last executing test programs: 18.011794505s ago: executing program 3 (id=8857): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x11) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) close(0xffffffffffffffff) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000002e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1d, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x37}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan1\x00', 0x800}) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8946, &(0x7f0000000080)) r4 = socket$kcm(0x11, 0x200000000000002, 0x300) r5 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="600000004e007f049e", 0x9}, {&(0x7f0000000180)="78cabf2dfb73fc0a7d0a0080f2dcb9fe06892544001100b8f9e6aaeb1ae2f6e8bcb5ee52dc06249798093c5102a1bca0b646a7ce904f6e6b788b3219c233e60ddc36024a99a63e729f9b06f96137c89d03234f008c5681", 0x57}], 0x2}, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="2d6e65745f636c73202d706572665f6576656672319f4819376e7420976e07ee2d6986003ecbff9a9d72e92d3f3bf18f8dedc79ca6129fa1bc0345d2c1ab35f087258f55e6d9b066891b7043dc03c44eb3468ee1d8aa20f295ce27914267dfd0b6bf8f923e5f37f3e07ff7a136ff0ed962908b0b14f38310"], 0x15) recvmsg$unix(0xffffffffffffffff, 0x0, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7786}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002420702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000228500000094"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0xfffffffffffffd5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b70300"], 0x0, 0xffffffff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x200000000000002, 0x300) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac14141607089f034d2f87e5440c05ab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) 17.538229744s ago: executing program 3 (id=8863): ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000240)={0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c43000000e8fe55a1190015000600142603600e1209001b0000000401a80016000a0004400a080000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x4000040) sendmsg$kcm(r2, &(0x7f0000000780)={&(0x7f0000000100)=@tipc=@nameseq={0x1e, 0x1, 0x1, {0xfd3f4068284c615a, 0x0, 0x4}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="97d7e92089fea267d2fc63c3fbc60bc72db87d9972ac450bc4a3664715adedb30fdb4739ab0da8b96679ae8960f1eab1ad4d4ebe50a82534d450d394228f1c043f3b92356815413626831e8f1aab5f3bfe64483a4cb6d6d3488269", 0x5b}], 0x1, &(0x7f00000002c0)=[{0x100, 0x109, 0x9, "d0951f902960ab0325eb1e894cf9cf00b212a06674c23b7306994c02839d3e735563e532bc586d1ada2a4dbd18572dfc503f741f3dd68b1aed10380e2bde9f537b19312a544b8183a2565714a75f31aa11399407d53c03e2bf6dff6b99fc272f4f008ac816d20a2663e0376f1b72709902da5487610ae4d8bcadcd528614f2c8a86146f4e4596b474de6f1fd47bca3e94397b4bc60f2a2ca66a4644a85f490da456aa481f17571ac6026438a72c61ffb07c0f03dc9951b86f8a27f8b0b9fe9b356a6fa01e962adc7a9a11dd8e07461e9f51761759eedbe5e4be536629ebb3c976888c58c39cff684bd11"}, {0xf8, 0x109, 0x2, "f07694c592a1fa8513136cee9b64fed22fa3c22d57369781be5293d993104ee3ddb6f0f60296015f32c01d65ca13c45e8d7baa55420d08d8c634dbf3c2260e51e7fb8746940f2afe688bfe2cb33267d6cd9a5ca26b38f6a59375cac12ef17ed9d37698ab6ddd7237c6275ab4bc8a4c0ead46814f4f4d4c039d0daace7b5f4b023142cbb6f23527f0e89ec3c6a5f8d8af5c30a1a845d38b1c4ef328f7bc85b6ebc4374d80633fc49bc96ff16ed83310d332410a12283f7f1b989d075e39c7476f8028325ea5fd4a7ab98300bdf81782756967f349bf6e194098f510318e7fee98658a"}, {0x20, 0x84, 0x400, "e36981b44e8580042c2e8a9769902a8e"}, {0x48, 0x101, 0x5, "ce9647de97502bfa7c6322d9d1574561cd29c059a2ab40460cdab06ae6beaf460b1f447e8a405e9da12d5e162bd6e6d5f35550"}, {0xa0, 0x10e, 0x4, "2768e1e03a2ec08a568b34b15e1add92938f5f443db14a38c113884f4a8c3bce1636bcd675c554dc9c621f6f67ac20f0129d3be99627c323991131e3bfc3a5b13135596518e9568998c0499af8b242759c1025754fe1920810bd880f40fcc0ecbc47a23ea97a5fdb0d006c967f2b757959a29eabf55197a0103ecb3d314177400ae3ae7012859ca87edf9c9ba2f7a8d7"}, {0xd8, 0x114, 0x3, "f07ce51168cf60357d4f7c79dc66df96ac46d4847c08eb13e01f5cc50eb448b407a9df5fc56fd0b07b0cda3c8bb4a032a4ed833344709371972b626590f3aa8687020b8d27fd4062b68c6e214b4c5d1fec4e1254dcd511bbaa0d02dcd62695ff3fe89bad935fac612c2446be271aebbb28ca6e925c742aa83bb103acaba37bcc1ff944001562a5a7fb4edfa2b01d6765d5b6a78024bd8d68c9956a861437b952531672feae7f22d2bba0b3a9eb21b015bb8726cccc7e7866104c283ef8a7719348902e07dd40dd27"}, {0x88, 0x84, 0x100, "f3667f3211646d9af838af839818035c9dac3f80fd53687f9ea64e57bf1b8d7f8d7add178e7deb72d09fd9c0aa538dd81f98c03dc5e133dd6e6321806999c2b89d841e545d740c012fc82b17e42daa134817d15a044ef88fd6e1e689be19d11edfe1076eb8da46a283fa35c9640292817dbe2a1772552479"}, {0x48, 0x6, 0x800, "73e81bed0fe4b2e8508787828b33553e75a4b512c040a84a4ec569a0dac2e943cabc4fd51bcf4c121e5f061e358f42c1ef194953d7a5"}], 0x4a8}, 0x24040014) 17.140313971s ago: executing program 3 (id=8868): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r0 = socket$kcm(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000880)={0x2, 0x4e1c, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac1417bb008000000000000038000000000000000000000007000000070e43aa5889c23ef593ae6bcd1844187c8073b5c9e00000000600000003000000080000000900001400000000000000000000000100000005000000000000001400000000000000030000000700000001000000000000001400000000000000000000000100000003000000000000001c000000000000000000000008"], 0xc0}, 0x240008c4) 16.981298767s ago: executing program 3 (id=8870): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000c800000121f", 0x2e}], 0x1}, 0x0) 16.745473926s ago: executing program 3 (id=8874): socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x20002080) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x40034, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x100000001, 0x8}, 0x1b, 0x0, 0x3, 0x1, 0x8, 0xf4, 0x4, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x600}, @generic={0x2c}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 16.490348579s ago: executing program 3 (id=8879): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="d80000001d0081054e81f783db4cb904bc00000000008864e8fc3ca10a0015000600142603600e1208000f0000000401a80001000047880000000000035c0461c1d67f6f94007134cf6efb8000feea60d8a8a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccffffffff00000000b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0) 9.13904725s ago: executing program 2 (id=8925): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4040a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x0, 0x2a, 0x0, 0x8400) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socket$kcm(0x10, 0x3, 0x10) socketpair(0xa, 0x3, 0xff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x462}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1200000004000000040000000c00000000000000", @ANYBLOB='\x00'/10, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000160000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x4) socket$kcm(0xa, 0x2, 0x3a) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x183) perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_config_ext={0x3, 0x80000000}, 0x0, 0x80000000000000c8, 0x7fff, 0x0, 0xa45, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) ioctl$TUNSETTXFILTER(r5, 0x400454d1, &(0x7f0000000600)=ANY=[@ANYBLOB="00000100aaaaaaaaaa3de3e71509faa6dfe0abd15ea5e0dab56d068a9e960feffbaa1849483faa1df791c45a2dd56ce9b0b5cc72ae7909df0de433b435250cc6d295a4f7b8c447a80e9a6adfa8c99dcc57868baa6fb63bb6b6e6651aadbd6c46faaddfe5890ebc5ec9c38272b95379cb337431082badcf1fde6893ba6e01"]) write$cgroup_subtree(r5, &(0x7f0000000940)=ANY=[@ANYBLOB="8f03000000000060007538e486dd630ace2200102f00fe80000000000000875a65059ff57b00000000400000000000000000ac1414aa000022eb", @ANYRESOCT=r1], 0xcfa4) 8.426862339s ago: executing program 2 (id=8930): socket$kcm(0x21, 0x2, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="1c0000001e0081054e81f782db020000071d080006007c09e8fe08a1", 0x1c}], 0x1}, 0x804) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x5, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@bloom_filter={0x1e, 0x4, 0x3, 0xd8, 0x23100, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0xf}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r2, 0x0, 0xa0028000}, 0x38) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="1400000035000b45d30000000000000001d25a80", 0x14}], 0x1}, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_subtree(r4, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000400)=ANY=[@ANYBLOB='-cpu'], 0x5) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000011c0)=ANY=[@ANYBLOB="1800000000000000000000000000200018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000007100"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400400142603600e120800067c00001001a8001600a400034003", 0x39}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@rxrpc=@in4={0x21, 0x1, 0x2, 0xffffffffffffff7a, {0x2, 0x4e23, @multicast2}}, 0x80, 0x0}, 0x4004090) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a118001500060014ea000000120800030043000040a8002b000a00", 0x36}], 0x1}, 0x20000880) write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[], 0xfe33) write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="2b01010000"], 0x5) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r8, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r9, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd63f580fc02082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) write$cgroup_subtree(r9, &(0x7f00000004c0)=ANY=[], 0xfdef) 8.179416731s ago: executing program 4 (id=8933): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x1, 0x8c, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffe, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000080)}, 0x2042, 0xcc05, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 7.972427345s ago: executing program 4 (id=8934): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="03000000040000000400000009"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x7, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218100000", @ANYRES32=r0, @ANYBLOB="000000000000000018100000", @ANYRES32=r1, @ANYBLOB="000000000000000095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r2, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000034d, &(0x7f0000001d00), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 7.867648993s ago: executing program 4 (id=8936): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) close(r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0x13) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, &(0x7f0000001280)=r0, 0x4) getpid() recvmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000440)=""/180, 0xb4}], 0x1}, 0x40000100) sendmsg$unix(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000240)='c', 0x1}], 0x1}, 0x80) 7.782188287s ago: executing program 4 (id=8938): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x6, 0x8, 0x8, 0x40}, 0x50) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040), 0xc) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000080), 0x12) 6.730259893s ago: executing program 2 (id=8943): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702"], 0x0, 0xffffffff, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, @sk_reuseport=0x27, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0xc, 0x3, 0x7, 0xc1}, 0x50) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000000006c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x275a, 0x0) 5.882704305s ago: executing program 1 (id=8949): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x20a02, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0x2}) ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff) ioctl$TUNSETLINK(r0, 0x400454cd, 0x10e) 5.153254587s ago: executing program 1 (id=8951): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x32b, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0x10, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00', 0x2}, 0x94) 4.967961859s ago: executing program 1 (id=8952): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x27, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x6, 0x2}, 0x1a2d, 0x0, 0x7fc, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x10, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0), 0x0, 0x75}, 0x38) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x100}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000000c0)={0x0, 0xb86b09f0ca6a52df, 0xec, 0x5, 0xd, 0x4, 0x0, 0x7fffffff, 0x5a514, 0xd, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xdbffbfff, 0x2, @perf_config_ext={0x3, 0x4}, 0x2, 0x3, 0x4, 0x1, 0x80, 0x5, 0x9, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080)) 4.649804702s ago: executing program 4 (id=8954): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1fffffffffffff8a, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000080)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETFILTEREBPF(r3, 0x800454e1, &(0x7f0000000b40)=r4) write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 4.462453033s ago: executing program 2 (id=8956): r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x27, 0x2, 0x0, 0x0, 0x0, 0x1, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x2}, 0x0, 0x0, 0x7ff, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x308) ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f0000000140)) 4.294534281s ago: executing program 1 (id=8957): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x20a02, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x339) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @dev}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) 4.168314472s ago: executing program 0 (id=8958): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0x37, 0x7f, 0x7f, 0x1, 0x1, 0x7}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000005c0)={r0, &(0x7f0000000080), &(0x7f0000000140)=""/241}, 0x20) 4.078085308s ago: executing program 2 (id=8959): bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r0, &(0x7f00000002c0)=ANY=[], 0xffdd) 3.978395544s ago: executing program 0 (id=8960): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000000000000000000000000085000000080000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) syz_clone(0x20040000, 0x0, 0xffffffffffffff93, 0x0, 0x0, 0x0) 3.70778973s ago: executing program 0 (id=8961): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0900000001000000e27f000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0xdc18a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, @perf_bp={0x0, 0x8}, 0x110008, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r0}, 0x38) 3.370702946s ago: executing program 0 (id=8962): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000600)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000400), 0x12) syz_clone(0x20040000, 0x0, 0xffffffffffffff93, 0x0, 0x0, 0x0) 3.098490061s ago: executing program 0 (id=8963): r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r4, &(0x7f0000001140)={0x0, 0x2, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x0, 0x808e}, 0x40000100) write$cgroup_devices(r3, &(0x7f00000005c0)=ANY=[], 0xfffffeff) 1.660930292s ago: executing program 0 (id=8964): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) r2 = openat$cgroup_procs(r0, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000001c0), 0x12) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sock_ops}, 0x94) write$cgroup_int(r1, 0x0, 0x0) 206.716936ms ago: executing program 1 (id=8965): bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r1 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000380)=r0, 0x4) bpf$LINK_DETACH(0x22, &(0x7f00000002c0)=r1, 0x4) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x10) 150.500595ms ago: executing program 2 (id=8966): r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000005, 0x5a4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x11540, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="01000000060000000f00000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') 117.734801ms ago: executing program 4 (id=8967): perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2, 0x0, 0x0, 0x1d6225b, 0x0, 0x0, 0x14}, 0x90) 0s ago: executing program 1 (id=8968): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x20a02, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0x2}) ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) kernel console output (not intermixed with test programs): r+0xe3/0x150 [ 785.680743][T22472] proc_fail_nth_read+0x1a6/0x220 [ 785.685769][T22472] ? proc_fault_inject_write+0x310/0x310 [ 785.691422][T22472] ? fsnotify_perm+0x248/0x550 [ 785.696278][T22472] ? proc_fault_inject_write+0x310/0x310 [ 785.701911][T22472] vfs_read+0x2de/0xa00 [ 785.706072][T22472] ? kernel_read+0x1e0/0x1e0 [ 785.710703][T22472] ? __fget_files+0x28/0x4b0 [ 785.715302][T22472] ? __fget_files+0x28/0x4b0 [ 785.719893][T22472] ? __fget_files+0x43d/0x4b0 [ 785.724602][T22472] ? __fdget_pos+0x2ae/0x360 [ 785.729189][T22472] ? ksys_read+0x71/0x250 [ 785.733552][T22472] ksys_read+0x14c/0x250 [ 785.737801][T22472] ? vfs_write+0xa30/0xa30 [ 785.742247][T22472] ? lockdep_hardirqs_on+0x94/0x140 [ 785.747455][T22472] do_syscall_64+0x4c/0xa0 [ 785.751881][T22472] ? clear_bhb_loop+0x60/0xb0 [ 785.756569][T22472] ? clear_bhb_loop+0x60/0xb0 [ 785.761247][T22472] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 785.767143][T22472] RIP: 0033:0x7f29ac35d04e [ 785.771556][T22472] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 785.791162][T22472] RSP: 002b:00007f29ad2d2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 785.799604][T22472] RAX: ffffffffffffffda RBX: 00007f29ad2d36c0 RCX: 00007f29ac35d04e [ 785.807663][T22472] RDX: 000000000000000f RSI: 00007f29ad2d30a0 RDI: 0000000000000005 [ 785.815720][T22472] RBP: 00007f29ad2d3090 R08: 0000000000000000 R09: 0000000000000000 [ 785.823787][T22472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 785.831756][T22472] R13: 00007f29ac616038 R14: 00007f29ac615fa0 R15: 00007fff6a85a078 [ 785.839771][T22472] [ 786.087452][T22480] netlink: 'syz.0.6353': attribute type 4 has an invalid length. [ 786.734038][T22498] netlink: 'syz.1.6360': attribute type 