last executing test programs: 3.783452725s ago: executing program 1 (id=2387): perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000500080000000000ec2e0a831cabee52e63776d0eea112", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x4, 0x8, 0xb}, 0x50) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91324fc60", 0x8c0}], 0x1}, 0x0) 3.570047482s ago: executing program 1 (id=2391): r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a089, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x2018, 0x0, 0x0, 0x8, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) sendmsg$inet(0xffffffffffffffff, 0x0, 0x7e8166965e22236a) write$cgroup_devices(r1, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext={0x7fffffff, 0x4}, 0x0, 0x1000000000000, 0x6, 0x1, 0x0, 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x80000081}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000f5ff000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x94) perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x8008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8, 0x1, 0x0, 0x0, 0x3, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r4, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000800)="e9", 0x9500}, {&(0x7f00000017c0)="ea0189bdebb0c16d420ee9b95082abd6431cc7afc22c4a6b8adecef68f76bd81a86e89f9c80e5c868a12b09e80ba8c01eb3f4b7be71f9fc2355c336cedc15eb778e3a3b35c3f72629ea4d9ae42cf4c17255815fb8a47aafd8b8ff0c202b4e09f7c42811261b5e113fcce27b4329ccb792df14b7d6dcfaf2cf8dbb51946e89c862e9252731f680ec50326fc16386aeefe654bac24", 0x94}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900) sendmsg$inet(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='tcp_cong_state_set\x00', r3}, 0x10) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000059) close(0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$kcm(0x2, 0x1, 0x106) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x0) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x3, 0x0}, 0x30004001) socket$kcm(0x10, 0x3, 0x10) 3.328112122s ago: executing program 0 (id=2394): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x26e1, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @random="e51d0f00"}) 3.238999989s ago: executing program 1 (id=2395): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffb}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xb, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.189517633s ago: executing program 0 (id=2396): r0 = socket$kcm(0xa, 0x2, 0x3a) sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000180)=@in6={0xa, 0xffff, 0x5, @mcast1, 0x6}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000780)="80005b020eaa4da2", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0) socket$kcm(0x21, 0x2, 0xa) r1 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x8a, 0x7, 0x0, 0x3, 0x0, 0x10000000000, 0x8880, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x4, @perf_bp={0x0, 0x6}, 0x0, 0x3, 0x0, 0x6, 0x7, 0x4, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x18) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0xbc59e4ad6e1074df, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, r1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000001000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='inet_sock_set_state\x00', r4}, 0x10) r6 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={r6, r5, 0x0, 0x0, 0x0}, 0x30) 3.130759778s ago: executing program 1 (id=2398): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000640)={0x5, 0x80, 0xec, 0x0, 0x4, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000005000000000000000200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090300000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000002200009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000000)=ANY=[@ANYRES64=r1], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071106200000000001d300500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 2.701989762s ago: executing program 0 (id=2400): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc108, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 2.596014221s ago: executing program 1 (id=2401): perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000500080000000000ec2e0a831cabee52e63776d0eea112", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91324fc60", 0x8c0}], 0x1}, 0x0) 2.459163862s ago: executing program 1 (id=2404): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x26e1, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @random="e51d0f00"}) 2.445209943s ago: executing program 0 (id=2405): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_config_ext={0x8, 0x1}, 0x2828, 0x4, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x1, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x8) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000004001000050000000b00000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000008000000000000000000000000000000000000000008be13fa6105ef3a076e151bbb3cdfe5a670f9063b123369af0e538fe8ba5550d5cf9eed8831ade5671f488410069097b8bd71f097247d28dfbeaca7ab15b3901e40f33ebb2d87e574c485a0e7c1f6e1ea0e3cbd48ca8a9711f8c9ad83d9496bac8512783b308aa6bb4f64c3ff0e99ccdea79ef9efdcf919278c4e988260e712ed2e4430cf8cc0f7f81482d710b2b6c0b5b0a3b1051a38309b70758fec39a4549ddbac5b95dbc6487e398b38ef49bb95e2d5f353d3dcd2860bc18dc9a8ce37e4e852aafe916fc64f3753894d6f113649c061488c53e850f4af9724135d750d67882d8776e9a253fe8d9498b34c866a96cf1ca9dc6ef60"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), &(0x7f0000000380), 0x2, r1}, 0x38) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_config_ext={0x9, 0x2}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000940)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x40000100}, [@generic={0x40, 0x0, 0x8, 0x9, 0x3}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) r4 = socket$kcm(0xf, 0x2, 0x2) r5 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="33fe00002a0053ea"], 