last executing test programs: 2.271308775s ago: executing program 1 (id=2222): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x411, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x7, 0x1ff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff, 0x0, 0x0, 0x0, 0xfffffffffffffff2}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="020000000400000005000000aa"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000002"], 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890c, &(0x7f0000000100)) 2.212918136s ago: executing program 2 (id=2223): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001a00)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x2, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff9}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff9}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x2c, 0x5, 0x1, &(0x7f0000000140)) 2.171856597s ago: executing program 1 (id=2224): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x3a, 0x0, 0x0) 2.163332237s ago: executing program 2 (id=2225): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000700)={&(0x7f0000000440), 0x6e, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/3, 0x3}, {&(0x7f0000000f00)=""/210, 0xd2}, {&(0x7f0000000600)=""/183, 0xb7}], 0x3}, 0x1) bpf$TOKEN_CREATE(0x24, &(0x7f0000000ec0)={0x0, r0}, 0x8) sendmsg$inet(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x8000) r3 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r3, &(0x7f0000000040)={'some', 0x20, 0x8, 0x20, 0xfffffffffffffff7}, 0x2f) r4 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="020a030002000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb7910009875f37538e486dd6317ce8102031100fe08000e40000200875a65969ff57b00ff020000000000000000000000000001"], 0xfdef) recvmsg$kcm(r6, &(0x7f0000000e80)={&(0x7f0000000740)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000007c0)=""/223, 0xdf}, {&(0x7f00000008c0)=""/22, 0x16}, {&(0x7f0000000900)=""/148, 0x94}, {&(0x7f00000009c0)=""/35, 0x23}, {&(0x7f0000000a00)=""/84, 0x54}, {&(0x7f0000000a80)=""/53, 0x35}, {&(0x7f0000000ac0)=""/18, 0x12}, {&(0x7f0000000b00)=""/224, 0xe0}, {&(0x7f0000000c00)=""/185, 0xb9}], 0x9, &(0x7f0000000d80)=""/202, 0xca}, 0x0) r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="030000000400000004000064dbbbdd615d617a0d", @ANYRES32=0x1, @ANYBLOB="001000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000010000000400"/28], 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000100)={&(0x7f0000000080)="9a3b02bdb782f700e45db7be2eb65d59df535082cce684c11908c253a21297539b19da31fb", &(0x7f0000000180)=""/243, &(0x7f00000002c0)="b1669bd70619d1d34e95533debcb3c10bfb8c0c433198d69eaa875ae3022149443ead7dcabeddaefc5b7fd0d74f2c47ea5f44861addb297e55af6deed8cfd3a3308aa0a3e632d1d69356b0a29e26055d743bbf7228ea1c31abf8fdce0b59737bff2ef6fda30cac61d77b82a8c325720f0bf6f4c43db848f33a47f6a15e320ca87cc8e7e0c9126bb76b74efd1bc9e02372c5a91489ee7b0719d0a6948", &(0x7f00000000c0)="5aa7684db3aa157cedffc845aacedf4bfc5f70bce0ed1d0be6564d6b64f90e0f64f7ec7a10b61e5b0c7ed6a81c42be5af73e", 0x6, r7}, 0x38) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)}, 0x24000000) 2.110159798s ago: executing program 0 (id=2226): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000009c0)="d80000001e0081064e81f782db44b9040002080006007c09e8fe11a10a0015c00200142603600e120800080024000000a80009001100014003001000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x24000000) (fail_nth: 2) 2.094886088s ago: executing program 3 (id=2227): r0 = socket$kcm(0x10, 0x400000002, 0x0) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002020) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005e00073fe6084e00458bd8f19680f508195b6a862c"], 0xfe33) 1.760983613s ago: executing program 1 (id=2228): socketpair$unix(0x1, 0x5, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x5, 0x0, 0x804, 0x14c9, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x805, 0x0, @perf_bp={&(0x7f0000000180), 0x8}, 0x20a0, 0x1f, 0x80000000, 0x6, 0x2, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x6e8}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a00000001000000dd0000000900000000000000adea0627f21759a5d127c5884ac69044e8fce3abc475bebf4014dcf44601b88a17be3fe1cc44c9797e5cb7a0acc15945a908340b9edbaa332dec69f08996e246906f81f217bf58455b304a4fbe679e97bb35102a97278d5b085f01355abc491431cbec78498b443a51b174033b82a28a29a101591d6075cc427cb25b6f0874e7581b0c96f1a1824de60cdf7aba72f73e34035fb33557a68890a5449cf4386c", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff95, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c3"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r1, 0x6, 0x24, &(0x7f0000000000), 0xff7b) 1.747785693s ago: executing program 0 (id=2229): r0 = socket$kcm(0x10, 0x400000002, 0x0) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002020) (fail_nth: 2) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005e00073fe6084e00458bd8f19680f508195b6a862c"], 0xfe33) 1.740068574s ago: executing program 3 (id=2230): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x325241, 0x0) ioctl$TUNGETVNETBE(r0, 0x800454df, &(0x7f00000000c0)) (async) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x5, 0x0, 0x0, 0x20000000000000, 0xa115, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000, 0xf}, 0x0, 0x0, 0x101, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4000000}) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c48000000e8fe55a1180015000600142603600e120900210000000401a80016000a0003", 0x37}], 0x1}, 0x0) (async) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xfe33) 1.588983956s ago: executing program 1 (id=2231): r0 = socket$kcm(0x10, 0x400000002, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000180)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0], 0x0, 0xd9, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x52, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000980)='sys_exit\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef) ioctl$TUNSETOFFLOAD(r4, 0x541b, 0x20000000) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000500)={0x0, 0xfffffff7, 0x10}, 0xc) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000380), 0x5, r6}, 0x38) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r6, &(0x7f0000000a40)="ad", &(0x7f0000000000)=""/10, 0x2}, 0x20) r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./file0\x00', 0x0, 0x10}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1, 0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000640)}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%pS \x00'}, 0x20) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x7, 0x8, 0x40, 0x42, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000580), 0xffd, r10}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r10, &(0x7f0000000580), &(0x7f0000001580)=""/92}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000780), &(0x7f00000007c0)='%-5lx \x00'}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x6, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}, [@alu={0x7, 0x0, 0x6, 0xb, 0x0, 0x30, 0xfffffffffffffff0}]}, &(0x7f0000000080)='GPL\x00', 0x5, 0x8a, &(0x7f00000000c0)=""/138, 0x41000, 0x8, '\x00', r1, 0x25, r4, 0x8, &(0x7f00000004c0)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000840)=[r5, r6, r7, r8, 0xffffffffffffffff, r9, r10, r11], &(0x7f0000000880)=[{0x1, 0x3, 0x6, 0x1}, {0x2, 0x3, 0xb, 0x3}, {0x0, 0x5, 0x3, 0x1}, {0x0, 0x1, 0x0, 0xa}, {0x4, 0x3, 0x3, 0x9}, {0x3, 0x5, 0x2, 0xc}, {0x4, 0x3, 0xd, 0xa}, {0x1, 0x1, 0x7, 0xb}], 0x10, 0x100}, 0x94) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002020) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c0000005e00073fe6084e00458bd8f19680f508195b6a862c"], 0xfe33) 1.588829676s ago: executing program 3 (id=2232): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x411, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x7, 0x1ff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff, 0x0, 0x0, 0x0, 0xfffffffffffffff2}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="020000000400000005000000aa"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000002"], 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890c, &(0x7f0000000100)) 1.171542042s ago: executing program 0 (id=2233): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000640)="cc", 0x1}], 0x1}, 0x40400c4) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x5411, 0x0) 1.145646962s ago: executing program 2 (id=2234): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xd3, 0x0, 0x0, 0x0, 0x0, 0x2111, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x2, @perf_bp={0x0, 0x4}, 0x14125, 0x32, 0xfffffbff, 0x4, 0x5, 0x0, 0xfff7, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x1, 0xffffffffffffffff, 0x9) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x19) syz_clone(0xab009500, 0x0, 0x0, 0x0, 0x0, 0x0) 1.106473353s ago: executing program 0 (id=2235): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x68000000}, 0x80fe) r1 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private1}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x200480fe) close(r0) 1.043578354s ago: executing program 3 (id=2236): socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) 986.429575ms ago: executing program 0 (id=2237): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r0, &(0x7f0000000000), 0x2a979d) ioctl$SIOCSIFHWADDR(r0, 0x401c5820, &(0x7f0000000080)={'macvlan1\x00', @broadcast}) openat$cgroup_pressure(r0, &(0x7f0000000000)='memory.pressure\x00', 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x12, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180000eeffffff23000000711413673f8731ac7ecc0805002000000095000000000000000000001a00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 896.777326ms ago: executing program 1 (id=2238): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) sendmsg$inet(r0, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000640)="cc", 0x1}], 0x1}, 0x40400c4) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x5411, 0x0) (fail_nth: 2) 806.961647ms ago: executing program 2 (id=2239): socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) 362.007554ms ago: executing program 3 (id=2240): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x2, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x23, &(0x7f0000000040), 0xf7) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x10) recvmsg$unix(0xffffffffffffffff, 0x0, 0x40) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00'}) 261.202235ms ago: executing program 2 (id=2241): perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc12, 0x1, @perf_bp={0x0, 0x8}, 0x100904, 0x401, 0x25, 0x0, 0x1, 0x1fe, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080307000000e8fea4a1180015000600142603600e120800110000810401040016000a", 0x35}], 0x1, 0x0, 0x0, 0x7400}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000080000000000000000000000850000002a000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001000"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x23, &(0x7f00000054c0)={0x0, 0x0, 0x0, 0x0, 0x548, 0x0, 0x0, 0x40f00, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000e0ff0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x26}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="d80000001c0081044e81f782db44b904021d0802010000001c7e12a118000c000600142603600e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c13223e3f52a98516277ce06bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x700) 125.163787ms ago: executing program 3 (id=2242): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x3, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x2) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000840)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94acf4d5fc79c987d668c381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c18e39484809539fca4e0b6e2b1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a51598f3573b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d1787957258ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a152a9ec9a7a3755e0f209150a07000000000000007edf6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b92341ba8dfa603850a8294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f7e68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b2450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b742a1acee2e98c7f9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c535680ac66d09af39265964279d174b0000000000000000000000fa08ad0731c4b839688b22c4da04000000e97fc94ce0bfb32f9c55b5857549c4a71ce0dd64aeb4fd267f28010e6ad90ffe2e"], &(0x7f0000000000)='GPL\x00', 0x5, 0xcf, &(0x7f000000cf3d)=""/195}, 0x48) setsockopt$sock_attach_bpf(r0, 0x29, 0x43, &(0x7f0000000000)=r1, 0x4) (fail_nth: 1) 50.810779ms ago: executing program 0 (id=2243): socketpair$unix(0x1, 0x5, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x5, 0x0, 0x804, 0x14c9, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x805, 0x0, @perf_bp={&(0x7f0000000180), 0x8}, 0x20a0, 0x1f, 0x80000000, 0x6, 0x2, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x6e8}, 0x0, 0x0, 0xffffffffffffffff, 0x8) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a00000001000000dd0000000900000000000000adea0627f21759a5d127c5884ac69044e8fce3abc475bebf4014dcf44601b88a17be3fe1cc44c9797e5cb7a0acc15945a908340b9edbaa332dec69f08996e246906f81f217bf58455b304a4fbe679e97bb35102a97278d5b085f01355abc491431cbec78498b443a51b174033b82a28a29a101591d6075cc427cb25b6f0874e7581b0c96f1a1824de60cdf7aba72f73e34035fb33557a68890a5449cf4386c", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff95, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r0, 0x6, 0x24, &(0x7f0000000000), 0xff7b) 14.901989ms ago: executing program 1 (id=2244): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x411, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x7, 0x1ff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff, 0x0, 0x0, 0x0, 0xfffffffffffffff2}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="020000000400000005000000aa"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000002"], 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890c, &(0x7f0000000100)) 0s ago: executing program 2 (id=2245): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x68000000}, 0x80fe) r1 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private1}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x200480fe) close(r0) kernel console output (not intermixed with test programs): 1 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.073404][ T9793] RSP: 002b:00007f8078d37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 211.081812][ T9793] RAX: ffffffffffffffda RBX: 00007f80781b5fa0 RCX: 00007f8077f8e9a9 [ 211.089779][ T9793] RDX: 0000200000000640 RSI: 000000000000541b RDI: 0000000000000003 [ 211.097743][ T9793] RBP: 00007f8078d37090 R08: 0000000000000000 R09: 0000000000000000 [ 211.105709][ T9793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.113672][ T9793] R13: 0000000000000000 R14: 00007f80781b5fa0 R15: 00007ffde34759e8 [ 211.121651][ T9793] [ 211.147338][ T9793] ERROR: Out of memory at tomoyo_realpath_from_path. [ 211.376159][ T9805] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1545'. [ 211.408921][ T9807] syz.0.1544[9807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 211.409055][ T9807] syz.0.1544[9807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 211.853639][ T9830] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1556'. [ 211.925928][ T9834] FAULT_INJECTION: forcing a failure. [ 211.925928][ T9834] name failslab, interval 1, probability 0, space 0, times 0 [ 211.939282][ T9834] CPU: 1 PID: 9834 Comm: syz.2.1557 Not tainted 6.6.99-syzkaller #0 [ 211.947305][ T9834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.957368][ T9834] Call Trace: [ 211.960663][ T9834] [ 211.963608][ T9834] dump_stack_lvl+0x16c/0x230 [ 211.968305][ T9834] ? show_regs_print_info+0x20/0x20 [ 211.973522][ T9834] ? load_image+0x3b0/0x3b0 [ 211.978044][ T9834] ? __might_sleep+0xe0/0xe0 [ 211.982648][ T9834] ? __lock_acquire+0x7c80/0x7c80 [ 211.987692][ T9834] should_fail_ex+0x39d/0x4d0 [ 211.992392][ T9834] should_failslab+0x9/0x20 [ 211.996906][ T9834] slab_pre_alloc_hook+0x59/0x310 [ 212.001946][ T9834] ? tomoyo_encode+0x28b/0x540 [ 212.006721][ T9834] ? tomoyo_encode+0x28b/0x540 [ 212.011499][ T9834] __kmem_cache_alloc_node+0x53/0x260 [ 212.016894][ T9834] ? tomoyo_encode+0x28b/0x540 [ 212.021668][ T9834] __kmalloc+0xa4/0x240 [ 212.025848][ T9834] tomoyo_encode+0x28b/0x540 [ 212.030467][ T9834] tomoyo_realpath_from_path+0x592/0x5d0 [ 212.036145][ T9834] tomoyo_path_number_perm+0x1ea/0x590 [ 212.041614][ T9834] ? tomoyo_path_number_perm+0x1ba/0x590 [ 212.047261][ T9834] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 