2 has an invalid length. [ 786.764287][T22494] netlink: 'syz.0.6357': attribute type 10 has an invalid length. [ 786.802038][T22494] device hsr0 entered promiscuous mode [ 786.821707][T22498] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.6360'. [ 786.877647][T22494] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 787.057525][T22512] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6363'. [ 787.078951][T22513] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.6357'. [ 787.577478][T22529] netlink: 'syz.1.6364': attribute type 3 has an invalid length. [ 787.611610][T22529] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.6364'. [ 788.163908][T22540] netlink: 830 bytes leftover after parsing attributes in process `syz.1.6364'. [ 789.482903][ T4285] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 789.492991][ T4285] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 789.507192][ T4285] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 789.507285][T22585] __sock_release: fasync list not empty! [ 789.524487][ T4285] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 789.533108][ T4285] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 789.540777][ T4285] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 789.756588][T17440] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 789.904086][T17440] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.187880][T22592] device syzkaller0 entered promiscuous mode [ 790.279851][T17440] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 790.492596][T22611] netlink: 'syz.1.6385': attribute type 2 has an invalid length. [ 790.500664][T22611] netlink: 'syz.1.6385': attribute type 1 has an invalid length. [ 790.508914][T22611] netlink: 170140 bytes leftover after parsing attributes in process `syz.1.6385'. [ 790.573255][T22614] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6388'. [ 791.396183][T22639] syz.2.6397[22639] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 791.396632][T22639] syz.2.6397[22639] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 791.585501][ T4285] Bluetooth: hci4: command 0x0409 tx timeout [ 793.280359][T17440] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 793.441247][T22651] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6400'. [ 793.480310][T22584] chnl_net:caif_netlink_parms(): no params data found [ 793.662041][ T4285] Bluetooth: hci4: command 0x041b tx timeout [ 793.727663][T22658] netlink: 'syz.2.6401': attribute type 10 has an invalid length. [ 793.930649][T22658] team0 (unregistering): Port device team_slave_0 removed [ 793.958290][T22658] team0 (unregistering): Port device team_slave_1 removed [ 794.062435][T22667] netlink: 172 bytes leftover after parsing attributes in process `syz.1.6403'. [ 794.112082][T22671] netlink: 'syz.1.6403': attribute type 21 has an invalid length. [ 794.127170][T22671] netlink: 'syz.1.6403': attribute type 6 has an invalid length. [ 794.142987][T22671] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6403'. [ 794.301232][T22584] bridge0: port 1(bridge_slave_0) entered blocking state [ 794.311881][T22584] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.335169][T22584] device bridge_slave_0 entered promiscuous mode [ 794.372234][T22684] netlink: 'syz.2.6407': attribute type 3 has an invalid length. [ 794.400415][T22684] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6407'. [ 794.440748][T22584] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.454037][T22584] bridge0: port 2(bridge_slave_1) entered disabled state [ 794.473873][T22584] device bridge_slave_1 entered promiscuous mode [ 794.596871][ T4285] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 794.597336][T22584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 794.868946][T22696] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6413'. [ 794.881552][T22584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 795.138925][T22584] team0: Port device team_slave_0 added [ 795.226330][T22584] team0: Port device team_slave_1 added [ 795.382494][T22584] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 795.389501][T22584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.477351][T22584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 795.742071][ T4285] Bluetooth: hci4: command 0x040f tx timeout [ 795.765761][T17440] device gretap0 left promiscuous mode [ 795.780597][T17440] Ÿë: port 1(gretap0) entered disabled state [ 795.823328][T22584] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 795.830629][T22584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 795.894813][T22584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 795.970904][T22728] netlink: 'syz.0.6422': attribute type 10 has an invalid length. [ 796.134097][T22732] netlink: 'syz.1.6423': attribute type 10 has an invalid length. [ 796.170887][T22732] bridge0: port 2(bridge_slave_1) entered disabled state [ 796.178511][T22732] bridge0: port 1(bridge_slave_0) entered disabled state [ 796.203878][T22732] bridge0: port 2(bridge_slave_1) entered blocking state [ 796.211179][T22732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.218922][T22732] bridge0: port 1(bridge_slave_0) entered blocking state [ 796.226101][T22732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 796.250314][T22740] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6425'. [ 796.263701][T22732] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 796.412335][T22584] device hsr_slave_0 entered promiscuous mode [ 796.445150][T22584] device hsr_slave_1 entered promiscuous mode [ 796.458361][T22584] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 796.510092][T22584] Cannot create hsr debugfs directory [ 797.348159][T22773] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6439'. [ 797.607356][T17440] device veth0_to_team left promiscuous mode [ 797.642154][T17440] Ÿë: port 2(veth0_to_team) entered disabled state [ 797.776948][T17440] device hsr_slave_0 left promiscuous mode [ 797.793090][T17440] device hsr_slave_1 left promiscuous mode [ 797.807701][T17440] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 797.822696][ T4285] Bluetooth: hci4: command 0x0419 tx timeout [ 797.827953][T17440] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 797.900299][T17440] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 797.935889][T17440] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 797.961745][T17440] device bridge_slave_1 left promiscuous mode [ 797.982176][T17440] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.987417][T22788] netlink: 'syz.1.6442': attribute type 2 has an invalid length. [ 798.012490][T17440] device bridge_slave_0 left promiscuous mode [ 798.034010][T17440] bridge0: port 1(bridge_slave_0) entered disabled state [ 798.098224][T17440] device veth1_vlan left promiscuous mode [ 799.157688][T22822] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6451'. [ 801.598474][T22874] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6462'. [ 802.781351][T22902] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6474'. [ 804.221949][T22904] netlink: 140 bytes leftover after parsing attributes in process `syz.0.6475'. [ 804.405403][T22913] netlink: 'syz.2.6478': attribute type 2 has an invalid length. [ 804.460024][T22909] FAULT_INJECTION: forcing a failure. [ 804.460024][T22909] name failslab, interval 1, probability 0, space 0, times 0 [ 804.468210][T22913] netlink: 'syz.2.6478': attribute type 1 has an invalid length. [ 804.531713][T22913] netlink: 'syz.2.6478': attribute type 4 has an invalid length. [ 804.532344][T22909] CPU: 1 PID: 22909 Comm: syz.3.6477 Not tainted syzkaller #0 [ 804.547046][T22909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 804.557125][T22909] Call Trace: [ 804.560458][T22909] [ 804.563416][T22909] dump_stack_lvl+0x188/0x24e [ 804.568118][T22909] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 804.570298][T22913] netlink: 208312 bytes leftover after parsing attributes in process `syz.2.6478'. [ 804.574284][T22909] ? show_regs_print_info+0x12/0x12 [ 804.574313][T22909] ? load_image+0x400/0x400 [ 804.574343][T22909] should_fail_ex+0x399/0x4d0 [ 804.598109][T22909] should_failslab+0x5/0x20 [ 804.602645][T22909] slab_pre_alloc_hook+0x59/0x310 [ 804.607703][T22909] ? tomoyo_realpath_from_path+0xdf/0x5d0 [ 804.613725][T22909] __kmem_cache_alloc_node+0x4f/0x260 [ 804.619129][T22909] ? tomoyo_realpath_from_path+0xdf/0x5d0 [ 804.624883][T22909] __kmalloc+0xa0/0x240 [ 804.629151][T22909] tomoyo_realpath_from_path+0xdf/0x5d0 [ 804.634756][T22909] ? tomoyo_path_number_perm+0x205/0x650 [ 804.640427][T22909] tomoyo_path_number_perm+0x22f/0x650 [ 804.645922][T22909] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 804.651415][T22909] ? perf_trace_preemptirq_template+0x268/0x320 [ 804.657676][T22909] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 804.663678][T22909] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 804.669848][T22909] security_file_ioctl+0x6c/0xa0 [ 804.674794][T22909] __se_sys_ioctl+0x48/0x170 [ 804.679390][T22909] do_syscall_64+0x4c/0xa0 [ 804.683811][T22909] ? clear_bhb_loop+0x60/0xb0 [ 804.688492][T22909] ? clear_bhb_loop+0x60/0xb0 [ 804.693176][T22909] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 804.699072][T22909] RIP: 0033:0x7f9d7b39c819 [ 804.703485][T22909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 804.723091][T22909] RSP: 002b:00007f9d7c2ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 804.731507][T22909] RAX: ffffffffffffffda RBX: 00007f9d7b615fa0 RCX: 00007f9d7b39c819 [ 804.739482][T22909] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000009 [ 804.747453][T22909] RBP: 00007f9d7c2ad090 R08: 0000000000000000 R09: 0000000000000000 [ 804.755511][T22909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 804.763575][T22909] R13: 00007f9d7b616038 R14: 00007f9d7b615fa0 R15: 00007ffe2c2858a8 [ 804.771565][T22909] [ 804.791831][T22912] netlink: 'syz.2.6478': attribute type 2 has an invalid length. [ 804.799613][T22912] netlink: 'syz.2.6478': attribute type 1 has an invalid length. [ 804.841256][T22909] ERROR: Out of memory at tomoyo_realpath_from_path. [ 804.851237][T22912] netlink: 'syz.2.6478': attribute type 4 has an invalid length. [ 804.870143][T22912] netlink: 208312 bytes leftover after parsing attributes in process `syz.2.6478'. [ 804.960952][T22923] netlink: 64519 bytes leftover after parsing attributes in process `syz.0.6481'. [ 805.283574][T22934] netlink: 'syz.2.6482': attribute type 3 has an invalid length. [ 805.335179][T22936] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6485'. [ 805.346412][T22934] netlink: 152 bytes leftover after parsing attributes in process `syz.2.6482'. [ 805.377999][T22933] netlink: 'syz.0.6484': attribute type 10 has an invalid length. [ 805.660939][T22584] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 805.733085][T22948] netlink: 'syz.3.6487': attribute type 10 has an invalid length. [ 805.759431][T22584] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 805.788003][T22584] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 805.867157][T22584] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 806.306769][T22960] netlink: 'syz.2.6490': attribute type 3 has an invalid length. [ 806.331364][T22584] 8021q: adding VLAN 0 to HW filter on device bond0 [ 806.340333][T22960] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6490'. [ 806.347742][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 806.372461][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 806.404248][T22584] 8021q: adding VLAN 0 to HW filter on device team0 [ 806.470937][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 806.490905][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 806.533902][ T4332] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.541071][ T4332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 806.582674][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 806.624340][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 806.634168][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 806.643931][T17422] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.651070][T17422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 806.681197][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 806.701362][T22976] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6496'. [ 806.725009][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 806.780037][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 806.850841][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 806.909562][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 806.940438][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 806.960857][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 807.021077][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 807.066723][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 807.130454][T22584] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 807.176352][T22584] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 807.224529][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 807.242409][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 808.231594][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 808.239420][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 808.288217][T22584] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 808.713874][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.720270][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.961661][T23025] bridge0: port 2(bridge_slave_1) entered disabled state [ 808.968972][T23025] bridge0: port 1(bridge_slave_0) entered disabled state [ 809.100975][T23029] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6509'. [ 809.442870][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 809.472615][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 809.543882][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 809.605949][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 809.662055][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 809.692407][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 809.730852][T22584] device veth0_vlan entered promiscuous mode [ 809.748943][T22584] device veth1_vlan entered promiscuous mode [ 809.873932][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 809.932425][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 809.967253][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 810.027900][T17440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 810.086222][T22584] device veth0_macvtap entered promiscuous mode [ 810.162976][T22584] device veth1_macvtap entered promiscuous mode [ 810.211143][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 810.254499][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.290920][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 810.316219][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.335946][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 810.347191][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.359170][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 810.373371][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.393521][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 810.421452][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.441583][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 810.461763][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.516596][T22584] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 810.540901][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 810.559602][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 810.569387][T23067] netlink: 1057 bytes leftover after parsing attributes in process `syz.3.6520'. [ 810.596776][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 810.612227][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.623208][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 810.634222][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.659739][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 810.670538][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.681054][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 810.691814][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.702068][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 810.715177][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.726483][T22584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 810.743646][T22584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 810.817420][T23083] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6523'. [ 810.847019][T22584] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 810.986061][T17424] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 811.016009][T17424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 811.073024][T22584] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.116609][T22584] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.181041][T22584] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.241000][T22584] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 811.624649][T23099] tipc: Started in network mode [ 811.629874][T23099] tipc: Node identity 9215a268, cluster identity 4711 [ 811.641772][T23099] tipc: Node number set to 2450891368 [ 811.689313][T17424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.712396][T17424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.720130][T17424] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 811.792274][T17424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.800681][T17424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.857273][T17424] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 812.394659][T23130] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6535'. [ 813.305449][T23168] netlink: 26 bytes leftover after parsing attributes in process `syz.4.6549'. [ 813.653032][T23176] validate_nla: 1 callbacks suppressed [ 813.653067][T23176] netlink: 'syz.3.6553': attribute type 3 has an invalid length. [ 813.699656][T23176] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.6553'. [ 