0xfe33) sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="020a01ff02000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r1, 0x0, &(0x7f00000002c0)=""/211}, 0x20) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r7, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r6], 0x9) r8 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) write$cgroup_type(r8, &(0x7f0000000040), 0x9) 2.204371832s ago: executing program 0 (id=2409): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'sit0\x00', @local}) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x420, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000e00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'sit0\x00', @random="4f33e363a4b1"}) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000004080)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000580)=@generic={0x0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair(0x1e, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000001800)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48) 1.60797862s ago: executing program 2 (id=2411): perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x50, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x1ebe4, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) recvmsg(0xffffffffffffffff, 0x0, 0x40002041) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0xa, 0x3, 0x3a) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x74, &(0x7f0000000040)=[{&(0x7f0000000000)="2000000020008107090f9becdb4cb96b02000020fd0000010064000000000000", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./file0\x00'}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000700000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x8, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x5562, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@ifindex, 0x1d, 0x1, 0x31ce, &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000480)={@map=r4, r3, 0x14, 0x10, 0x0, @void, @value=r3, @void, @void, r5}, 0x20) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@fallback=r0, r0, 0x15, 0x1c, 0x0, @void, @value=r6, @void, @void, r5}, 0x20) setsockopt$sock_attach_bpf(r1, 0x29, 0x3, 0x0, 0x500) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x80a, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c30000000e8fe55a1190015000600142603600e120900180000000401a80016000a0004400a080000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003f000000000100000010001f0e0027000f00000000800200121f", 0x2e}], 0x1}, 0x0) 1.408977947s ago: executing program 0 (id=2413): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc108, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 1.076118813s ago: executing program 2 (id=2414): socketpair(0x6, 0x3, 0xd0bf, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="3a3485dd1a80d47e258188e214df918f14dee41d42dd3347ab8b4cee102270083987a8955bfd640c29804d1b225b44a69db213917abf32476d69c5e7e0b0b4844087dcc37f07bd8e32f611015069075ee38590584c022101041cacade98ddb47144f9bf4782de895f7ce305ca6549420f3a46bcc817c724383b089d7d35e9269a601d4b0175e0c39bf8d1e896523887e7f7278e263580fa3b047bea166", 0x9d}], 0x1, &(0x7f00000002c0)=[{0x10, 0x111, 0xbe}], 0x10}, 0x100) ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, &(0x7f00000000c0)) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x0, {0x2, 0x1}}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000380)="e2e81789a34aa83dec51ba381d9c5a41a20c9892f688cb7a9f5711cca18f81ae32b40b1d205dbb58975a37dbb1b312776e8f2294718b8750b4b1eeab252d5980ffa90d918c417d7e93652a49991e3dd636c62f591baef60f8d29defc93892a1be715a1c91303a33da5e6b540ab65cf3367c4ca6a8a748ff0ebefb38f7021ea76", 0x80}], 0x1, &(0x7f0000000440)="b9b0dd0507446cc1d0714c6dd82cc2886fdc1ae09411c77bc3c0d5ea61173c7ac41e3ebe7ec91d873ffb965fb7d7f77236fd699eefb9e2310c886f164f3658c4157b0198f19e9765e7a467513f42f50eceaa9db6f745125d6e72e391aab533c6ae5c59a585c37c931df2ae4cc053cc50431829937ab6f6561635a5b4d93f332d576fe74bdc20e32e9317307d008c9fea37463e7a1a05ab07206ac028c09baf7baf0315bb30cb7925acda1c89b8c7e9d4faf3efb3a08eb45a95e6d835ad0dc1dfb324e9276f563a654b0fc1b0f849243b3b6e85cd0f55cd51", 0xd8, 0x20004001}, 0x4000000) socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x106091, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) r6 = openat$cgroup_freezer_state(r2, &(0x7f0000000080), 0x2, 0x0) write$cgroup_freezer_state(r6, &(0x7f00000000c0)='THAWED\x00', 0x7) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r7, &(0x7f0000000140), &(0x7f0000000000)=""/3, 0x2}, 0x20) write$cgroup_freezer_state(r6, &(0x7f00000006c0)='FREEZING\x00', 0x9) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r7, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6f94f90224fc600e0005000a000200053582c137153e3704000880fc0b09000300", 0x33fe0}], 0x1}, 0x0) 1.075693774s ago: executing program 3 (id=2415): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffb}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xb, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 863.93862ms ago: executing program 3 (id=2416): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x26e1, 0x0) close(r1) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080400007c09e8fe55a10a0015c005001c2603600e1208000f0000000401a8001600a4000140000000007fffffffb94dcf5c0461c1d6900094007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x20004000) ioctl$SIOCSIFHWADDR(r1, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @random="e51d0f00"}) 855.114601ms ago: executing program 2 (id=2417): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000004830000000000000fa40000007010000080020007500feff0000820095000000d3031a006da911b0d632b4e2e86b7ad015836e4d27f5182b60bbb7c19e21eec859fe68f9428ac407630eac8eb682f5b2d86b4abf9e63ad263fec7db9338ca9eebf2218c8b9ca64bcdcdaa06fc4c7aa217fcecd9443c54143bde8ddcbc3b8ac619930206d8d0881af823d6d18c66f021c20b55013d7fb6ea7013c062d13176d71d7dad98eb976ed679fa639"], &(0x7f0000000100)='GPL\x00', 0x8, 