netlink: 'syz.0.11002': attribute type 21 has an invalid length. [ 1980.178780][ T5571] netlink: 156 bytes leftover after parsing attributes in process `syz.0.11002'. [ 1980.495069][ T5578] netlink: 'syz.0.11007': attribute type 7 has an invalid length. [ 1980.515475][ T5578] netlink: 'syz.0.11007': attribute type 7 has an invalid length. [ 1980.541220][ T5586] netlink: 'syz.2.11006': attribute type 10 has an invalid length. [ 1980.549637][ T5578] netlink: 198580 bytes leftover after parsing attributes in process `syz.0.11007'. [ 1980.865592][ T5586] device team_slave_0 left promiscuous mode [ 1980.966140][ T5586] team0 (unregistering): Port device team_slave_0 removed [ 1981.010757][ T5586] device team_slave_1 left promiscuous mode [ 1981.094651][ T5586] team0 (unregistering): Port device team_slave_1 removed [ 1981.456517][ T5607] netlink: 'syz.5.11017': attribute type 21 has an invalid length. [ 1981.484701][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1981.490939][ T5607] netlink: 156 bytes leftover after parsing attributes in process `syz.5.11017'. [ 1981.500917][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1981.526342][ T5605] netlink: 'syz.0.11015': attribute type 11 has an invalid length. [ 1981.588248][ T5605] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.11015'. [ 1982.107249][ T5624] netlink: 'syz.5.11024': attribute type 21 has an invalid length. [ 1982.804421][ T5641] IPv6: NLM_F_CREATE should be specified when creating new route [ 1982.843101][ T5641] netlink: 1 bytes leftover after parsing attributes in process `syz.4.11030'. [ 1982.878740][ T5638] netlink: 'syz.2.11028': attribute type 275 has an invalid length. [ 1983.051209][ T5644] netlink: 'syz.5.11031': attribute type 21 has an invalid length. [ 1983.082226][ T5644] netlink: 156 bytes leftover after parsing attributes in process `syz.5.11031'. [ 1984.212659][ T5668] device syzkaller0 entered promiscuous mode [ 1985.484743][ T5689] netlink: 'syz.5.11045': attribute type 21 has an invalid length. [ 1985.504732][ T5689] netlink: 156 bytes leftover after parsing attributes in process `syz.5.11045'. [ 1985.567089][ T5688] netlink: 65023 bytes leftover after parsing attributes in process `syz.0.11046'. [ 1985.634898][ T5688] device macsec0 entered promiscuous mode [ 1987.076259][ T5720] FAULT_INJECTION: forcing a failure. [ 1987.076259][ T5720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1987.122545][ T5720] CPU: 0 PID: 5720 Comm: syz.4.11055 Not tainted syzkaller #0 [ 1987.130194][ T5720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1987.140309][ T5720] Call Trace: [ 1987.143633][ T5720] [ 1987.146606][ T5720] dump_stack_lvl+0x188/0x24e [ 1987.151351][ T5720] ? show_regs_print_info+0x12/0x12 [ 1987.156696][ T5720] ? load_image+0x400/0x400 [ 1987.161276][ T5720] ? __lock_acquire+0x7d10/0x7d10 [ 1987.166371][ T5720] should_fail_ex+0x399/0x4d0 [ 1987.171112][ T5720] _copy_from_user+0x2c/0x170 [ 1987.175860][ T5720] __sys_bpf+0x2ea/0x780 [ 1987.180177][ T5720] ? bpf_link_show_fdinfo+0x380/0x380 [ 1987.185637][ T5720] ? lock_chain_count+0x20/0x20 [ 1987.190679][ T5720] __x64_sys_bpf+0x78/0x90 [ 1987.195277][ T5720] do_syscall_64+0x4c/0xa0 [ 1987.199742][ T5720] ? clear_bhb_loop+0x60/0xb0 [ 1987.204480][ T5720] ? clear_bhb_loop+0x60/0xb0 [ 1987.209217][ T5720] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1987.215185][ T5720] RIP: 0033:0x7f049ad9ce59 [ 1987.219660][ T5720] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1987.239493][ T5720] RSP: 002b:00007f049bb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1987.247968][ T5720] RAX: ffffffffffffffda RBX: 00007f049b015fa0 RCX: 00007f049ad9ce59 [ 1987.255999][ T5720] RDX: 000000000000000c RSI: 0000200000002b80 RDI: 000000000000000a [ 1987.264031][ T5720] RBP: 00007f049bb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1987.272093][ T5720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1987.280116][ T5720] R13: 00007f049b016038 R14: 00007f049b015fa0 R15: 00007ffed8a8f348 [ 1987.288165][ T5720] [ 1987.436458][ T5723] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1987.458125][ T5723] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1987.483673][ T5715] delete_channel: no stack [ 1987.499794][ T5723] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1987.509843][ T5723] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1987.653110][ T5726] netlink: 'syz.2.11058': attribute type 21 has an invalid length. [ 1987.663535][ T5726] netlink: 156 bytes leftover after parsing attributes in process `syz.2.11058'. [ 1988.314274][ T5738] netlink: 'syz.3.11063': attribute type 29 has an invalid length. [ 1990.982039][ T5729] netlink: 'syz.4.11059': attribute type 275 has an invalid length. [ 1990.993573][ T5738] netlink: 'syz.3.11063': attribute type 29 has an invalid length. [ 1991.358906][ T5755] sctp: [Deprecated]: syz.5.11077 (pid 5755) Use of int in max_burst socket option deprecated. [ 1991.358906][ T5755] Use