813.814940][T23182] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.6553'. [ 814.672999][T23214] FAULT_INJECTION: forcing a failure. [ 814.672999][T23214] name failslab, interval 1, probability 0, space 0, times 0 [ 814.793436][T23214] CPU: 1 PID: 23214 Comm: syz.4.6563 Not tainted syzkaller #0 [ 814.800965][T23214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 814.811048][T23214] Call Trace: [ 814.814436][T23214] [ 814.817382][T23214] dump_stack_lvl+0x188/0x24e [ 814.822176][T23214] ? show_regs_print_info+0x12/0x12 [ 814.827513][T23214] ? load_image+0x400/0x400 [ 814.832059][T23214] ? __might_sleep+0xd0/0xd0 [ 814.836678][T23214] ? __lock_acquire+0x7d10/0x7d10 [ 814.841750][T23214] should_fail_ex+0x399/0x4d0 [ 814.846468][T23214] should_failslab+0x5/0x20 [ 814.850989][T23214] slab_pre_alloc_hook+0x59/0x310 [ 814.856043][T23214] ? tomoyo_encode+0x27e/0x540 [ 814.860837][T23214] __kmem_cache_alloc_node+0x4f/0x260 [ 814.866241][T23214] ? tomoyo_encode+0x27e/0x540 [ 814.871208][T23214] __kmalloc+0xa0/0x240 [ 814.875408][T23214] tomoyo_encode+0x27e/0x540 [ 814.880035][T23214] tomoyo_realpath_from_path+0x58e/0x5d0 [ 814.885774][T23214] ? tomoyo_path_number_perm+0x205/0x650 [ 814.891431][T23214] tomoyo_path_number_perm+0x22f/0x650 [ 814.896921][T23214] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 814.902443][T23214] ? __fget_files+0x28/0x4b0 [ 814.907067][T23214] ? __fget_files+0x28/0x4b0 [ 814.911708][T23214] security_file_ioctl+0x6c/0xa0 [ 814.916689][T23214] __se_sys_ioctl+0x48/0x170 [ 814.921314][T23214] do_syscall_64+0x4c/0xa0 [ 814.925760][T23214] ? clear_bhb_loop+0x60/0xb0 [ 814.930459][T23214] ? clear_bhb_loop+0x60/0xb0 [ 814.935165][T23214] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 814.941089][T23214] RIP: 0033:0x7f58eff9c819 [ 814.945531][T23214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 814.965251][T23214] RSP: 002b:00007f58ee1f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 814.973701][T23214] RAX: ffffffffffffffda RBX: 00007f58f0215fa0 RCX: 00007f58eff9c819 [ 814.981794][T23214] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000009 [ 814.989889][T23214] RBP: 00007f58ee1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 814.997882][T23214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 815.005876][T23214] R13: 00007f58f0216038 R14: 00007f58f0215fa0 R15: 00007ffc7daa8188 [ 815.013892][T23214] [ 815.046480][T23209] device syzkaller0 entered promiscuous mode [ 815.106929][T23226] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6565'. [ 815.143283][T23214] ERROR: Out of memory at tomoyo_realpath_from_path. [ 816.276651][T23255] netlink: 'syz.3.6574': attribute type 3 has an invalid length. [ 816.307989][T23255] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.6574'. [ 817.530356][T23278] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.6578'. [ 819.123511][T23238] netlink: 'syz.4.6567': attribute type 10 has an invalid length. [ 819.191912][T23238] team0 (unregistering): Port device team_slave_0 removed [ 819.230778][T23238] team0 (unregistering): Port device team_slave_1 removed [ 819.489055][T23287] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6581'. [ 819.946276][T23301] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6596'. [ 821.015110][T23329] netlink: 'syz.0.6594': attribute type 7 has an invalid length. [ 821.534603][T23323] netlink: 'syz.1.6592': attribute type 10 has an invalid length. [ 821.698117][T23331] netlink: 'syz.0.6594': attribute type 10 has an invalid length. [ 821.707583][T23331] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6594'. [ 821.718019][T23331] bridge0: port 3(veth0_vlan) entered blocking state [ 821.725332][T23331] bridge0: port 3(veth0_vlan) entered disabled state [ 821.753320][T23331] net_ratelimit: 4137 callbacks suppressed [ 821.753341][T23331] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 821.809022][T23337] netlink: 'syz.2.6597': attribute type 10 has an invalid length. [ 821.847360][T23337] bridge0: port 2(bridge_slave_1) entered disabled state [ 821.854999][T23337] bridge0: port 1(bridge_slave_0) entered disabled state [ 821.913622][T23337] bridge0: port 2(bridge_slave_1) entered blocking state [ 821.920833][T23337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 821.928647][T23337] bridge0: port 1(bridge_slave_0) entered blocking state [ 821.935821][T23337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 821.967207][T23337] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 822.024917][T23345] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6600'. [ 822.678444][T23363] netlink: 'syz.2.6607': attribute type 11 has an invalid length. [ 822.699339][T23363] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.6607'. [ 823.582638][T23376] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.6619'. [ 824.212248][T23386] netlink: 'syz.3.6611': attribute type 10 has an invalid length. [ 824.668170][T23405] netlink: 26 bytes leftover after parsing attributes in process `syz.4.6617'. [ 825.060060][T23421] netlink: 'syz.2.6621': attribute type 3 has an invalid length. [ 825.078320][T23421] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6621'. [ 825.098275][T23421] netlink: 830 bytes leftover after parsing attributes in process `syz.2.6621'. [ 825.129749][T23421] device pim6reg1 entered promiscuous mode [ 826.141817][ T4271] Bluetooth: hci1: command 0x0406 tx timeout [ 828.311762][T23430] : port 1(ip6gretap0) entered blocking state [ 828.318783][T23430] : port 1(ip6gretap0) entered disabled state [ 828.330330][T23430] device ip6gretap0 entered promiscuous mode [ 828.358229][T23432] netlink: 'syz.3.6624': attribute type 10 has an invalid length. [ 828.380866][T23432] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.388268][T23432] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.409541][T23430] device ip6gretap0 left promiscuous mode [ 828.432200][T23430] : port 1(ip6gretap0) entered disabled state [ 829.305940][T23445] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.6628'. [ 829.660886][T23460] netlink: 188 bytes leftover after parsing attributes in process `syz.4.6636'. [ 829.963207][T23459] delete_channel: no stack [ 830.074455][T23469] : port 1(ip6gretap0) entered blocking state [ 830.088672][T23469] : port 1(ip6gretap0) entered disabled state [ 830.109885][T23469] device ip6gretap0 entered promiscuous mode [ 830.159049][T23472] device ip6gretap0 left promiscuous mode [ 830.201951][T23472] : port 1(ip6gretap0) entered disabled state [ 830.551074][T23482] netlink: 'syz.1.6643': attribute type 4 has an invalid length. [ 830.579016][T23482] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.6643'. [ 831.013851][T23495] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6645'. [ 831.047505][T23491] netlink: 'syz.3.6646': attribute type 3 has an invalid length. [ 831.112019][T23491] netlink: 13435 bytes leftover after parsing attributes in process `syz.3.6646'. [ 831.891060][T23514] netlink: 188 bytes leftover after parsing attributes in process `syz.1.6653'. [ 832.296695][T23510] delete_channel: no stack [ 832.699116][T23528] netlink: 'syz.4.6659': attribute type 3 has an invalid length. [ 832.737989][T23528] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.6659'. [ 832.759931][T23532] netlink: 830 bytes leftover after parsing attributes in process `syz.4.6659'. [ 832.862167][T23528] device pim6reg1 entered promiscuous mode [ 832.882860][T23534] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6660'. [ 834.200454][T23550] netlink: 'syz.3.6676': attribute type 10 has an invalid length. [ 836.341327][T23569] netlink: 'syz.4.6669': attribute type 7 has an invalid length. [ 836.381703][ T4285] Bluetooth: hci3: command 0x0406 tx timeout [ 836.665544][T23567] netlink: 188 bytes leftover after parsing attributes in process `syz.2.6668'. [ 836.724247][T23576] netlink: 'syz.4.6669': attribute type 10 has an invalid length. [ 836.738918][T23576] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6669'. [ 836.758047][T23576] bridge0: port 3(veth0_vlan) entered blocking state [ 836.762739][T23566] delete_channel: no stack [ 836.765863][T23576] bridge0: port 3(veth0_vlan) entered disabled state [ 836.777947][T23576] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 836.794864][T23572] netlink: 'syz.1.6670': attribute type 21 has an invalid length. [ 836.803952][T23572] netlink: 156 bytes leftover after parsing attributes in process `syz.1.6670'. [ 836.991629][T23584] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6675'. [ 837.540602][T23599] netlink: 'syz.2.6685': attribute type 21 has an invalid length. [ 837.583791][T23599] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6685'. [ 837.658238][T23601] FAULT_INJECTION: forcing a failure. [ 837.658238][T23601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 837.681137][T23601] CPU: 1 PID: 23601 Comm: syz.4.6686 Not tainted syzkaller #0 [ 837.688662][T23601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 837.698745][T23601] Call Trace: [ 837.702052][T23601] [ 837.705015][T23601] dump_stack_lvl+0x188/0x24e [ 837.709737][T23601] ? show_regs_print_info+0x12/0x12 [ 837.714980][T23601] ? load_image+0x400/0x400 [ 837.719523][T23601] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 837.725719][T23601] should_fail_ex+0x399/0x4d0 [ 837.730442][T23601] _copy_from_user+0x2c/0x170 [ 837.735171][T23601] wext_handle_ioctl+0xc4/0x1d0 [ 837.740060][T23601] ? call_commit_handler+0xf0/0xf0 [ 837.745280][T23601] sock_ioctl+0x143/0x710 [ 837.749644][T23601] ? sock_poll+0x410/0x410 [ 837.754108][T23601] ? bpf_lsm_file_ioctl+0x5/0x10 [ 837.759084][T23601] ? security_file_ioctl+0x7c/0xa0 [ 837.764316][T23601] ? sock_poll+0x410/0x410 [ 837.768756][T23601] __se_sys_ioctl+0xfa/0x170 [ 837.773380][T23601] do_syscall_64+0x4c/0xa0 [ 837.777834][T23601] ? clear_bhb_loop+0x60/0xb0 [ 837.782548][T23601] ? clear_bhb_loop+0x60/0xb0 [ 837.787261][T23601] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 837.793182][T23601] RIP: 0033:0x7f58eff9c819 [ 837.797624][T23601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 837.817260][T23601] RSP: 002b:00007f58ee1f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 837.825711][T23601] RAX: ffffffffffffffda RBX: 00007f58f0215fa0 RCX: 00007f58eff9c819 [ 837.833722][T23601] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000009 [ 837.841725][T23601] RBP: 00007f58ee1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 837.849743][T23601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 837.857746][T23601] R13: 00007f58f0216038 R14: 00007f58f0215fa0 R15: 00007ffc7daa8188 [ 837.865747][T23601] [ 838.173309][T23619] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6692'. [ 838.350686][T23625] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6693'. [ 838.544741][T23628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6704'. [ 838.603008][T23629] netlink: 'syz.1.6694': attribute type 7 has an invalid length. [ 839.059446][T23625] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 839.136733][T23625] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 839.199788][T23626] delete_channel: no stack [ 839.207013][T23625] bond0 (unregistering): Released all slaves [ 839.230652][T23634] netlink: 'syz.1.6694': attribute type 10 has an invalid length. [ 839.238858][T23634] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6694'. [ 839.254539][T23634] bridge0: port 3(veth0_vlan) entered blocking state [ 839.262223][T23634] bridge0: port 3(veth0_vlan) entered disabled state [ 839.270997][T23634] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 839.368099][T23644] netlink: 'syz.3.6696': attribute type 2 has an invalid length. [ 839.387211][T23644] netlink: 'syz.3.6696': attribute type 4 has an invalid length. [ 839.441632][T23644] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6696'. [ 839.715580][T23658] netlink: 'syz.1.6703': attribute type 10 has an invalid length. [ 839.769172][T23657] netlink: 'syz.3.6701': attribute type 3 has an invalid length. [ 840.113639][T23680] device hsr0 entered promiscuous mode [ 840.163245][T23680] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 840.710712][T23703] bridge0: port 3(veth0_vlan) entered blocking state [ 840.719434][T23703] bridge0: port 3(veth0_vlan) entered disabled state [ 840.744619][T23703] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 841.734229][T23735] __nla_validate_parse: 5 callbacks suppressed [ 841.734269][T23735] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6733'. [ 844.489949][T23784] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6747'. [ 844.982605][T23796] validate_nla: 3 callbacks suppressed [ 844.982640][T23796] netlink: 'syz.3.6753': attribute type 29 has an invalid length. [ 845.011930][T23796] netlink: 'syz.3.6753': attribute type 29 has an invalid length. [ 846.748931][T23862] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6775'. [ 847.123695][T23875] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6780'. [ 847.496379][T23885] netlink: 'syz.1.6783': attribute type 11 has an invalid length. [ 848.351926][T23907] netlink: 26 bytes leftover after parsing attributes in process `syz.4.6793'. [ 849.381745][T23942] netlink: 'syz.0.6807': attribute type 29 has an invalid length. [ 849.392214][T23944] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6808'. [ 849.409256][T23942] netlink: 'syz.0.6807': attribute type 29 has an invalid length. [ 849.445522][T23945] netlink: 'syz.0.6807': attribute type 29 has an invalid length. [ 850.725120][T23984] netlink: 26 bytes leftover after parsing attributes in process `syz.0.6820'. [ 850.927123][T23993] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.6824'. [ 850.994214][T23998] netlink: 1 bytes leftover after parsing attributes in process `syz.1.6824'. [ 851.209347][T24003] netlink: 10 bytes leftover after parsing attributes in process `syz.0.6827'. [ 851.685046][T24017] netlink: 'syz.2.6832': attribute type 3 has an invalid length. [ 851.715028][T24017] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6832'. [ 851.913687][T24029] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6836'. [ 852.184811][T24043] netlink: 'syz.4.6839': attribute type 29 has an invalid length. [ 852.228616][T24043] netlink: 'syz.4.6839': attribute type 29 has an invalid length. [ 852.248441][T24038] netlink: 'syz.4.6839': attribute type 29 has an invalid length. [ 852.277733][T24046] netlink: 'syz.4.6839': attribute type 29 has an invalid length. [ 852.797719][T24061] netlink: 'syz.3.6846': attribute type 10 has an invalid length. [ 852.846707][T24061] bond0: (slave bridge0): Releasing backup interface [ 852.912624][T24067] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6850'. [ 852.980902][T24073] netlink: 'syz.3.6852': attribute type 21 has an invalid length. [ 853.351679][T24090] netlink: 826 bytes leftover after parsing attributes in process `syz.4.6858'. [ 853.893852][T24110] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6866'. [ 854.003411][T24118] netlink: 'syz.4.6869': attribute type 33 has an invalid length. [ 854.041656][T24118] netlink: 152 bytes leftover after parsing attributes in process `syz.4.6869'. [ 854.077340][T24118] netlink: 'syz.4.6869': attribute type 29 has an invalid length. [ 854.121934][T24118] netlink: 'syz.4.6869': attribute type 29 has an invalid length. [ 854.167685][T24118] netlink: 16083 bytes leftover after parsing attributes in process `syz.4.6869'. [ 854.307447][T24127] bridge0: port 3(veth0_to_bridge) entered blocking state [ 854.327859][T24127] bridge0: port 3(veth0_to_bridge) entered disabled state [ 854.363372][T24127] device veth0_to_bridge entered promiscuous mode [ 854.561050][T24140] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 854.568590][T24140] IPv6: NLM_F_CREATE should be set when creating new route [ 854.576177][T24140] IPv6: NLM_F_CREATE should be set when creating new route [ 854.583668][T24140] IPv6: NLM_F_CREATE should be set when creating new route [ 855.078599][T24154] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6882'. [ 855.226178][T24158] tap0: tun_chr_ioctl cmd 2147767517 [ 855.605185][T24163] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.6884'. [ 856.526946][T24195] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6895'. [ 858.891039][T24208] validate_nla: 2 callbacks suppressed [ 858.891055][T24208] netlink: 'syz.2.6900': attribute type 17 has an invalid length. [ 858.913307][T24208] netlink: 'syz.2.6900': attribute type 16 has an invalid length. [ 858.922038][T24208] netlink: 152 bytes leftover after parsing attributes in process `syz.2.6900'. [ 859.509034][T24231] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6908'. [ 859.892759][T24237] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 859.929475][T24237] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 859.976949][T24237] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 860.016185][T24237] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 860.906521][T24271] tap0: tun_chr_ioctl cmd 2147767517 [ 861.154803][T24276] netlink: 'syz.1.6922': attribute type 1 has an invalid length. [ 861.204286][T24276] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.6922'. [ 861.522501][T24291] netlink: 'syz.3.6927': attribute type 10 has an invalid length. [ 862.723595][T24320] netlink: 26 bytes leftover after parsing attributes in process `syz.4.6939'. [ 862.973409][T24322] netlink: 'syz.2.6940': attribute type 3 has an invalid length. [ 862.984313][T24326] netlink: 'syz.1.6942': attribute type 10 has an invalid length. [ 863.019178][T24326] bond0: (slave bridge0): Releasing backup interface [ 863.021160][T24322] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6940'. [ 864.764071][T24390] netlink: 'syz.4.6965': attribute type 13 has an invalid length. [ 864.779680][T24390] netlink: 24859 bytes leftover after parsing attributes in process `syz.4.6965'. [ 864.915896][T24397] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6967'. [ 865.198828][T24411] netlink: 'syz.2.6972': attribute type 10 has an invalid length. [ 865.227539][T24414] netlink: 