212.052736][ T9834] ? ksys_write+0x1c1/0x250 [ 212.057325][ T9834] ? __fget_files+0x28/0x4d0 [ 212.061955][ T9834] security_file_ioctl+0x70/0xa0 [ 212.066913][ T9834] __se_sys_ioctl+0x48/0x170 [ 212.071517][ T9834] do_syscall_64+0x55/0xb0 [ 212.075940][ T9834] ? clear_bhb_loop+0x40/0x90 [ 212.080620][ T9834] ? clear_bhb_loop+0x40/0x90 [ 212.085306][ T9834] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 212.091210][ T9834] RIP: 0033:0x7f62ffd8e9a9 [ 212.095633][ T9834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.115249][ T9834] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 212.123675][ T9834] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 212.131655][ T9834] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000005 [ 212.139633][ T9834] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 212.147610][ T9834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.155599][ T9834] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 212.163612][ T9834] [ 212.172719][ T9834] ERROR: Out of memory at tomoyo_realpath_from_path. [ 212.403799][ T9845] FAULT_INJECTION: forcing a failure. [ 212.403799][ T9845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.417462][ T9845] CPU: 1 PID: 9845 Comm: syz.2.1562 Not tainted 6.6.99-syzkaller #0 [ 212.425458][ T9845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.435516][ T9845] Call Trace: [ 212.438799][ T9845] [ 212.441742][ T9845] dump_stack_lvl+0x16c/0x230 [ 212.446431][ T9845] ? show_regs_print_info+0x20/0x20 [ 212.451618][ T9845] ? load_image+0x3b0/0x3b0 [ 212.456135][ T9845] ? __might_fault+0xaa/0x120 [ 212.460830][ T9845] ? __lock_acquire+0x7c80/0x7c80 [ 212.465871][ T9845] should_fail_ex+0x39d/0x4d0 [ 212.470541][ T9845] _copy_to_user+0x2f/0xa0 [ 212.474956][ T9845] bpf_test_finish+0x19a/0x620 [ 212.479752][ T9845] ? convert___skb_to_skb+0x590/0x590 [ 212.485165][ T9845] ? convert_skb_to___skb+0x420/0x420 [ 212.490529][ T9845] ? slab_build_skb+0x25f/0x3f0 [ 212.495383][ T9845] bpf_prog_test_run_skb+0xc28/0x11c0 [ 212.500788][ T9845] ? cpu_online+0x60/0x60 [ 212.505128][ T9845] bpf_prog_test_run+0x321/0x390 [ 212.510058][ T9845] __sys_bpf+0x440/0x800 [ 212.514303][ T9845] ? bpf_link_show_fdinfo+0x350/0x350 [ 212.519715][ T9845] ? lock_chain_count+0x20/0x20 [ 212.524574][ T9845] __x64_sys_bpf+0x7c/0x90 [ 212.528991][ T9845] do_syscall_64+0x55/0xb0 [ 212.533406][ T9845] ? clear_bhb_loop+0x40/0x90 [ 212.538094][ T9845] ? clear_bhb_loop+0x40/0x90 [ 212.542785][ T9845] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 212.548686][ T9845] RIP: 0033:0x7f62ffd8e9a9 [ 212.553099][ T9845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.572706][ T9845] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 212.581105][ T9845] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 212.589066][ T9845] RDX: 0000000000000048 RSI: 00002000000002c0 RDI: 000000000000000a [ 212.597039][ T9845] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 212.605026][ T9845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.613021][ T9845] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 212.621020][ T9845] [ 212.668219][ T9847] FAULT_INJECTION: forcing a failure. [ 212.668219][ T9847] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.712926][ T9847] CPU: 1 PID: 9847 Comm: syz.3.1563 Not tainted 6.6.99-syzkaller #0 [ 212.720962][ T9847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.731039][ T9847] Call Trace: [ 212.734333][ T9847] [ 212.737267][ T9847] dump_stack_lvl+0x16c/0x230 [ 212.741965][ T9847] ? show_regs_print_info+0x20/0x20 [ 212.747163][ T9847] ? load_image+0x3b0/0x3b0 [ 212.751663][ T9847] ? __might_fault+0xaa/0x120 [ 212.756330][ T9847] ? __lock_acquire+0x7c80/0x7c80 [ 212.761346][ T9847] should_fail_ex+0x39d/0x4d0 [ 212.766020][ T9847] _copy_to_user+0x2f/0xa0 [ 212.770428][ T9847] bpf_test_finish+0x19a/0x620 [ 212.775190][ T9847] ? convert___skb_to_skb+0x590/0x590 [ 212.780556][ T9847] ? convert_skb_to___skb+0x420/0x420 [ 212.785924][ T9847] ? slab_build_skb+0x25f/0x3f0 [ 212.790766][ T9847] bpf_prog_test_run_skb+0xc28/0x11c0 [ 212.796160][ T9847] ? cpu_online+0x60/0x60 [ 212.800481][ T9847] bpf_prog_test_run+0x321/0x390 [ 212.805410][ T9847] __sys_bpf+0x440/0x800 [ 212.809643][ T9847] ? bpf_link_show_fdinfo+0x350/0x350 [ 212.815016][ T9847] ? lock_chain_count+0x20/0x20 [ 212.819881][ T9847] __x64_sys_bpf+0x7c/0x90 [ 212.824311][ T9847] do_syscall_64+0x55/0xb0 [ 212.828728][ T9847] ? clear_bhb_loop+0x40/0x90 [ 212.833405][ T9847] ? clear_bhb_loop+0x40/0x90 [ 212.838088][ T9847] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 212.843984][ T9847] RIP: 0033:0x7f6e0b58e9a9 [ 212.848391][ T9847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.868040][ T9847] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 212.876463][ T9847] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 212.884429][ T9847] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 212.892388][ T9847] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 212.900346][ T9847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.908306][ T9847] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 212.916277][ T9847] [ 213.058190][ T9857] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1567'. [ 213.222278][ T9864] FAULT_INJECTION: forcing a failure. [ 213.222278][ T9864] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.267183][ T9864] CPU: 1 PID: 9864 Comm: syz.3.1570 Not tainted 6.6.99-syzkaller #0 [ 213.275224][ T9864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 213.285295][ T9864] Call Trace: [ 213.288585][ T9864] [ 213.291526][ T9864] dump_stack_lvl+0x16c/0x230 [ 213.296221][ T9864] ? show_regs_print_info+0x20/0x20 [ 213.301430][ T9864] ? load_image+0x3b0/0x3b0 [ 213.305965][ T9864] ? __might_fault+0xaa/0x120 [ 213.310683][ T9864] ? __lock_acquire+0x7c80/0x7c80 [ 213.315731][ T9864] should_fail_ex+0x39d/0x4d0 [ 213.320417][ T9864] _copy_to_user+0x2f/0xa0 [ 213.324837][ T9864] bpf_test_finish+0x19a/0x620 [ 213.329607][ T9864] ? convert___skb_to_skb+0x590/0x590 [ 213.334982][ T9864] ? convert_skb_to___skb+0x420/0x420 [ 213.340355][ T9864] ? slab_build_skb+0x25f/0x3f0 [ 213.345205][ T9864] bpf_prog_test_run_skb+0xc28/0x11c0 [ 213.350586][ T9864] ? cpu_online+0x60/0x60 [ 213.354923][ T9864] bpf_prog_test_run+0x321/0x390 [ 213.359865][ T9864] __sys_bpf+0x440/0x800 [ 213.364101][ T9864] ? bpf_link_show_fdinfo+0x350/0x350 [ 213.369476][ T9864] ? lock_chain_count+0x20/0x20 [ 213.374328][ T9864] __x64_sys_bpf+0x7c/0x90 [ 213.378733][ T9864] do_syscall_64+0x55/0xb0 [ 213.383141][ T9864] ? clear_bhb_loop+0x40/0x90 [ 213.387816][ T9864] ? clear_bhb_loop+0x40/0x90 [ 213.392508][ T9864] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.398396][ T9864] RIP: 0033:0x7f6e0b58e9a9 [ 213.402806][ T9864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.422414][ T9864] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 213.430825][ T9864] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 213.438789][ T9864] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 213.446752][ T9864] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 213.454728][ T9864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.462691][ T9864] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 213.470684][ T9864] [ 213.666504][ T9878] netlink: 'syz.1.1576': attribute type 29 has an invalid length. [ 213.675203][ T9878] netlink: 'syz.1.1576': attribute type 29 has an invalid length. [ 213.847577][ T9889] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1579'. [ 213.885751][ T9891] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.1581'. [ 214.223402][ T9900] Ÿë: port 1(veth0_to_bridge) entered blocking state [ 214.259158][ T9900] Ÿë: port 1(veth0_to_bridge) entered disabled state [ 214.278407][ T9903] FAULT_INJECTION: forcing a failure. [ 214.278407][ T9903] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 214.293218][ T9900] veth0_to_bridge: entered allmulticast mode [ 214.295984][ T9903] CPU: 0 PID: 9903 Comm: syz.2.1584 Not tainted 6.6.99-syzkaller #0 [ 214.307234][ T9903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.317288][ T9903] Call Trace: [ 214.320561][ T9903] [ 214.323500][ T9903] dump_stack_lvl+0x16c/0x230 [ 214.328179][ T9903] ? show_regs_print_info+0x20/0x20 [ 214.333371][ T9903] ? load_image+0x3b0/0x3b0 [ 214.337873][ T9903] ? __might_fault+0xaa/0x120 [ 214.342540][ T9903] ? __lock_acquire+0x7c80/0x7c80 [ 214.347565][ T9903] should_fail_ex+0x39d/0x4d0 [ 214.352246][ T9903] _copy_from_user+0x2f/0xe0 [ 214.356840][ T9903] ___sys_sendmsg+0x159/0x290 [ 214.361514][ T9903] ? __sys_sendmsg+0x270/0x270 [ 214.366290][ T9903] ? __lock_acquire+0x7c80/0x7c80 [ 214.371332][ T9903] __se_sys_sendmsg+0x1a5/0x270 [ 214.376181][ T9903] ? __x64_sys_sendmsg+0x80/0x80 [ 214.381127][ T9903] ? lockdep_hardirqs_on+0x98/0x150 [ 214.386325][ T9903] do_syscall_64+0x55/0xb0 [ 214.390733][ T9903] ? clear_bhb_loop+0x40/0x90 [ 214.395400][ T9903] ? clear_bhb_loop+0x40/0x90 [ 214.400068][ T9903] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.405959][ T9903] RIP: 0033:0x7f62ffd8e9a9 [ 214.410366][ T9903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.429965][ T9903] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 214.438374][ T9903] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 214.446336][ T9903] RDX: 0000000020000000 RSI: 0000200000000100 RDI: 0000000000000006 [ 214.454297][ T9903] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 214.462259][ T9903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.470221][ T9903] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 214.478198][ T9903] [ 214.483457][ T9900] veth0_to_bridge: entered promiscuous mode [ 215.030842][ T9917] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1590'. [ 215.150376][ T9923] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1594'. [ 215.855716][ T9936] Ÿë: port 1(veth0_to_bridge) entered blocking state [ 215.867347][ T9936] Ÿë: port 1(veth0_to_bridge) entered disabled state [ 215.878832][ T9936] veth0_to_bridge: entered allmulticast mode [ 215.891830][ T9936] veth0_to_bridge: entered promiscuous mode [ 216.144456][ T9952] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1603'. [ 216.282371][ T9963] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1606'. [ 216.755612][ T9985] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1616'. [ 217.249337][T10006] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1628'. [ 217.452453][T10015] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1631'. [ 217.581054][T10019] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.1632'. [ 217.854042][T10034] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1639'. [ 218.652581][T10050] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.1647'. [ 218.966848][T10063] FAULT_INJECTION: forcing a failure. [ 218.966848][T10063] name failslab, interval 1, probability 0, space 0, times 0 [ 218.979878][T10063] CPU: 1 PID: 10063 Comm: syz.2.1653 Not tainted 6.6.99-syzkaller #0 [ 218.987990][T10063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.998095][T10063] Call Trace: [ 219.001405][T10063] [ 219.004367][T10063] dump_stack_lvl+0x16c/0x230 [ 219.009084][T10063] ? show_regs_print_info+0x20/0x20 [ 219.014318][T10063] ? load_image+0x3b0/0x3b0 [ 219.018854][T10063] ? verify_lock_unused+0x140/0x140 [ 219.024093][T10063] ? perf_trace_lock+0x2ed/0x380 [ 219.029077][T10063] should_fail_ex+0x39d/0x4d0 [ 219.033805][T10063] should_failslab+0x9/0x20 [ 219.038329][T10063] slab_pre_alloc_hook+0x59/0x310 [ 219.043365][T10063] kmem_cache_alloc+0x5a/0x2e0 [ 219.048126][T10063] ? skb_clone+0x1eb/0x370 [ 219.052547][T10063] skb_clone+0x1eb/0x370 [ 219.056795][T10063] __netlink_deliver_tap+0x41c/0x830 [ 219.062096][T10063] ? netlink_deliver_tap+0x2e/0x1b0 [ 219.067309][T10063] netlink_deliver_tap+0x19c/0x1b0 [ 219.072419][T10063] netlink_unicast+0x72c/0x8d0 [ 219.077200][T10063] netlink_sendmsg+0x8c1/0xbe0 [ 219.081973][T10063] ? netlink_getsockopt+0x580/0x580 [ 219.087176][T10063] ? aa_sock_msg_perm+0x94/0x150 [ 219.092120][T10063] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 219.097405][T10063] ? security_socket_sendmsg+0x80/0xa0 [ 219.102866][T10063] ? netlink_getsockopt+0x580/0x580 [ 219.108070][T10063] ____sys_sendmsg+0x5bf/0x950 [ 219.112847][T10063] ? __asan_memset+0x22/0x40 [ 219.117438][T10063] ? __sys_sendmsg_sock+0x30/0x30 [ 219.122461][T10063] ? __import_iovec+0x5f2/0x860 [ 219.127335][T10063] ? import_iovec+0x73/0xa0 [ 219.131843][T10063] ___sys_sendmsg+0x220/0x290 [ 219.136524][T10063] ? __sys_sendmsg+0x270/0x270 [ 219.141325][T10063] ? __lock_acquire+0x7c80/0x7c80 [ 219.146380][T10063] __se_sys_sendmsg+0x1a5/0x270 [ 219.151243][T10063] ? __x64_sys_sendmsg+0x80/0x80 [ 219.156201][T10063] ? lockdep_hardirqs_on+0x98/0x150 [ 219.161423][T10063] do_syscall_64+0x55/0xb0 [ 219.165839][T10063] ? clear_bhb_loop+0x40/0x90 [ 219.170509][T10063] ? clear_bhb_loop+0x40/0x90 [ 219.175200][T10063] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 219.181091][T10063] RIP: 0033:0x7f62ffd8e9a9 [ 219.185514][T10063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.205121][T10063] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.213535][T10063] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 219.221526][T10063] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 000000000000000a [ 219.229493][T10063] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 219.237462][T10063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.245431][T10063] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 219.253421][T10063] [ 219.790049][T10094] FAULT_INJECTION: forcing a failure. [ 219.790049][T10094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.809253][T10094] CPU: 1 PID: 10094 Comm: syz.2.1674 Not tainted 6.6.99-syzkaller #0 [ 219.817384][T10094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.827458][T10094] Call Trace: [ 219.830744][T10094] [ 219.833681][T10094] dump_stack_lvl+0x16c/0x230 [ 219.838376][T10094] ? show_regs_print_info+0x20/0x20 [ 219.843605][T10094] ? load_image+0x3b0/0x3b0 [ 219.848137][T10094] ? __might_fault+0xaa/0x120 [ 219.852836][T10094] ? __lock_acquire+0x7c80/0x7c80 [ 219.857888][T10094] should_fail_ex+0x39d/0x4d0 [ 219.862594][T10094] _copy_to_user+0x2f/0xa0 [ 219.867028][T10094] bpf_test_finish+0x19a/0x620 [ 219.871799][T10094] ? convert___skb_to_skb+0x590/0x590 [ 219.877167][T10094] ? convert_skb_to___skb+0x420/0x420 [ 219.882538][T10094] ? slab_build_skb+0x25f/0x3f0 [ 219.887383][T10094] bpf_prog_test_run_skb+0xc28/0x11c0 [ 219.892760][T10094] ? cpu_online+0x60/0x60 [ 219.897087][T10094] bpf_prog_test_run+0x321/0x390 [ 219.902016][T10094] __sys_bpf+0x440/0x800 [ 219.906250][T10094] ? bpf_link_show_fdinfo+0x350/0x350 [ 219.911623][T10094] ? lock_chain_count+0x20/0x20 [ 219.916477][T10094] __x64_sys_bpf+0x7c/0x90 [ 219.920885][T10094] do_syscall_64+0x55/0xb0 [ 219.925295][T10094] ? clear_bhb_loop+0x40/0x90 [ 219.929961][T10094] ? clear_bhb_loop+0x40/0x90 [ 219.934627][T10094] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 219.940514][T10094] RIP: 0033:0x7f62ffd8e9a9 [ 219.944918][T10094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.964528][T10094] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 219.972942][T10094] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 219.980909][T10094] RDX: 0000000000000020 RSI: 00002000000005c0 RDI: 000000000000000a [ 219.988872][T10094] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 219.996831][T10094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.004788][T10094] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 220.012760][T10094] [ 220.117722][T10101] FAULT_INJECTION: forcing a failure. [ 220.117722][T10101] name failslab, interval 1, probability 0, space 0, times 0 [ 220.154592][T10101] CPU: 0 PID: 10101 Comm: syz.3.1669 Not tainted 6.6.99-syzkaller #0 [ 220.162728][T10101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 220.172806][T10101] Call Trace: [ 220.176100][T10101] [ 220.179040][T10101] dump_stack_lvl+0x16c/0x230 [ 220.183746][T10101] ? show_regs_print_info+0x20/0x20 [ 220.188965][T10101] ? load_image+0x3b0/0x3b0 [ 220.193480][T10101] ? __might_sleep+0xe0/0xe0 [ 220.198092][T10101] ? __lock_acquire+0x7c80/0x7c80 [ 220.203143][T10101] should_fail_ex+0x39d/0x4d0 [ 220.207851][T10101] should_failslab+0x9/0x20 [ 220.212369][T10101] slab_pre_alloc_hook+0x59/0x310 [ 220.217413][T10101] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.223158][T10101] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.228904][T10101] __kmem_cache_alloc_node+0x53/0x260 [ 220.234275][T10101] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.240002][T10101] __kmalloc+0xa4/0x240 [ 220.244178][T10101] tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.249733][T10101] tomoyo_path_number_perm+0x1ea/0x590 [ 220.255195][T10101] ? tomoyo_path_number_perm+0x1ba/0x590 [ 220.260827][T10101] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 220.266323][T10101] ? ksys_write+0x1c1/0x250 [ 220.270842][T10101] ? __fget_files+0x28/0x4d0 [ 220.275436][T10101] security_file_ioctl+0x70/0xa0 [ 220.280370][T10101] __se_sys_ioctl+0x48/0x170 [ 220.284953][T10101] do_syscall_64+0x55/0xb0 [ 220.289359][T10101] ? clear_bhb_loop+0x40/0x90 [ 220.294027][T10101] ? clear_bhb_loop+0x40/0x90 [ 220.298694][T10101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 220.304582][T10101] RIP: 0033:0x7f6e0b58e9a9 [ 220.308985][T10101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.328583][T10101] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.336990][T10101] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 220.344951][T10101] RDX: 0000200000000640 RSI: 000000000000541b RDI: 0000000000000003 [ 220.352912][T10101] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 220.360870][T10101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.368832][T10101] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 220.376807][T10101] [ 220.400897][T10101] ERROR: Out of memory at tomoyo_realpath_from_path. [ 220.429100][T10095] netlink: 'syz.1.1664': attribute type 7 has an invalid length. [ 220.670647][T10119] __nla_validate_parse: 5 callbacks suppressed [ 220.670663][T10119] netlink: 163260 bytes leftover after parsing attributes in process `syz.0.1677'. [ 220.919126][T10124] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1679'. [ 221.039575][T10133] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 221.810646][T10156] netlink: 'syz.2.1686': attribute type 7 has an invalid length. [ 222.039120][T10167] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.1689'. [ 222.155969][T10174] FAULT_INJECTION: forcing a failure. [ 222.155969][T10174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.170192][T10174] CPU: 1 PID: 10174 Comm: syz.0.1692 Not tainted 6.6.99-syzkaller #0 [ 222.178292][T10174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.188339][T10174] Call Trace: [ 222.191607][T10174] [ 222.194521][T10174] dump_stack_lvl+0x16c/0x230 [ 222.199184][T10174] ? show_regs_print_info+0x20/0x20 [ 222.204365][T10174] ? load_image+0x3b0/0x3b0 [ 222.208883][T10174] ? __might_fault+0xaa/0x120 [ 222.213590][T10174] ? __lock_acquire+0x7c80/0x7c80 [ 222.218642][T10174] should_fail_ex+0x39d/0x4d0 [ 222.223353][T10174] _copy_from_user+0x2f/0xe0 [ 222.228025][T10174] kstrtouint_from_user+0xc2/0x150 [ 222.233015][T10175] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 222.233142][T10174] ? kstrtol_from_user+0x150/0x150 [ 222.253380][T10174] proc_fail_nth_write+0x89/0x240 [ 222.258424][T10174] ? proc_fail_nth_read+0x250/0x250 [ 222.263641][T10174] ? proc_fail_nth_read+0x250/0x250 [ 222.268852][T10174] vfs_write+0x288/0x940 [ 222.273106][T10174] ? file_end_write+0x250/0x250 [ 222.277966][T10174] ? __fget_files+0x28/0x4d0 [ 222.282548][T10174] ? __fget_files+0x44a/0x4d0 [ 222.287216][T10174] ? __fdget_pos+0x2a3/0x330 [ 222.291788][T10174] ? ksys_write+0x75/0x250 [ 222.296192][T10174] ksys_write+0x147/0x250 [ 222.300529][T10174] ? __ia32_sys_read+0x90/0x90 [ 222.305285][T10174] ? lockdep_hardirqs_on+0x98/0x150 [ 222.310473][T10174] do_syscall_64+0x55/0xb0 [ 222.314874][T10174] ? clear_bhb_loop+0x40/0x90 [ 222.319530][T10174] ? clear_bhb_loop+0x40/0x90 [ 222.324203][T10174] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 222.330088][T10174] RIP: 0033:0x7eff5698d45f [ 222.334496][T10174] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 222.354102][T10174] RSP: 002b:00007eff578a4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 222.362501][T10174] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff5698d45f [ 222.370461][T10174] RDX: 0000000000000001 RSI: 00007eff578a40a0 RDI: 000000000000000e [ 222.378436][T10174] RBP: 00007eff578a4090 R08: 0000000000000000 R09: 0000000000000000 [ 222.386420][T10174] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 222.394414][T10174] R13: 0000000000000000 R14: 00007eff56bb6080 R15: 00007ffdafbae038 [ 222.402405][T10174] [ 222.492727][T10178] netlink: 163260 bytes leftover after parsing attributes in process `syz.2.1693'. [ 222.717605][T10190] FAULT_INJECTION: forcing a failure. [ 222.717605][T10190] name failslab, interval 1, probability 0, space 0, times 0 [ 222.731599][T10190] CPU: 1 PID: 10190 Comm: syz.3.1698 Not tainted 6.6.99-syzkaller #0 [ 222.739705][T10190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.749771][T10190] Call Trace: [ 222.753055][T10190] [ 222.756092][T10190] dump_stack_lvl+0x16c/0x230 [ 222.760786][T10190] ? show_regs_print_info+0x20/0x20 [ 222.765969][T10190] ? load_image+0x3b0/0x3b0 [ 222.770469][T10190] ? __might_sleep+0xe0/0xe0 [ 222.775069][T10190] ? __lock_acquire+0x7c80/0x7c80 [ 222.780102][T10190] ? prepend_path+0x4b/0x960 [ 222.784686][T10190] should_fail_ex+0x39d/0x4d0 [ 222.789364][T10190] should_failslab+0x9/0x20 [ 222.793861][T10190] slab_pre_alloc_hook+0x59/0x310 [ 222.798892][T10190] ? __asan_memcpy+0x40/0x70 [ 222.803485][T10190] ? tomoyo_encode+0x28b/0x540 [ 222.808255][T10190] ? tomoyo_encode+0x28b/0x540 [ 222.813017][T10190] __kmem_cache_alloc_node+0x53/0x260 [ 222.818395][T10190] ? prepend_path+0x4b/0x960 [ 222.823015][T10190] ? tomoyo_encode+0x28b/0x540 [ 222.827773][T10190] __kmalloc+0xa4/0x240 [ 222.831925][T10190] tomoyo_encode+0x28b/0x540 [ 222.836519][T10190] tomoyo_realpath_from_path+0x592/0x5d0 [ 222.842156][T10190] tomoyo_path_number_perm+0x1ea/0x590 [ 222.847606][T10190] ? tomoyo_path_number_perm+0x1ba/0x590 [ 222.853230][T10190] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 222.858681][T10190] ? ksys_write+0x1c1/0x250 [ 222.863198][T10190] ? __fget_files+0x28/0x4d0 [ 222.867790][T10190] security_file_ioctl+0x70/0xa0 [ 222.872721][T10190] __se_sys_ioctl+0x48/0x170 [ 222.877308][T10190] do_syscall_64+0x55/0xb0 [ 222.881715][T10190] ? clear_bhb_loop+0x40/0x90 [ 222.886383][T10190] ? clear_bhb_loop+0x40/0x90 [ 222.891051][T10190] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 222.896937][T10190] RIP: 0033:0x7f6e0b58e9a9 [ 222.901356][T10190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.920956][T10190] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.929360][T10190] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 222.937320][T10190] RDX: 0000200000000500 RSI: 00000000400454da RDI: 0000000000000004 [ 222.945278][T10190] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 222.953236][T10190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.961197][T10190] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 222.969169][T10190] [ 222.983172][T10190] ERROR: Out of memory at tomoyo_realpath_from_path. [ 223.048031][T10192] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1699'. [ 223.237506][T10200] FAULT_INJECTION: forcing a failure. [ 223.237506][T10200] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.255508][T10200] CPU: 0 PID: 10200 Comm: syz.0.1703 Not tainted 6.6.99-syzkaller #0 [ 223.263649][T10200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.273742][T10200] Call Trace: [ 223.277061][T10200] [ 223.280026][T10200] dump_stack_lvl+0x16c/0x230 [ 223.284755][T10200] ? show_regs_print_info+0x20/0x20 [ 223.290008][T10200] ? load_image+0x3b0/0x3b0 [ 223.293814][T10196] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1701'. [ 223.294535][T10200] ? __might_fault+0xaa/0x120 [ 223.308265][T10200] ? __lock_acquire+0x7c80/0x7c80 [ 223.313338][T10200] should_fail_ex+0x39d/0x4d0 [ 223.318067][T10200] strncpy_from_user+0x36/0x2e0 [ 223.322967][T10200] getname_flags+0xf6/0x500 [ 223.327514][T10200] do_sys_openat2+0xcb/0x1c0 [ 223.332141][T10200] ? atomic_notifier_call_chain+0x16e/0x180 [ 223.338086][T10200] ? do_sys_open+0xe0/0xe0 [ 223.342529][T10200] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 223.348529][T10200] ? lock_chain_count+0x20/0x20 [ 223.353412][T10200] __x64_sys_openat+0x139/0x160 [ 223.358266][T10200] do_syscall_64+0x55/0xb0 [ 223.362676][T10200] ? clear_bhb_loop+0x40/0x90 [ 223.367371][T10200] ? clear_bhb_loop+0x40/0x90 [ 223.372089][T10200] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 223.378025][T10200] RIP: 0033:0x7eff5698d310 [ 223.382468][T10200] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 223.402102][T10200] RSP: 002b:00007eff578c4f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 223.410545][T10200] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007eff5698d310 [ 223.418556][T10200] RDX: 0000000000000002 RSI: 00007eff578c4fa0 RDI: 00000000ffffff9c [ 223.426569][T10200] RBP: 00007eff578c4fa0 R08: 0000000000000000 R09: 0000000000000000 [ 223.434572][T10200] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 223.442581][T10200] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 223.450619][T10200] [ 223.614277][T10216] FAULT_INJECTION: forcing a failure. [ 223.614277][T10216] name failslab, interval 1, probability 0, space 0, times 0 [ 223.627676][T10216] CPU: 1 PID: 10216 Comm: syz.1.1709 Not tainted 6.6.99-syzkaller #0 [ 223.636221][T10216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.646293][T10216] Call Trace: [ 223.649588][T10216] [ 223.652530][T10216] dump_stack_lvl+0x16c/0x230 [ 223.657217][T10216] ? show_regs_print_info+0x20/0x20 [ 223.662417][T10216] ? load_image+0x3b0/0x3b0 [ 223.666928][T10216] ? __might_sleep+0xe0/0xe0 [ 223.671515][T10216] ? __lock_acquire+0x7c80/0x7c80 [ 223.676533][T10216] ? __asan_memset+0x22/0x40 [ 223.681120][T10216] should_fail_ex+0x39d/0x4d0 [ 223.685799][T10216] should_failslab+0x9/0x20 [ 223.690299][T10216] slab_pre_alloc_hook+0x59/0x310 [ 223.695321][T10216] kmem_cache_alloc+0x5a/0x2e0 [ 223.700082][T10216] ? security_inode_alloc+0x34/0x110 [ 223.705368][T10216] security_inode_alloc+0x34/0x110 [ 223.710477][T10216] inode_init_always+0x8fc/0xc90 [ 223.715677][T10216] new_inode_pseudo+0x95/0x1d0 [ 223.720434][T10216] __sock_create+0x12d/0x940 [ 223.725028][T10216] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 223.731005][T10216] __sys_socket+0xd7/0x1a0 [ 223.735419][T10216] __x64_sys_socket+0x7a/0x90 [ 223.740092][T10216] do_syscall_64+0x55/0xb0 [ 223.744501][T10216] ? clear_bhb_loop+0x40/0x90 [ 223.749166][T10216] ? clear_bhb_loop+0x40/0x90 [ 223.753833][T10216] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 223.759723][T10216] RIP: 0033:0x7f8077f8e9a9 [ 223.764144][T10216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.783758][T10216] RSP: 002b:00007f8078d37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 223.792169][T10216] RAX: ffffffffffffffda RBX: 00007f80781b5fa0 RCX: 00007f8077f8e9a9 [ 223.800132][T10216] RDX: 0000000000000021 RSI: 0000000000000000 RDI: 0000000000000022 [ 223.808097][T10216] RBP: 00007f8078d37090 R08: 0000000000000000 R09: 0000000000000000 [ 223.816060][T10216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.824024][T10216] R13: 0000000000000001 R14: 00007f80781b5fa0 R15: 00007ffde34759e8 [ 223.832004][T10216] [ 223.843723][T10216] socket: no more sockets [ 223.918587][T10220] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1710'. [ 223.927774][T10220] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1710'. [ 223.937322][T10218] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1710'. [ 223.950665][T10220] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1710'. [ 224.004336][T10221] netlink: 'syz.0.1708': attribute type 12 has an invalid length. [ 224.017818][T10215] netlink: 'syz.0.1708': attribute type 12 has an invalid length. [ 224.310886][T10229] netlink: 'syz.3.1711': attribute type 4 has an invalid length. [ 224.677331][T10243] FAULT_INJECTION: forcing a failure. [ 224.677331][T10243] name failslab, interval 1, probability 0, space 0, times 0 [ 224.695957][T10243] CPU: 1 PID: 10243 Comm: syz.1.1717 Not tainted 6.6.99-syzkaller #0 [ 224.704069][T10243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.714151][T10243] Call Trace: [ 224.717780][T10243] [ 224.720718][T10243] dump_stack_lvl+0x16c/0x230 [ 224.725417][T10243] ? show_regs_print_info+0x20/0x20 [ 224.730624][T10243] ? load_image+0x3b0/0x3b0 [ 224.735149][T10243] ? __might_sleep+0xe0/0xe0 [ 224.739758][T10243] ? __lock_acquire+0x7c80/0x7c80 [ 224.744803][T10243] should_fail_ex+0x39d/0x4d0 [ 224.749499][T10243] should_failslab+0x9/0x20 [ 224.754021][T10243] slab_pre_alloc_hook+0x59/0x310 [ 224.759067][T10243] ? ethnl_default_notify+0x1c3/0x720 [ 224.764461][T10243] ? ethnl_default_notify+0x1c3/0x720 [ 224.769846][T10243] __kmem_cache_alloc_node+0x53/0x260 [ 224.775256][T10243] ? ethnl_default_notify+0x1c3/0x720 [ 224.780645][T10243] __kmalloc+0xa4/0x240 [ 224.784817][T10243] ethnl_default_notify+0x1c3/0x720 [ 224.790034][T10243] ? ethtool_notify+0x1b0/0x1b0 [ 224.794912][T10243] ? mutex_is_locked+0x12/0x40 [ 224.799691][T10243] ? rtnl_is_locked+0x15/0x20 [ 224.804385][T10243] ethnl_netdev_event+0x58/0x70 [ 224.809245][T10243] notifier_call_chain+0x197/0x390 [ 224.814377][T10243] netdev_update_features+0xa4/0xe0 [ 224.819590][T10243] ? dev_disable_lro+0x280/0x280 [ 224.824543][T10243] ? tun_get+0x1c/0x2e0 [ 224.828713][T10243] set_offload+0x1c0/0x1d0 [ 224.833141][T10243] __tun_chr_ioctl+0x148d/0x1fd0 [ 224.838097][T10243] ? tun_flow_create+0x310/0x310 [ 224.843061][T10243] ? bpf_lsm_file_ioctl+0x9/0x10 [ 224.848010][T10243] ? security_file_ioctl+0x80/0xa0 [ 224.853137][T10243] ? tun_chr_poll+0x630/0x630 [ 224.857834][T10243] __se_sys_ioctl+0xfd/0x170 [ 224.862434][T10243] do_syscall_64+0x55/0xb0 [ 224.866864][T10243] ? clear_bhb_loop+0x40/0x90 [ 224.871552][T10243] ? clear_bhb_loop+0x40/0x90 [ 224.876243][T10243] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 224.882153][T10243] RIP: 0033:0x7f8077f8e9a9 [ 224.886577][T10243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.906200][T10243] RSP: 002b:00007f8078d37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 224.914629][T10243] RAX: ffffffffffffffda RBX: 00007f80781b5fa0 RCX: 00007f8077f8e9a9 [ 224.922613][T10243] RDX: 0000000000000001 RSI: 00000000400454d0 RDI: 0000000000000003 [ 224.930598][T10243] RBP: 00007f8078d37090 R08: 0000000000000000 R09: 0000000000000000 [ 224.938583][T10243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.946567][T10243] R13: 0000000000000000 R14: 00007f80781b5fa0 R15: 00007ffde34759e8 [ 224.954573][T10243] [ 225.188706][T10252] FAULT_INJECTION: forcing a failure. [ 225.188706][T10252] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.207122][T10252] CPU: 0 PID: 10252 Comm: syz.2.1723 Not tainted 6.6.99-syzkaller #0 [ 225.215256][T10252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.225335][T10252] Call Trace: [ 225.228637][T10252] [ 225.231584][T10252] dump_stack_lvl+0x16c/0x230 [ 225.236277][T10252] ? show_regs_print_info+0x20/0x20 [ 225.241479][T10252] ? load_image+0x3b0/0x3b0 [ 225.246009][T10252] ? __lock_acquire+0x7c80/0x7c80 [ 225.251032][T10252] should_fail_ex+0x39d/0x4d0 [ 225.255721][T10252] _copy_from_user+0x2f/0xe0 [ 225.260305][T10252] __copy_msghdr+0x3bb/0x580 [ 225.264897][T10252] ___sys_sendmsg+0x1a6/0x290 [ 225.269568][T10252] ? __sys_sendmsg+0x270/0x270 [ 225.274352][T10252] ? __lock_acquire+0x7c80/0x7c80 [ 225.279385][T10252] __se_sys_sendmsg+0x1a5/0x270 [ 225.284229][T10252] ? __x64_sys_sendmsg+0x80/0x80 [ 225.289215][T10252] ? lockdep_hardirqs_on+0x98/0x150 [ 225.294410][T10252] do_syscall_64+0x55/0xb0 [ 225.298831][T10252] ? clear_bhb_loop+0x40/0x90 [ 225.303496][T10252] ? clear_bhb_loop+0x40/0x90 [ 225.308164][T10252] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.314062][T10252] RIP: 0033:0x7f62ffd8e9a9 [ 225.318468][T10252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.338070][T10252] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.346485][T10252] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 225.354449][T10252] RDX: 0000000020040010 RSI: 00002000000019c0 RDI: 0000000000000003 [ 225.362409][T10252] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 225.370368][T10252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.378330][T10252] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 225.386304][T10252] [ 226.033468][T10277] netlink: 'syz.2.1730': attribute type 4 has an invalid length. [ 226.041261][T10277] __nla_validate_parse: 4 callbacks suppressed [ 226.041274][T10277] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.1730'. [ 226.515510][T10281] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1732'. [ 226.552218][T10281] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1732'. [ 