0xd, &(0x7f0000000580)=""/250, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x4b, 0x10, 0x0, 0x23}, 0x23) r2 = openat$cgroup_devices(r1, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB='b ', @ANYRESDEC], 0x9) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={0xffffffffffffffff, 0x0, 0x0, 0xa00000000000000}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000061044c000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc108, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r6, 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 735.45052ms ago: executing program 2 (id=2418): r0 = socket$kcm(0xa, 0x2, 0x3a) sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000180)=@in6={0xa, 0xffff, 0x5, @mcast1, 0x6}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000780)="80005b020eaa4da2", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0) socket$kcm(0x21, 0x2, 0xa) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0xbc59e4ad6e1074df, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000001000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000}, 0x94) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='inet_sock_set_state\x00', r3}, 0x10) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={r5, r4, 0x0, 0x0, 0x0}, 0x30) 652.410798ms ago: executing program 3 (id=2419): r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a089, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x2018, 0x0, 0x0, 0x8, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) sendmsg$inet(0xffffffffffffffff, 0x0, 0x7e8166965e22236a) write$cgroup_devices(r1, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext={0x7fffffff, 0x4}, 0x0, 0x1000000000000, 0x6, 0x1, 0x0, 0x0, 0xfffc, 0x0, 0x0, 0x0, 0x80000081}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000f5ff000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x94) perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x8008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8, 0x1, 0x0, 0x0, 0x3, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r4, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000800)="e9", 0x9500}, {&(0x7f00000017c0)="ea0189bdebb0c16d420ee9b95082abd6431cc7afc22c4a6b8adecef68f76bd81a86e89f9c80e5c868a12b09e80ba8c01eb3f4b7be71f9fc2355c336cedc15eb778e3a3b35c3f72629ea4d9ae42cf4c17255815fb8a47aafd8b8ff0c202b4e09f7c42811261b5e113fcce27b4329ccb792df14b7d6dcfaf2cf8dbb51946e89c862e9252731f680ec50326fc16386aeefe654bac24", 0x94}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900) sendmsg$inet(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='tcp_cong_state_set\x00', r3}, 0x10) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000059) close(0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$kcm(0x2, 0x1, 0x106) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x0) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x3, 0x0}, 0x30004001) socket$kcm(0x10, 0x3, 0x10) 428.002295ms ago: executing program 2 (id=2420): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000084) r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x19, 0x4, 0x4, 0x1}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@cgroup, 0x2f, 0x1, 0x697f23ff, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000080)=[0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000200)=[0x0], 0x0}, 0x40) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0x0, r0, 0x0, 0x1, &(0x7f0000000300)='\x00', 0x0}, 0x30) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@fallback=r0, r2, 0x0, 0x20, 0x0, @void, @void, @void, @value=r4, r3}, 0x20) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0xffffffffffffff82, &(0x7f00000000c0)=[{&(0x7f0000000100)="1400000016000b63d25a80648c2594f921240685", 0x14}], 0x1}, 0x0) 228.944492ms ago: executing program 3 (id=2421): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24000084) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0xffffffffffffff82, &(0x7f00000000c0)=[{&(0x7f0000000100)="1400030016000b63d25a80648c2594f921240685", 0x14}], 0x1}, 0x0) 152.886668ms ago: executing program 2 (id=2422): perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x50, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x1ebe4, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) recvmsg(0xffffffffffffffff, 0x0, 0x40002041) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0xa, 0x3, 0x3a) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x74, &(0x7f0000000040)=[{&(0x7f0000000000)="2000000020008107090f9becdb4cb96b02000020fd0000010064000000000000", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./file0\x00'}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000700000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x8, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x0, 0x5562, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@ifindex, 0x1d, 0x1, 0x31ce, &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000480)={@map=r4, r3, 0x14, 0x10, 0x0, @void, @value=r3, @void, @void, r5}, 0x20) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@fallback=r0, r0, 0x15, 0x1c, 0x0, @void, @value=r6, @void, @void, r5}, 0x20) setsockopt$sock_attach_bpf(r1, 0x29, 0x3, 0x0, 0x500) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x80a, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c30000000e8fe55a1190015000600142603600e120900180000000401a80016000a0004400a080000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003f000000000100000010001f0e0027000f00000000800200121f", 0x2e}], 0x1}, 0x0) 40.247247ms ago: executing program 3 (id=2423): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffb}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 3 (id=2424): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91324fc60", 0x8c0}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 30851][ T9747] ? copy_process+0x549/0x3d70 [ 198.835604][ T9747] ? lockdep_hardirqs_on+0x98/0x150 [ 198.840800][ T9747] copy_process+0x549/0x3d70 [ 198.845384][ T9747] ? __might_fault+0xaa/0x120 [ 198.850068][ T9747] ? get_pid_task+0x20/0x1e0 [ 198.854656][ T9747] ? __pidfd_prepare+0x140/0x140 [ 198.859596][ T9747] kernel_clone+0x21b/0x840 [ 198.864094][ T9747] ? ksys_write+0x1c1/0x250 [ 198.868594][ T9747] ? create_io_thread+0x140/0x140 [ 198.873624][ T9747] __x64_sys_clone+0x18c/0x1e0 [ 198.878398][ T9747] ? __fget_files+0x44a/0x4d0 [ 198.883069][ T9747] ? __ia32_sys_vfork+0x100/0x100 [ 198.888092][ T9747] ? lock_chain_count+0x20/0x20 [ 198.892940][ T9747] ? lockdep_hardirqs_on+0x98/0x150 [ 198.898134][ T9747] do_syscall_64+0x55/0xb0 [ 198.902539][ T9747] ? clear_bhb_loop+0x40/0x90 [ 198.907204][ T9747] ? clear_bhb_loop+0x40/0x90 [ 198.911873][ T9747] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 198.917766][ T9747] RIP: 0033:0x7ff51138ebe9 [ 198.922171][ T9747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.941771][ T9747] RSP: 002b:00007ff51212efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 198.950177][ T9747] RAX: ffffffffffffffda RBX: 00007ff5115c5fa0 RCX: 00007ff51138ebe9 [ 198.958142][ T9747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ae12e400 [ 198.966103][ T9747] RBP: 00007ff51212f090 R08: 0000000000000000 R09: 0000000000000000 [ 198.974065][ T9747] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 198.982027][ T9747] R13: 00007ff5115c6038 R14: 00007ff5115c5fa0 R15: 00007fffd3f0e298 [ 198.990002][ T9747] [ 199.058707][ T9747] warn_alloc: 1 callbacks suppressed [ 199.058723][ T9747] syz.0.1620: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 199.116781][ T9747] CPU: 1 PID: 9747 Comm: syz.0.1620 Not tainted syzkaller #0 [ 199.124204][ T9747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.134277][ T9747] Call Trace: [ 199.137577][ T9747] [ 199.140527][ T9747] dump_stack_lvl+0x16c/0x230 [ 199.145225][ T9747] ? show_regs_print_info+0x20/0x20 [ 199.150445][ T9747] ? load_image+0x3b0/0x3b0 [ 199.154960][ T9747] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 199.161403][ T9747] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 199.167918][ T9747] warn_alloc+0x210/0x300 [ 199.172259][ T9747] ? slab_free_freelist_hook+0x130/0x1b0 [ 199.177911][ T9747] ? zone_watermark_ok_safe+0x230/0x230 [ 199.183467][ T9747] ? __get_vm_area_node+0x17b/0x370 [ 199.188706][ T9747] ? __get_vm_area_node+0x17b/0x370 [ 199.193919][ T9747] __vmalloc_node_range+0x393/0x1320 [ 199.199241][ T9747] ? free_vm_area+0x50/0x50 [ 199.203753][ T9747] ? arch_dup_task_struct+0x57/0xd0 [ 199.208960][ T9747] ? __asan_memcpy+0x40/0x70 [ 199.213562][ T9747] dup_task_struct+0x3d0/0x7c0 [ 199.218332][ T9747] ? copy_process+0x549/0x3d70 [ 199.223099][ T9747] ? lockdep_hardirqs_on+0x98/0x150 [ 199.228309][ T9747] copy_process+0x549/0x3d70 [ 199.232902][ T9747] ? __might_fault+0xaa/0x120 [ 199.237600][ T9747] ? get_pid_task+0x20/0x1e0 [ 199.242290][ T9747] ? __pidfd_prepare+0x140/0x140 [ 199.247242][ T9747] kernel_clone+0x21b/0x840 [ 199.251750][ T9747] ? ksys_write+0x1c1/0x250 [ 199.256263][ T9747] ? create_io_thread+0x140/0x140 [ 199.261312][ T9747] __x64_sys_clone+0x18c/0x1e0 [ 199.266081][ T9747] ? __fget_files+0x44a/0x4d0 [ 199.270763][ T9747] ? __ia32_sys_vfork+0x100/0x100 [ 199.275804][ T9747] ? lock_chain_count+0x20/0x20 [ 199.280668][ T9747] ? lockdep_hardirqs_on+0x98/0x150 [ 199.285879][ T9747] do_syscall_64+0x55/0xb0 [ 199.290297][ T9747] ? clear_bhb_loop+0x40/0x90 [ 199.294973][ T9747] ? clear_bhb_loop+0x40/0x90 [ 199.299652][ T9747] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 199.305552][ T9747] RIP: 0033:0x7ff51138ebe9 [ 199.309970][ T9747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.329667][ T9747] RSP: 002b:00007ff51212efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 199.338084][ T9747] RAX: ffffffffffffffda RBX: 00007ff5115c5fa0 RCX: 00007ff51138ebe9 [ 199.346055][ T9747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ae12e400 [ 199.354029][ T9747] RBP: 00007ff51212f090 R08: 0000000000000000 R09: 0000000000000000 [ 199.362004][ T9747] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 199.369982][ T9747] R13: 00007ff5115c6038 R14: 00007ff5115c5fa0 R15: 00007fffd3f0e298 [ 199.377979][ T9747] [ 199.422187][ T9747] Mem-Info: [ 199.425427][ T9747] active_anon:38511 inactive_anon:0 isolated_anon:0 [ 199.425427][ T9747] active_file:16514 inactive_file:39895 isolated_file:0 [ 199.425427][ T9747] unevictable:768 dirty:129 writeback:0 [ 199.425427][ T9747] slab_reclaimable:10301 slab_unreclaimable:90642 [ 199.425427][ T9747] mapped:34792 shmem:34484 pagetables:604 [ 199.425427][ T9747] sec_pagetables:0 bounce:0 [ 199.425427][ T9747] kernel_misc_reclaimable:0 [ 199.425427][ T9747] free:1316112 free_pcp:9626 free_cma:0 [ 199.481903][ T9747] Node 0 active_anon:152944kB inactive_anon:0kB active_file:66056kB inactive_file:159380kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139168kB dirty:516kB writeback:0kB shmem:135400kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10860kB pagetables:2416kB sec_pagetables:0kB all_unreclaimable? no [ 199.546367][ T9747] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 199.654191][ T9747] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 199.702656][ T9747] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 199.733560][ T9747] Node 0 DMA32 free:1351764kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:143300kB inactive_anon:0kB active_file:66056kB inactive_file:158060kB unevictable:1536kB writepending:516kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:29300kB local_pcp:10952kB free_cma:0kB [ 199.803421][ T9747] lowmem_reserve[]: 0 0 1 1 1 [ 199.808757][ T9747] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 199.840842][ T9753] -1: renamed from syzkaller0 [ 199.866606][ T9747] lowmem_reserve[]: 0 0 0 0 0 [ 199.871476][ T9747] Node 1 Normal free:3897176kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19880kB local_pcp:9668kB free_cma:0kB [ 199.929998][ T9747] lowmem_reserve[]: 0 