'syz.1.6973': attribute type 29 has an invalid length. [ 865.255176][T24414] netlink: 'syz.1.6973': attribute type 29 has an invalid length. [ 866.121702][T24442] netlink: 'syz.3.6985': attribute type 10 has an invalid length. [ 866.155352][T24444] netlink: 26 bytes leftover after parsing attributes in process `syz.2.6983'. [ 867.035993][T24477] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.6997'. [ 867.173027][T24477] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6997'. [ 867.200288][T24487] netlink: 26 bytes leftover after parsing attributes in process `syz.1.6999'. [ 868.210220][T24513] device wg2 entered promiscuous mode [ 868.958500][T24541] tap0: tun_chr_ioctl cmd 2147767517 [ 869.032594][T24547] mac80211_hwsim hwsim42 ªªªªªª: renamed from wlan0 [ 869.411069][T24552] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.7023'. [ 869.508282][T24549] netlink: 'syz.3.7019': attribute type 1 has an invalid length. [ 869.611722][T24549] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.7019'. [ 870.151891][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.158285][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.855734][T24580] netlink: 'syz.0.7030': attribute type 9 has an invalid length. [ 870.864188][T24580] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.7030'. [ 870.935938][T24583] netlink: 'syz.2.7032': attribute type 10 has an invalid length. [ 871.002574][T24583] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.010029][T24583] bridge0: port 1(bridge_slave_0) entered disabled state [ 871.141817][T24586] netlink: 26 bytes leftover after parsing attributes in process `syz.0.7034'. [ 871.206518][T24583] bond0: (slave bridge0): Releasing backup interface [ 871.874972][T24620] netlink: 40227 bytes leftover after parsing attributes in process `syz.4.7042'. [ 872.221912][ T4271] Bluetooth: hci2: command 0x0406 tx timeout [ 873.006212][T24643] netlink: 'syz.2.7051': attribute type 27 has an invalid length. [ 873.055181][T24646] netlink: 'syz.4.7048': attribute type 3 has an invalid length. [ 873.085481][T24643] netlink: 164 bytes leftover after parsing attributes in process `syz.2.7051'. [ 873.106315][T24646] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7048'. [ 874.187284][T24668] netlink: 'syz.2.7057': attribute type 3 has an invalid length. [ 874.229798][T24668] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.7057'. [ 875.810528][T24734] netlink: 26 bytes leftover after parsing attributes in process `syz.3.7076'. [ 876.669252][T24744] mac80211_hwsim hwsim38 ªªªªªª: renamed from wlan0 [ 877.195328][T24760] netlink: 'syz.3.7083': attribute type 16 has an invalid length. [ 877.262082][T24760] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7083'. [ 877.321853][T24760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 877.403780][T24763] netlink: 'syz.3.7083': attribute type 16 has an invalid length. [ 877.431842][T24763] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7083'. [ 877.624354][T24778] netlink: 26 bytes leftover after parsing attributes in process `syz.0.7088'. [ 878.159000][T24797] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7096'. [ 878.202802][T24797] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7096'. [ 878.376820][T24808] netlink: 'syz.0.7100': attribute type 10 has an invalid length. [ 878.749015][T24825] netlink: 26 bytes leftover after parsing attributes in process `syz.2.7105'. [ 879.156628][T24835] netlink: 'syz.2.7110': attribute type 3 has an invalid length. [ 879.203887][T24835] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.7110'. [ 879.238523][T24840] netlink: 'syz.4.7112': attribute type 10 has an invalid length. [ 879.645772][T24840] bridge0: port 2(bridge_slave_1) entered disabled state [ 879.654385][T24840] bridge0: port 1(bridge_slave_0) entered disabled state [ 879.967153][T24851] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7114'. [ 879.988197][T24851] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7114'. [ 880.789720][T24863] netlink: 26 bytes leftover after parsing attributes in process `syz.3.7120'. [ 880.846700][T24867] netlink: 'syz.2.7119': attribute type 21 has an invalid length. [ 881.279957][T24885] netlink: 'syz.3.7124': attribute type 3 has an invalid length. [ 882.733638][T24946] netlink: 'syz.3.7147': attribute type 21 has an invalid length. [ 882.806990][T24946] __nla_validate_parse: 5 callbacks suppressed [ 882.807009][T24946] netlink: 156 bytes leftover after parsing attributes in process `syz.3.7147'. [ 882.859541][T24948] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7146'. [ 882.893894][T24955] netlink: 'syz.4.7148': attribute type 3 has an invalid length. [ 882.916264][T24948] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7146'. [ 882.927463][T24955] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7148'. [ 883.337600][T24965] netlink: 'syz.2.7154': attribute type 10 has an invalid length. [ 883.594284][T24972] netlink: 'syz.1.7157': attribute type 10 has an invalid length. [ 883.930324][T24972] team0 (unregistering): Port device team_slave_0 removed [ 884.012840][T24972] team0 (unregistering): Port device team_slave_1 removed [ 884.277718][T24990] netlink: 'syz.3.7164': attribute type 3 has an invalid length. [ 884.314571][T24990] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.7164'. [ 884.586211][ T4271] Bluetooth: hci1: ISO packet for unknown connection handle 2366 [ 885.753589][T25011] netlink: 'syz.3.7170': attribute type 3 has an invalid length. [ 885.769424][T25011] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.7170'. [ 885.944554][T25024] netlink: 1 bytes leftover after parsing attributes in process `syz.0.7173'. [ 886.051779][T25028] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7176'. [ 886.056549][T25024] device aaaaaaaaaaaaaaa entered promiscuous mode [ 886.110748][T25028] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7176'. [ 886.203504][T25031] netlink: 'syz.2.7177': attribute type 3 has an invalid length. [ 886.231464][T25031] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.7177'. [ 887.112958][T25045] netlink: 'syz.4.7181': attribute type 3 has an invalid length. [ 887.581745][ T4285] Bluetooth: hci0: command 0x0406 tx timeout [ 888.458513][T25093] netlink: 'syz.2.7198': attribute type 10 has an invalid length. [ 889.487012][T25119] netlink: 'syz.3.7208': attribute type 10 has an invalid length. [ 890.838977][T25176] netlink: 'syz.1.7225': attribute type 3 has an invalid length. [ 890.909183][T25176] __nla_validate_parse: 2 callbacks suppressed [ 890.909202][T25176] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.7225'. [ 891.434541][T25193] netlink: 'syz.4.7231': attribute type 2 has an invalid length. [ 892.585957][T25222] netlink: 26 bytes leftover after parsing attributes in process `syz.4.7242'. [ 892.713988][T25228] netlink: 'syz.0.7246': attribute type 10 has an invalid length. [ 893.152125][T25252] netlink: 'syz.2.7253': attribute type 2 has an invalid length. [ 893.479209][T25258] netlink: 26 bytes leftover after parsing attributes in process `syz.1.7256'. [ 893.682457][T25262] netlink: 26 bytes leftover after parsing attributes in process `syz.3.7258'. [ 894.636521][T25293] netlink: 814 bytes leftover after parsing attributes in process `syz.0.7269'. [ 894.640914][T25294] netlink: 26 bytes leftover after parsing attributes in process `syz.2.7270'. [ 895.615918][T25319] device syzkaller0 entered promiscuous mode [ 895.642418][T25319] netlink: 188 bytes leftover after parsing attributes in process `syz.2.7280'. [ 895.720523][T25327] netlink: 'syz.1.7282': attribute type 3 has an invalid length. [ 895.729401][T25327] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.7282'. [ 895.905489][T25332] netlink: 'syz.1.7283': attribute type 10 has an invalid length. [ 896.037184][T25335] netlink: 814 bytes leftover after parsing attributes in process `syz.3.7284'. [ 896.814983][T25358] netlink: 'syz.3.7293': attribute type 11 has an invalid length. [ 896.831840][T25358] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.7293'. [ 897.059089][T17414] tipc: Subscription rejected, illegal request [ 897.302664][T25357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 899.469841][T25355] netlink: 'syz.0.7291': attribute type 10 has an invalid length. [ 899.477946][T25378] netlink: 814 bytes leftover after parsing attributes in process `syz.2.7300'. [ 900.010241][T25415] netlink: 'syz.3.7312': attribute type 10 has an invalid length. [ 901.118327][T25479] netlink: 'syz.4.7334': attribute type 21 has an invalid length. [ 901.142970][T25479] netlink: 'syz.4.7334': attribute type 22 has an invalid length. [ 901.151311][T25479] netlink: 14380 bytes leftover after parsing attributes in process `syz.4.7334'. [ 901.788856][T25500] netlink: 'syz.4.7341': attribute type 21 has an invalid length. [ 901.801334][T25500] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7341'. [ 901.841053][T25502] netlink: 'syz.2.7342': attribute type 25 has an invalid length. [ 901.868859][T25504] netlink: 'syz.3.7343': attribute type 10 has an invalid length. [ 902.025602][T25506] netlink: 'syz.0.7344': attribute type 3 has an invalid length. [ 902.037936][T25506] netlink: 189348 bytes leftover after parsing attributes in process `syz.0.7344'. [ 902.595256][T25536] netlink: 'syz.3.7353': attribute type 10 has an invalid length. [ 903.345160][T25568] tap0: tun_chr_ioctl cmd 1074025684 [ 903.365996][T25568] : renamed from team_slave_1 [ 903.559152][T25573] nr0: port 1(hsr0) entered blocking state [ 903.581304][T25573] nr0: port 1(hsr0) entered disabled state [ 904.490417][T25612] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.7381'. [ 905.244760][T25608] delete_channel: no stack [ 905.724357][T25653] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7395'. [ 905.759022][T25653] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7395'. [ 905.795926][T25651] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7395'. [ 905.825889][T25652] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7395'. [ 905.920735][T25655] netlink: 'syz.2.7397': attribute type 10 has an invalid length. [ 906.487131][T25670] netlink: 'syz.4.7401': attribute type 3 has an invalid length. [ 906.520525][T25670] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7401'. [ 907.440251][T25698] netlink: 164 bytes leftover after parsing attributes in process `syz.3.7413'. [ 908.696137][T25750] netlink: 'syz.4.7430': attribute type 1 has an invalid length. [ 908.738057][T25750] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7430'. [ 909.032886][T25759] netlink: 'syz.1.7433': attribute type 10 has an invalid length. [ 909.621868][T25777] netlink: 'syz.0.7440': attribute type 13 has an invalid length. [ 909.650470][T25777] netlink: 160 bytes leftover after parsing attributes in process `syz.0.7440'. [ 912.056396][T25819] netlink: 'syz.4.7455': attribute type 10 has an invalid length. [ 913.188799][ T4271] Bluetooth: hci4: command 0x0406 tx timeout [ 913.833454][T25876] netlink: 'syz.0.7477': attribute type 10 has an invalid length. [ 913.898995][T25876] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7477'. [ 914.380876][T25876] device caif0 entered promiscuous mode [ 914.398297][T25876] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 914.622269][T25896] device pim6reg1 entered promiscuous mode [ 914.839296][T25907] netlink: 105084 bytes leftover after parsing attributes in process `syz.1.7486'. [ 914.878515][T25907] netlink: 31 bytes leftover after parsing attributes in process `syz.1.7486'. [ 915.146582][T25917] netlink: 'syz.1.7490': attribute type 3 has an invalid length. [ 915.179669][T25917] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.7490'. [ 918.481984][T25950] netlink: 'syz.4.7499': attribute type 10 has an invalid length. [ 919.826252][T17414] device gretap0 left promiscuous mode [ 919.868618][T17414] Ÿë: port 1(gretap0) entered disabled state [ 920.782565][T17414] device veth0_to_team left promiscuous mode [ 920.843145][T17414] Ÿë: port 2(veth0_to_team) entered disabled state [ 920.914731][T17414] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 920.963550][T17414] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 921.006415][T17414] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 921.053998][T17414] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 921.089053][T17414] device bridge_slave_1 left promiscuous mode [ 921.116457][T17414] bridge0: port 2(bridge_slave_1) entered disabled state [ 921.162371][T17414] device bridge_slave_0 left promiscuous mode [ 921.170181][T17414] bridge0: port 1(bridge_slave_0) entered disabled state [ 921.249335][T17414] device veth0_macvtap left promiscuous mode [ 921.263221][T17414] device veth1_vlan left promiscuous mode [ 921.273798][T17414] device veth0_vlan left promiscuous mode [ 921.974675][T26055] netlink: 'syz.4.7533': attribute type 3 has an invalid length. [ 922.003843][T26055] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7533'. [ 922.087601][T26066] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.7533'. [ 923.389973][T26097] netlink: 'syz.0.7546': attribute type 3 has an invalid length. [ 923.398232][T26097] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.7546'. [ 923.903949][T26033] netlink: 'syz.2.7527': attribute type 10 has an invalid length. [ 924.133495][T26033] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 924.159737][T26056] IPv6: Can't replace route, no match found [ 924.210193][T26060] netlink: 188 bytes leftover after parsing attributes in process `syz.1.7536'. [ 924.241467][T26060] ksmbd: Unknown IPC event: 10, ignore. [ 924.287601][T26101] netlink: 'syz.2.7547': attribute type 10 has an invalid length. [ 924.767295][T26114] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7553'. [ 924.788994][T26114] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7553'. [ 924.829974][T26122] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7553'. [ 925.190355][T26133] netlink: 'syz.0.7560': attribute type 3 has an invalid length. [ 925.199862][T26133] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.7560'. [ 925.308261][T26133] IPv6: Can't replace route, no match found [ 925.325924][T26133] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.7560'. [ 925.449640][T26147] netlink: 'syz.0.7567': attribute type 10 has an invalid length. [ 926.930581][T26196] netlink: 'syz.0.7586': attribute type 3 has an invalid length. [ 926.957975][T26196] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.7586'. [ 927.181297][T26205] netlink: 'syz.4.7589': attribute type 10 has an invalid length. [ 928.557958][T26241] netlink: 'syz.2.7604': attribute type 10 has an invalid length. [ 928.613851][T26245] netlink: 'syz.3.7607': attribute type 1 has an invalid length. [ 928.659142][T26245] netlink: 'syz.3.7607': attribute type 1 has an invalid length. [ 928.687904][T26245] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.7607'. [ 930.855814][T17438] tipc: Subscription rejected, illegal request [ 931.270218][T26307] netlink: 'syz.3.7627': attribute type 3 has an invalid length. [ 931.320695][T26307] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.7627'. [ 931.584608][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.590994][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.724871][T26332] netlink: 'syz.2.7636': attribute type 10 has an invalid length. [ 936.365346][T26408] netlink: 122396 bytes leftover after parsing attributes in process `syz.3.7657'. [ 938.506359][T26393] netlink: 'syz.0.7654': attribute type 25 has an invalid length. [ 938.519631][T26393] netlink: 'syz.0.7654': attribute type 9 has an invalid length. [ 942.908445][T26540] À: port 1(vlan0) entered blocking state [ 942.936630][T26540] À: port 1(vlan0) entered disabled state [ 942.952952][T26540] device vlan0 entered promiscuous mode [ 942.998214][T26538] À: port 1(vlan0) entered blocking state [ 943.004928][T26538] À: port 1(vlan0) entered forwarding state [ 943.251094][T26555] device syzkaller0 entered promiscuous mode [ 943.267878][T17420] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 943.605660][T26570] netlink: 'syz.3.7716': attribute type 10 has an invalid length. [ 943.912442][T26585] netlink: 'syz.1.7721': attribute type 3 has an invalid length. [ 943.932076][T26585] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.7721'. [ 944.171264][T26597] netlink: 'syz.1.7725': attribute type 39 has an invalid length. [ 945.354839][T26633] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7735'. [ 946.903532][T26647] netlink: 'syz.1.7742': attribute type 10 has an invalid length. [ 947.322281][T26659] netlink: 'syz.3.7747': attribute type 13 has an invalid length. [ 947.348308][T26659] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7747'. [ 947.435154][T26659] syz_tun: refused to change device tx_queue_len [ 947.479190][T26659] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 947.994440][T26680] netlink: 'syz.0.7754': attribute type 10 has an invalid length. [ 948.245554][T26690] netlink: 'syz.0.7759': attribute type 3 has an invalid length. [ 948.259695][T26690] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.7759'. [ 948.529853][T26701] netlink: 'syz.0.7763': attribute type 27 has an invalid length. [ 948.806714][T26701] bond0: (slave bond_slave_0): Releasing backup interface [ 949.514702][T26734] netlink: 'syz.3.7776': attribute type 21 has an invalid length. [ 950.047614][T26749] netlink: 14 bytes leftover after parsing attributes in process `syz.0.7783'. [ 951.003257][T26749] device hsr_slave_0 left promiscuous mode [ 951.042894][T26749] device hsr_slave_1 left promiscuous mode [ 951.240040][T26763] syzkaller1: tun_chr_ioctl cmd 1074025678 [ 951.250220][T26763] syzkaller1: group set to 778 [ 951.393385][T26788] netlink: 26 bytes leftover after parsing attributes in process `syz.3.7795'. [ 951.770765][T26799] netlink: 'syz.3.7797': attribute type 10 has an invalid length. [ 951.802970][T26803] netlink: 'syz.4.7799': attribute type 3 has an invalid length. [ 