226.562073][T10280] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1732'. [ 227.145779][T10308] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1740'. [ 227.168938][T10308] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1740'. [ 227.179150][T10304] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1740'. [ 227.179716][T10311] FAULT_INJECTION: forcing a failure. [ 227.179716][T10311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.219391][T10312] netlink: 'syz.0.1742': attribute type 12 has an invalid length. [ 227.227693][T10311] CPU: 1 PID: 10311 Comm: syz.1.1744 Not tainted 6.6.99-syzkaller #0 [ 227.235812][T10311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.245914][T10311] Call Trace: [ 227.249227][T10311] [ 227.252247][T10311] dump_stack_lvl+0x16c/0x230 [ 227.256992][T10311] ? show_regs_print_info+0x20/0x20 [ 227.262232][T10311] ? load_image+0x3b0/0x3b0 [ 227.266806][T10311] ? __lock_acquire+0x7c80/0x7c80 [ 227.271893][T10311] ? snprintf+0xdb/0x120 [ 227.276193][T10311] should_fail_ex+0x39d/0x4d0 [ 227.280936][T10311] _copy_to_user+0x2f/0xa0 [ 227.285409][T10311] simple_read_from_buffer+0xe7/0x150 [ 227.290849][T10311] proc_fail_nth_read+0x1e3/0x250 [ 227.295923][T10311] ? proc_fault_inject_write+0x340/0x340 [ 227.301580][T10311] ? fsnotify_perm+0x271/0x5e0 [ 227.306371][T10311] ? proc_fault_inject_write+0x340/0x340 [ 227.312043][T10311] vfs_read+0x27e/0x920 [ 227.316226][T10311] ? kernel_read+0x1e0/0x1e0 [ 227.320831][T10311] ? __fget_files+0x28/0x4d0 [ 227.325473][T10311] ? __fget_files+0x44a/0x4d0 [ 227.330182][T10311] ? __fdget_pos+0x2a3/0x330 [ 227.334781][T10311] ? ksys_read+0x75/0x250 [ 227.339131][T10311] ksys_read+0x147/0x250 [ 227.343393][T10311] ? vfs_write+0x940/0x940 [ 227.347852][T10311] ? lockdep_hardirqs_on+0x98/0x150 [ 227.353074][T10311] do_syscall_64+0x55/0xb0 [ 227.357495][T10311] ? clear_bhb_loop+0x40/0x90 [ 227.362214][T10311] ? clear_bhb_loop+0x40/0x90 [ 227.366899][T10311] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 227.372812][T10311] RIP: 0033:0x7f8077f8d3bc [ 227.377241][T10311] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 227.396863][T10311] RSP: 002b:00007f8078d37030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 227.405293][T10311] RAX: ffffffffffffffda RBX: 00007f80781b5fa0 RCX: 00007f8077f8d3bc [ 227.413274][T10311] RDX: 000000000000000f RSI: 00007f8078d370a0 RDI: 0000000000000004 [ 227.421249][T10311] RBP: 00007f8078d37090 R08: 0000000000000000 R09: 0000000000000000 [ 227.429225][T10311] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 227.437236][T10311] R13: 0000000000000000 R14: 00007f80781b5fa0 R15: 00007ffde34759e8 [ 227.445248][T10311] [ 227.451123][T10312] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1742'. [ 227.479914][T10303] netlink: 'syz.0.1742': attribute type 12 has an invalid length. [ 227.512382][T10303] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1742'. [ 228.044828][T10340] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1755'. [ 228.131486][T10345] netlink: 'syz.2.1756': attribute type 12 has an invalid length. [ 228.155761][T10339] netlink: 'syz.2.1756': attribute type 12 has an invalid length. [ 228.176494][T10347] netlink: 'syz.0.1758': attribute type 2 has an invalid length. [ 228.196222][T10347] netlink: 'syz.0.1758': attribute type 1 has an invalid length. [ 228.412278][T10361] FAULT_INJECTION: forcing a failure. [ 228.412278][T10361] name failslab, interval 1, probability 0, space 0, times 0 [ 228.439533][T10361] CPU: 1 PID: 10361 Comm: syz.3.1765 Not tainted 6.6.99-syzkaller #0 [ 228.447673][T10361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 228.457751][T10361] Call Trace: [ 228.461033][T10361] [ 228.463957][T10361] dump_stack_lvl+0x16c/0x230 [ 228.468629][T10361] ? show_regs_print_info+0x20/0x20 [ 228.473820][T10361] ? load_image+0x3b0/0x3b0 [ 228.478322][T10361] ? __might_sleep+0xe0/0xe0 [ 228.482922][T10361] ? __lock_acquire+0x7c80/0x7c80 [ 228.488009][T10361] should_fail_ex+0x39d/0x4d0 [ 228.492746][T10361] should_failslab+0x9/0x20 [ 228.497282][T10361] slab_pre_alloc_hook+0x59/0x310 [ 228.502332][T10361] ? tomoyo_encode+0x28b/0x540 [ 228.507112][T10361] ? tomoyo_encode+0x28b/0x540 [ 228.511907][T10361] __kmem_cache_alloc_node+0x53/0x260 [ 228.517302][T10361] ? tomoyo_encode+0x28b/0x540 [ 228.522080][T10361] __kmalloc+0xa4/0x240 [ 228.526250][T10361] tomoyo_encode+0x28b/0x540 [ 228.530860][T10361] tomoyo_realpath_from_path+0x592/0x5d0 [ 228.536530][T10361] tomoyo_path_number_perm+0x1ea/0x590 [ 228.541997][T10361] ? tomoyo_path_number_perm+0x1ba/0x590 [ 228.547686][T10361] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 228.553157][T10361] ? ksys_write+0x1c1/0x250 [ 228.557722][T10361] ? __fget_files+0x28/0x4d0 [ 228.562335][T10361] security_file_ioctl+0x70/0xa0 [ 228.567284][T10361] __se_sys_ioctl+0x48/0x170 [ 228.571907][T10361] do_syscall_64+0x55/0xb0 [ 228.576343][T10361] ? clear_bhb_loop+0x40/0x90 [ 228.581031][T10361] ? clear_bhb_loop+0x40/0x90 [ 228.585725][T10361] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 228.591641][T10361] RIP: 0033:0x7f6e0b58e9a9 [ 228.596063][T10361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.615676][T10361] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 228.624098][T10361] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 228.632088][T10361] RDX: 0000000000000000 RSI: 0000000000008916 RDI: 0000000000000004 [ 228.640059][T10361] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 228.648029][T10361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.655999][T10361] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 228.663997][T10361] [ 228.693029][T10361] ERROR: Out of memory at tomoyo_realpath_from_path. [ 228.773121][T10368] netlink: 'syz.3.1766': attribute type 21 has an invalid length. [ 228.781088][T10368] netlink: 'syz.3.1766': attribute type 6 has an invalid length. [ 229.642047][T10417] netlink: 'syz.2.1781': attribute type 10 has an invalid length. [ 229.666903][T10417] batadv_slave_1: entered promiscuous mode [ 229.689157][T10417] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.700483][T10417] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.781447][T10422] FAULT_INJECTION: forcing a failure. [ 229.781447][T10422] name failslab, interval 1, probability 0, space 0, times 0 [ 229.799403][T10422] CPU: 0 PID: 10422 Comm: syz.0.1784 Not tainted 6.6.99-syzkaller #0 [ 229.807572][T10422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 229.817699][T10422] Call Trace: [ 229.821028][T10422] [ 229.823994][T10422] dump_stack_lvl+0x16c/0x230 [ 229.828722][T10422] ? show_regs_print_info+0x20/0x20 [ 229.833956][T10422] ? load_image+0x3b0/0x3b0 [ 229.838510][T10422] ? __might_sleep+0xe0/0xe0 [ 229.843138][T10422] ? __lock_acquire+0x7c80/0x7c80 [ 229.848211][T10422] should_fail_ex+0x39d/0x4d0 [ 229.852954][T10422] should_failslab+0x9/0x20 [ 229.857487][T10422] slab_pre_alloc_hook+0x59/0x310 [ 229.862542][T10422] ? bpf_trace_run2+0x26f/0x3c0 [ 229.867430][T10422] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 229.873186][T10422] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 229.878937][T10422] __kmem_cache_alloc_node+0x53/0x260 [ 229.884385][T10422] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 229.890141][T10422] __kmalloc+0xa4/0x240 [ 229.894346][T10422] tomoyo_realpath_from_path+0xe3/0x5d0 [ 229.899981][T10422] tomoyo_path_number_perm+0x1ea/0x590 [ 229.905484][T10422] ? tomoyo_path_number_perm+0x1ba/0x590 [ 229.911158][T10422] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 229.916665][T10422] ? ksys_write+0x1c1/0x250 [ 229.921347][T10422] ? __fget_files+0x28/0x4d0 [ 229.926024][T10422] security_file_ioctl+0x70/0xa0 [ 229.931010][T10422] __se_sys_ioctl+0x48/0x170 [ 229.935649][T10422] do_syscall_64+0x55/0xb0 [ 229.940090][T10422] ? clear_bhb_loop+0x40/0x90 [ 229.944797][T10422] ? clear_bhb_loop+0x40/0x90 [ 229.949512][T10422] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 229.955439][T10422] RIP: 0033:0x7eff5698e9a9 [ 229.959893][T10422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.979529][T10422] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.987984][T10422] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 229.995979][T10422] RDX: 0000200000000640 RSI: 000000000000541b RDI: 0000000000000004 [ 230.003975][T10422] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 230.011968][T10422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.019963][T10422] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 230.028048][T10422] [ 230.058773][T10422] ERROR: Out of memory at tomoyo_realpath_from_path. [ 230.320939][T10427] FAULT_INJECTION: forcing a failure. [ 230.320939][T10427] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 230.353045][T10427] CPU: 1 PID: 10427 Comm: syz.3.1786 Not tainted 6.6.99-syzkaller #0 [ 230.361160][T10427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.371209][T10427] Call Trace: [ 230.374482][T10427] [ 230.377408][T10427] dump_stack_lvl+0x16c/0x230 [ 230.382080][T10427] ? show_regs_print_info+0x20/0x20 [ 230.387288][T10427] ? load_image+0x3b0/0x3b0 [ 230.391831][T10427] ? __might_fault+0xaa/0x120 [ 230.396548][T10427] ? __lock_acquire+0x7c80/0x7c80 [ 230.399700][T10431] delete_channel: no stack [ 230.401607][T10427] should_fail_ex+0x39d/0x4d0 [ 230.406452][T10431] delete_channel: no stack [ 230.410706][T10427] _copy_from_user+0x2f/0xe0 [ 230.410736][T10427] generic_map_update_batch+0x53f/0x810 [ 230.425308][T10427] ? rcu_read_unlock+0xa0/0xa0 [ 230.430106][T10427] ? __fdget+0x180/0x210 [ 230.434389][T10427] ? rcu_read_unlock+0xa0/0xa0 [ 230.439163][T10427] bpf_map_do_batch+0x3d7/0x610 [ 230.444014][T10427] __sys_bpf+0x31b/0x800 [ 230.448255][T10427] ? bpf_link_show_fdinfo+0x350/0x350 [ 230.453635][T10427] ? lock_chain_count+0x20/0x20 [ 230.458491][T10427] __x64_sys_bpf+0x7c/0x90 [ 230.462920][T10427] do_syscall_64+0x55/0xb0 [ 230.467359][T10427] ? clear_bhb_loop+0x40/0x90 [ 230.472057][T10427] ? clear_bhb_loop+0x40/0x90 [ 230.476746][T10427] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 230.482642][T10427] RIP: 0033:0x7f6e0b58e9a9 [ 230.487056][T10427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.506656][T10427] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 230.515072][T10427] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 230.523041][T10427] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a [ 230.531001][T10427] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 230.538959][T10427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.546916][T10427] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 230.554895][T10427] [ 231.018910][T10435] FAULT_INJECTION: forcing a failure. [ 231.018910][T10435] name failslab, interval 1, probability 0, space 0, times 0 [ 231.060231][T10435] CPU: 0 PID: 10435 Comm: syz.0.1788 Not tainted 6.6.99-syzkaller #0 [ 231.068374][T10435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.078445][T10435] Call Trace: [ 231.081730][T10435] [ 231.084667][T10435] dump_stack_lvl+0x16c/0x230 [ 231.089355][T10435] ? show_regs_print_info+0x20/0x20 [ 231.094564][T10435] ? load_image+0x3b0/0x3b0 [ 231.099076][T10435] ? __might_sleep+0xe0/0xe0 [ 231.103678][T10435] ? __lock_acquire+0x7c80/0x7c80 [ 231.108711][T10435] should_fail_ex+0x39d/0x4d0 [ 231.113412][T10435] should_failslab+0x9/0x20 [ 231.117921][T10435] slab_pre_alloc_hook+0x59/0x310 [ 231.122955][T10435] ? __get_vm_area_node+0x125/0x370 [ 231.128156][T10435] __kmem_cache_alloc_node+0x53/0x260 [ 231.133538][T10435] ? __get_vm_area_node+0x125/0x370 [ 231.138738][T10435] kmalloc_node_trace+0x26/0xe0 [ 231.143597][T10435] __get_vm_area_node+0x125/0x370 [ 231.148632][T10435] __vmalloc_node_range+0x36e/0x1320 [ 231.153921][T10435] ? netlink_sendmsg+0x5f3/0xbe0 [ 231.158862][T10435] ? netlink_insert+0x106a/0x1370 [ 231.163908][T10435] ? netlink_insert+0x2b3/0x1370 [ 231.168852][T10435] ? netlink_data_ready+0x10/0x10 [ 231.173882][T10435] ? free_vm_area+0x50/0x50 [ 231.178401][T10435] ? netlink_sendmsg+0x5f3/0xbe0 [ 231.183345][T10435] vmalloc+0x79/0x90 [ 231.187242][T10435] ? netlink_sendmsg+0x5f3/0xbe0 [ 231.192187][T10435] netlink_sendmsg+0x5f3/0xbe0 [ 231.196966][T10435] ? netlink_getsockopt+0x580/0x580 [ 231.202170][T10435] ? aa_sock_msg_perm+0x94/0x150 [ 231.207117][T10435] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 231.212403][T10435] ? security_socket_sendmsg+0x80/0xa0 [ 231.217863][T10435] ? netlink_getsockopt+0x580/0x580 [ 231.223061][T10435] ____sys_sendmsg+0x5bf/0x950 [ 231.227841][T10435] ? __asan_memset+0x22/0x40 [ 231.232436][T10435] ? __sys_sendmsg_sock+0x30/0x30 [ 231.237461][T10435] ? __import_iovec+0x5f2/0x860 [ 231.242346][T10435] ? import_iovec+0x73/0xa0 [ 231.246861][T10435] ___sys_sendmsg+0x220/0x290 [ 231.251546][T10435] ? __sys_sendmsg+0x270/0x270 [ 231.256355][T10435] ? __lock_acquire+0x7c80/0x7c80 [ 231.261416][T10435] __se_sys_sendmsg+0x1a5/0x270 [ 231.266272][T10435] ? __x64_sys_sendmsg+0x80/0x80 [ 231.271257][T10435] ? lockdep_hardirqs_on+0x98/0x150 [ 231.276468][T10435] do_syscall_64+0x55/0xb0 [ 231.280884][T10435] ? clear_bhb_loop+0x40/0x90 [ 231.285560][T10435] ? clear_bhb_loop+0x40/0x90 [ 231.290245][T10435] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 231.296145][T10435] RIP: 0033:0x7eff5698e9a9 [ 231.300560][T10435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.320167][T10435] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 231.328586][T10435] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 231.336566][T10435] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 231.344534][T10435] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 231.352530][T10435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.360501][T10435] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 231.368500][T10435] [ 231.380165][T10435] warn_alloc: 1 callbacks suppressed [ 231.380179][T10435] syz.0.1788: vmalloc error: size 213312, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 231.400508][T10435] CPU: 0 PID: 10435 Comm: syz.0.1788 Not tainted 6.6.99-syzkaller #0 [ 231.408609][T10435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.418692][T10435] Call Trace: [ 231.422009][T10435] [ 231.424969][T10435] dump_stack_lvl+0x16c/0x230 [ 231.429684][T10435] ? show_regs_print_info+0x20/0x20 [ 231.434912][T10435] ? load_image+0x3b0/0x3b0 [ 231.439461][T10435] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 231.445907][T10435] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 231.452443][T10435] warn_alloc+0x210/0x300 [ 231.456810][T10435] ? __get_vm_area_node+0x125/0x370 [ 231.462053][T10435] ? zone_watermark_ok_safe+0x230/0x230 [ 231.467640][T10435] ? rcu_is_watching+0x15/0xb0 [ 231.472448][T10435] ? __get_vm_area_node+0x356/0x370 [ 231.477697][T10435] __vmalloc_node_range+0x393/0x1320 [ 231.483017][T10435] ? netlink_insert+0x106a/0x1370 [ 231.488099][T10435] ? netlink_insert+0x2b3/0x1370 [ 231.493071][T10435] ? netlink_data_ready+0x10/0x10 [ 231.498111][T10435] ? free_vm_area+0x50/0x50 [ 231.502618][T10435] ? netlink_sendmsg+0x5f3/0xbe0 [ 231.507570][T10435] vmalloc+0x79/0x90 [ 231.511502][T10435] ? netlink_sendmsg+0x5f3/0xbe0 [ 231.516470][T10435] netlink_sendmsg+0x5f3/0xbe0 [ 231.521286][T10435] ? netlink_getsockopt+0x580/0x580 [ 231.526517][T10435] ? aa_sock_msg_perm+0x94/0x150 [ 231.531534][T10435] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 231.536852][T10435] ? security_socket_sendmsg+0x80/0xa0 [ 231.542326][T10435] ? netlink_getsockopt+0x580/0x580 [ 231.547542][T10435] ____sys_sendmsg+0x5bf/0x950 [ 231.552370][T10435] ? __asan_memset+0x22/0x40 [ 231.556989][T10435] ? __sys_sendmsg_sock+0x30/0x30 [ 231.562044][T10435] ? __import_iovec+0x5f2/0x860 [ 231.566953][T10435] ? import_iovec+0x73/0xa0 [ 231.571498][T10435] ___sys_sendmsg+0x220/0x290 [ 231.576215][T10435] ? __sys_sendmsg+0x270/0x270 [ 231.581068][T10435] ? __lock_acquire+0x7c80/0x7c80 [ 231.586174][T10435] __se_sys_sendmsg+0x1a5/0x270 [ 231.591070][T10435] ? __x64_sys_sendmsg+0x80/0x80 [ 231.596095][T10435] ? lockdep_hardirqs_on+0x98/0x150 [ 231.601338][T10435] do_syscall_64+0x55/0xb0 [ 231.605785][T10435] ? clear_bhb_loop+0x40/0x90 [ 231.610473][T10435] ? clear_bhb_loop+0x40/0x90 [ 231.615163][T10435] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 231.621090][T10435] RIP: 0033:0x7eff5698e9a9 [ 231.625531][T10435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.645169][T10435] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 231.653627][T10435] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 231.661634][T10435] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 231.669621][T10435] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 