struct sctp_assoc_value instead [ 1994.655890][ T5760] device wlan1 entered promiscuous mode [ 1994.662758][ T5768] netlink: 'syz.0.11071': attribute type 21 has an invalid length. [ 1994.681204][ T5768] netlink: 156 bytes leftover after parsing attributes in process `syz.0.11071'. [ 1994.992977][ T5786] netlink: 'syz.0.11080': attribute type 27 has an invalid length. [ 1995.029058][ T5786] netlink: 164 bytes leftover after parsing attributes in process `syz.0.11080'. [ 1995.116326][ T5792] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11079'. [ 1995.131416][ T5791] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.11081'. [ 1995.160259][ T5791] netlink: zone id is out of range [ 1995.178671][ T5792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1995.200476][ T5791] netlink: zone id is out of range [ 1996.185756][ T5822] netlink: 'syz.0.11090': attribute type 21 has an invalid length. [ 1996.249061][ T5822] netlink: 156 bytes leftover after parsing attributes in process `syz.0.11090'. [ 1996.595634][ T5826] netlink: 'syz.2.11091': attribute type 29 has an invalid length. [ 1996.811813][ T5826] netlink: 'syz.2.11091': attribute type 29 has an invalid length. [ 1997.535700][ T5833] netlink: 'syz.2.11091': attribute type 29 has an invalid length. [ 1997.714009][ T5840] device syzkaller0 entered promiscuous mode [ 2000.780176][ T5867] netlink: 'syz.0.11103': attribute type 21 has an invalid length. [ 2000.788310][ T5867] netlink: 156 bytes leftover after parsing attributes in process `syz.0.11103'. [ 2001.947111][ T5882] sctp: [Deprecated]: syz.3.11109 (pid 5882) Use of int in max_burst socket option deprecated. [ 2001.947111][ T5882] Use struct sctp_assoc_value instead [ 2002.278759][ T5886] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.11111'. [ 2002.350718][ T5886] netlink: zone id is out of range [ 2002.357012][ T5886] netlink: zone id is out of range [ 2002.477063][ T5886] netlink: zone id is out of range [ 2003.104087][ T5898] netlink: 'syz.0.11115': attribute type 21 has an invalid length. [ 2003.149038][ T5898] netlink: 156 bytes leftover after parsing attributes in process `syz.0.11115'. [ 2003.288655][ T5901] FAULT_INJECTION: forcing a failure. [ 2003.288655][ T5901] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2003.398495][ T5901] CPU: 1 PID: 5901 Comm: syz.5.11116 Not tainted syzkaller #0 [ 2003.406063][ T5901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2003.416183][ T5901] Call Trace: [ 2003.419513][ T5901] [ 2003.422577][ T5901] dump_stack_lvl+0x188/0x24e [ 2003.427311][ T5901] ? show_regs_print_info+0x12/0x12 [ 2003.432608][ T5901] ? load_image+0x400/0x400 [ 2003.437188][ T5901] ? __lock_acquire+0x7d10/0x7d10 [ 2003.442285][ T5901] should_fail_ex+0x399/0x4d0 [ 2003.447021][ T5901] _copy_from_user+0x2c/0x170 [ 2003.451766][ T5901] __sys_bpf+0x2ea/0x780 [ 2003.456070][ T5901] ? bpf_link_show_fdinfo+0x380/0x380 [ 2003.461523][ T5901] ? lock_chain_count+0x20/0x20 [ 2003.466426][ T5901] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 2003.472496][ T5901] __x64_sys_bpf+0x78/0x90 [ 2003.476978][ T5901] do_syscall_64+0x4c/0xa0 [ 2003.481447][ T5901] ? clear_bhb_loop+0x60/0xb0 [ 2003.486186][ T5901] ? clear_bhb_loop+0x60/0xb0 [ 2003.490932][ T5901] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2003.496897][ T5901] RIP: 0033:0x7fe63839ce59 [ 2003.501365][ T5901] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2003.521034][ T5901] RSP: 002b:00007fe63920b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 2003.529509][ T5901] RAX: ffffffffffffffda RBX: 00007fe638615fa0 RCX: 00007fe63839ce59 [ 2003.537538][ T5901] RDX: 0000000000000048 RSI: 0000200000000200 RDI: 0000000000000005 [ 2003.545565][ T5901] RBP: 00007fe63920b090 R08: 0000000000000000 R09: 0000000000000000 [ 2003.553591][ T5901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2003.561628][ T5901] R13: 00007fe638616038 R14: 00007fe638615fa0 R15: 00007fff888f8f88 [ 2003.569669][ T5901] [ 2003.698952][ T5909] netlink: 132 bytes leftover after parsing attributes in process `syz.2.11121'. [ 2005.055389][ T5932] netlink: 'syz.5.11129': attribute type 2 has an invalid length. [ 2005.060946][ T5927] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.11128'. [ 2005.097721][ T5932] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.11129'. [ 2005.129370][ T5927] netlink: zone id is out of range [ 2005.160153][ T5927] netlink: zone id is out of range [ 2005.205694][ T5927] netlink: zone id is out of range [ 2006.014111][ T5944] netlink: 'syz.5.11130': attribute type 21 has an invalid length. [ 2006.068611][ T5944] netlink: 156 bytes leftover after parsing attributes in process `syz.5.11130'. [ 2006.128166][ T5947] netlink: 'syz.3.11133': attribute type 10 has an invalid length. [ 2006.177636][ T5947] device netdevsim0 entered promiscuous mode [ 2006.186500][ T5947] team0: Port device netdevsim0 added Connection to us-central1-ssh-serialport.googleapis.com closed by remote host.