951.811127][T26803] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.7799'. [ 952.314220][T26822] netlink: 26 bytes leftover after parsing attributes in process `syz.4.7807'. [ 952.345255][T26820] netlink: 'syz.2.7806': attribute type 27 has an invalid length. [ 952.410955][T26827] netlink: 'syz.1.7809': attribute type 3 has an invalid length. [ 952.438003][T26827] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.7809'. [ 952.500342][T26820] bond0: (slave bond_slave_0): Releasing backup interface [ 952.520722][T26830] netlink: 'syz.3.7811': attribute type 4 has an invalid length. [ 952.531028][T26830] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.7811'. [ 953.682334][T26878] netlink: 'syz.1.7828': attribute type 27 has an invalid length. [ 953.825516][T26878] bond0: (slave bond_slave_0): Releasing backup interface [ 954.962151][T26921] netlink: 26 bytes leftover after parsing attributes in process `syz.1.7844'. [ 955.107438][T26927] netlink: 'syz.0.7847': attribute type 15 has an invalid length. [ 955.746713][T26960] netlink: 'syz.0.7858': attribute type 3 has an invalid length. [ 955.758379][T26960] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.7858'. [ 955.811165][T26963] netlink: 'syz.2.7859': attribute type 10 has an invalid length. [ 955.858007][T26965] netlink: 176 bytes leftover after parsing attributes in process `syz.4.7860'. [ 955.947648][T26968] netlink: 26 bytes leftover after parsing attributes in process `syz.0.7861'. [ 956.637689][T26995] netlink: 26 bytes leftover after parsing attributes in process `syz.4.7874'. [ 956.948223][T27007] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7878'. [ 956.980722][T27007] device caif0 entered promiscuous mode [ 957.163067][T27022] netlink: 14 bytes leftover after parsing attributes in process `syz.0.7883'. [ 957.541258][T27038] netlink: 26 bytes leftover after parsing attributes in process `syz.1.7889'. [ 958.222843][T27064] netlink: 'syz.2.7897': attribute type 11 has an invalid length. [ 958.246256][T27064] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.7897'. [ 958.948558][T27059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 959.397031][T27092] netlink: 'syz.4.7907': attribute type 10 has an invalid length. [ 959.464045][T27086] netlink: 'syz.0.7905': attribute type 3 has an invalid length. [ 959.491572][T27086] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.7905'. [ 959.592027][T27098] netlink: 14 bytes leftover after parsing attributes in process `syz.3.7911'. [ 959.613825][T27098] device hsr_slave_0 left promiscuous mode [ 959.657675][T27098] device hsr_slave_1 left promiscuous mode [ 960.659274][T27122] netlink: 'syz.2.7913': attribute type 17 has an invalid length. [ 960.676095][T27122] netlink: 'syz.2.7913': attribute type 16 has an invalid length. [ 960.691097][T27129] syzkaller1: tun_chr_ioctl cmd 1074025678 [ 960.707601][T27129] syzkaller1: group set to 778 [ 960.860113][T27134] __nla_validate_parse: 2 callbacks suppressed [ 960.860135][T27134] netlink: 194236 bytes leftover after parsing attributes in process `syz.0.7917'. [ 960.942793][T27134] netlink: zone id is out of range [ 960.976205][T27134] netlink: zone id is out of range [ 961.004565][T27134] netlink: get zone limit has 8 unknown bytes [ 961.168844][T27146] netlink: 26 bytes leftover after parsing attributes in process `syz.2.7922'. [ 961.576027][T27167] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7928'. [ 961.607082][T27167] device caif0 entered promiscuous mode [ 961.661299][T27166] Ÿë: port 1(veth0_to_team) entered blocking state [ 961.685337][T27166] Ÿë: port 1(veth0_to_team) entered disabled state [ 961.706932][T27166] device veth0_to_team entered promiscuous mode [ 961.916886][T27180] syz.1.7934[27180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 961.917220][T27180] syz.1.7934[27180] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 962.138996][T27187] netlink: 26 bytes leftover after parsing attributes in process `syz.4.7937'. [ 962.966050][T27223] netlink: 'syz.1.7949': attribute type 10 has an invalid length. [ 962.991867][T27224] netlink: 'syz.3.7951': attribute type 3 has an invalid length. [ 963.045832][T27224] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.7951'. [ 963.404486][T27240] syz.3.7956[27240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 963.404594][T27240] syz.3.7956[27240] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 965.740843][T27348] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.7998'. [ 966.072711][T27358] netlink: 'syz.1.8005': attribute type 3 has an invalid length. [ 966.099139][T27358] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8005'. [ 966.149837][T27362] netlink: 'syz.3.8004': attribute type 10 has an invalid length. [ 966.260498][T27370] netlink: 26 bytes leftover after parsing attributes in process `syz.4.8008'. [ 966.982953][T27397] netlink: 40227 bytes leftover after parsing attributes in process `syz.2.8020'. [ 967.277011][T27413] netlink: 26 bytes leftover after parsing attributes in process `syz.3.8026'. [ 968.127855][T27454] netlink: 'syz.0.8039': attribute type 10 has an invalid length. [ 968.140066][T27452] Â: renamed from pim6reg1 [ 968.274800][T27458] netlink: 26 bytes leftover after parsing attributes in process `syz.1.8042'. [ 968.437959][T27464] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8044'. [ 968.595106][T27472] netlink: 'syz.2.8048': attribute type 3 has an invalid length. [ 968.609534][T27472] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.8048'. [ 968.699555][T27474] netlink: 'syz.0.8049': attribute type 10 has an invalid length. [ 968.775853][T27482] netlink: 132 bytes leftover after parsing attributes in process `syz.2.8052'. [ 968.893413][T27488] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8055'. [ 969.862792][T27523] netlink: 'syz.2.8069': attribute type 2 has an invalid length. [ 970.742907][T27564] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8084'. [ 970.833978][T27569] netlink: 'syz.2.8085': attribute type 2 has an invalid length. [ 970.874017][T27567] netlink: 'syz.2.8085': attribute type 2 has an invalid length. [ 970.934422][T27575] netlink: 'syz.0.8088': attribute type 1 has an invalid length. [ 970.942316][T27575] netlink: 'syz.0.8088': attribute type 3 has an invalid length. [ 971.188169][T27580] netlink: 'syz.3.8090': attribute type 10 has an invalid length. [ 971.484297][T27590] netlink: 'syz.1.8095': attribute type 2 has an invalid length. [ 971.511638][T27590] netlink: 'syz.1.8095': attribute type 8 has an invalid length. [ 971.538321][T27590] __nla_validate_parse: 3 callbacks suppressed [ 971.538358][T27590] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8095'. [ 971.635969][T27599] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.8095'. [ 972.144115][T27612] netlink: 'syz.3.8101': attribute type 1 has an invalid length. [ 972.183016][T27612] netlink: 112865 bytes leftover after parsing attributes in process `syz.3.8101'. [ 972.665947][T27633] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8112'. [ 973.555130][T27674] netlink: 26 bytes leftover after parsing attributes in process `syz.4.8127'. [ 973.749564][T27680] netlink: 'syz.1.8131': attribute type 10 has an invalid length. [ 973.786227][T27690] netlink: 'syz.2.8133': attribute type 10 has an invalid length. [ 973.859410][T27688] netlink: 'syz.0.8134': attribute type 3 has an invalid length. [ 973.891663][T27688] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8134'. [ 974.060218][T27705] netlink: 'syz.0.8140': attribute type 10 has an invalid length. [ 974.117355][T27705] netlink: 156 bytes leftover after parsing attributes in process `syz.0.8140'. [ 974.397739][T27719] netlink: 26 bytes leftover after parsing attributes in process `syz.1.8145'. [ 974.701063][T27732] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 974.915530][T27738] netlink: 'syz.2.8155': attribute type 2 has an invalid length. [ 974.952523][T27738] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.8155'. [ 975.473543][T27759] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8163'. [ 976.244718][T27792] netlink: 'syz.3.8176': attribute type 10 has an invalid length. [ 976.659683][T27798] netlink: 'syz.0.8177': attribute type 3 has an invalid length. [ 976.687870][T27809] __nla_validate_parse: 1 callbacks suppressed [ 976.687907][T27809] netlink: 26 bytes leftover after parsing attributes in process `syz.3.8183'. [ 976.730025][T27798] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8177'. [ 977.134861][T27825] netlink: 'syz.2.8190': attribute type 1 has an invalid length. [ 977.175853][T27825] netlink: 112865 bytes leftover after parsing attributes in process `syz.2.8190'. [ 977.211979][T27828] netlink: 'syz.0.8187': attribute type 1 has an invalid length. [ 977.255415][T27828] netlink: 112865 bytes leftover after parsing attributes in process `syz.0.8187'. [ 977.280697][T27825] netlink: 'syz.2.8190': attribute type 6 has an invalid length. [ 977.307527][T27825] netlink: 164 bytes leftover after parsing attributes in process `syz.2.8190'. [ 977.972197][T27846] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8198'. [ 980.051331][T27895] netlink: 26 bytes leftover after parsing attributes in process `syz.4.8216'. [ 980.747293][T27923] netlink: 'syz.2.8224': attribute type 3 has an invalid length. [ 980.775898][T27923] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.8224'. [ 981.877142][T27954] FAULT_INJECTION: forcing a failure. [ 981.877142][T27954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 982.016995][T27954] CPU: 0 PID: 27954 Comm: syz.0.8234 Not tainted syzkaller #0 [ 982.024595][T27954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 982.034718][T27954] Call Trace: [ 982.038027][T27954] [ 982.040983][T27954] dump_stack_lvl+0x188/0x24e [ 982.045710][T27954] ? show_regs_print_info+0x12/0x12 [ 982.050948][T27954] ? load_image+0x400/0x400 [ 982.055493][T27954] ? __lock_acquire+0x7d10/0x7d10 [ 982.060561][T27954] ? snprintf+0xe5/0x140 [ 982.064844][T27954] should_fail_ex+0x399/0x4d0 [ 982.069563][T27954] _copy_to_user+0x2c/0x130 [ 982.074105][T27954] simple_read_from_buffer+0xe3/0x150 [ 982.079519][T27954] proc_fail_nth_read+0x1a6/0x220 [ 982.084585][T27954] ? proc_fault_inject_write+0x310/0x310 [ 982.090265][T27954] ? fsnotify_perm+0x248/0x550 [ 982.095167][T27954] ? proc_fault_inject_write+0x310/0x310 [ 982.100842][T27954] vfs_read+0x2de/0xa00 [ 982.105049][T27954] ? kernel_read+0x1e0/0x1e0 [ 982.109690][T27954] ? __fget_files+0x28/0x4b0 [ 982.114399][T27954] ? __fget_files+0x28/0x4b0 [ 982.119001][T27954] ? __fget_files+0x43d/0x4b0 [ 982.123703][T27954] ? __fdget_pos+0x2ae/0x360 [ 982.128305][T27954] ? ksys_read+0x71/0x250 [ 982.132644][T27954] ksys_read+0x14c/0x250 [ 982.136918][T27954] ? vfs_write+0xa30/0xa30 [ 982.141367][T27954] ? lockdep_hardirqs_on+0x94/0x140 [ 982.146602][T27954] do_syscall_64+0x4c/0xa0 [ 982.151037][T27954] ? clear_bhb_loop+0x60/0xb0 [ 982.155723][T27954] ? clear_bhb_loop+0x60/0xb0 [ 982.160417][T27954] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 982.166318][T27954] RIP: 0033:0x7fee3b15d04e [ 982.170738][T27954] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 982.190376][T27954] RSP: 002b:00007fee393f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 982.198805][T27954] RAX: ffffffffffffffda RBX: 00007fee393f66c0 RCX: 00007fee3b15d04e [ 982.206795][T27954] RDX: 000000000000000f RSI: 00007fee393f60a0 RDI: 0000000000000006 [ 982.214775][T27954] RBP: 00007fee393f6090 R08: 0000000000000000 R09: 0000000000000000 [ 982.222747][T27954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 982.230718][T27954] R13: 00007fee3b416038 R14: 00007fee3b415fa0 R15: 00007ffd179d0088 [ 982.238715][T27954] [ 982.732958][T27972] netlink: 'syz.3.8243': attribute type 10 has an invalid length. [ 982.740954][T27972] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8243'. [ 982.802822][T27972] device caif0 entered promiscuous mode [ 982.863887][T27972] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 984.247160][T27986] netlink: 'syz.2.8247': attribute type 14 has an invalid length. [ 984.263988][T27986] netlink: 156 bytes leftover after parsing attributes in process `syz.2.8247'. [ 984.394373][T27987] netlink: 180 bytes leftover after parsing attributes in process `syz.2.8247'. [ 984.714063][T28004] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.8250'. [ 984.795315][T27995] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.8250'. [ 984.863582][T28007] delete_channel: no stack [ 984.889935][T28011] netlink: 'syz.0.8254': attribute type 10 has an invalid length. [ 984.942590][T27998] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.8250'. [ 985.535146][T28030] netlink: 126632 bytes leftover after parsing attributes in process `syz.3.8264'. [ 985.583888][T28030] netlink: 8192 bytes leftover after parsing attributes in process `syz.3.8264'. [ 985.655037][T28030] netlink: 'syz.3.8264': attribute type 10 has an invalid length. [ 985.886130][T28037] netlink: 26 bytes leftover after parsing attributes in process `syz.1.8266'. [ 986.713706][T28059] netlink: 15986 bytes leftover after parsing attributes in process `syz.3.8275'. [ 987.875192][T28108] netlink: 'syz.4.8294': attribute type 3 has an invalid length. [ 987.894251][T28108] __nla_validate_parse: 1 callbacks suppressed [ 987.894272][T28108] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.8294'. [ 987.996146][T28121] netlink: 26 bytes leftover after parsing attributes in process `syz.3.8296'. [ 988.030082][T28117] netlink: 'syz.0.8297': attribute type 3 has an invalid length. [ 988.051325][T28117] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8297'. [ 988.425047][T28132] netlink: 'syz.0.8302': attribute type 10 has an invalid length. [ 988.504814][T28140] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.8304'. [ 988.881016][T28153] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.8308'. [ 989.018315][T28158] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8310'. [ 989.983611][T28197] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8326'. [ 990.017815][T28197] netlink: 152 bytes leftover after parsing attributes in process `syz.1.8326'. [ 990.505667][T28204] netlink: 26 bytes leftover after parsing attributes in process `syz.1.8327'. [ 990.708996][T28214] netlink: 134268 bytes leftover after parsing attributes in process `syz.4.8331'. [ 991.604646][T28247] netlink: 'syz.1.8341': attribute type 10 has an invalid length. [ 992.579101][T28256] netlink: 'syz.3.8343': attribute type 11 has an invalid length. [ 993.025480][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.031893][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.065976][T28310] netlink: 'syz.4.8365': attribute type 10 has an invalid length. [ 994.236373][T28318] __nla_validate_parse: 1 callbacks suppressed [ 994.236406][T28318] netlink: 184 bytes leftover after parsing attributes in process `syz.1.8367'. [ 994.418053][T28327] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8369'. [ 994.540071][T28334] netlink: 'syz.3.8371': attribute type 39 has an invalid length. [ 994.720940][T28336] device syzkaller0 entered promiscuous mode [ 995.035406][T28347] netlink: 'syz.2.8376': attribute type 10 has an invalid length. [ 995.666816][T28376] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8387'. [ 996.125439][T28388] netlink: 'syz.3.8393': attribute type 10 has an invalid length. [ 996.333115][T28402] netlink: 'syz.0.8398': attribute type 13 has an invalid length. [ 996.401441][T28402] netlink: 24859 bytes leftover after parsing attributes in process `syz.0.8398'. [ 997.188471][T28437] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.8413'. [ 997.213008][T28437] netlink: zone id is out of range [ 997.218201][T28437] netlink: zone id is out of range [ 997.230219][T28437] netlink: zone id is out of range [ 997.236519][T28437] netlink: zone id is out of range [ 997.257350][T28437] netlink: zone id is out of range [ 997.286063][T28437] netlink: zone id is out of range [ 997.315993][T28437] netlink: zone id is out of range [ 997.330478][T28437] netlink: zone id is out of range [ 997.357896][T28437] netlink: zone id is out of range [ 997.367206][T28445] netlink: 'syz.3.8414': attribute type 3 has an invalid length. [ 997.381645][T28445] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.8414'. [ 997.396673][T28437] netlink: zone id is out of range [ 997.736771][T28458] netlink: 'syz.2.8420': attribute type 10 has an invalid length. [ 997.781040][T28461] device veth0_to_bridge left promiscuous mode [ 997.802550][T28461] bridge0: port 3(veth0_to_bridge) entered disabled state [ 1000.072937][T28461] device bridge_slave_1 left promiscuous mode [ 1000.079322][T28461] bridge0: port 2(bridge_slave_1) entered disabled state [ 1000.190125][T28461] device bridge_slave_0 left promiscuous mode [ 1000.200809][T28461] bridge0: port 1(bridge_slave_0) entered disabled state [ 1000.477800][T28480] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8426'. [ 1000.675917][T28489] netlink: 'syz.0.8434': attribute type 3 has an invalid length. [ 1000.704408][T28489] netlink: 114680 bytes leftover after parsing attributes in process `syz.0.8434'. [ 1000.749314][T28489] netlink: 'syz.0.8434': attribute type 4 has an invalid length. [ 1000.782199][T28489] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8434'. [ 1001.288750][T28511] netlink: 'syz.4.8438': attribute type 3 has an invalid length. [ 1001.315574][T28511] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.8438'. [ 1001.349850][T28513] netlink: 26 bytes leftover after parsing attributes in process `syz.2.8439'. [ 1002.120838][T28537] netlink: 'syz.2.8445': attribute type 10 has an invalid length. [ 1002.833511][T28562] netlink: 26 bytes leftover after parsing attributes in process `syz.2.8456'. [ 1003.695061][T28576] netlink: 'syz.3.8462': attribute type 11 has an invalid length. [ 1005.102407][T28600] device bridge_slave_1 left promiscuous mode [ 1005.124771][T28602] netlink: 26 bytes leftover after parsing attributes in process `syz.2.8471'. [ 1005.197903][T28600] bridge0: port 2(bridge_slave_1) entered disabled state [ 1005.568929][T28600] device bridge_slave_0 left promiscuous mode [ 1005.605294][T28600] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.088128][T28606] netlink: 'syz.3.8472': attribute type 10 has an invalid length. [ 1006.119065][T28606] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8472'. [ 1006.223389][T28606] net_ratelimit: 385 callbacks suppressed [ 1006.223408][T28606] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1007.661612][T28634] netlink: 'syz.3.8478': attribute type 29 has an invalid length. [ 1007.801196][T28634] netlink: 'syz.3.8478': attribute type 29 has an invalid length. [ 1008.485230][T28644] netlink: 26 bytes leftover after parsing attributes in process `syz.2.8483'. [ 1008.535508][T28642] device syzkaller0 entered promiscuous mode [ 1008.776507][T28647] netlink: 'syz.3.8484': attribute type 3 has an invalid length. [ 1008.855086][T28647] netlink: 'syz.3.8484': attribute type 16 has an invalid length. [ 1008.943452][T28647] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8484'. [ 1011.113013][T28712] netlink: 'syz.1.8504': attribute type 29 has an invalid length. [ 1011.165490][T28712] netlink: 'syz.1.8504': attribute type 29 has an invalid length. [ 1011.213138][T28715] netlink: 763 bytes leftover after parsing attributes in process `syz.2.8508'. [ 1012.012883][T28732] netlink: 'syz.1.8512': attribute type 1 has an invalid length. [ 1013.043389][T28774] netlink: 'syz.4.8529': attribute type 3 has an invalid length. [ 1013.051193][T28774] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.8529'. [ 1013.592795][T28793] netlink: 'syz.3.8534': attribute type 3 has an invalid length. [ 1013.610078][T28793] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.8534'. [ 1013.672559][T28796] netlink: 'syz.2.8535': attribute type 6 has an invalid length. [ 1013.724591][T28796] netlink: 127868 bytes leftover after parsing attributes in process `syz.2.8535'. [ 1013.774103][T28800] netlink: 'syz.2.8535': attribute type 3 has an invalid length. [ 1013.821970][T28800] netlink: 'syz.2.8535': attribute type 1 has an invalid length. [ 1014.692948][T28819] netlink: 'syz.0.8544': attribute type 10 has an invalid length. [ 1015.141583][T28839] FAULT_INJECTION: forcing a failure. [ 1015.141583][T28839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1015.205293][T28839] CPU: 1 PID: 28839 Comm: syz.1.8552 Not tainted syzkaller #0 [ 1015.212824][T28839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1015.222942][T28839] Call Trace: [ 1015.226240][T28839] [ 1015.229197][T28839] dump_stack_lvl+0x188/0x24e [ 1015.233912][T28839] ? show_regs_print_info+0x12/0x12 [ 1015.239143][T28839] ? load_image+0x400/0x400 [ 1015.243693][T28839] ? __lock_acquire+0x7d10/0x7d10 [ 1015.248749][T28839] should_fail_ex+0x399/0x4d0 [ 1015.253453][T28839] _copy_from_user+0x2c/0x170 [ 1015.258159][T28839] ___sys_sendmsg+0x1c3/0x360 [ 1015.262879][T28839] ? __sys_sendmsg+0x290/0x290 [ 1015.267695][T28839] ? __lock_acquire+0x7d10/0x7d10 [ 1015.272778][T28839] __se_sys_sendmsg+0x1bb/0x2a0 [ 1015.277663][T28839] ? __x64_sys_sendmsg+0x80/0x80 [ 1015.282643][T28839] ? lockdep_hardirqs_on+0x94/0x140 [ 1015.287866][T28839] do_syscall_64+0x4c/0xa0 [ 1015.292316][T28839] ? clear_bhb_loop+0x60/0xb0 [ 1015.297017][T28839] ? clear_bhb_loop+0x60/0xb0 [ 1015.301721][T28839] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1015.307639][T28839] RIP: 0033:0x7f29ac39c819 [ 1015.312078][T28839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1015.332143][T28839] RSP: 002b:00007f29ad2d3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1015.340607][T28839] RAX: ffffffffffffffda RBX: 00007f29ac615fa0 RCX: 00007f29ac39c819 [ 1015.348621][T28839] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 1015.356624][T28839] RBP: 00007f29ad2d3090 R08: 0000000000000000 R09: 0000000000000000 [ 1015.364624][T28839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1015.372623][T28839] R13: 00007f29ac616038 R14: 00007f29ac615fa0 R15: 00007fff6a85a078 [ 1015.380640][T28839] [ 1015.839728][T28847] netlink: 'syz.2.8553': attribute type 1 has an invalid length. [ 1015.936045][T28847] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.8553'. [ 1015.982627][T28858] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.8558'. [ 1016.336758][T28864] validate_nla: 1 callbacks suppressed [ 1016.336777][T28864] netlink: 'syz.4.8560': attribute type 10 has an invalid length. [ 1018.577685][T28904] netlink: 'syz.2.8574': attribute type 3 has an invalid length. [ 1018.672899][T28904] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.8574'. [ 1018.830199][T28914] netlink: 'syz.1.8578': attribute type 8 has an invalid length. [ 1018.847357][T28914] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.8578'. [ 1019.097636][T28928] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8583'. [ 1019.918817][T28948] netlink: 'syz.2.8584': attribute type 29 has an invalid length. [ 1020.001851][T28948] netlink: 'syz.2.8584': attribute type 29 has an invalid length. [ 1020.090498][T28946] netlink: 'syz.2.8584': attribute type 29 has an invalid length. [ 1020.123520][T28949] netlink: 'syz.2.8584': attribute type 29 has an invalid length. [ 1020.724338][T28957] netlink: 'syz.1.8592': attribute type 2 has an invalid length. [ 1020.770764][T28957] netlink: 17 bytes leftover after parsing attributes in process `syz.1.8592'. [ 1020.804666][T28960] netlink: 'syz.0.8594': attribute type 10 has an invalid length. [ 1021.104205][T28971] netlink: 132 bytes leftover after parsing attributes in process `syz.1.8599'. [ 1021.123738][T28972] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8598'. [ 1021.396244][T28978] FAULT_INJECTION: forcing a failure. [ 1021.396244][T28978] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1021.455938][T28978] CPU: 0 PID: 28978 Comm: syz.3.8602 Not tainted syzkaller #0 [ 1021.463467][T28978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1021.473546][T28978] Call Trace: [ 1021.476842][T28978] [ 1021.479789][T28978] dump_stack_lvl+0x188/0x24e [ 1021.484501][T28978] ? show_regs_print_info+0x12/0x12 [ 1021.489736][T28978] ? load_image+0x400/0x400 [ 1021.494258][T28978] ? __lock_acquire+0x7d10/0x7d10 [ 1021.499304][T28978] should_fail_ex+0x399/0x4d0 [ 1021.503996][T28978] _copy_from_user+0x2c/0x170 [ 1021.508680][T28978] iovec_from_user+0x143/0x360 [ 1021.513453][T28978] __import_iovec+0x6d/0x500 [ 1021.518048][T28978] import_iovec+0x6f/0xa0 [ 1021.522377][T28978] ___sys_sendmsg+0x252/0x360 [ 1021.527061][T28978] ? __sys_sendmsg+0x290/0x290 [ 1021.531841][T28978] ? __lock_acquire+0x7d10/0x7d10 [ 1021.536884][T28978] __se_sys_sendmsg+0x1bb/0x2a0 [ 1021.541739][T28978] ? __x64_sys_sendmsg+0x80/0x80 [ 1021.546693][T28978] ? lockdep_hardirqs_on+0x94/0x140 [ 1021.551896][T28978] do_syscall_64+0x4c/0xa0 [ 1021.556328][T28978] ? clear_bhb_loop+0x60/0xb0 [ 1021.561020][T28978] ? clear_bhb_loop+0x60/0xb0 [ 1021.565712][T28978] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1021.571615][T28978] RIP: 0033:0x7f9d7b39c819 [ 1021.576036][T28978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1021.595652][T28978] RSP: 002b:00007f9d7c2ad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1021.604066][T28978] RAX: ffffffffffffffda RBX: 00007f9d7b615fa0 RCX: 00007f9d7b39c819 [ 1021.612034][T28978] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 1021.620001][T28978] RBP: 00007f9d7c2ad090 R08: 0000000000000000 R09: 0000000000000000 [ 1021.627970][T28978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1021.635945][T28978] R13: 00007f9d7b616038 R14: 00007f9d7b615fa0 R15: 00007ffe2c2858a8 [ 1021.643925][T28978] [ 1021.983037][T28992] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8606'. [ 1022.056080][T28994] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8606'. [ 1022.402141][T29009] netlink: 26 bytes leftover after parsing attributes in process `syz.3.8613'. [ 1022.534688][T29012] netlink: 60 bytes leftover after parsing attributes in process `syz.2.8611'. [ 1025.235425][T29079] __nla_validate_parse: 3 callbacks suppressed [ 1025.235444][T29079] netlink: 154020 bytes leftover after parsing attributes in process `syz.1.8638'. [ 1025.342710][T29079] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16) [ 1025.601885][T29084] netlink: 'syz.3.8639': attribute type 10 has an invalid length. [ 1026.397208][ T4285] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1026.437514][ T4286] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1026.446529][ T4286] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1026.457856][ T4286] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1026.466969][ T4286] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1026.475740][ T4286] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1027.023282][T29116] FAULT_INJECTION: forcing a failure. [ 1027.023282][T29116] name failslab, interval 1, probability 0, space 0, times 0 [ 1027.036237][T29116] CPU: 0 PID: 29116 Comm: syz.4.8650 Not tainted syzkaller #0 [ 1027.043722][T29116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1027.053799][T29116] Call Trace: [ 1027.057098][T29116] [ 1027.060076][T29116] dump_stack_lvl+0x188/0x24e [ 1027.064788][T29116] ? show_regs_print_info+0x12/0x12 [ 1027.070023][T29116] ? load_image+0x400/0x400 [ 1027.074550][T29116] ? __might_sleep+0xd0/0xd0 [ 1027.079162][T29116] ? __lock_acquire+0x7d10/0x7d10 [ 1027.084217][T29116] should_fail_ex+0x399/0x4d0 [ 1027.088920][T29116] should_failslab+0x5/0x20 [ 1027.093441][T29116] slab_pre_alloc_hook+0x59/0x310 [ 1027.098488][T29116] kmem_cache_alloc_node+0x5a/0x320 [ 1027.103702][T29116] ? __alloc_skb+0xfc/0x7e0 [ 1027.108227][T29116] __alloc_skb+0xfc/0x7e0 [ 1027.112573][T29116] ? netlink_autobind+0xda/0x300 [ 1027.117526][T29116] netlink_sendmsg+0x654/0xbd0 [ 1027.122324][T29116] ? netlink_getsockopt+0x550/0x550 [ 1027.127585][T29116] ? aa_sock_msg_perm+0x94/0x150 [ 1027.132541][T29116] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1027.137844][T29116] ? security_socket_sendmsg+0x7c/0xa0 [ 1027.143338][T29116] ? netlink_getsockopt+0x550/0x550 [ 1027.148564][T29116] ____sys_sendmsg+0x5be/0x970 [ 1027.153364][T29116] ? __sys_sendmsg_sock+0x30/0x30 [ 1027.158408][T29116] ? __import_iovec+0x315/0x500 [ 1027.163263][T29116] ? import_iovec+0x6f/0xa0 [ 1027.167760][T29116] ___sys_sendmsg+0x2a2/0x360 [ 1027.172448][T29116] ? __sys_sendmsg+0x290/0x290 [ 1027.177228][T29116] ? __lock_acquire+0x7d10/0x7d10 [ 1027.182266][T29116] __se_sys_sendmsg+0x1bb/0x2a0 [ 1027.187116][T29116] ? __x64_sys_sendmsg+0x80/0x80 [ 1027.192073][T29116] ? lockdep_hardirqs_on+0x94/0x140 [ 1027.197879][T29116] do_syscall_64+0x4c/0xa0 [ 1027.202298][T29116] ? clear_bhb_loop+0x60/0xb0 [ 1027.206970][T29116] ? clear_bhb_loop+0x60/0xb0 [ 1027.211652][T29116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1027.217540][T29116] RIP: 0033:0x7f58eff9c819 [ 1027.221955][T29116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1027.241563][T29116] RSP: 002b:00007f58ee1f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1027.249976][T29116] RAX: ffffffffffffffda RBX: 00007f58f0215fa0 RCX: 00007f58eff9c819 [ 1027.257958][T29116] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 1027.265925][T29116] RBP: 00007f58ee1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1027.273892][T29116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1027.281870][T29116] R13: 00007f58f0216038 R14: 00007f58f0215fa0 R15: 00007ffc7daa8188 [ 1027.289853][T29116] [ 1027.414479][T29101] chnl_net:caif_netlink_parms(): no params data found [ 1027.678433][T29101] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.779590][T29101] bridge0: port 1(bridge_slave_0) entered disabled state [ 1027.815415][T29101] device bridge_slave_0 entered promiscuous mode [ 1027.853565][T29101] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.881128][T29101] bridge0: port 2(bridge_slave_1) entered disabled state [ 1027.910441][T29101] device bridge_slave_1 entered promiscuous mode [ 1027.991767][T29101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1028.014099][T29101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1028.096776][T29101] team0: Port device team_slave_0 added [ 1028.168287][T29144] netlink: 'syz.1.8660': attribute type 10 has an invalid length. [ 1028.197873][T29138] netlink: 14 bytes leftover after parsing attributes in process `syz.3.8657'. [ 1028.419860][T29138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1028.533862][T29138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1028.542987][ T4286] Bluetooth: hci5: command 0x0409 tx timeout [ 1028.674072][T29138] bond0 (unregistering): Released all slaves [ 1028.692020][T29101] team0: Port device team_slave_1 added [ 1028.740521][T29101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1028.771497][T29101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1028.811462][T29101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1028.851158][T29101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1028.860698][T29101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1029.016505][T29101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1029.549326][T29101] device hsr_slave_0 entered promiscuous mode [ 1029.557690][T29101] device hsr_slave_1 entered promiscuous mode [ 1030.621852][ T4286] Bluetooth: hci5: command 0x041b tx timeout [ 1032.701631][ T4286] Bluetooth: hci5: command 0x040f tx timeout [ 1032.833993][T29101] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1033.111755][T29101] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1033.250239][T29101] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1033.306196][T29187] netlink: 26 bytes leftover after parsing attributes in process `syz.4.8675'. [ 1033.458597][T29101] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1033.976587][T29101] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1034.036281][T29202] netlink: 'syz.4.8680': attribute type 29 has an invalid length. [ 1034.061976][T29101] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1034.132078][T29202] netlink: 'syz.4.8680': attribute type 29 has an invalid length. [ 1034.202920][T29101] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1034.328230][T29203] netlink: 'syz.4.8680': attribute type 29 has an invalid length. [ 1034.347828][T29101] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1034.359033][T29204] netlink: 'syz.4.8680': attribute type 29 has an invalid length. [ 1034.368799][T29202] netlink: 'syz.4.8680': attribute type 29 has an invalid length. [ 1034.408373][T29207] netlink: 'syz.1.8682': attribute type 10 has an invalid length. [ 1034.442422][T29207] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.449607][T29207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.457139][T29207] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.464331][T29207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1034.605154][T29207] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1034.781542][ T4286] Bluetooth: hci5: command 0x0419 tx timeout [ 1034.882177][T29101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1034.948205][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1034.962242][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1034.984380][T29101] 8021q: adding VLAN 0 to HW filter on device team0 [ 1035.009560][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1035.027168][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1035.050123][T17422] bridge0: port 1(bridge_slave_0) entered blocking state [ 1035.057359][T17422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1035.066771][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1035.092927][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1035.120051][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1035.145890][T17422] bridge0: port 2(bridge_slave_1) entered blocking state [ 1035.153125][T17422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1035.176641][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1035.208538][T29230] netlink: 830 bytes leftover after parsing attributes in process `syz.1.8690'. [ 1035.239942][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1035.263748][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1035.283728][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1035.310217][T29232] device bridge_slave_1 left promiscuous mode [ 1035.328544][T29232] bridge0: port 2(bridge_slave_1) entered disabled state [ 1035.348327][T29232] device bridge_slave_0 left promiscuous mode [ 1035.362284][T29232] bridge0: port 1(bridge_slave_0) entered disabled state [ 1035.433207][T29232] bond0: (slave bridge0): Releasing backup interface [ 1035.547708][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1035.583539][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1035.600226][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1035.619391][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1035.639080][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1035.700518][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1035.712932][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1035.725062][T29101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1036.661244][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1036.693017][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1036.786277][T29272] Ÿë: port 1(gretap0) entered blocking state [ 1036.811233][T29272] Ÿë: port 1(gretap0) entered disabled state [ 1036.832792][T29272] device gretap0 entered promiscuous mode [ 1036.914513][T29101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1036.945102][T29277] Ÿë: port 2(veth0_to_team) entered blocking state [ 1037.025500][T29277] Ÿë: port 2(veth0_to_team) entered disabled state [ 1037.124605][T29280] netlink: 'syz.2.8705': attribute type 29 has an invalid length. [ 1037.132686][T29277] device veth0_to_team entered promiscuous mode [ 1037.242350][T29280] netlink: 'syz.2.8705': attribute type 29 has an invalid length. [ 1037.309557][T29281] netlink: 'syz.2.8705': attribute type 