231.677613][T10435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.685612][T10435] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 231.693627][T10435] [ 231.703907][T10435] Mem-Info: [ 231.707073][T10435] active_anon:8051 inactive_anon:0 isolated_anon:0 [ 231.707073][T10435] active_file:13590 inactive_file:39890 isolated_file:0 [ 231.707073][T10435] unevictable:768 dirty:537 writeback:0 [ 231.707073][T10435] slab_reclaimable:10810 slab_unreclaimable:93800 [ 231.707073][T10435] mapped:24673 shmem:1360 pagetables:509 [ 231.707073][T10435] sec_pagetables:0 bounce:0 [ 231.707073][T10435] kernel_misc_reclaimable:0 [ 231.707073][T10435] free:1344208 free_pcp:14007 free_cma:0 [ 231.762117][T10435] Node 0 active_anon:32204kB inactive_anon:0kB active_file:54360kB inactive_file:159356kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98692kB dirty:2148kB writeback:0kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11712kB pagetables:2036kB sec_pagetables:0kB all_unreclaimable? no [ 231.794759][T10435] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 231.830296][T10435] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 231.859735][T10435] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 231.868204][T10435] Node 0 DMA32 free:1469152kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:32260kB inactive_anon:0kB active_file:54360kB inactive_file:158020kB unevictable:1536kB writepending:2148kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:33916kB local_pcp:14260kB free_cma:0kB [ 231.899449][T10435] lowmem_reserve[]: 0 0 1 1 1 [ 231.904618][T10435] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 231.932052][T10435] lowmem_reserve[]: 0 0 0 0 0 [ 231.937534][T10435] Node 1 Normal free:3892316kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22052kB local_pcp:7648kB free_cma:0kB [ 231.968028][T10435] lowmem_reserve[]: 0 0 0 0 0 [ 232.009108][T10435] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 232.038530][T10435] Node 0 DMA32: 2*4kB (ME) 1*8kB (M) 287*16kB (UME) 621*32kB (UM) 365*64kB (UM) 82*128kB (UM) 27*256kB (M) 6*512kB (M) 10*1024kB (UM) 5*2048kB (M) 337*4096kB (UM) = 1469152kB [ 232.058393][T10435] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 232.079476][T10454] netlink: 'syz.3.1794': attribute type 1 has an invalid length. [ 232.093035][T10435] Node 1 Normal: 265*4kB (UME) 65*8kB (UME) 47*16kB (UME) 48*32kB (UME) 17*64kB (UME) 10*128kB (UME) 2*256kB (UM) 1*512kB (E) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3892316kB [ 232.111981][T10454] __nla_validate_parse: 8 callbacks suppressed [ 232.111996][T10454] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.1794'. [ 232.132611][T10435] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 232.143127][T10435] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 232.152942][T10435] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 232.162581][T10435] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 232.175469][T10435] 54840 total pagecache pages [ 232.180196][T10435] 0 pages in swap cache [ 232.184514][T10435] Free swap = 124996kB [ 232.189168][T10435] Total swap = 124996kB [ 232.193468][T10435] 2097051 pages RAM [ 232.197441][T10435] 0 pages HighMem/MovableOnly [ 232.202761][T10435] 416137 pages reserved [ 232.210416][T10435] 0 pages cma reserved [ 232.655767][T10483] pim6reg1: tun_chr_ioctl cmd 1074025676 [ 232.664472][T10483] pim6reg1: owner set to 0 [ 232.669083][T10483] FAULT_INJECTION: forcing a failure. [ 232.669083][T10483] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 232.687857][T10483] CPU: 0 PID: 10483 Comm: syz.3.1806 Not tainted 6.6.99-syzkaller #0 [ 232.695983][T10483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 232.706059][T10483] Call Trace: [ 232.709352][T10483] [ 232.712295][T10483] dump_stack_lvl+0x16c/0x230 [ 232.716998][T10483] ? show_regs_print_info+0x20/0x20 [ 232.722223][T10483] ? load_image+0x3b0/0x3b0 [ 232.726748][T10483] ? __lock_acquire+0x7c80/0x7c80 [ 232.731792][T10483] ? snprintf+0xdb/0x120 [ 232.736055][T10483] should_fail_ex+0x39d/0x4d0 [ 232.740768][T10483] _copy_to_user+0x2f/0xa0 [ 232.745218][T10483] simple_read_from_buffer+0xe7/0x150 [ 232.750615][T10483] proc_fail_nth_read+0x1e3/0x250 [ 232.755665][T10483] ? proc_fault_inject_write+0x340/0x340 [ 232.761328][T10483] ? fsnotify_perm+0x271/0x5e0 [ 232.766101][T10483] ? proc_fault_inject_write+0x340/0x340 [ 232.771728][T10483] vfs_read+0x27e/0x920 [ 232.775883][T10483] ? kernel_read+0x1e0/0x1e0 [ 232.780464][T10483] ? __fget_files+0x28/0x4d0 [ 232.785047][T10483] ? __fget_files+0x44a/0x4d0 [ 232.789737][T10483] ? __fdget_pos+0x2a3/0x330 [ 232.794325][T10483] ? ksys_read+0x75/0x250 [ 232.798650][T10483] ksys_read+0x147/0x250 [ 232.802891][T10483] ? vfs_write+0x940/0x940 [ 232.807353][T10483] ? lockdep_hardirqs_on+0x98/0x150 [ 232.812559][T10483] do_syscall_64+0x55/0xb0 [ 232.817010][T10483] ? clear_bhb_loop+0x40/0x90 [ 232.821673][T10483] ? clear_bhb_loop+0x40/0x90 [ 232.826339][T10483] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 232.832235][T10483] RIP: 0033:0x7f6e0b58d3bc [ 232.836649][T10483] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 232.856249][T10483] RSP: 002b:00007f6e0b3ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 232.864657][T10483] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58d3bc [ 232.872617][T10483] RDX: 000000000000000f RSI: 00007f6e0b3ff0a0 RDI: 0000000000000004 [ 232.880612][T10483] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 232.888578][T10483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.896549][T10483] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 232.904524][T10483] [ 233.131078][T10498] pim6reg1: tun_chr_ioctl cmd 1074025676 [ 233.137255][T10498] pim6reg1: owner set to 0 [ 233.177975][T10499] pim6reg1: tun_chr_ioctl cmd 1074025676 [ 233.193688][T10499] pim6reg1: owner set to 0 [ 234.002543][T10533] FAULT_INJECTION: forcing a failure. [ 234.002543][T10533] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.043139][T10533] CPU: 1 PID: 10533 Comm: syz.0.1822 Not tainted 6.6.99-syzkaller #0 [ 234.051280][T10533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 234.061343][T10533] Call Trace: [ 234.064624][T10533] [ 234.067577][T10533] dump_stack_lvl+0x16c/0x230 [ 234.072284][T10533] ? show_regs_print_info+0x20/0x20 [ 234.077500][T10533] ? load_image+0x3b0/0x3b0 [ 234.082016][T10533] ? __lock_acquire+0x7c80/0x7c80 [ 234.087048][T10533] ? snprintf+0xdb/0x120 [ 234.091304][T10533] should_fail_ex+0x39d/0x4d0 [ 234.095994][T10533] _copy_to_user+0x2f/0xa0 [ 234.100414][T10533] simple_read_from_buffer+0xe7/0x150 [ 234.105799][T10533] proc_fail_nth_read+0x1e3/0x250 [ 234.110831][T10533] ? proc_fault_inject_write+0x340/0x340 [ 234.116471][T10533] ? fsnotify_perm+0x271/0x5e0 [ 234.121237][T10533] ? proc_fault_inject_write+0x340/0x340 [ 234.126868][T10533] vfs_read+0x27e/0x920 [ 234.131036][T10533] ? kernel_read+0x1e0/0x1e0 [ 234.135628][T10533] ? __fget_files+0x28/0x4d0 [ 234.140220][T10533] ? __fget_files+0x44a/0x4d0 [ 234.144911][T10533] ? __fdget_pos+0x2a3/0x330 [ 234.149502][T10533] ? ksys_read+0x75/0x250 [ 234.153838][T10533] ksys_read+0x147/0x250 [ 234.158091][T10533] ? vfs_write+0x940/0x940 [ 234.162511][T10533] ? lockdep_hardirqs_on+0x98/0x150 [ 234.167715][T10533] do_syscall_64+0x55/0xb0 [ 234.172129][T10533] ? clear_bhb_loop+0x40/0x90 [ 234.176799][T10533] ? clear_bhb_loop+0x40/0x90 [ 234.181471][T10533] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 234.187366][T10533] RIP: 0033:0x7eff5698d3bc [ 234.191780][T10533] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 234.211385][T10533] RSP: 002b:00007eff578c5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 234.219799][T10533] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698d3bc [ 234.227767][T10533] RDX: 000000000000000f RSI: 00007eff578c50a0 RDI: 0000000000000005 [ 234.235733][T10533] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 234.243701][T10533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.251670][T10533] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 234.259663][T10533] [ 235.491479][T10563] netlink: 'syz.0.1835': attribute type 10 has an invalid length. [ 235.526548][T10563] team0: Device ipvlan1 failed to register rx_handler [ 236.815958][T10622] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1855'. [ 237.355563][T10643] netlink: 'syz.2.1863': attribute type 21 has an invalid length. [ 237.372260][T10643] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1863'. [ 237.411086][T10643] netlink: 'syz.2.1863': attribute type 4 has an invalid length. [ 237.604392][T10659] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1868'. [ 237.708636][T10664] FAULT_INJECTION: forcing a failure. [ 237.708636][T10664] name failslab, interval 1, probability 0, space 0, times 0 [ 237.732542][T10664] CPU: 1 PID: 10664 Comm: syz.0.1873 Not tainted 6.6.99-syzkaller #0 [ 237.740664][T10664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.750736][T10664] Call Trace: [ 237.754026][T10664] [ 237.756968][T10664] dump_stack_lvl+0x16c/0x230 [ 237.761671][T10664] ? show_regs_print_info+0x20/0x20 [ 237.766882][T10664] ? load_image+0x3b0/0x3b0 [ 237.771386][T10664] ? __might_sleep+0xe0/0xe0 [ 237.775970][T10664] ? __lock_acquire+0x7c80/0x7c80 [ 237.780987][T10664] should_fail_ex+0x39d/0x4d0 [ 237.785667][T10664] should_failslab+0x9/0x20 [ 237.790168][T10664] slab_pre_alloc_hook+0x59/0x310 [ 237.795188][T10664] ? d_instantiate+0x6f/0x90 [ 237.799781][T10664] kmem_cache_alloc+0x5a/0x2e0 [ 237.804551][T10664] ? alloc_empty_file+0x9e/0x1d0 [ 237.809489][T10664] alloc_empty_file+0x9e/0x1d0 [ 237.814249][T10664] alloc_file+0x5c/0x600 [ 237.818493][T10664] alloc_file_pseudo+0x17e/0x200 [ 237.823426][T10664] ? alloc_empty_backing_file+0xe0/0xe0 [ 237.828966][T10664] ? __lock_acquire+0x7c80/0x7c80 [ 237.834072][T10664] ? __local_bh_enable_ip+0x12e/0x1c0 [ 237.839434][T10664] ? _local_bh_enable+0xa0/0xa0 [ 237.844292][T10664] anon_inode_getfile+0xc5/0x1a0 [ 237.849253][T10664] bpf_link_prime+0xa6/0x1d0 [ 237.853852][T10664] bpf_raw_tp_link_attach+0x33c/0x560 [ 237.859229][T10664] ? bpf_insn_prepare_dump+0x840/0x840 [ 237.864699][T10664] bpf_raw_tracepoint_open+0x197/0x210 [ 237.870149][T10664] __sys_bpf+0x364/0x800 [ 237.874383][T10664] ? bpf_link_show_fdinfo+0x350/0x350 [ 237.879755][T10664] ? lock_chain_count+0x20/0x20 [ 237.884603][T10664] __x64_sys_bpf+0x7c/0x90 [ 237.889011][T10664] do_syscall_64+0x55/0xb0 [ 237.893418][T10664] ? clear_bhb_loop+0x40/0x90 [ 237.898082][T10664] ? clear_bhb_loop+0x40/0x90 [ 237.902746][T10664] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 237.908635][T10664] RIP: 0033:0x7eff5698e9a9 [ 237.913045][T10664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.932647][T10664] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 237.941058][T10664] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 237.949022][T10664] RDX: 0000000000000010 RSI: 0000200000000200 RDI: 0000000000000011 [ 237.956986][T10664] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 237.964944][T10664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 237.972904][T10664] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 237.980963][T10664] [ 238.088374][T10673] @ÿ: renamed from bond_slave_0 (while UP) [ 238.169845][T10673] netlink: 'syz.1.1874': attribute type 10 has an invalid length. [ 238.311600][T10673] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.331334][T10673] : (slave team0): Enslaving as an active interface with an up link [ 238.502885][T10687] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1878'. [ 238.519878][T10687] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1878'. [ 238.545612][T10682] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1878'. [ 238.666475][T10689] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1881'. [ 239.644716][T10720] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1892'. [ 239.826437][T10716] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 239.907534][T10730] netlink: 'syz.3.1895': attribute type 33 has an invalid length. [ 239.921974][T10730] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1895'. [ 239.931551][T10730] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 240.009050][T10735] netlink: 'syz.1.1894': attribute type 12 has an invalid length. [ 240.018039][T10735] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1894'. [ 240.032696][T10727] netlink: 'syz.1.1894': attribute type 12 has an invalid length. [ 240.041223][T10727] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1894'. [ 240.176948][T10740] netlink: 'syz.1.1898': attribute type 1 has an invalid length. [ 240.187262][T10740] netlink: 'syz.1.1898': attribute type 4 has an invalid length. [ 240.227804][T10740] netlink: 'syz.1.1898': attribute type 10 has an invalid length. [ 240.373628][T10746] netlink: 'syz.1.1900': attribute type 29 has an invalid length. [ 240.387284][T10746] FAULT_INJECTION: forcing a failure. [ 240.387284][T10746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.401930][T10746] CPU: 1 PID: 10746 Comm: syz.1.1900 Not tainted 6.6.99-syzkaller #0 [ 240.410058][T10746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.420129][T10746] Call Trace: [ 240.423423][T10746] [ 240.426354][T10746] dump_stack_lvl+0x16c/0x230 [ 240.431031][T10746] ? show_regs_print_info+0x20/0x20 [ 240.436225][T10746] ? load_image+0x3b0/0x3b0 [ 240.440725][T10746] ? __might_fault+0xaa/0x120 [ 240.445393][T10746] ? __lock_acquire+0x7c80/0x7c80 [ 240.450411][T10746] should_fail_ex+0x39d/0x4d0 [ 240.455098][T10746] _copy_from_user+0x2f/0xe0 [ 240.459700][T10746] ___sys_recvmsg+0x12f/0x510 [ 240.464383][T10746] ? __sys_recvmsg+0x270/0x270 [ 240.469147][T10746] ? ksys_write+0x1c1/0x250 [ 240.473661][T10746] ? __fget_files+0x44a/0x4d0 [ 240.478342][T10746] __x64_sys_recvmsg+0x1f2/0x2c0 [ 240.483280][T10746] ? ___sys_recvmsg+0x510/0x510 [ 240.488145][T10746] ? lockdep_hardirqs_on+0x98/0x150 [ 240.493357][T10746] do_syscall_64+0x55/0xb0 [ 240.497779][T10746] ? clear_bhb_loop+0x40/0x90 [ 240.502468][T10746] ? clear_bhb_loop+0x40/0x90 [ 240.507155][T10746] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 240.513066][T10746] RIP: 0033:0x7f8077f8e9a9 [ 240.517510][T10746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.537138][T10746] RSP: 002b:00007f8078d37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 240.545559][T10746] RAX: ffffffffffffffda RBX: 00007f80781b5fa0 RCX: 00007f8077f8e9a9 [ 240.553523][T10746] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 240.561483][T10746] RBP: 00007f8078d37090 R08: 0000000000000000 R09: 0000000000000000 [ 240.569441][T10746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.577401][T10746] R13: 0000000000000000 R14: 00007f80781b5fa0 R15: 00007ffde34759e8 [ 240.585384][T10746] [ 242.097927][T10823] FAULT_INJECTION: forcing a failure. [ 242.097927][T10823] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.111478][T10823] CPU: 0 PID: 10823 Comm: syz.0.1930 Not tainted 6.6.99-syzkaller #0 [ 242.119581][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.129649][T10823] Call Trace: [ 242.132939][T10823] [ 242.135880][T10823] dump_stack_lvl+0x16c/0x230 [ 242.140581][T10823] ? show_regs_print_info+0x20/0x20 [ 242.145813][T10823] ? load_image+0x3b0/0x3b0 [ 242.150324][T10823] ? __might_fault+0xaa/0x120 [ 242.155003][T10823] should_fail_ex+0x39d/0x4d0 [ 242.159690][T10823] copyin+0x1a/0x90 [ 242.163501][T10823] _copy_from_iter+0x54f/0x1290 [ 242.168354][T10823] ? slab_post_alloc_hook+0x8a/0x4d0 [ 242.173635][T10823] ? __virt_addr_valid+0x18c/0x540 [ 242.178752][T10823] ? copyout_mc+0x70/0x70 [ 242.183082][T10823] ? __virt_addr_valid+0x18c/0x540 [ 242.188197][T10823] ? __virt_addr_valid+0x18c/0x540 [ 242.193308][T10823] ? __virt_addr_valid+0x469/0x540 [ 242.198425][T10823] ? __check_object_size+0x506/0xa30 [ 242.203720][T10823] netlink_sendmsg+0x75c/0xbe0 [ 242.208506][T10823] ? netlink_getsockopt+0x580/0x580 [ 242.213712][T10823] ? aa_sock_msg_perm+0x94/0x150 [ 242.218650][T10823] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 242.223926][T10823] ? security_socket_sendmsg+0x80/0xa0 [ 242.229389][T10823] ? netlink_getsockopt+0x580/0x580 [ 242.234587][T10823] ____sys_sendmsg+0x5bf/0x950 [ 242.239350][T10823] ? __asan_memset+0x22/0x40 [ 242.243932][T10823] ? __sys_sendmsg_sock+0x30/0x30 [ 242.248947][T10823] ? __import_iovec+0x3fa/0x860 [ 242.253798][T10823] ? import_iovec+0x73/0xa0 [ 242.258294][T10823] ___sys_sendmsg+0x220/0x290 [ 242.262994][T10823] ? __sys_sendmsg+0x270/0x270 [ 242.267763][T10823] ? __lock_acquire+0x7c80/0x7c80 [ 242.272801][T10823] __se_sys_sendmsg+0x1a5/0x270 [ 242.277655][T10823] ? __x64_sys_sendmsg+0x80/0x80 [ 242.282602][T10823] ? lockdep_hardirqs_on+0x98/0x150 [ 242.287797][T10823] do_syscall_64+0x55/0xb0 [ 242.292203][T10823] ? clear_bhb_loop+0x40/0x90 [ 242.296868][T10823] ? clear_bhb_loop+0x40/0x90 [ 242.301536][T10823] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 242.307439][T10823] RIP: 0033:0x7eff5698e9a9 [ 242.311855][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.331449][T10823] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 242.339852][T10823] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 242.347814][T10823] RDX: 0000000000000000 RSI: 0000200000000940 RDI: 0000000000000003 [ 242.355815][T10823] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 242.363776][T10823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.371743][T10823] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 242.379713][T10823] [ 242.465993][T10829] FAULT_INJECTION: forcing a failure. [ 242.465993][T10829] name failslab, interval 1, probability 0, space 0, times 0 [ 242.484811][T10829] CPU: 0 PID: 10829 Comm: syz.2.1932 Not tainted 6.6.99-syzkaller #0 [ 242.492943][T10829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.503025][T10829] Call Trace: [ 242.506354][T10829] [ 242.509335][T10829] dump_stack_lvl+0x16c/0x230 [ 242.514056][T10829] ? show_regs_print_info+0x20/0x20 [ 242.519283][T10829] ? load_image+0x3b0/0x3b0 [ 242.523829][T10829] should_fail_ex+0x39d/0x4d0 [ 242.528539][T10829] should_failslab+0x9/0x20 [ 242.533052][T10829] slab_pre_alloc_hook+0x59/0x310 [ 242.538090][T10829] ? nf_ct_ext_add+0x1ab/0x440 [ 242.542864][T10829] ? nf_ct_ext_add+0x1ab/0x440 [ 242.547632][T10829] __kmem_cache_alloc_node+0x53/0x260 [ 242.553021][T10829] ? nf_ct_ext_add+0x1ab/0x440 [ 242.557783][T10829] __kmalloc_node_track_caller+0xa2/0x230 [ 242.563514][T10829] krealloc+0x86/0x120 [ 242.567587][T10829] nf_ct_ext_add+0x1ab/0x440 [ 242.572187][T10829] init_conntrack+0x674/0xee0 [ 242.576881][T10829] ? early_drop+0x7b0/0x7b0 [ 242.581411][T10829] ? nf_conntrack_find_get+0x600/0x600 [ 242.586877][T10829] ? __siphash_unaligned+0x232/0x3b0 [ 242.592178][T10829] nf_conntrack_in+0xbf1/0x15c0 [ 242.597076][T10829] ? nf_ct_pernet+0x270/0x270 [ 242.601762][T10829] ? ip6t_do_table+0x1d5/0x1500 [ 242.606642][T10829] ? ip6t_alloc_initial_table+0x640/0x640 [ 242.612382][T10829] ? ipv6_defrag+0x2d6/0x3a0 [ 242.616976][T10829] ? ipv6_conntrack_in+0x20/0x20 [ 242.621912][T10829] nf_hook_slow+0xbd/0x200 [ 242.626336][T10829] __ip6_local_out+0x776/0x880 [ 242.631105][T10829] ? __ip6_local_out+0x614/0x880 [ 242.636041][T10829] ? ip6_dst_hoplimit+0x350/0x350 [ 242.641087][T10829] ? ip6_setup_cork+0xa2f/0xfe0 [ 242.645966][T10829] ? __ip6_local_out+0x880/0x880 [ 242.650913][T10829] ? read_lock_is_recursive+0x20/0x20 [ 242.656297][T10829] ? ip6_make_skb+0x3f7/0x4c0 [ 242.660979][T10829] ip6_local_out+0x2a/0x130 [ 242.665485][T10829] ? ip6_send_skb+0x10f/0x380 [ 242.670168][T10829] ip6_send_skb+0x1d5/0x380 [ 242.674676][T10829] udp_v6_send_skb+0xbbb/0x1860 [ 242.679559][T10829] udpv6_sendmsg+0x1bb8/0x22f0 [ 242.684336][T10829] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 242.689197][T10829] ? udp_v6_early_demux+0xf60/0xf60 [ 242.694423][T10829] ? lock_chain_count+0x20/0x20 [ 242.699290][T10829] ? _local_bh_enable+0xa0/0xa0 [ 242.704147][T10829] ? inet_send_prepare+0x1b3/0x260 [ 242.709261][T10829] ? inet_send_prepare+0x1b3/0x260 [ 242.714377][T10829] ? inet6_sendmsg+0x5f/0xd0 [ 242.718975][T10829] ? inet6_compat_ioctl+0x380/0x380 [ 242.724175][T10829] ____sys_sendmsg+0x5bf/0x950 [ 242.728954][T10829] ? __asan_memset+0x22/0x40 [ 242.733547][T10829] ? __sys_sendmsg_sock+0x30/0x30 [ 242.738569][T10829] ? __import_iovec+0x3fa/0x860 [ 242.743437][T10829] ? import_iovec+0x73/0xa0 [ 242.747949][T10829] ___sys_sendmsg+0x220/0x290 [ 242.752639][T10829] ? __sys_sendmsg+0x270/0x270 [ 242.757438][T10829] ? __lock_acquire+0x7c80/0x7c80 [ 242.762503][T10829] __se_sys_sendmsg+0x1a5/0x270 [ 242.767361][T10829] ? __x64_sys_sendmsg+0x80/0x80 [ 242.772351][T10829] ? lockdep_hardirqs_on+0x98/0x150 [ 242.777576][T10829] do_syscall_64+0x55/0xb0 [ 242.782002][T10829] ? clear_bhb_loop+0x40/0x90 [ 242.786680][T10829] ? clear_bhb_loop+0x40/0x90 [ 242.791369][T10829] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 242.797271][T10829] RIP: 0033:0x7f62ffd8e9a9 [ 242.801687][T10829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.821298][T10829] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 242.829718][T10829] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 242.837688][T10829] RDX: 0000000004000845 RSI: 0000200000007140 RDI: 0000000000000004 [ 242.845667][T10829] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 242.853643][T10829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.861611][T10829] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 242.869605][T10829] [ 243.181208][T10847] validate_nla: 16 callbacks suppressed [ 243.181238][T10847] netlink: 'syz.2.1935': attribute type 12 has an invalid length. [ 243.199787][T10848] __nla_validate_parse: 19 callbacks suppressed [ 243.199806][T10848] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1938'. [ 243.217507][T10847] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1935'. [ 243.252958][T10840] netlink: 'syz.2.1935': attribute type 12 has an invalid length. [ 243.279489][T10840] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1935'. [ 243.298930][T10852] netlink: 'syz.0.1940': attribute type 12 has an invalid length. [ 243.311363][T10852] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1940'. [ 243.465721][T10859] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1943'. [ 243.678937][T10871] netlink: 'syz.1.1945': attribute type 12 has an invalid length. [ 243.688095][T10871] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1945'. [ 243.700775][T10865] netlink: 'syz.1.1945': attribute type 12 has an invalid length. [ 243.709266][T10865] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1945'. [ 243.804823][T10877] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1949'. [ 243.934672][T10884] netlink: 'syz.1.1950': attribute type 12 has an invalid length. [ 243.943765][T10884] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1950'. [ 244.215131][T10898] netlink: 'syz.1.1962': attribute type 12 has an invalid length. [ 244.228269][T10898] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1962'. [ 244.456365][T10913] netlink: 'syz.1.1958': attribute type 12 has an invalid length. [ 244.495153][T10904] netlink: 'syz.1.1958': attribute type 12 has an invalid length. [ 244.695465][T10923] netlink: 'syz.1.1966': attribute type 29 has an invalid length. [ 245.840715][T10989] FAULT_INJECTION: forcing a failure. [ 245.840715][T10989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.854936][T10989] CPU: 1 PID: 10989 Comm: syz.1.1991 Not tainted 6.6.99-syzkaller #0 [ 245.863038][T10989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.873111][T10989] Call Trace: [ 245.876412][T10989] [ 245.879357][T10989] dump_stack_lvl+0x16c/0x230 [ 245.884063][T10989] ? show_regs_print_info+0x20/0x20 [ 245.889277][T10989] ? load_image+0x3b0/0x3b0 [ 245.893814][T10989] ? __lock_acquire+0x7c80/0x7c80 [ 245.898867][T10989] ? snprintf+0xdb/0x120 [ 245.903140][T10989] should_fail_ex+0x39d/0x4d0 [ 245.907848][T10989] _copy_to_user+0x2f/0xa0 [ 245.912274][T10989] simple_read_from_buffer+0xe7/0x150 [ 245.917660][T10989] proc_fail_nth_read+0x1e3/0x250 [ 245.922695][T10989] ? proc_fault_inject_write+0x340/0x340 [ 245.928336][T10989] ? fsnotify_perm+0x271/0x5e0 [ 245.933095][T10989] ? proc_fault_inject_write+0x340/0x340 [ 245.938718][T10989] vfs_read+0x27e/0x920 [ 245.942869][T10989] ? kernel_read+0x1e0/0x1e0 [ 245.947451][T10989] ? __fget_files+0x28/0x4d0 [ 245.952046][T10989] ? __fget_files+0x44a/0x4d0 [ 245.956751][T10989] ? __fdget_pos+0x2a3/0x330 [ 245.961351][T10989] ? ksys_read+0x75/0x250 [ 245.965700][T10989] ksys_read+0x147/0x250 [ 245.969964][T10989] ? vfs_write+0x940/0x940 [ 245.974399][T10989] ? lockdep_hardirqs_on+0x98/0x150 [ 245.979613][T10989] do_syscall_64+0x55/0xb0 [ 245.984039][T10989] ? clear_bhb_loop+0x40/0x90 [ 245.988717][T10989] ? clear_bhb_loop+0x40/0x90 [ 245.993402][T10989] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 245.999321][T10989] RIP: 0033:0x7f8077f8d3bc [ 246.003787][T10989] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 246.023405][T10989] RSP: 002b:00007f8078d37030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 246.031834][T10989] RAX: ffffffffffffffda RBX: 00007f80781b5fa0 RCX: 00007f8077f8d3bc [ 246.039807][T10989] RDX: 000000000000000f RSI: 00007f8078d370a0 RDI: 0000000000000003 [ 246.047778][T10989] RBP: 00007f8078d37090 R08: 0000000000000000 R09: 0000000000000000 [ 246.055750][T10989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.063727][T10989] R13: 0000000000000001 R14: 00007f80781b5fa0 R15: 00007ffde34759e8 [ 246.071731][T10989] [ 246.076676][T10987] FAULT_INJECTION: forcing a failure. [ 246.076676][T10987] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 246.090863][T10987] CPU: 1 PID: 10987 Comm: syz.2.1990 Not tainted 6.6.99-syzkaller #0 [ 246.098960][T10987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.109035][T10987] Call Trace: [ 246.112389][T10987] [ 246.115349][T10987] dump_stack_lvl+0x16c/0x230 [ 246.120064][T10987] ? show_regs_print_info+0x20/0x20 [ 246.125293][T10987] ? load_image+0x3b0/0x3b0 [ 246.129837][T10987] ? __lock_acquire+0x7c80/0x7c80 [ 246.134901][T10987] ? perf_trace_run_bpf_submit+0xf4/0x1c0 [ 246.140676][T10987] should_fail_ex+0x39d/0x4d0 [ 246.145400][T10987] prepare_alloc_pages+0x1e2/0x5f0 [ 246.150568][T10987] __alloc_pages+0x127/0x460 [ 246.155250][T10987] ? zone_statistics+0x170/0x170 [ 246.160231][T10987] ? do_wp_page+0x826/0x3630 [ 246.164851][T10987] ? do_wp_page+0x1024/0x3630 [ 246.169568][T10987] __folio_alloc+0x10/0x20 [ 246.174016][T10987] vma_alloc_folio+0x47a/0x8f0 [ 246.178843][T10987] do_wp_page+0x128e/0x3630 [ 246.183427][T10987] ? folio_put+0xd0/0xd0 [ 246.187695][T10987] ? do_raw_spin_lock+0x121/0x2c0 [ 246.192757][T10987] ? __rwlock_init+0x150/0x150 [ 246.197562][T10987] ? handle_mm_fault+0xd1/0x4920 [ 246.202530][T10987] handle_mm_fault+0x12d4/0x4920 [ 246.207504][T10987] ? handle_mm_fault+0xd1/0x4920 [ 246.212516][T10987] ? numa_migrate_prep+0x350/0x350 [ 246.217781][T10987] ? lock_mm_and_find_vma+0x9c/0x300 [ 246.223102][T10987] do_user_addr_fault+0x738/0x12e0 [ 246.228272][T10987] exc_page_fault+0x67/0x110 [ 246.232901][T10987] asm_exc_page_fault+0x26/0x30 [ 246.237784][T10987] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 246.243622][T10987] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01 [ 246.263256][T10987] RSP: 0018:ffffc900033f7658 EFLAGS: 00050206 [ 246.269351][T10987] RAX: ffffffff841bec01 RBX: 1ffff9200067efc7 RCX: 0000000000000624 [ 246.277340][T10987] RDX: 0000000000000000 RSI: ffff88807ab2a850 RDI: 0000200000002000 [ 246.285307][T10987] RBP: ffffc900033f77c0 R08: ffff88807ab2ae73 R09: 1ffff1100f5655ce [ 246.293294][T10987] R10: dffffc0000000000 R11: ffffed100f5655cf R12: ffff88807ab2a150 [ 246.301292][T10987] R13: 0000000000000d24 R14: 0000000000000d24 R15: ffffc900033f7e48 [ 246.309314][T10987] ? _copy_to_iter+0x1f1/0x10d0 [ 246.314228][T10987] _copy_to_iter+0x249/0x10d0 [ 246.318965][T10987] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 246.324914][T10987] ? iov_iter_init+0x1e0/0x1e0 [ 246.329724][T10987] ? __virt_addr_valid+0x18c/0x540 [ 246.334867][T10987] ? __virt_addr_valid+0x469/0x540 [ 246.339996][T10987] ? __phys_addr_symbol+0x2f/0x70 [ 246.345071][T10987] __skb_datagram_iter+0xdb/0x780 [ 246.350107][T10987] ? tsk_importance+0x150/0x150 [ 246.354972][T10987] ? skb_copy_datagram_iter+0x200/0x200 [ 246.360525][T10987] ? tipc_wait_for_rcvmsg+0x630/0x630 [ 246.365898][T10987] skb_copy_datagram_iter+0xb1/0x200 [ 246.371182][T10987] tipc_recvmsg+0x79f/0x13b0 [ 246.375806][T10987] ? tipc_send_packet+0x90/0x90 [ 246.380682][T10987] ? aa_sock_msg_perm+0x94/0x150 [ 246.385614][T10987] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 246.390891][T10987] ? security_socket_recvmsg+0x89/0xb0 [ 246.396413][T10987] ? tipc_send_packet+0x90/0x90 [ 246.401289][T10987] ____sys_recvmsg+0x29e/0x5b0 [ 246.406092][T10987] ? __sys_recvmsg_sock+0x50/0x50 [ 246.411157][T10987] ? import_iovec+0x73/0xa0 [ 246.415689][T10987] ___sys_recvmsg+0x1b6/0x510 [ 246.420396][T10987] ? __sys_recvmsg+0x270/0x270 [ 246.425193][T10987] ? ksys_write+0x1c1/0x250 [ 246.429747][T10987] ? __fget_files+0x44a/0x4d0 [ 246.434473][T10987] __x64_sys_recvmsg+0x1f2/0x2c0 [ 246.439436][T10987] ? ___sys_recvmsg+0x510/0x510 [ 246.444352][T10987] ? lockdep_hardirqs_on+0x98/0x150 [ 246.449576][T10987] do_syscall_64+0x55/0xb0 [ 246.454005][T10987] ? clear_bhb_loop+0x40/0x90 [ 246.458689][T10987] ? clear_bhb_loop+0x40/0x90 [ 246.463376][T10987] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 246.469286][T10987] RIP: 0033:0x7f62ffd8e9a9 [ 246.473712][T10987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.493422][T10987] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 246.501849][T10987] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 246.509838][T10987] RDX: 0000000000000080 RSI: 0000200000000340 RDI: 0000000000000003 [ 246.517816][T10987] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 246.525794][T10987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.533774][T10987] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 246.541784][T10987] [ 247.160887][T11038] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 247.162882][ T7318] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00 [ 247.184703][ T7318] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 247.324624][T11038] wlan1: mtu less than device minimum [ 247.330055][T11038] : (slave wlan1): Error -22 calling dev_set_mtu [ 248.516883][T11101] __nla_validate_parse: 30 callbacks suppressed [ 248.516902][T11101] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2033'. [ 248.636328][T11108] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.2036'. [ 248.874095][T11119] FAULT_INJECTION: forcing a failure. [ 248.874095][T11119] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 248.912914][T11119] CPU: 1 PID: 11119 Comm: syz.1.2041 Not tainted 6.6.99-syzkaller #0 [ 248.921129][T11119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.931206][T11119] Call Trace: [ 248.934501][T11119] [ 248.937445][T11119] dump_stack_lvl+0x16c/0x230 [ 248.942143][T11119] ? show_regs_print_info+0x20/0x20 [ 248.947366][T11119] ? load_image+0x3b0/0x3b0 [ 248.951904][T11119] ? __lock_acquire+0x7c80/0x7c80 [ 248.956955][T11119] ? snprintf+0xdb/0x120 [ 248.961223][T11119] should_fail_ex+0x39d/0x4d0 [ 248.965917][T11119] _copy_to_user+0x2f/0xa0 [ 248.970335][T11119] simple_read_from_buffer+0xe7/0x150 [ 248.975714][T11119] proc_fail_nth_read+0x1e3/0x250 [ 248.980737][T11119] ? proc_fault_inject_write+0x340/0x340 [ 248.986366][T11119] ? fsnotify_perm+0x271/0x5e0 [ 248.991129][T11119] ? proc_fault_inject_write+0x340/0x340 [ 248.996759][T11119] vfs_read+0x27e/0x920 [ 249.000916][T11119] ? kernel_read+0x1e0/0x1e0 [ 249.005501][T11119] ? __fget_files+0x28/0x4d0 [ 249.010083][T11119] ? __fget_files+0x44a/0x4d0 [ 249.014762][T11119] ? __fdget_pos+0x2a3/0x330 [ 249.019344][T11119] ? ksys_read+0x75/0x250 [ 249.023676][T11119] ksys_read+0x147/0x250 [ 249.027915][T11119] ? vfs_write+0x940/0x940 [ 249.032335][T11119] ? lockdep_hardirqs_on+0x98/0x150 [ 249.037567][T11119] do_syscall_64+0x55/0xb0 [ 249.041981][T11119] ? clear_bhb_loop+0x40/0x90 [ 249.046654][T11119] ? clear_bhb_loop+0x40/0x90 [ 249.051325][T11119] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.057211][T11119] RIP: 0033:0x7f8077f8d3bc [ 249.061619][T11119] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 249.081217][T11119] RSP: 002b:00007f8078d37030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 249.089627][T11119] RAX: ffffffffffffffda RBX: 00007f80781b5fa0 RCX: 00007f8077f8d3bc [ 249.097602][T11119] RDX: 000000000000000f RSI: 00007f8078d370a0 RDI: 0000000000000004 [ 249.105565][T11119] RBP: 00007f8078d37090 R08: 0000000000000000 R09: 0000000000000000 [ 249.113524][T11119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.121485][T11119] R13: 0000000000000000 R14: 00007f80781b5fa0 R15: 00007ffde34759e8 [ 249.129459][T11119] [ 249.178551][T11126] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 249.178574][ T58] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00 [ 249.208927][ T58] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 249.235253][T11126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2044'. [ 249.313216][T11130] validate_nla: 32 callbacks suppressed [ 249.313233][T11130] netlink: 'syz.2.2044': attribute