29 has an invalid length. [ 1037.333268][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1037.357965][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1037.386872][T29101] device veth0_vlan entered promiscuous mode [ 1037.418206][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1037.447408][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1037.473025][T29101] device veth1_vlan entered promiscuous mode [ 1037.488987][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1037.500347][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1037.535711][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1037.569558][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1037.609307][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1037.634612][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1037.650104][T29101] device veth0_macvtap entered promiscuous mode [ 1037.667426][T29101] device veth1_macvtap entered promiscuous mode [ 1037.816942][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.885056][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.906612][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.965401][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.000015][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.041471][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.089173][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.121581][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.153916][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1038.197162][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.240077][T29101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1038.269720][T17420] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1038.290133][T17420] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1038.340253][T17420] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1038.373460][T17420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1038.398282][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.430246][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.458964][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.490316][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.508899][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.530481][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.579237][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.610412][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.631290][T29101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1038.661291][T29101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1038.693648][T29101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1038.710607][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1038.732547][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1038.756453][T29101] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.771448][T29101] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.790530][T29101] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.811217][T29101] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1041.012413][T17420] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1041.020325][T17420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1041.049243][T17420] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1041.092475][T29341] netlink: 'syz.3.8722': attribute type 2 has an invalid length. [ 1041.100387][T17440] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1041.119473][T29341] device .*! entered promiscuous mode [ 1041.125227][T17440] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1041.178470][T17424] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1041.372720][T29351] netlink: 'syz.4.8726': attribute type 3 has an invalid length. [ 1041.380803][T29351] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.8726'. [ 1041.696259][T29360] netlink: 14 bytes leftover after parsing attributes in process `syz.3.8730'. [ 1043.286016][T29411] FAULT_INJECTION: forcing a failure. [ 1043.286016][T29411] name failslab, interval 1, probability 0, space 0, times 0 [ 1043.361419][T29411] CPU: 0 PID: 29411 Comm: syz.1.8747 Not tainted syzkaller #0 [ 1043.368948][T29411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1043.379117][T29411] Call Trace: [ 1043.382431][T29411] [ 1043.385376][T29411] dump_stack_lvl+0x188/0x24e [ 1043.390093][T29411] ? show_regs_print_info+0x12/0x12 [ 1043.395326][T29411] ? load_image+0x400/0x400 [ 1043.399863][T29411] ? verify_lock_unused+0x140/0x140 [ 1043.405108][T29411] should_fail_ex+0x399/0x4d0 [ 1043.409819][T29411] should_failslab+0x5/0x20 [ 1043.414360][T29411] slab_pre_alloc_hook+0x59/0x310 [ 1043.419421][T29411] kmem_cache_alloc+0x56/0x2f0 [ 1043.424213][T29411] ? skb_clone+0x1e7/0x370 [ 1043.428661][T29411] skb_clone+0x1e7/0x370 [ 1043.432933][T29411] __netlink_deliver_tap+0x3ed/0x800 [ 1043.438259][T29411] ? netlink_deliver_tap+0x2e/0x1b0 [ 1043.443500][T29411] netlink_deliver_tap+0x19c/0x1b0 [ 1043.448644][T29411] netlink_unicast+0x728/0x8d0 [ 1043.453434][T29411] netlink_sendmsg+0x8ad/0xbd0 [ 1043.458224][T29411] ? netlink_getsockopt+0x550/0x550 [ 1043.463445][T29411] ? aa_sock_msg_perm+0x94/0x150 [ 1043.468385][T29411] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1043.474115][T29411] ? security_socket_sendmsg+0x7c/0xa0 [ 1043.479586][T29411] ? netlink_getsockopt+0x550/0x550 [ 1043.484789][T29411] ____sys_sendmsg+0x5be/0x970 [ 1043.489562][T29411] ? __sys_sendmsg_sock+0x30/0x30 [ 1043.494760][T29411] ? __import_iovec+0x315/0x500 [ 1043.499616][T29411] ? import_iovec+0x6f/0xa0 [ 1043.504126][T29411] ___sys_sendmsg+0x2a2/0x360 [ 1043.508812][T29411] ? __sys_sendmsg+0x290/0x290 [ 1043.513598][T29411] ? __lock_acquire+0x7d10/0x7d10 [ 1043.518645][T29411] __se_sys_sendmsg+0x1bb/0x2a0 [ 1043.523503][T29411] ? __x64_sys_sendmsg+0x80/0x80 [ 1043.528456][T29411] ? lockdep_hardirqs_on+0x94/0x140 [ 1043.533656][T29411] do_syscall_64+0x4c/0xa0 [ 1043.538077][T29411] ? clear_bhb_loop+0x60/0xb0 [ 1043.542765][T29411] ? clear_bhb_loop+0x60/0xb0 [ 1043.547444][T29411] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1043.553423][T29411] RIP: 0033:0x7f29ac39c819 [ 1043.557840][T29411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1043.577453][T29411] RSP: 002b:00007f29ad2d3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1043.585878][T29411] RAX: ffffffffffffffda RBX: 00007f29ac615fa0 RCX: 00007f29ac39c819 [ 1043.593847][T29411] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 1043.601824][T29411] RBP: 00007f29ad2d3090 R08: 0000000000000000 R09: 0000000000000000 [ 1043.609795][T29411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1043.617761][T29411] R13: 00007f29ac616038 R14: 00007f29ac615fa0 R15: 00007fff6a85a078 [ 1043.625750][T29411] [ 1043.719063][T29424] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8752'. [ 1044.176986][T29436] Ÿë: port 2(gretap0) entered blocking state [ 1044.188403][T29436] Ÿë: port 2(gretap0) entered disabled state [ 1044.229229][T29436] device gretap0 entered promiscuous mode [ 1044.354045][T29450] netlink: 'syz.1.8762': attribute type 10 has an invalid length. [ 1044.956016][T29467] netlink: 'syz.2.8768': attribute type 3 has an invalid length. [ 1044.964339][T29467] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.8768'. [ 1045.291806][T29472] netlink: 26 bytes leftover after parsing attributes in process `syz.2.8769'. [ 1046.204712][T29491] Ÿë: port 1(gretap0) entered blocking state [ 1046.212231][T29491] Ÿë: port 1(gretap0) entered disabled state [ 1046.227906][T29491] device gretap0 entered promiscuous mode [ 1046.269904][T29495] Ÿë: port 2(veth0_to_team) entered blocking state [ 1046.286676][T29495] Ÿë: port 2(veth0_to_team) entered disabled state [ 1046.295338][T29495] device veth0_to_team entered promiscuous mode [ 1046.369040][T29502] netlink: 26 bytes leftover after parsing attributes in process `syz.0.8780'. [ 1047.668204][T29547] netlink: 26 bytes leftover after parsing attributes in process `syz.3.8798'. [ 1048.060900][T29562] FAULT_INJECTION: forcing a failure. [ 1048.060900][T29562] name failslab, interval 1, probability 0, space 0, times 0 [ 1048.073930][T29562] CPU: 1 PID: 29562 Comm: syz.1.8804 Not tainted syzkaller #0 [ 1048.081412][T29562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1048.091745][T29562] Call Trace: [ 1048.095053][T29562] [ 1048.098000][T29562] dump_stack_lvl+0x188/0x24e [ 1048.102713][T29562] ? show_regs_print_info+0x12/0x12 [ 1048.107943][T29562] ? load_image+0x400/0x400 [ 1048.112485][T29562] ? skb_network_protocol+0x51b/0x780 [ 1048.117893][T29562] should_fail_ex+0x399/0x4d0 [ 1048.122602][T29562] should_failslab+0x5/0x20 [ 1048.127140][T29562] slab_pre_alloc_hook+0x59/0x310 [ 1048.132203][T29562] kmem_cache_alloc+0x56/0x2f0 [ 1048.137425][T29562] ? skb_clone+0x1e7/0x370 [ 1048.141857][T29562] skb_clone+0x1e7/0x370 [ 1048.146104][T29562] ? dev_queue_xmit_nit+0x20e/0xbb0 [ 1048.151313][T29562] dev_queue_xmit_nit+0x249/0xbb0 [ 1048.156346][T29562] ? dev_queue_xmit_nit+0x29/0xbb0 [ 1048.161462][T29562] dev_hard_start_xmit+0x154/0x870 [ 1048.166588][T29562] __dev_queue_xmit+0x1aa3/0x37c0 [ 1048.171615][T29562] ? __dev_queue_xmit+0x26b/0x37c0 [ 1048.176726][T29562] ? netdev_core_pick_tx+0x340/0x340 [ 1048.182009][T29562] ? ref_tracker_alloc+0x34e/0x4b0 [ 1048.187141][T29562] ? __copy_skb_header+0x3ba/0x4f0 [ 1048.192255][T29562] ? memcpy+0x3c/0x60 [ 1048.196233][T29562] ? __copy_skb_header+0x3ba/0x4f0 [ 1048.201347][T29562] ? __skb_clone+0x480/0x790 [ 1048.205949][T29562] ? skb_clone+0x21b/0x370 [ 1048.210366][T29562] __netlink_deliver_tap+0x580/0x800 [ 1048.215664][T29562] ? netlink_deliver_tap+0x2e/0x1b0 [ 1048.220872][T29562] netlink_deliver_tap+0x19c/0x1b0 [ 1048.225987][T29562] netlink_unicast+0x728/0x8d0 [ 1048.230759][T29562] netlink_sendmsg+0x8ad/0xbd0 [ 1048.235530][T29562] ? netlink_getsockopt+0x550/0x550 [ 1048.240729][T29562] ? aa_sock_msg_perm+0x94/0x150 [ 1048.245667][T29562] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1048.250969][T29562] ? security_socket_sendmsg+0x7c/0xa0 [ 1048.256436][T29562] ? netlink_getsockopt+0x550/0x550 [ 1048.261640][T29562] ____sys_sendmsg+0x5be/0x970 [ 1048.266413][T29562] ? __sys_sendmsg_sock+0x30/0x30 [ 1048.271439][T29562] ? __import_iovec+0x315/0x500 [ 1048.276296][T29562] ? import_iovec+0x6f/0xa0 [ 1048.280800][T29562] ___sys_sendmsg+0x2a2/0x360 [ 1048.285494][T29562] ? __sys_sendmsg+0x290/0x290 [ 1048.290296][T29562] ? __lock_acquire+0x7d10/0x7d10 [ 1048.295378][T29562] __se_sys_sendmsg+0x1bb/0x2a0 [ 1048.300234][T29562] ? __x64_sys_sendmsg+0x80/0x80 [ 1048.305211][T29562] ? lockdep_hardirqs_on+0x94/0x140 [ 1048.310408][T29562] do_syscall_64+0x4c/0xa0 [ 1048.314831][T29562] ? clear_bhb_loop+0x60/0xb0 [ 1048.319507][T29562] ? clear_bhb_loop+0x60/0xb0 [ 1048.324181][T29562] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1048.330074][T29562] RIP: 0033:0x7f29ac39c819 [ 1048.334510][T29562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1048.354126][T29562] RSP: 002b:00007f29ad2d3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1048.362556][T29562] RAX: ffffffffffffffda RBX: 00007f29ac615fa0 RCX: 00007f29ac39c819 [ 1048.370543][T29562] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 1048.378514][T29562] RBP: 00007f29ad2d3090 R08: 0000000000000000 R09: 0000000000000000 [ 1048.386481][T29562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1048.394452][T29562] R13: 00007f29ac616038 R14: 00007f29ac615fa0 R15: 00007fff6a85a078 [ 1048.402436][T29562] [ 1048.934352][T29587] netlink: 'syz.2.8818': attribute type 10 has an invalid length. [ 1048.960729][T29587] bridge0: port 2(bridge_slave_1) entered blocking state [ 1048.967979][T29587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1048.975511][T29587] bridge0: port 1(bridge_slave_0) entered blocking state [ 1048.982700][T29587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1049.033736][T29587] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1049.119393][T29591] netlink: 'syz.3.8819': attribute type 2 has an invalid length. [ 1050.877204][T29619] netlink: 26 bytes leftover after parsing attributes in process `syz.3.8826'. [ 1054.374290][T29663] FAULT_INJECTION: forcing a failure. [ 1054.374290][T29663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1054.416374][T29663] CPU: 1 PID: 29663 Comm: syz.0.8841 Not tainted syzkaller #0 [ 1054.423908][T29663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1054.433985][T29663] Call Trace: [ 1054.437289][T29663] [ 1054.440249][T29663] dump_stack_lvl+0x188/0x24e [ 1054.444964][T29663] ? show_regs_print_info+0x12/0x12 [ 1054.450206][T29663] ? load_image+0x400/0x400 [ 1054.454748][T29663] ? __lock_acquire+0x7d10/0x7d10 [ 1054.459804][T29663] ? snprintf+0xe5/0x140 [ 1054.464076][T29663] should_fail_ex+0x399/0x4d0 [ 1054.468778][T29663] _copy_to_user+0x2c/0x130 [ 1054.473307][T29663] simple_read_from_buffer+0xe3/0x150 [ 1054.478710][T29663] proc_fail_nth_read+0x1a6/0x220 [ 1054.481722][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.483748][T29663] ? proc_fault_inject_write+0x310/0x310 [ 1054.490110][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.495677][T29663] ? fsnotify_perm+0x248/0x550 [ 1054.495703][T29663] ? proc_fault_inject_write+0x310/0x310 [ 1054.495721][T29663] vfs_read+0x2de/0xa00 [ 1054.495750][T29663] ? kernel_read+0x1e0/0x1e0 [ 1054.521110][T29663] ? __fget_files+0x28/0x4b0 [ 1054.525725][T29663] ? __fget_files+0x28/0x4b0 [ 1054.530338][T29663] ? __fget_files+0x43d/0x4b0 [ 1054.535048][T29663] ? __fdget_pos+0x2ae/0x360 [ 1054.539661][T29663] ? ksys_read+0x71/0x250 [ 1054.544018][T29663] ksys_read+0x14c/0x250 [ 1054.548289][T29663] ? vfs_write+0xa30/0xa30 [ 1054.552734][T29663] ? lockdep_hardirqs_on+0x94/0x140 [ 1054.557951][T29663] do_syscall_64+0x4c/0xa0 [ 1054.562387][T29663] ? clear_bhb_loop+0x60/0xb0 [ 1054.567081][T29663] ? clear_bhb_loop+0x60/0xb0 [ 1054.571778][T29663] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1054.577689][T29663] RIP: 0033:0x7fe6c6f5d04e [ 1054.582121][T29663] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1054.601755][T29663] RSP: 002b:00007fe6c7da6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1054.610189][T29663] RAX: ffffffffffffffda RBX: 00007fe6c7da76c0 RCX: 00007fe6c6f5d04e [ 1054.618182][T29663] RDX: 000000000000000f RSI: 00007fe6c7da70a0 RDI: 0000000000000008 [ 1054.626180][T29663] RBP: 00007fe6c7da7090 R08: 0000000000000000 R09: 0000000000000000 [ 1054.634181][T29663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1054.642176][T29663] R13: 00007fe6c7216038 R14: 00007fe6c7215fa0 R15: 00007fff3f84a448 [ 1054.650184][T29663] [ 1054.756455][T29669] netlink: 26 bytes leftover after parsing attributes in process `syz.3.8842'. [ 1055.343006][T29683] netlink: 'syz.2.8848': attribute type 3 has an invalid length. [ 1055.351073][T29683] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.8848'. [ 1057.629851][T29711] netlink: 26 bytes leftover after parsing attributes in process `syz.2.8855'. [ 1057.721885][T29720] netlink: 76 bytes leftover after parsing attributes in process `syz.3.8857'. [ 1058.186892][T29731] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.8863'. [ 1058.304339][T29731] netlink: 'syz.3.8863': attribute type 27 has an invalid length. [ 1058.326211][T29731] netlink: 'syz.3.8863': attribute type 4 has an invalid length. [ 1058.334946][T29731] netlink: 152 bytes leftover after parsing attributes in process `syz.3.8863'. [ 1058.379007][T29734] device macsec0 entered promiscuous mode [ 1058.412545][T29734] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1058.678281][T29747] netlink: 'syz.3.8870': attribute type 10 has an invalid length. [ 1061.195955][T29799] netlink: 'syz.0.8890': attribute type 3 has an invalid length. [ 1061.303158][ T4286] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1061.313589][ T4286] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1061.314233][T29799] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8890'. [ 1061.330833][ T4286] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1061.351463][ T4286] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1061.377468][ T4286] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1061.390806][ T4286] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1062.373124][T17422] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.646391][T17422] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.844527][T17422] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1063.122993][T17422] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1063.446012][ T4286] Bluetooth: hci1: command 0x0409 tx timeout [ 1063.635253][T29798] chnl_net:caif_netlink_parms(): no params data found [ 1063.914231][T29798] bridge0: port 1(bridge_slave_0) entered blocking state [ 1063.941442][T29798] bridge0: port 1(bridge_slave_0) entered disabled state [ 1063.976996][T29798] device bridge_slave_0 entered promiscuous mode [ 1064.017410][T29798] bridge0: port 2(bridge_slave_1) entered blocking state [ 1064.050329][T29798] bridge0: port 2(bridge_slave_1) entered disabled state [ 1064.080663][T29798] device bridge_slave_1 entered promiscuous mode [ 1064.363416][T17422] device .*! left promiscuous mode [ 1064.389702][T29798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1064.440367][T29798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1064.805617][T29798] team0: Port device team_slave_0 added [ 1064.923175][T29798] team0: Port device team_slave_1 added [ 1064.990720][T29798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1065.041739][T29798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1065.157211][T29798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1065.230122][T29798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1065.245430][T29798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1065.272704][T29798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1065.384413][T29881] C: renamed from team_slave_0 [ 1065.396615][T29881] netlink: 'syz.4.8913': attribute type 3 has an invalid length. [ 1065.424744][T29881] netlink: 'syz.4.8913': attribute type 1 has an invalid length. [ 1065.442050][T29881] netlink: 116 bytes leftover after parsing attributes in process `syz.4.8913'. [ 1065.511428][ T4271] Bluetooth: hci1: command 0x041b tx timeout [ 1065.579247][T29798] device hsr_slave_0 entered promiscuous mode [ 1065.593885][T29798] device hsr_slave_1 entered promiscuous mode [ 1065.602763][T29798] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1065.610407][T29798] Cannot create hsr debugfs directory [ 1066.113213][T29910] netlink: 26 bytes leftover after parsing attributes in process `syz.4.8920'. [ 1066.523763][T29925] netlink: 'syz.1.8924': attribute type 29 has an invalid length. [ 1066.589920][T29925] netlink: 'syz.1.8924': attribute type 29 has an invalid length. [ 1066.770896][T29939] netlink: 'syz.4.8928': attribute type 1 has an invalid length. [ 1066.831634][T29939] netlink: 112865 bytes leftover after parsing attributes in process `syz.4.8928'. [ 1067.073686][T29934] netlink: 'syz.0.8927': attribute type 17 has an invalid length. [ 1067.082780][T29934] netlink: 148 bytes leftover after parsing attributes in process `syz.0.8927'. [ 1067.147739][T17422] device bridge_slave_1 left promiscuous mode [ 1067.162943][T17422] bridge0: port 2(bridge_slave_1) entered disabled state [ 1067.171953][T17422] device bridge_slave_0 left promiscuous mode [ 1067.190543][T17422] bridge0: port 1(bridge_slave_0) entered disabled state [ 1067.287790][T17422] device veth1_macvtap left promiscuous mode [ 1067.297198][T17422] device veth0_macvtap left promiscuous mode [ 1067.320411][T17422] device veth1_vlan left promiscuous mode [ 1067.332300][T17422] device veth0_vlan left promiscuous mode [ 1067.529280][T29957] netlink: 26 bytes leftover after parsing attributes in process `syz.1.8932'. [ 1067.581518][ T4271] Bluetooth: hci1: command 0x040f tx timeout [ 1068.735043][T29936] netlink: 'syz.0.8927': attribute type 39 has an invalid length. [ 1068.759680][T29954] C: renamed from team_slave_0 [ 1068.768606][T29954] netlink: 'syz.2.8930': attribute type 3 has an invalid length. [ 1068.780108][T29954] netlink: 'syz.2.8930': attribute type 1 has an invalid length. [ 1068.801574][T29954] netlink: 116 bytes leftover after parsing attributes in process `syz.2.8930'. [ 1069.114367][T29798] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1069.191952][T29798] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1069.237259][T29798] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1069.307473][T29798] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1069.661917][ T4271] Bluetooth: hci1: command 0x0419 tx timeout [ 1069.702445][T29798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1069.798601][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1069.858904][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1069.913260][T29798] 8021q: adding VLAN 0 to HW filter on device team0 [ 1069.960375][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1070.000256][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1070.032091][T17436] bridge0: port 1(bridge_slave_0) entered blocking state [ 1070.039268][T17436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1070.101447][T30005] pim6reg1: tun_chr_ioctl cmd 1074025677 [ 1070.107822][T30005] pim6reg1: linktype set to 270 [ 1070.143709][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1070.163632][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1070.191062][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1070.201064][T17436] bridge0: port 2(bridge_slave_1) entered blocking state [ 1070.208282][T17436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1070.233663][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1070.250934][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1070.262895][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1070.283259][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1070.320878][T30010] pim6reg1: tun_chr_ioctl cmd 1074025677 [ 1070.334895][T30010] pim6reg1: linktype set to 778 [ 1070.369147][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1070.381198][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1070.428189][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1070.492596][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1070.520849][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1070.543437][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1070.582763][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1070.618558][T29798] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1071.153529][T30029] device syzkaller0 entered promiscuous mode [ 1071.200139][T30034] pim6reg1: tun_chr_ioctl cmd 1074812118 [ 1075.317496][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1075.329364][T17422] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1075.473345][T29798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1075.554782][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1075.578739][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1075.645978][ C0] [ 1075.645988][ C0] ================================ [ 1075.645994][ C0] WARNING: inconsistent lock state [ 1075.646013][ C0] syzkaller #0 Not tainted [ 1075.646022][ C0] -------------------------------- [ 1075.646027][ C0] inconsistent {INITIAL USE} -> {IN-NMI} usage. [ 1075.646042][ C0] syz.2.8966/30082 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 1075.646061][ C0] ffff88801aed40b0 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x179/0x2f0 [ 1075.646109][ C0] {INITIAL USE} state was registered at: [ 1075.646115][ C0] lock_acquire+0x1bb/0x4a0 [ 1075.646135][ C0] _raw_spin_lock+0x2a/0x40 [ 1075.646150][ C0] htab_lock_bucket+0x179/0x2f0 [ 1075.646166][ C0] htab_map_delete_elem+0x19e/0x5b0 [ 1075.646182][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 1075.646199][ C0] bpf_overflow_handler+0x522/0x7c0 [ 1075.646215][ C0] __perf_event_overflow+0x448/0x610 [ 1075.646235][ C0] perf_swevent_event+0x315/0x570 [ 1075.646253][ C0] perf_bp_event+0x312/0x3f0 [ 1075.646272][ C0] hw_breakpoint_exceptions_notify+0x152/0x470 [ 1075.646293][ C0] atomic_notifier_call_chain+0x17a/0x2b0 [ 1075.646309][ C0] notify_die+0x141/0x1a0 [ 1075.646324][ C0] notify_debug+0x20/0x30 [ 1075.646340][ C0] noist_exc_debug+0x73/0x120 [ 1075.646353][ C0] asm_exc_debug+0x2f/0x40 [ 1075.646368][ C0] irq event stamp: 758 [ 1075.646374][ C0] hardirqs last enabled at (757): [] do_syscall_64+0x58/0xa0 [ 1075.646399][ C0] hardirqs last disabled at (758): [] noist_exc_debug+0x49/0x120 [ 1075.646418][ C0] softirqs last enabled at (698): [] bpf_prog_load+0x1127/0x1560 [ 1075.646450][ C0] softirqs last disabled at (696): [] bpf_ksym_add+0x29/0x340 [ 1075.646474][ C0] [ 1075.646474][ C0] other info that might help us debug this: [ 1075.646480][ C0] Possible unsafe locking scenario: [ 1075.646480][ C0] [ 1075.646483][ C0] CPU0 [ 1075.646486][ C0] ---- [ 1075.646489][ C0] lock(&htab->lockdep_key); [ 1075.646505][ C0] [ 1075.646508][ C0] lock(&htab->lockdep_key); [ 1075.646517][ C0] [ 1075.646517][ C0] *** DEADLOCK *** [ 1075.646517][ C0] [ 1075.646520][ C0] 2 locks held by syz.2.8966/30082: [ 1075.646530][ C0] #0: ffffffff8cb2d5a0 (rcu_read_lock){....}-{1:2}, at: atomic_notifier_call_chain+0x2c/0x2b0 [ 1075.646571][ C0] #1: ffffffff8cb2d5a0 (rcu_read_lock){....}-{1:2}, at: perf_event_output_forward+0xbe/0x2f0 [ 1075.646614][ C0] [ 1075.646614][ C0] stack backtrace: [ 1075.646620][ C0] CPU: 0 PID: 30082 Comm: syz.2.8966 Not tainted syzkaller #0 [ 1075.646637][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1075.646646][ C0] Call Trace: [ 1075.646652][ C0] <#DB> [ 1075.646659][ C0] dump_stack_lvl+0x188/0x24e [ 1075.646681][ C0] ? show_regs_print_info+0x12/0x12 [ 1075.646704][ C0] ? print_usage_bug+0x42a/0x690 [ 1075.646725][ C0] ? verify_lock_unused+0x18/0x140 [ 1075.646745][ C0] lock_acquire+0x2df/0x4a0 [ 1075.646764][ C0] ? htab_lock_bucket+0x179/0x2f0 [ 1075.646780][ C0] ? read_lock_is_recursive+0x10/0x10 [ 1075.646797][ C0] ? lock_release+0xcf/0x920 [ 1075.646814][ C0] ? perf_event_output_forward+0xbe/0x2f0 [ 1075.646835][ C0] _raw_spin_lock+0x2a/0x40 [ 1075.646849][ C0] ? htab_lock_bucket+0x179/0x2f0 [ 1075.646863][ C0] htab_lock_bucket+0x179/0x2f0 [ 1075.646879][ C0] ? htab_lru_map_delete_node+0x630/0x630 [ 1075.646895][ C0] ? look_up_lock_class+0x75/0x140 [ 1075.646911][ C0] ? verify_lock_unused+0x18/0x140 [ 1075.646930][ C0] ? htab_map_hash+0x329/0x6d0 [ 1075.646948][ C0] htab_map_delete_elem+0x19e/0x5b0 [ 1075.646963][ C0] ? bpf_overflow_handler+0xd9/0x7c0 [ 1075.646980][ C0] ? htab_map_update_elem+0xb00/0xb00 [ 1075.646998][ C0] ? bpf_overflow_handler+0x60f/0x7c0 [ 1075.647016][ C0] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 1075.647031][ C0] bpf_overflow_handler+0x522/0x7c0 [ 1075.647048][ C0] ? bpf_overflow_handler+0xd9/0x7c0 [ 1075.647076][ C0] ? perf_swevent_overflow+0x230/0x230 [ 1075.647094][ C0] ? __perf_event_account_interrupt+0x187/0x280 [ 1075.647117][ C0] __perf_event_overflow+0x448/0x610 [ 1075.647141][ C0] perf_swevent_event+0x315/0x570 [ 1075.647163][ C0] ? perf_tp_event+0xc30/0xc30 [ 1075.647189][ C0] perf_bp_event+0x312/0x3f0 [ 1075.647211][ C0] ? perf_event_free_bpf_prog+0x110/0x110 [ 1075.647231][ C0] ? perf_trace_lock+0xf8/0x390 [ 1075.647259][ C0] ? atomic_notifier_call_chain+0x2c/0x2b0 [ 1075.647277][ C0] ? read_lock_is_recursive+0x10/0x10 [ 1075.647301][ C0] hw_breakpoint_exceptions_notify+0x152/0x470 [ 1075.647324][ C0] atomic_notifier_call_chain+0x17a/0x2b0 [ 1075.647341][ C0] ? atomic_notifier_call_chain+0x2c/0x2b0 [ 1075.647360][ C0] notify_die+0x141/0x1a0 [ 1075.647378][ C0] ? srcu_init_notifier_head+0x90/0x90 [ 1075.647401][ C0] notify_debug+0x20/0x30 [ 1075.647419][ C0] exc_debug+0xd9/0x130 [ 1075.647444][ C0] asm_exc_debug+0x1a/0x40 [ 1075.647462][ C0] RIP: 0010:__get_user_nocheck_8+0x9/0x13 [ 1075.647486][ C0] Code: 90 0f 01 cb 0f ae e8 0f b7 10 31 c0 0f 01 ca c3 90 0f 01 cb 0f ae e8 8b 10 31 c0 0f 01 ca c3 90 90 0f 01 cb 0f ae e8 48 8b 10 <31> c0 0f 01 ca c3 90 0f 01 ca 31 d2 48 c7 c0 f2 ff ff ff c3 00 00 [ 1075.647500][ C0] RSP: 0000:ffffc90004baf560 EFLAGS: 00040802 [ 1075.647515][ C0] RAX: 0000200000000300 RBX: dffffc0000000000 RCX: ffff888025b6bb80 [ 1075.647527][ C0] RDX: 00006370692f736e RSI: 0000200000000300 RDI: 00007fffffffeff0 [ 1075.647540][ C0] RBP: 0000000000000000 R08: 000000000000007f R09: 0000000000000000 [ 1075.647550][ C0] R10: ffffffff8fa0e010 R11: ffffffff8fa0e003 R12: 00000000ffffffff [ 1075.647561][ C0] R13: 0000200000000300 R14: 000000000000007f R15: 00007fffffffeff0 [ 1075.647580][ C0] [ 1075.647586][ C0] [ 1075.647591][ C0] perf_callchain_user+0x55d/0x13c0 [ 1075.647620][ C0] get_perf_callchain+0x39e/0x490 [ 1075.647643][ C0] ? put_callchain_entry+0xb0/0xb0 [ 1075.647664][ C0] ? __perf_event_header__init_id+0x42c/0x530 [ 1075.647686][ C0] perf_prepare_sample+0x399/0x2020 [ 1075.647709][ C0] ? read_lock_is_recursive+0x10/0x10 [ 1075.647729][ C0] ? perf_callchain+0x190/0x190 [ 1075.647753][ C0] perf_event_output_forward+0x197/0x2f0 [ 1075.647775][ C0] ? perf_event_output_forward+0xbe/0x2f0 [ 1075.647796][ C0] ? perf_get_page_size+0x430/0x430 [ 1075.647824][ C0] bpf_overflow_handler+0x60f/0x7c0 [ 1075.647843][ C0] ? bpf_overflow_handler+0xd9/0x7c0 [ 1075.647860][ C0] ? perf_swevent_overflow+0x230/0x230 [ 1075.647877][ C0] ? __schedule+0x11d9/0x40e0 [ 1075.647909][ C0] ? __perf_event_account_interrupt+0x187/0x280 [ 1075.647932][ C0] __perf_event_overflow+0x448/0x610 [ 1075.647956][ C0] perf_swevent_event+0x315/0x570 [ 1075.647984][ C0] ? perf_tp_event+0xc30/0xc30 [ 1075.648010][ C0] perf_bp_event+0x312/0x3f0 [ 1075.648031][ C0] ? verify_lock_unused+0x140/0x140 [ 1075.648051][ C0] ? futex_wait+0x4c8/0x5e0 [ 1075.648069][ C0] ? perf_event_free_bpf_prog+0x110/0x110 [ 1075.648104][ C0] ? read_lock_is_recursive+0x10/0x10 [ 1075.648125][ C0] ? do_futex+0x310/0x320 [ 1075.648142][ C0] hw_breakpoint_exceptions_notify+0x152/0x470 [ 1075.648165][ C0] atomic_notifier_call_chain+0x17a/0x2b0 [ 1075.648184][ C0] ? atomic_notifier_call_chain+0x2c/0x2b0 [ 1075.648203][ C0] notify_die+0x141/0x1a0 [ 1075.648220][ C0] ? srcu_init_notifier_head+0x90/0x90 [ 1075.648241][ C0] ? rcu_is_watching+0x11/0xa0 [ 1075.648263][ C0] notify_debug+0x20/0x30 [ 1075.648280][ C0] noist_exc_debug+0x73/0x120 [ 1075.648295][ C0] ? clear_bhb_loop+0x60/0xb0 [ 1075.648316][ C0] asm_exc_debug+0x2f/0x40 [ 1075.648333][ C0] RIP: 0033:0x7f016357b5bd [ 1075.648348][ C0] Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 27 01 00 00 c5 fd 74 0f fd d7 c1 85 c0 74 5b f3 0f bc c0 e9 30 01 00 00 66 90 f3 0f bc [ 1075.648362][ C0] RSP: 002b:00007f01645428a8 EFLAGS: 00000283 [ 1075.648376][ C0] RAX: 0000000000000300 RBX: 00007f0164542de0 RCX: 2f666c65732f636f [ 1075.648387][ C0] RDX: 0000200000000300 RSI: 00007f016365cdc0 RDI: 0000200000000300 [ 1075.648400][ C0] RBP: 0000200000000300 R08: 00007f0164543010 R09: 00000000ffffffff [ 1075.648412][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1075.648429][ C0] R13: 0000000000000073 R14: 00007f0163631f5b R15: 00007f0164542ea0 [ 1075.648446][ C0] [ 1076.512605][T29798] device veth0_vlan entered promiscuous mode [ 1076.521476][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1076.543273][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1076.573059][T29798] device veth1_vlan entered promiscuous mode [ 1076.591145][T29798] device veth0_macvtap entered promiscuous mode [ 1076.600364][T29798] device veth1_macvtap entered promiscuous mode [ 1076.614967][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.625643][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.635539][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.645998][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.655855][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.666306][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.676230][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.686698][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.696561][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.707060][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.717665][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.728202][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.739135][T29798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1076.749913][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1076.757931][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1076.765785][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1076.773953][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1076.782173][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1076.791205][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1076.799779][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1076.807865][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1076.816811][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1076.825772][T17436] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1076.833922][T30086] pim6reg1: tun_chr_ioctl cmd 1074812118 [ 1076.851046][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1076.865601][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.875679][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1076.888439][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.900810][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1076.912967][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.923243][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1076.935857][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.945914][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1076.959094][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.972777][T29798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1076.992682][T29798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.013517][T29798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1077.037658][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1077.046952][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1077.057406][T29798] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.072758][T29798] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.086656][T29798] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.097262][T29798] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1077.169801][T29798] ieee80211 phy52: Selected rate control algorithm 'minstrel_ht' [ 1077.192944][T17436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1077.193803][T29798] ieee80211 phy53: Selected rate control algorithm 'minstrel_ht' [ 1077.200806][T17436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1077.216419][T17414] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1077.253961][T17414] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1077.264296][T17414] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1077.274959][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1077.724177][T26854] device hsr_slave_0 left promiscuous mode [ 1077.730374][T26854] device hsr_slave_1 left promiscuous mode [ 1077.737030][T26854] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1077.745127][T26854] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1077.753170][T26854] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1077.760589][T26854] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1077.768272][T26854] bridge0: port 3(dummy0) entered disabled state [ 1077.775269][T26854] device bridge_slave_1 left promiscuous mode [ 1077.781498][T26854] bridge0: port 2(bridge_slave_1) entered disabled state [ 1077.789181][T26854] device bridge_slave_0 left promiscuous mode [ 1077.795393][T26854] bridge0: port 1(bridge_slave_0) entered disabled state [ 1077.804116][T26854] device veth1_macvtap left promiscuous mode [ 1077.810132][T26854] device veth0_macvtap left promiscuous mode [ 1077.816256][T26854] device veth1_vlan left promiscuous mode [ 1077.822151][T26854] device veth0_vlan left promiscuous mode [ 1078.035444][T26854] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1078.050104][T26854] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1078.083559][T26854] bond0 (unregistering): Released all slaves