type 10 has an invalid length. [ 249.335651][T11132] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2046'. [ 249.360065][T11130] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 249.365219][ T3539] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00 [ 249.401768][ T3539] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 249.443140][T11129] netlink: 'syz.3.2045': attribute type 12 has an invalid length. [ 249.451023][T11129] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2045'. [ 249.504350][T11129] netlink: 'syz.3.2045': attribute type 12 has an invalid length. [ 249.512245][T11129] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2045'. [ 249.731935][T11145] netlink: 'syz.0.2051': attribute type 1 has an invalid length. [ 249.744308][T11145] netlink: 'syz.0.2051': attribute type 4 has an invalid length. [ 249.772068][T11145] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2051'. [ 249.979724][T11159] netlink: 'syz.3.2055': attribute type 29 has an invalid length. [ 249.988345][T11159] netlink: 'syz.3.2055': attribute type 29 has an invalid length. [ 249.998487][T11159] netlink: 'syz.3.2055': attribute type 29 has an invalid length. [ 250.007588][T11159] netlink: 'syz.3.2055': attribute type 29 has an invalid length. [ 250.099393][T11161] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2057'. [ 250.239344][T11173] netlink: 'syz.0.2056': attribute type 12 has an invalid length. [ 250.253789][T11173] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2056'. [ 250.367004][T11177] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2063'. [ 251.162107][T11210] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 251.235396][T11210] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 252.555171][T11261] FAULT_INJECTION: forcing a failure. [ 252.555171][T11261] name failslab, interval 1, probability 0, space 0, times 0 [ 252.572017][T11261] CPU: 1 PID: 11261 Comm: syz.2.2097 Not tainted 6.6.99-syzkaller #0 [ 252.580125][T11261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.590203][T11261] Call Trace: [ 252.593503][T11261] [ 252.596447][T11261] dump_stack_lvl+0x16c/0x230 [ 252.601148][T11261] ? show_regs_print_info+0x20/0x20 [ 252.606380][T11261] ? load_image+0x3b0/0x3b0 [ 252.610912][T11261] ? __might_sleep+0xe0/0xe0 [ 252.615524][T11261] ? __lock_acquire+0x7c80/0x7c80 [ 252.620566][T11261] should_fail_ex+0x39d/0x4d0 [ 252.625282][T11261] should_failslab+0x9/0x20 [ 252.629804][T11261] slab_pre_alloc_hook+0x59/0x310 [ 252.634831][T11261] ? d_instantiate+0x6f/0x90 [ 252.639469][T11261] kmem_cache_alloc+0x5a/0x2e0 [ 252.644229][T11261] ? alloc_empty_file+0x9e/0x1d0 [ 252.649172][T11261] alloc_empty_file+0x9e/0x1d0 [ 252.653939][T11261] alloc_file+0x5c/0x600 [ 252.658186][T11261] alloc_file_pseudo+0x17e/0x200 [ 252.663121][T11261] ? alloc_empty_backing_file+0xe0/0xe0 [ 252.668662][T11261] ? __lock_acquire+0x7c80/0x7c80 [ 252.673688][T11261] ? __local_bh_enable_ip+0x12e/0x1c0 [ 252.679067][T11261] ? _local_bh_enable+0xa0/0xa0 [ 252.683951][T11261] anon_inode_getfile+0xc5/0x1a0 [ 252.688887][T11261] bpf_link_prime+0xa6/0x1d0 [ 252.693476][T11261] bpf_raw_tp_link_attach+0x33c/0x560 [ 252.698843][T11261] ? bpf_insn_prepare_dump+0x840/0x840 [ 252.704319][T11261] bpf_raw_tracepoint_open+0x197/0x210 [ 252.709780][T11261] __sys_bpf+0x364/0x800 [ 252.714028][T11261] ? bpf_link_show_fdinfo+0x350/0x350 [ 252.719412][T11261] ? lock_chain_count+0x20/0x20 [ 252.724264][T11261] __x64_sys_bpf+0x7c/0x90 [ 252.728675][T11261] do_syscall_64+0x55/0xb0 [ 252.733091][T11261] ? clear_bhb_loop+0x40/0x90 [ 252.737767][T11261] ? clear_bhb_loop+0x40/0x90 [ 252.742471][T11261] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 252.748365][T11261] RIP: 0033:0x7f62ffd8e9a9 [ 252.752780][T11261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.772381][T11261] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 252.780794][T11261] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 252.788758][T11261] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011 [ 252.796718][T11261] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 252.804692][T11261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.812652][T11261] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 252.820647][T11261] [ 253.560530][T11295] FAULT_INJECTION: forcing a failure. [ 253.560530][T11295] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 253.579728][T11295] CPU: 1 PID: 11295 Comm: syz.0.2108 Not tainted 6.6.99-syzkaller #0 [ 253.587850][T11295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.597919][T11295] Call Trace: [ 253.601217][T11295] [ 253.604162][T11295] dump_stack_lvl+0x16c/0x230 [ 253.608863][T11295] ? show_regs_print_info+0x20/0x20 [ 253.614086][T11295] ? load_image+0x3b0/0x3b0 [ 253.618623][T11295] ? __might_fault+0xaa/0x120 [ 253.623315][T11295] ? __lock_acquire+0x7c80/0x7c80 [ 253.628362][T11295] should_fail_ex+0x39d/0x4d0 [ 253.633053][T11295] _copy_to_user+0x2f/0xa0 [ 253.637476][T11295] bpf_test_finish+0x19a/0x620 [ 253.642246][T11295] ? convert___skb_to_skb+0x590/0x590 [ 253.647638][T11295] ? convert_skb_to___skb+0x420/0x420 [ 253.653027][T11295] ? slab_build_skb+0x25f/0x3f0 [ 253.657891][T11295] bpf_prog_test_run_skb+0xc28/0x11c0 [ 253.663277][T11295] ? cpu_online+0x60/0x60 [ 253.667625][T11295] bpf_prog_test_run+0x321/0x390 [ 253.672573][T11295] __sys_bpf+0x440/0x800 [ 253.676815][T11295] ? bpf_link_show_fdinfo+0x350/0x350 [ 253.682189][T11295] ? lock_chain_count+0x20/0x20 [ 253.687043][T11295] __x64_sys_bpf+0x7c/0x90 [ 253.691451][T11295] do_syscall_64+0x55/0xb0 [ 253.695860][T11295] ? clear_bhb_loop+0x40/0x90 [ 253.700531][T11295] ? clear_bhb_loop+0x40/0x90 [ 253.705200][T11295] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 253.711088][T11295] RIP: 0033:0x7eff5698e9a9 [ 253.715494][T11295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.735101][T11295] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 253.743511][T11295] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 253.751475][T11295] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 253.759437][T11295] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 253.767400][T11295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 253.775362][T11295] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 253.783346][T11295] [ 253.983166][ T58] wlan1: Trigger new scan to find an IBSS to join [ 253.995729][T11300] __nla_validate_parse: 9 callbacks suppressed [ 253.995769][T11300] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2111'. [ 254.291330][T11318] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2116'. [ 254.325835][T11323] FAULT_INJECTION: forcing a failure. [ 254.325835][T11323] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 254.339411][T11323] CPU: 0 PID: 11323 Comm: syz.2.2118 Not tainted 6.6.99-syzkaller #0 [ 254.347512][T11323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.357600][T11323] Call Trace: [ 254.360893][T11323] [ 254.363833][T11323] dump_stack_lvl+0x16c/0x230 [ 254.368535][T11323] ? show_regs_print_info+0x20/0x20 [ 254.373762][T11323] ? load_image+0x3b0/0x3b0 [ 254.378278][T11323] ? __might_fault+0xaa/0x120 [ 254.382955][T11323] ? __lock_acquire+0x7c80/0x7c80 [ 254.387988][T11323] should_fail_ex+0x39d/0x4d0 [ 254.392658][T11323] _copy_to_user+0x2f/0xa0 [ 254.397065][T11323] bpf_test_finish+0x19a/0x620 [ 254.401833][T11323] ? convert___skb_to_skb+0x590/0x590 [ 254.407203][T11323] ? convert_skb_to___skb+0x420/0x420 [ 254.412576][T11323] ? bpf_prog_test_run_skb+0x758/0x11c0 [ 254.418131][T11323] bpf_prog_test_run_skb+0xc28/0x11c0 [ 254.423552][T11323] ? cpu_online+0x60/0x60 [ 254.427889][T11323] bpf_prog_test_run+0x321/0x390 [ 254.432825][T11323] __sys_bpf+0x440/0x800 [ 254.437074][T11323] ? bpf_link_show_fdinfo+0x350/0x350 [ 254.442443][T11323] ? lock_chain_count+0x20/0x20 [ 254.447290][T11323] __x64_sys_bpf+0x7c/0x90 [ 254.451707][T11323] do_syscall_64+0x55/0xb0 [ 254.456118][T11323] ? clear_bhb_loop+0x40/0x90 [ 254.460797][T11323] ? clear_bhb_loop+0x40/0x90 [ 254.465477][T11323] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.471390][T11323] RIP: 0033:0x7f62ffd8e9a9 [ 254.475818][T11323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.495443][T11323] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 254.503878][T11323] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 254.511852][T11323] RDX: 0000000000000050 RSI: 0000200000000040 RDI: 000000000000000a [ 254.519824][T11323] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 254.527807][T11323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.535792][T11323] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 254.543795][T11323] [ 254.568407][T11329] validate_nla: 15 callbacks suppressed [ 254.568422][T11329] netlink: 'syz.0.2117': attribute type 3 has an invalid length. [ 254.585079][T11329] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.2117'. [ 254.651551][T11328] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2120'. [ 254.819337][T11338] netlink: 'syz.2.2124': attribute type 1 has an invalid length. [ 254.828402][T11338] netlink: 'syz.2.2124': attribute type 4 has an invalid length. [ 254.836442][T11338] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2124'. [ 255.258501][T11357] netlink: 'syz.1.2131': attribute type 29 has an invalid length. [ 255.305868][T11357] netlink: 'syz.1.2131': attribute type 29 has an invalid length. [ 255.319184][T11362] netlink: 'syz.1.2131': attribute type 29 has an invalid length. [ 255.364821][T11357] netlink: 'syz.1.2131': attribute type 29 has an invalid length. [ 255.379673][T11357] netlink: 'syz.1.2131': attribute type 29 has an invalid length. [ 255.434189][T11363] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.2132'. [ 255.734476][T11365] FAULT_INJECTION: forcing a failure. [ 255.734476][T11365] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.761566][T11365] CPU: 0 PID: 11365 Comm: syz.0.2133 Not tainted 6.6.99-syzkaller #0 [ 255.769691][T11365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 255.779764][T11365] Call Trace: [ 255.783054][T11365] [ 255.785996][T11365] dump_stack_lvl+0x16c/0x230 [ 255.790700][T11365] ? show_regs_print_info+0x20/0x20 [ 255.795918][T11365] ? load_image+0x3b0/0x3b0 [ 255.800449][T11365] ? __might_fault+0xaa/0x120 [ 255.805141][T11365] ? __lock_acquire+0x7c80/0x7c80 [ 255.810187][T11365] should_fail_ex+0x39d/0x4d0 [ 255.814891][T11365] _copy_to_user+0x2f/0xa0 [ 255.818586][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.819305][T11365] bpf_test_finish+0x19a/0x620 [ 255.819339][T11365] ? convert___skb_to_skb+0x590/0x590 [ 255.826024][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.830316][T11365] ? convert_skb_to___skb+0x420/0x420 [ 255.830353][T11365] ? slab_build_skb+0x25f/0x3f0 [ 255.852144][T11365] bpf_prog_test_run_skb+0xc28/0x11c0 [ 255.857537][T11365] ? cpu_online+0x60/0x60 [ 255.861870][T11365] bpf_prog_test_run+0x321/0x390 [ 255.866802][T11365] __sys_bpf+0x440/0x800 [ 255.871039][T11365] ? bpf_link_show_fdinfo+0x350/0x350 [ 255.876413][T11365] ? lock_chain_count+0x20/0x20 [ 255.881265][T11365] __x64_sys_bpf+0x7c/0x90 [ 255.885704][T11365] do_syscall_64+0x55/0xb0 [ 255.890116][T11365] ? clear_bhb_loop+0x40/0x90 [ 255.894781][T11365] ? clear_bhb_loop+0x40/0x90 [ 255.899449][T11365] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 255.905337][T11365] RIP: 0033:0x7eff5698e9a9 [ 255.909741][T11365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.929338][T11365] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 255.937740][T11365] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 255.945699][T11365] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 255.953663][T11365] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 255.961624][T11365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.969583][T11365] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 255.977558][T11365] [ 255.998242][T11372] netlink: 'syz.3.2136': attribute type 12 has an invalid length. [ 256.036450][T11372] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2136'. [ 256.085713][T11375] netlink: 'syz.3.2136': attribute type 12 has an invalid length. [ 256.119745][T11375] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2136'. [ 256.455710][T11398] netlink: 55 bytes leftover after parsing attributes in process `syz.3.2144'. [ 257.093071][ T786] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 257.139992][T11417] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2152'. [ 257.973962][ T7330] wlan1: Trigger new scan to find an IBSS to join [ 258.319089][T11488] FAULT_INJECTION: forcing a failure. [ 258.319089][T11488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.334049][T11488] CPU: 0 PID: 11488 Comm: syz.2.2176 Not tainted 6.6.99-syzkaller #0 [ 258.342152][T11488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 258.352223][T11488] Call Trace: [ 258.355523][T11488] [ 258.358461][T11488] dump_stack_lvl+0x16c/0x230 [ 258.363162][T11488] ? show_regs_print_info+0x20/0x20 [ 258.368375][T11488] ? load_image+0x3b0/0x3b0 [ 258.372898][T11488] ? __might_fault+0xaa/0x120 [ 258.377585][T11488] ? __lock_acquire+0x7c80/0x7c80 [ 258.382630][T11488] should_fail_ex+0x39d/0x4d0 [ 258.387330][T11488] _copy_to_user+0x2f/0xa0 [ 258.391752][T11488] bpf_test_finish+0x201/0x620 [ 258.396531][T11488] ? convert_skb_to___skb+0x420/0x420 [ 258.401931][T11488] ? slab_build_skb+0x25f/0x3f0 [ 258.406802][T11488] bpf_prog_test_run_skb+0xc28/0x11c0 [ 258.412210][T11488] ? cpu_online+0x60/0x60 [ 258.416559][T11488] bpf_prog_test_run+0x321/0x390 [ 258.421523][T11488] __sys_bpf+0x440/0x800 [ 258.425776][T11488] ? bpf_link_show_fdinfo+0x350/0x350 [ 258.431176][T11488] ? lock_chain_count+0x20/0x20 [ 258.436049][T11488] __x64_sys_bpf+0x7c/0x90 [ 258.440490][T11488] do_syscall_64+0x55/0xb0 [ 258.444919][T11488] ? clear_bhb_loop+0x40/0x90 [ 258.449612][T11488] ? clear_bhb_loop+0x40/0x90 [ 258.454297][T11488] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 258.460196][T11488] RIP: 0033:0x7f62ffd8e9a9 [ 258.464609][T11488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.484218][T11488] RSP: 002b:00007f6300b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 258.492633][T11488] RAX: ffffffffffffffda RBX: 00007f62fffb5fa0 RCX: 00007f62ffd8e9a9 [ 258.500595][T11488] RDX: 000000000000004c RSI: 0000200000000240 RDI: 000000000000000a [ 258.508557][T11488] RBP: 00007f6300b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 258.516518][T11488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.524486][T11488] R13: 0000000000000000 R14: 00007f62fffb5fa0 R15: 00007ffe83268b58 [ 258.532458][T11488] [ 258.656351][T11498] veth1_macvtap: left promiscuous mode [ 259.122043][T11516] __nla_validate_parse: 11 callbacks suppressed [ 259.122146][T11516] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2187'. [ 259.555474][T11547] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2206'. [ 259.674719][T11552] Â: renamed from pim6reg1 [ 259.738468][T11556] validate_nla: 28 callbacks suppressed [ 259.738504][T11556] netlink: 'syz.2.2203': attribute type 1 has an invalid length. [ 259.765066][T11556] netlink: 'syz.2.2203': attribute type 4 has an invalid length. [ 259.789215][T11556] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2203'. [ 259.973112][ T7318] wlan1: Creating new IBSS network, BSSID f6:ed:df:de:b3:a3 [ 260.111646][T11580] FAULT_INJECTION: forcing a failure. [ 260.111646][T11580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.125636][T11580] CPU: 1 PID: 11580 Comm: syz.3.2213 Not tainted 6.6.99-syzkaller #0 [ 260.133730][T11580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.143791][T11580] Call Trace: [ 260.147063][T11580] [ 260.150007][T11580] dump_stack_lvl+0x16c/0x230 [ 260.154687][T11580] ? show_regs_print_info+0x20/0x20 [ 260.159879][T11580] ? load_image+0x3b0/0x3b0 [ 260.164382][T11580] ? __lock_acquire+0x7c80/0x7c80 [ 260.169415][T11580] should_fail_ex+0x39d/0x4d0 [ 260.174098][T11580] _copy_from_user+0x2f/0xe0 [ 260.178681][T11580] __copy_msghdr+0x3bb/0x580 [ 260.183276][T11580] ___sys_sendmsg+0x1a6/0x290 [ 260.187951][T11580] ? __sys_sendmsg+0x270/0x270 [ 260.192723][T11580] ? __lock_acquire+0x7c80/0x7c80 [ 260.197759][T11580] __se_sys_sendmsg+0x1a5/0x270 [ 260.202616][T11580] ? __x64_sys_sendmsg+0x80/0x80 [ 260.207573][T11580] ? lockdep_hardirqs_on+0x98/0x150 [ 260.212769][T11580] do_syscall_64+0x55/0xb0 [ 260.217181][T11580] ? clear_bhb_loop+0x40/0x90 [ 260.221887][T11580] ? clear_bhb_loop+0x40/0x90 [ 260.226555][T11580] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 260.232443][T11580] RIP: 0033:0x7f6e0b58e9a9 [ 260.236849][T11580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.256474][T11580] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 260.264882][T11580] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 260.272855][T11580] RDX: 0000000020000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 260.280814][T11580] RBP: 00007f6e0b3ff090 R08: 0000000000000000 R09: 0000000000000000 [ 260.288782][T11580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.296744][T11580] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 260.304718][T11580] [ 260.392740][T11573] netlink: 763 bytes leftover after parsing attributes in process `syz.0.2212'. [ 260.429034][T11581] netlink: 'syz.2.2215': attribute type 12 has an invalid length. [ 260.447885][T11581] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2215'. [ 260.466487][T11573] netlink: 763 bytes leftover after parsing attributes in process `syz.0.2212'. [ 260.478744][T11583] netlink: 'syz.0.2212': attribute type 7 has an invalid length. [ 260.495061][T11583] netlink: 'syz.0.2212': attribute type 6 has an invalid length. [ 260.518029][T11589] netlink: 'syz.1.2218': attribute type 1 has an invalid length. [ 260.529951][T11588] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2217'. [ 260.537939][T11589] netlink: 'syz.1.2218': attribute type 4 has an invalid length. [ 260.558543][T11588] openvswitch: netlink: Tunnel attr 0 has unexpected len 3060 expected 8 [ 260.583087][T11589] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2218'. [ 260.603933][ T5794] Bluetooth: hci1: unexpected event 0x31 length: 15 > 6 [ 260.721965][T11597] netlink: 'syz.0.2220': attribute type 9 has an invalid length. [ 260.845445][T11608] FAULT_INJECTION: forcing a failure. [ 260.845445][T11608] name failslab, interval 1, probability 0, space 0, times 0 [ 260.859320][T11608] CPU: 1 PID: 11608 Comm: syz.0.2226 Not tainted 6.6.99-syzkaller #0 [ 260.867434][T11608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.877519][T11608] Call Trace: [ 260.880802][T11608] [ 260.883720][T11608] dump_stack_lvl+0x16c/0x230 [ 260.888423][T11608] ? show_regs_print_info+0x20/0x20 [ 260.893625][T11608] ? load_image+0x3b0/0x3b0 [ 260.898118][T11608] ? __might_sleep+0xe0/0xe0 [ 260.902698][T11608] ? __lock_acquire+0x7c80/0x7c80 [ 260.907727][T11608] should_fail_ex+0x39d/0x4d0 [ 260.912402][T11608] should_failslab+0x9/0x20 [ 260.916917][T11608] slab_pre_alloc_hook+0x59/0x310 [ 260.921948][T11608] ? __lock_acquire+0x7c80/0x7c80 [ 260.926961][T11608] kmem_cache_alloc_node+0x60/0x330 [ 260.932158][T11608] ? __alloc_skb+0x108/0x2c0 [ 260.936739][T11608] __alloc_skb+0x108/0x2c0 [ 260.941143][T11608] netlink_sendmsg+0x65b/0xbe0 [ 260.945907][T11608] ? netlink_getsockopt+0x580/0x580 [ 260.951108][T11608] ? aa_sock_msg_perm+0x94/0x150 [ 260.956040][T11608] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 260.961331][T11608] ? security_socket_sendmsg+0x80/0xa0 [ 260.966787][T11608] ? netlink_getsockopt+0x580/0x580 [ 260.971992][T11608] ____sys_sendmsg+0x5bf/0x950 [ 260.976749][T11608] ? __asan_memset+0x22/0x40 [ 260.981338][T11608] ? __sys_sendmsg_sock+0x30/0x30 [ 260.986362][T11608] ? __import_iovec+0x5f2/0x860 [ 260.991202][T11608] ? import_iovec+0x73/0xa0 [ 260.995694][T11608] ___sys_sendmsg+0x220/0x290 [ 261.000389][T11608] ? __sys_sendmsg+0x270/0x270 [ 261.005158][T11608] ? __lock_acquire+0x7c80/0x7c80 [ 261.010201][T11608] __se_sys_sendmsg+0x1a5/0x270 [ 261.015065][T11608] ? __x64_sys_sendmsg+0x80/0x80 [ 261.020042][T11608] ? lockdep_hardirqs_on+0x98/0x150 [ 261.025233][T11608] do_syscall_64+0x55/0xb0 [ 261.029634][T11608] ? clear_bhb_loop+0x40/0x90 [ 261.034294][T11608] ? clear_bhb_loop+0x40/0x90 [ 261.038956][T11608] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 261.044836][T11608] RIP: 0033:0x7eff5698e9a9 [ 261.049239][T11608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.068829][T11608] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 261.077238][T11608] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 261.085193][T11608] RDX: 0000000024000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 261.093156][T11608] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 261.101118][T11608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.109082][T11608] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 261.117080][T11608] [ 261.248709][T11617] netlink: 'syz.3.2230': attribute type 33 has an invalid length. [ 261.272828][T11617] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2230'. [ 261.325595][T11620] FAULT_INJECTION: forcing a failure. [ 261.325595][T11620] name failslab, interval 1, probability 0, space 0, times 0 [ 261.363265][T11620] CPU: 1 PID: 11620 Comm: syz.0.2229 Not tainted 6.6.99-syzkaller #0 [ 261.371383][T11620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.381428][T11620] Call Trace: [ 261.384698][T11620] [ 261.387619][T11620] dump_stack_lvl+0x16c/0x230 [ 261.392294][T11620] ? show_regs_print_info+0x20/0x20 [ 261.397482][T11620] ? load_image+0x3b0/0x3b0 [ 261.401990][T11620] ? __might_sleep+0xe0/0xe0 [ 261.406569][T11620] ? __lock_acquire+0x7c80/0x7c80 [ 261.411579][T11620] ? rcu_is_watching+0x15/0xb0 [ 261.416343][T11620] should_fail_ex+0x39d/0x4d0 [ 261.421023][T11620] should_failslab+0x9/0x20 [ 261.425519][T11620] slab_pre_alloc_hook+0x59/0x310 [ 261.430536][T11620] ? netlink_dump+0xcc/0xde0 [ 261.435112][T11620] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 261.441177][T11620] kmem_cache_alloc_node+0x60/0x330 [ 261.446373][T11620] ? __alloc_skb+0x108/0x2c0 [ 261.450955][T11620] __alloc_skb+0x108/0x2c0 [ 261.455365][T11620] netlink_dump+0x1cf/0xde0 [ 261.459859][T11620] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 261.465832][T11620] ? lock_chain_count+0x20/0x20 [ 261.470669][T11620] ? netlink_lookup+0x200/0x200 [ 261.475516][T11620] ? slab_free_freelist_hook+0x130/0x1b0 [ 261.481140][T11620] ? netlink_recvmsg+0x5cf/0xdf0 [ 261.486070][T11620] ? kmem_cache_free+0xf8/0x280 [ 261.490916][T11620] netlink_recvmsg+0x677/0xdf0 [ 261.495675][T11620] ? netlink_sendmsg+0xbe0/0xbe0 [ 261.500598][T11620] ? aa_sk_perm+0x7fc/0x930 [ 261.505096][T11620] ? aa_af_perm+0x2b0/0x2b0 [ 261.509587][T11620] ? __lock_acquire+0x1260/0x7c80 [ 261.514601][T11620] ? verify_lock_unused+0x140/0x140 [ 261.519788][T11620] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 261.525064][T11620] ? security_socket_recvmsg+0x89/0xb0 [ 261.530509][T11620] ? netlink_sendmsg+0xbe0/0xbe0 [ 261.535437][T11620] ____sys_recvmsg+0x29e/0x5b0 [ 261.540202][T11620] ? __sys_recvmsg_sock+0x50/0x50 [ 261.545226][T11620] ? import_iovec+0x73/0xa0 [ 261.549723][T11620] ___sys_recvmsg+0x1b6/0x510 [ 261.554404][T11620] ? __sys_recvmsg+0x270/0x270 [ 261.559160][T11620] ? ksys_write+0x1c1/0x250 [ 261.563664][T11620] ? __fget_files+0x44a/0x4d0 [ 261.568342][T11620] __x64_sys_recvmsg+0x1f2/0x2c0 [ 261.573277][T11620] ? ___sys_recvmsg+0x510/0x510 [ 261.578130][T11620] ? lockdep_hardirqs_on+0x98/0x150 [ 261.583322][T11620] do_syscall_64+0x55/0xb0 [ 261.587730][T11620] ? clear_bhb_loop+0x40/0x90 [ 261.592393][T11620] ? clear_bhb_loop+0x40/0x90 [ 261.597056][T11620] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 261.602949][T11620] RIP: 0033:0x7eff5698e9a9 [ 261.607353][T11620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.626949][T11620] RSP: 002b:00007eff578c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 261.635369][T11620] RAX: ffffffffffffffda RBX: 00007eff56bb5fa0 RCX: 00007eff5698e9a9 [ 261.643329][T11620] RDX: 0000000040002020 RSI: 0000200000000540 RDI: 0000000000000003 [ 261.651290][T11620] RBP: 00007eff578c5090 R08: 0000000000000000 R09: 0000000000000000 [ 261.659246][T11620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.667212][T11620] R13: 0000000000000000 R14: 00007eff56bb5fa0 R15: 00007ffdafbae038 [ 261.675185][T11620] [ 261.990157][T11637] netlink: 'syz.3.2236': attribute type 1 has an invalid length. [ 262.017752][T11637] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2236'. [ 262.118215][T11643] FAULT_INJECTION: forcing a failure. [ 262.118215][T11643] name failslab, interval 1, probability 0, space 0, times 0 [ 262.187826][T11643] CPU: 1 PID: 11643 Comm: syz.1.2238 Not tainted 6.6.99-syzkaller #0 [ 262.195953][T11643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 262.206106][T11643] Call Trace: [ 262.209408][T11643] [ 262.212348][T11643] dump_stack_lvl+0x16c/0x230 [ 262.217054][T11643] ? show_regs_print_info+0x20/0x20 [ 262.222267][T11643] ? load_image+0x3b0/0x3b0 [ 262.226798][T11643] ? __might_sleep+0xe0/0xe0 [ 262.231402][T11643] ? __lock_acquire+0x7c80/0x7c80 [ 262.236444][T11643] should_fail_ex+0x39d/0x4d0 [ 262.241142][T11643] should_failslab+0x9/0x20 [ 262.245665][T11643] slab_pre_alloc_hook+0x59/0x310 [ 262.250708][T11643] ? tomoyo_encode+0x28b/0x540 [ 262.255498][T11643] ? tomoyo_encode+0x28b/0x540 [ 262.260281][T11643] __kmem_cache_alloc_node+0x53/0x260 [ 262.265685][T11643] ? tomoyo_encode+0x28b/0x540 [ 262.270474][T11643] __kmalloc+0xa4/0x240 [ 262.274650][T11643] tomoyo_encode+0x28b/0x540 [ 262.279266][T11643] tomoyo_realpath_from_path+0x592/0x5d0 [ 262.284931][T11643] tomoyo_path_number_perm+0x1ea/0x590 [ 262.290409][T11643] ? tomoyo_path_number_perm+0x1ba/0x590 [ 262.296072][T11643] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 262.301552][T11643] ? ksys_write+0x1c1/0x250 [ 262.306110][T11643] ? __fget_files+0x28/0x4d0 [ 262.310723][T11643] security_file_ioctl+0x70/0xa0 [ 262.315674][T11643] __se_sys_ioctl+0x48/0x170 [ 262.320274][T11643] do_syscall_64+0x55/0xb0 [ 262.324698][T11643] ? clear_bhb_loop+0x40/0x90 [ 262.329381][T11643] ? clear_bhb_loop+0x40/0x90 [ 262.334077][T11643] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 262.340001][T11643] RIP: 0033:0x7f8077f8e9a9 [ 262.344428][T11643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.364070][T11643] RSP: 002b:00007f8078d16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 262.372499][T11643] RAX: ffffffffffffffda RBX: 00007f80781b6080 RCX: 00007f8077f8e9a9 [ 262.380485][T11643] RDX: 0000000000000000 RSI: 0000000000005411 RDI: 0000000000000003 [ 262.388470][T11643] RBP: 00007f8078d16090 R08: 0000000000000000 R09: 0000000000000000 [ 262.396450][T11643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.404437][T11643] R13: 0000000000000000 R14: 00007f80781b6080 R15: 00007ffde34759e8 [ 262.412434][T11643] [ 262.622384][T11643] ERROR: Out of memory at tomoyo_realpath_from_path. [ 262.894557][T11655] FAULT_INJECTION: forcing a failure. [ 262.894557][T11655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 262.933114][ T7318] wlan1: Trigger new scan to find an IBSS to join [ 262.942898][T11655] CPU: 0 PID: 11655 Comm: syz.3.2242 Not tainted 6.6.99-syzkaller #0 [ 262.951001][T11655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 262.951629][ T7318] ================================================================================ [ 262.961045][T11655] Call Trace: [ 262.961055][T11655] [ 262.961064][T11655] dump_stack_lvl+0x16c/0x230 [ 262.961091][T11655] ? show_regs_print_info+0x20/0x20 [ 262.961111][T11655] ? load_image+0x3b0/0x3b0 [ 262.961137][T11655] ? __might_fault+0xaa/0x120 [ 262.961156][T11655] ? __lock_acquire+0x7c80/0x7c80 [ 262.961188][T11655] should_fail_ex+0x39d/0x4d0 [ 262.961216][T11655] _copy_from_user+0x2f/0xe0 [ 262.961237][T11655] do_ipv6_setsockopt+0x354/0x3c30 [ 262.961272][T11655] ? sk_dst_reset+0xa0/0xa0 [ 262.961302][T11655] ? verify_lock_unused+0x140/0x140 [ 262.981961][ T7318] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1209:5 [ 262.986768][T11655] ? get_pid_task+0x20/0x1e0 [ 262.986797][T11655] ? mark_lock+0x94/0x320 [ 262.986819][T11655] ? __lock_acquire+0x1260/0x7c80 [ 262.986856][T11655] ? aa_label_sk_perm+0x3ec/0x500 [ 262.986902][T11655] ? trace_event_raw_event_lock+0x230/0x230 [ 262.986927][T11655] ? aa_sk_perm+0x930/0x930 [ 262.986968][T11655] ? __might_sleep+0xe0/0xe0 [ 262.987006][T11655] ? aa_sk_perm+0x7fc/0x930 [ 262.987034][T11655] ? aa_af_perm+0x2b0/0x2b0 [ 262.987059][T11655] ? __fget_files+0x28/0x4d0 [ 262.999488][ T7318] index 1 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') [ 263.001196][T11655] ? aa_sock_opt_perm+0x74/0x100 [ 263.001224][T11655] ipv6_setsockopt+0x59/0x190 [ 263.102955][T11655] ? sock_common_recvmsg+0x1b0/0x1b0 [ 263.108241][T11655] do_sock_setsockopt+0x175/0x1a0 [ 263.113259][T11655] ? __fdget+0x180/0x210 [ 263.117495][T11655] __x64_sys_setsockopt+0x184/0x200 [ 263.122693][T11655] do_syscall_64+0x55/0xb0 [ 263.127103][T11655] ? clear_bhb_loop+0x40/0x90 [ 263.131771][T11655] ? clear_bhb_loop+0x40/0x90 [ 263.136437][T11655] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 263.142326][T11655] RIP: 0033:0x7f6e0b58e9a9 [ 263.146733][T11655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.166331][T11655] RSP: 002b:00007f6e0b3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 263.174746][T11655] RAX: ffffffffffffffda RBX: 00007f6e0b7b5fa0 RCX: 00007f6e0b58e9a9 [ 263.182715][T11655] RDX: 0000000000000043 RSI: 0000000000000029 RDI: 0000000000000004 [ 263.190680][T11655] RBP: 00007f6e0b3ff090 R08: 0000000000000004 R09: 0000000000000000 [ 263.198640][T11655] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.206609][T11655] R13: 0000000000000000 R14: 00007f6e0b7b5fa0 R15: 00007ffffdd618f8 [ 263.214582][T11655] [ 263.217847][ T7318] CPU: 1 PID: 7318 Comm: kworker/u4:19 Not tainted 6.6.99-syzkaller #0 [ 263.226121][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.236191][ T7318] Workqueue: events_unbound cfg80211_wiphy_work [ 263.242465][ T7318] Call Trace: [ 263.245753][ T7318] [ 263.248700][ T7318] dump_stack_lvl+0x16c/0x230 [ 263.253380][ T7318] ? show_regs_print_info+0x20/0x20 [ 263.258574][ T7318] ? load_image+0x3b0/0x3b0 [ 263.263082][ T7318] ? mutex_lock_nested+0x20/0x20 [ 263.268021][ T7318] ubsan_epilogue+0xa/0x30 [ 263.272433][ T7318] __ubsan_handle_out_of_bounds+0xe3/0xf0 [ 263.278153][ T7318] ieee80211_request_ibss_scan+0x4eb/0x790 [ 263.283962][ T7318] ieee80211_ibss_work+0xdfd/0x10c0 [ 263.289176][ T7318] ? ieee80211_ibss_rx_queued_mgmt+0x2ac0/0x2ac0 [ 263.295493][ T7318] ? mark_lock+0x94/0x320 [ 263.299823][ T7318] ? ieee80211_iface_work+0xbca/0xc70 [ 263.305196][ T7318] ? _raw_spin_unlock_irq+0x23/0x50 [ 263.310394][ T7318] cfg80211_wiphy_work+0x225/0x260 [ 263.315503][ T7318] ? process_scheduled_works+0x957/0x15b0 [ 263.321213][ T7318] process_scheduled_works+0xa45/0x15b0 [ 263.326776][ T7318] ? assign_work+0x400/0x400 [ 263.331366][ T7318] ? assign_work+0x39e/0x400 [ 263.335964][ T7318] worker_thread+0xa55/0xfc0 [ 263.340571][ T7318] kthread+0x2fa/0x390 [ 263.344629][ T7318] ? pr_cont_work+0x560/0x560 [ 263.349300][ T7318] ? kthread_blkcg+0xd0/0xd0 [ 263.353903][ T7318] ret_from_fork+0x48/0x80 [ 263.358323][ T7318] ? kthread_blkcg+0xd0/0xd0 [ 263.362912][ T7318] ret_from_fork_asm+0x11/0x20 [ 263.367695][ T7318] [ 263.382263][ T7318] ================================================================================ [ 263.392588][ T7318] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 263.399804][ T7318] CPU: 1 PID: 7318 Comm: kworker/u4:19 Not tainted 6.6.99-syzkaller #0 [ 263.408053][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.418117][ T7318] Workqueue: events_unbound cfg80211_wiphy_work [ 263.424380][ T7318] Call Trace: [ 263.427644][ T7318] [ 263.430593][ T7318] dump_stack_lvl+0x16c/0x230 [ 263.435258][ T7318] ? show_regs_print_info+0x20/0x20 [ 263.440439][ T7318] ? load_image+0x3b0/0x3b0 [ 263.444958][ T7318] panic+0x2c0/0x710 [ 263.448877][ T7318] ? bpf_jit_dump+0xd0/0xd0 [ 263.453398][ T7318] ? mutex_lock_nested+0x20/0x20 [ 263.458339][ T7318] check_panic_on_warn+0x84/0xa0 [ 263.463265][ T7318] __ubsan_handle_out_of_bounds+0xe3/0xf0 [ 263.468971][ T7318] ieee80211_request_ibss_scan+0x4eb/0x790 [ 263.474783][ T7318] ieee80211_ibss_work+0xdfd/0x10c0 [ 263.479972][ T7318] ? ieee80211_ibss_rx_queued_mgmt+0x2ac0/0x2ac0 [ 263.486282][ T7318] ? mark_lock+0x94/0x320 [ 263.490600][ T7318] ? ieee80211_iface_work+0xbca/0xc70 [ 263.495968][ T7318] ? _raw_spin_unlock_irq+0x23/0x50 [ 263.501167][ T7318] cfg80211_wiphy_work+0x225/0x260 [ 263.506272][ T7318] ? process_scheduled_works+0x957/0x15b0 [ 263.511979][ T7318] process_scheduled_works+0xa45/0x15b0 [ 263.517533][ T7318] ? assign_work+0x400/0x400 [ 263.522118][ T7318] ? assign_work+0x39e/0x400 [ 263.526700][ T7318] worker_thread+0xa55/0xfc0 [ 263.531301][ T7318] kthread+0x2fa/0x390 [ 263.535358][ T7318] ? pr_cont_work+0x560/0x560 [ 263.540024][ T7318] ? kthread_blkcg+0xd0/0xd0 [ 263.544600][ T7318] ret_from_fork+0x48/0x80 [ 263.549005][ T7318] ? kthread_blkcg+0xd0/0xd0 [ 263.553592][ T7318] ret_from_fork_asm+0x11/0x20 [ 263.558356][ T7318] [ 263.561597][ T7318] Kernel Offset: disabled [ 263.565998][ T7318] Rebooting in 86400 seconds..