0 0 0 0 [ 199.934789][ T9747] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 199.951035][ T9761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1624'. [ 199.972784][ T9747] Node 0 DMA32: 2330*4kB (UME) 896*8kB (UME) 323*16kB (UME) 632*32kB (UME) 174*64kB (UME) 12*128kB (UME) 2*256kB (UE) 2*512kB (ME) 1*1024kB (U) 2*2048kB (UM) 316*4096kB (M) = 1355544kB [ 200.050642][ T9747] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 200.097369][ T9747] Node 1 Normal: 272*4kB (UME) 57*8kB (UME) 43*16kB (UME) 47*32kB (UME) 25*64kB (UME) 1*128kB (E) 0*256kB 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 949*4096kB (M) = 3897176kB [ 200.139428][ T9747] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 200.149596][ T9747] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 200.159270][ T9747] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 200.172079][ T9761] netlink: 'syz.2.1624': attribute type 4 has an invalid length. [ 200.173184][ T9747] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 200.207573][ T9747] 84552 total pagecache pages [ 200.212301][ T9747] 0 pages in swap cache [ 200.216805][ T9747] Free swap = 124996kB [ 200.221547][ T9747] Total swap = 124996kB [ 200.225720][ T9747] 2097051 pages RAM [ 200.231700][ T9761] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1624'. [ 200.241352][ T9747] 0 pages HighMem/MovableOnly [ 200.246041][ T9747] 416139 pages reserved [ 200.258371][ T9761] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 200.282105][ T9747] 0 pages cma reserved [ 200.423722][ T9759] netlink: 'syz.2.1624': attribute type 39 has an invalid length. [ 200.807518][ T9770] syzkaller0: tun_chr_ioctl cmd 2148553947 [ 200.860752][ T9772] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.1628'. [ 201.306529][ T9779] netlink: 'syz.1.1631': attribute type 39 has an invalid length. [ 201.680998][ T9791] Dead loop on virtual device ip6_vti0, fix it urgently! [ 201.881498][ T9799] netlink: 'syz.0.1638': attribute type 1 has an invalid length. [ 201.941185][ T9805] FAULT_INJECTION: forcing a failure. [ 201.941185][ T9805] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 201.957530][ T9804] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1637'. [ 201.969385][ T9805] CPU: 1 PID: 9805 Comm: syz.1.1640 Not tainted syzkaller #0 [ 201.976799][ T9805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 201.986871][ T9805] Call Trace: [ 201.990153][ T9805] [ 201.993076][ T9805] dump_stack_lvl+0x16c/0x230 [ 201.997748][ T9805] ? show_regs_print_info+0x20/0x20 [ 202.002934][ T9805] ? load_image+0x3b0/0x3b0 [ 202.007430][ T9805] ? __lock_acquire+0x7c80/0x7c80 [ 202.012449][ T9805] ? snprintf+0xdb/0x120 [ 202.016687][ T9805] should_fail_ex+0x39d/0x4d0 [ 202.021368][ T9805] _copy_to_user+0x2f/0xa0 [ 202.025777][ T9805] simple_read_from_buffer+0xe7/0x150 [ 202.031155][ T9805] proc_fail_nth_read+0x1e3/0x250 [ 202.036174][ T9805] ? proc_fault_inject_write+0x340/0x340 [ 202.041808][ T9805] ? fsnotify_perm+0x271/0x5e0 [ 202.046564][ T9805] ? proc_fault_inject_write+0x340/0x340 [ 202.052185][ T9805] vfs_read+0x27e/0x920 [ 202.056334][ T9805] ? kernel_read+0x1e0/0x1e0 [ 202.060912][ T9805] ? __fget_files+0x28/0x4d0 [ 202.065490][ T9805] ? __fget_files+0x44a/0x4d0 [ 202.070164][ T9805] ? __fdget_pos+0x2a3/0x330 [ 202.074741][ T9805] ? ksys_read+0x75/0x250 [ 202.079063][ T9805] ksys_read+0x147/0x250 [ 202.083298][ T9805] ? vfs_write+0x940/0x940 [ 202.087706][ T9805] ? lockdep_hardirqs_on+0x98/0x150 [ 202.092898][ T9805] do_syscall_64+0x55/0xb0 [ 202.097300][ T9805] ? clear_bhb_loop+0x40/0x90 [ 202.101961][ T9805] ? clear_bhb_loop+0x40/0x90 [ 202.106624][ T9805] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 202.112513][ T9805] RIP: 0033:0x7f2dcd98d5fc [ 202.116917][ T9805] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 202.136521][ T9805] RSP: 002b:00007f2dce856030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 202.144927][ T9805] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98d5fc [ 202.152888][ T9805] RDX: 000000000000000f RSI: 00007f2dce8560a0 RDI: 0000000000000005 [ 202.160855][ T9805] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 202.168812][ T9805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.176772][ T9805] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 202.184747][ T9805] [ 202.321424][ T9804] netlink: 'syz.2.1637': attribute type 4 has an invalid length. [ 202.336490][ T9804] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1637'. [ 202.345578][ T9804] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 202.454988][ T9804] netlink: 'syz.2.1637': attribute type 39 has an invalid length. [ 203.162489][ T9827] Dead loop on virtual device ip6_vti0, fix it urgently! [ 203.209206][ T9830] netlink: 'syz.3.1649': attribute type 39 has an invalid length. [ 203.441933][ T9835] FAULT_INJECTION: forcing a failure. [ 203.441933][ T9835] name failslab, interval 1, probability 0, space 0, times 0 [ 203.470485][ T9835] CPU: 0 PID: 9835 Comm: syz.2.1650 Not tainted syzkaller #0 [ 203.477906][ T9835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.488060][ T9835] Call Trace: [ 203.491346][ T9835] [ 203.494287][ T9835] dump_stack_lvl+0x16c/0x230 [ 203.498992][ T9835] ? show_regs_print_info+0x20/0x20 [ 203.504203][ T9835] ? load_image+0x3b0/0x3b0 [ 203.508732][ T9835] ? __lock_acquire+0x7c80/0x7c80 [ 203.516383][ T9835] should_fail_ex+0x39d/0x4d0 [ 203.521094][ T9835] should_failslab+0x9/0x20 [ 203.525620][ T9835] slab_pre_alloc_hook+0x59/0x310 [ 203.530671][ T9835] ? sock_write_iter+0x2bb/0x3f0 [ 203.535634][ T9835] ? vfs_write+0x43b/0x940 [ 203.540067][ T9835] ? ksys_write+0x147/0x250 [ 203.544596][ T9835] kmem_cache_alloc_node+0x60/0x330 [ 203.549840][ T9835] ? alloc_vmap_area+0x1c4/0x1c70 [ 203.554895][ T9835] alloc_vmap_area+0x1c4/0x1c70 [ 203.559794][ T9835] ? vm_map_ram+0xcb0/0xcb0 [ 203.564329][ T9835] ? rcu_is_watching+0x15/0xb0 [ 203.569127][ T9835] __get_vm_area_node+0x162/0x370 [ 203.574178][ T9835] __vmalloc_node_range+0x36e/0x1320 [ 203.579614][ T9835] ? netlink_sendmsg+0x5f3/0xbe0 [ 203.584999][ T9835] ? netlink_insert+0x106a/0x1370 [ 203.590034][ T9835] ? netlink_insert+0x2b3/0x1370 [ 203.594966][ T9835] ? netlink_data_ready+0x10/0x10 [ 203.599987][ T9835] ? free_vm_area+0x50/0x50 [ 203.604492][ T9835] ? netlink_sendmsg+0x5f3/0xbe0 [ 203.609424][ T9835] vmalloc+0x79/0x90 [ 203.613309][ T9835] ? netlink_sendmsg+0x5f3/0xbe0 [ 203.618239][ T9835] netlink_sendmsg+0x5f3/0xbe0 [ 203.623000][ T9835] ? netlink_getsockopt+0x580/0x580 [ 203.628192][ T9835] ? aa_sock_msg_perm+0x94/0x150 [ 203.633120][ T9835] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 203.638395][ T9835] ? security_socket_sendmsg+0x80/0xa0 [ 203.643846][ T9835] sock_write_iter+0x2bb/0x3f0 [ 203.648614][ T9835] ? sock_read_iter+0x3b0/0x3b0 [ 203.653466][ T9835] ? common_file_perm+0x198/0x1f0 [ 203.658488][ T9835] vfs_write+0x43b/0x940 [ 203.662834][ T9835] ? file_end_write+0x250/0x250 [ 203.667696][ T9835] ? __fget_files+0x44a/0x4d0 [ 203.672432][ T9835] ? __fdget_pos+0x1d8/0x330 [ 203.677048][ T9835] ? ksys_write+0x75/0x250 [ 203.681476][ T9835] ksys_write+0x147/0x250 [ 203.685812][ T9835] ? __ia32_sys_read+0x90/0x90 [ 203.690578][ T9835] ? lockdep_hardirqs_on+0x98/0x150 [ 203.695791][ T9835] do_syscall_64+0x55/0xb0 [ 203.700204][ T9835] ? clear_bhb_loop+0x40/0x90 [ 203.704902][ T9835] ? clear_bhb_loop+0x40/0x90 [ 203.709585][ T9835] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 203.715484][ T9835] RIP: 0033:0x7f7edd58ebe9 [ 203.719891][ T9835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.739541][ T9835] RSP: 002b:00007f7ede3a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 203.747944][ T9835] RAX: ffffffffffffffda RBX: 00007f7edd7c5fa0 RCX: 00007f7edd58ebe9 [ 203.755904][ T9835] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000005 [ 203.763863][ T9835] RBP: 00007f7ede3a8090 R08: 0000000000000000 R09: 0000000000000000 [ 203.771824][ T9835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.779784][ T9835] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 203.787753][ T9835] [ 204.017894][ T9847] netlink: 'syz.2.1657': attribute type 33 has an invalid length. [ 204.039920][ T9847] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1657'. [ 204.080084][ T9847] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 204.120398][ T9851] netlink: 703 bytes leftover after parsing attributes in process `syz.3.1658'. [ 204.301444][ T9858] Dead loop on virtual device ip6_vti0, fix it urgently! [ 204.418269][ T9861] netlink: 'syz.0.1662': attribute type 39 has an invalid length. [ 204.874865][ T9884] netlink: 'syz.2.1671': attribute type 29 has an invalid length. [ 204.887837][ T9884] netlink: 'syz.2.1671': attribute type 29 has an invalid length. [ 204.903654][ T9884] netlink: 'syz.2.1671': attribute type 29 has an invalid length. [ 204.942824][ T9884] netlink: 'syz.2.1671': attribute type 29 has an invalid length. [ 204.990456][ T9887] Dead loop on virtual device ip6_vti0, fix it urgently! [ 205.069579][ T9884] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1671'. [ 205.192268][ T9893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1673'. [ 205.275211][ T9901] FAULT_INJECTION: forcing a failure. [ 205.275211][ T9901] name failslab, interval 1, probability 0, space 0, times 0 [ 205.275427][ T9893] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1673'. [ 205.303253][ T9898] netlink: 'syz.0.1675': attribute type 39 has an invalid length. [ 205.313752][ T9901] CPU: 1 PID: 9901 Comm: syz.2.1677 Not tainted syzkaller #0 [ 205.314064][ T9893] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 205.321150][ T9901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 205.321172][ T9901] Call Trace: [ 205.321180][ T9901] [ 205.321189][ T9901] dump_stack_lvl+0x16c/0x230 [ 205.321230][ T9901] ? show_regs_print_info+0x20/0x20 [ 205.321254][ T9901] ? load_image+0x3b0/0x3b0 [ 205.360373][ T9901] ? perf_trace_lock_acquire+0xfb/0x3e0 [ 205.365979][ T9901] should_fail_ex+0x39d/0x4d0 [ 205.370706][ T9901] should_failslab+0x9/0x20 [ 205.375240][ T9901] slab_pre_alloc_hook+0x59/0x310 [ 205.380301][ T9901] kmem_cache_alloc+0x5a/0x2e0 [ 205.385101][ T9901] ? skb_clone+0x1eb/0x370 [ 205.389566][ T9901] skb_clone+0x1eb/0x370 [ 205.393857][ T9901] __netlink_deliver_tap+0x41c/0x830 [ 205.399223][ T9901] ? netlink_deliver_tap+0x2e/0x1b0 [ 205.404470][ T9901] netlink_deliver_tap+0x19c/0x1b0 [ 205.409637][ T9901] netlink_dump+0x8df/0xde0 [ 205.414218][ T9901] ? netlink_lookup+0x200/0x200 [ 205.419138][ T9901] ? slab_free_freelist_hook+0x130/0x1b0 [ 205.424826][ T9901] ? netlink_recvmsg+0x5cf/0xdf0 [ 205.429805][ T9901] ? kmem_cache_free+0xf8/0x280 [ 205.434715][ T9901] netlink_recvmsg+0x677/0xdf0 [ 205.439556][ T9901] ? netlink_sendmsg+0xbe0/0xbe0 [ 205.444538][ T9901] ? aa_sk_perm+0x7fc/0x930 [ 205.449099][ T9901] ? aa_af_perm+0x2b0/0x2b0 [ 205.453665][ T9901] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 205.458988][ T9901] ? security_socket_recvmsg+0x89/0xb0 [ 205.464484][ T9901] ? netlink_sendmsg+0xbe0/0xbe0 [ 205.469478][ T9901] ____sys_recvmsg+0x29e/0x5b0 [ 205.474667][ T9901] ? __sys_recvmsg_sock+0x50/0x50 [ 205.479768][ T9901] ? import_iovec+0x73/0xa0 [ 205.484320][ T9901] ___sys_recvmsg+0x1b6/0x510 [ 205.489054][ T9901] ? __sys_recvmsg+0x270/0x270 [ 205.493885][ T9901] ? ksys_write+0x1c1/0x250 [ 205.498473][ T9901] ? __fget_files+0x44a/0x4d0 [ 205.503231][ T9901] __x64_sys_recvmsg+0x1f2/0x2c0 [ 205.508220][ T9901] ? ___sys_recvmsg+0x510/0x510 [ 205.513153][ T9901] ? lockdep_hardirqs_on+0x98/0x150 [ 205.518411][ T9901] do_syscall_64+0x55/0xb0 [ 205.522868][ T9901] ? clear_bhb_loop+0x40/0x90 [ 205.527582][ T9901] ? clear_bhb_loop+0x40/0x90 [ 205.532301][ T9901] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 205.538239][ T9901] RIP: 0033:0x7f7edd58ebe9 [ 205.542691][ T9901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.562342][ T9901] RSP: 002b:00007f7ede3a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 205.570797][ T9901] RAX: ffffffffffffffda RBX: 00007f7edd7c5fa0 RCX: 00007f7edd58ebe9 [ 205.578798][ T9901] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004 [ 205.582403][ T9893] syzkaller0: entered promiscuous mode [ 205.586777][ T9901] RBP: 00007f7ede3a8090 R08: 0000000000000000 R09: 0000000000000000 [ 205.586797][ T9901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.586809][ T9901] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 205.586853][ T9901] [ 205.624101][ T9893] syzkaller0: entered allmulticast mode [ 207.360655][ T9910] netlink: 703 bytes leftover after parsing attributes in process `syz.2.1680'. [ 207.670860][ T9921] Dead loop on virtual device ip6_vti0, fix it urgently! [ 207.760164][ T5787] Bluetooth: hci3: Dropping invalid advertising data [ 207.773825][ T5787] Bluetooth: hci3: unknown advertising packet type: 0xff [ 207.773861][ T5787] Bluetooth: hci3: Malformed LE Event: 0x02 [ 209.559327][ T9947] netlink: 703 bytes leftover after parsing attributes in process `syz.1.1692'. [ 209.619941][ T9948] Dead loop on virtual device ip6_vti0, fix it urgently! [ 209.729242][ T9957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1695'. [ 209.795945][ T9957] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1695'. [ 209.864436][ T9957] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 210.107100][ T9950] syzkaller0: entered promiscuous mode [ 210.130136][ T9972] FAULT_INJECTION: forcing a failure. [ 210.130136][ T9972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.139731][ T9950] syzkaller0: entered allmulticast mode [ 210.146418][ T9972] CPU: 0 PID: 9972 Comm: syz.3.1702 Not tainted syzkaller #0 [ 210.156324][ T9972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 210.166397][ T9972] Call Trace: [ 210.169685][ T9972] [ 210.172621][ T9972] dump_stack_lvl+0x16c/0x230 [ 210.177316][ T9972] ? show_regs_print_info+0x20/0x20 [ 210.182533][ T9972] ? load_image+0x3b0/0x3b0 [ 210.187041][ T9972] ? __might_fault+0xaa/0x120 [ 210.191747][ T9972] ? __lock_acquire+0x7c80/0x7c80 [ 210.196778][ T9972] should_fail_ex+0x39d/0x4d0 [ 210.201474][ T9972] _copy_from_user+0x2f/0xe0 [ 210.206088][ T9972] dev_ethtool+0xc5/0x1720 [ 210.210515][ T9972] ? lock_chain_count+0x20/0x20 [ 210.215375][ T9972] ? ethtool_get_module_eeprom_call+0x170/0x170 [ 210.221621][ T9972] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 210.227783][ T9972] ? lockdep_hardirqs_on+0x98/0x150 [ 210.232995][ T9972] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 210.239165][ T9972] ? dev_load+0x162/0x1f0 [ 210.243522][ T9972] dev_ioctl+0x4ca/0x1170 [ 210.247860][ T9972] sock_do_ioctl+0x226/0x2f0 [ 210.252471][ T9972] ? sock_show_fdinfo+0xb0/0xb0 [ 210.257348][ T9972] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 210.263340][ T9972] ? lock_chain_count+0x20/0x20 [ 210.268200][ T9972] sock_ioctl+0x623/0x7a0 [ 210.272544][ T9972] ? sock_poll+0x3d0/0x3d0 [ 210.276969][ T9972] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 210.283141][ T9972] ? sock_poll+0x3d0/0x3d0 [ 210.287572][ T9972] ? __se_sys_ioctl+0xf1/0x170 [ 210.292348][ T9972] ? sock_poll+0x3d0/0x3d0 [ 210.296861][ T9972] __se_sys_ioctl+0xfd/0x170 [ 210.301468][ T9972] do_syscall_64+0x55/0xb0 [ 210.305886][ T9972] ? clear_bhb_loop+0x40/0x90 [ 210.310578][ T9972] ? clear_bhb_loop+0x40/0x90 [ 210.315262][ T9972] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 210.321172][ T9972] RIP: 0033:0x7fa4f058ebe9 [ 210.325591][ T9972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.345210][ T9972] RSP: 002b:00007fa4f14d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 210.353627][ T9972] RAX: ffffffffffffffda RBX: 00007fa4f07c5fa0 RCX: 00007fa4f058ebe9 [ 210.361624][ T9972] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000012 [ 210.369619][ T9972] RBP: 00007fa4f14d7090 R08: 0000000000000000 R09: 0000000000000000 [ 210.377607][ T9972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.385586][ T9972] R13: 00007fa4f07c6038 R14: 00007fa4f07c5fa0 R15: 00007fffa8be80f8 [ 210.393589][ T9972] [ 210.558470][ T9978] raw_sendmsg: syz.1.1703 forgot to set AF_INET. Fix it! [ 213.021541][T10008] FAULT_INJECTION: forcing a failure. [ 213.021541][T10008] name failslab, interval 1, probability 0, space 0, times 0 [ 213.036291][T10008] CPU: 1 PID: 10008 Comm: syz.2.1714 Not tainted syzkaller #0 [ 213.043818][T10008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 213.053884][T10008] Call Trace: [ 213.057173][T10008] [ 213.060106][T10008] dump_stack_lvl+0x16c/0x230 [ 213.064778][T10008] ? show_regs_print_info+0x20/0x20 [ 213.069973][T10008] ? load_image+0x3b0/0x3b0 [ 213.074468][T10008] ? __might_sleep+0xe0/0xe0 [ 213.079051][T10008] ? __lock_acquire+0x7c80/0x7c80 [ 213.084069][T10008] should_fail_ex+0x39d/0x4d0 [ 213.088767][T10008] should_failslab+0x9/0x20 [ 213.093274][T10008] slab_pre_alloc_hook+0x59/0x310 [ 213.098303][T10008] ? __lock_acquire+0x7c80/0x7c80 [ 213.103342][T10008] kmem_cache_alloc+0x5a/0x2e0 [ 213.108117][T10008] ? security_file_alloc+0x34/0x120 [ 213.113334][T10008] security_file_alloc+0x34/0x120 [ 213.118377][T10008] init_file+0x94/0x1f0 [ 213.122557][T10008] alloc_empty_file+0xb7/0x1d0 [ 213.127329][T10008] path_openat+0x100/0x3190 [ 213.131853][T10008] ? perf_trace_lock+0xf7/0x380 [ 213.136709][T10008] ? __x64_sys_openat+0x139/0x160 [ 213.141744][T10008] ? verify_lock_unused+0x140/0x140 [ 213.146946][T10008] ? do_filp_open+0x3d0/0x3d0 [ 213.151637][T10008] ? perf_trace_lock+0xf7/0x380 [ 213.156495][T10008] ? trace_event_raw_event_lock+0x230/0x230 [ 213.162405][T10008] do_filp_open+0x1c5/0x3d0 [ 213.166923][T10008] ? vfs_tmpfile+0x490/0x490 [ 213.171555][T10008] ? _raw_spin_unlock+0x28/0x40 [ 213.176409][T10008] ? alloc_fd+0x58f/0x630 [ 213.180761][T10008] do_sys_openat2+0x12c/0x1c0 [ 213.185465][T10008] ? do_sys_open+0xe0/0xe0 [ 213.189896][T10008] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 213.195900][T10008] ? lock_chain_count+0x20/0x20 [ 213.200768][T10008] __x64_sys_openat+0x139/0x160 [ 213.205626][T10008] do_syscall_64+0x55/0xb0 [ 213.210043][T10008] ? clear_bhb_loop+0x40/0x90 [ 213.214716][T10008] ? clear_bhb_loop+0x40/0x90 [ 213.219445][T10008] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.225353][T10008] RIP: 0033:0x7f7edd58d550 [ 213.229789][T10008] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 213.249409][T10008] RSP: 002b:00007f7ede3a7f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 213.257830][T10008] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7edd58d550 [ 213.265838][T10008] RDX: 0000000000000002 RSI: 00007f7ede3a7fa0 RDI: 00000000ffffff9c [ 213.273810][T10008] RBP: 00007f7ede3a7fa0 R08: 0000000000000000 R09: 0000000000000000 [ 213.281778][T10008] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 213.289744][T10008] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 213.297731][T10008] [ 214.164376][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1705'. [ 214.173553][ T9988] netlink: 'syz.0.1705': attribute type 4 has an invalid length. [ 214.182510][ T9988] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1705'. [ 214.191709][ T9988] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 214.208275][ T9991] netlink: 'syz.0.1705': attribute type 39 has an invalid length. [ 214.227770][ T9999] netlink: 'syz.3.1710': attribute type 21 has an invalid length. [ 214.235721][ T9999] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1710'. [ 214.254350][ T9999] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1710'. [ 214.507146][T10018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1716'. [ 214.605327][T10018] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1716'. [ 214.625416][T10018] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 214.774877][T10013] syzkaller0: entered promiscuous mode [ 214.791130][T10013] syzkaller0: entered allmulticast mode [ 215.041373][T10036] Dead loop on virtual device ip6_vti0, fix it urgently! [ 216.504175][T10042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1726'. [ 216.514345][T10044] netlink: 'syz.3.1726': attribute type 4 has an invalid length. [ 216.523521][T10044] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1726'. [ 216.533105][T10044] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 216.549882][T10046] netlink: 'syz.3.1726': attribute type 39 has an invalid length. [ 216.736075][T10051] syz.3.1727 uses obsolete (PF_INET,SOCK_PACKET) [ 217.958304][T10034] bridge0: port 3(bond0) entered blocking state [ 217.965667][T10034] bridge0: port 3(bond0) entered disabled state [ 217.972396][T10034] bond0: entered allmulticast mode [ 217.977663][T10034] bond_slave_0: entered allmulticast mode [ 217.983457][T10034] bond_slave_1: entered allmulticast mode [ 217.990978][T10034] bond0: entered promiscuous mode [ 217.996028][T10034] bond_slave_0: entered promiscuous mode [ 218.002133][T10034] bond_slave_1: entered promiscuous mode [ 218.012000][T10034] bridge0: port 3(bond0) entered blocking state [ 218.018801][T10034] bridge0: port 3(bond0) entered forwarding state [ 218.028260][T10037] bond0: left allmulticast mode [ 218.033215][T10037] bond_slave_0: left allmulticast mode [ 218.040120][T10037] bond_slave_1: left allmulticast mode [ 218.045719][T10037] bond0: left promiscuous mode [ 218.051052][T10037] bond_slave_0: left promiscuous mode [ 218.057017][T10037] bond_slave_1: left promiscuous mode [ 218.062951][T10037] bridge0: port 3(bond0) entered disabled state [ 218.512948][T10071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1736'. [ 218.532903][T10071] netlink: 'syz.1.1736': attribute type 4 has an invalid length. [ 218.540931][T10071] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1736'. [ 218.571248][T10071] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 218.597894][T10072] netlink: 'syz.1.1736': attribute type 39 has an invalid length. [ 218.680961][T10074] Dead loop on virtual device ip6_vti0, fix it urgently! [ 219.317356][T10092] bridge0: port 3(bond0) entered blocking state [ 219.336782][T10092] bridge0: port 3(bond0) entered disabled state [ 219.349011][T10092] bond0: entered allmulticast mode [ 219.363697][T10092] bond_slave_0: entered allmulticast mode [ 219.374360][T10092] bond_slave_1: entered allmulticast mode [ 219.423332][T10092] bond0: entered promiscuous mode [ 219.435469][T10092] bond_slave_0: entered promiscuous mode [ 219.442847][T10092] bond_slave_1: entered promiscuous mode [ 219.453052][T10092] bridge0: port 3(bond0) entered blocking state [ 219.459974][T10092] bridge0: port 3(bond0) entered forwarding state [ 219.487901][T10094] netlink: 17279 bytes leftover after parsing attributes in process `syz.3.1745'. [ 219.590025][T10095] bond0: left allmulticast mode [ 219.597951][T10095] bond_slave_0: left allmulticast mode [ 219.607278][T10095] bond_slave_1: left allmulticast mode [ 219.612834][T10095] bond0: left promiscuous mode [ 219.626050][T10095] bond_slave_0: left promiscuous mode [ 219.646834][T10095] bond_slave_1: left promiscuous mode [ 219.659268][T10095] bridge0: port 3(bond0) entered disabled state [ 219.777506][T10105] Dead loop on virtual device ip6_vti0, fix it urgently! [ 219.959604][T10111] Dead loop on virtual device ip6_vti0, fix it urgently! [ 220.622777][T10133] FAULT_INJECTION: forcing a failure. [ 220.622777][T10133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.653187][T10133] CPU: 0 PID: 10133 Comm: syz.2.1757 Not tainted syzkaller #0 [ 220.660716][T10133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 220.670807][T10133] Call Trace: [ 220.674201][T10133] [ 220.677158][T10133] dump_stack_lvl+0x16c/0x230 [ 220.681862][T10133] ? show_regs_print_info+0x20/0x20 [ 220.687084][T10133] ? load_image+0x3b0/0x3b0 [ 220.691604][T10133] ? __might_fault+0xaa/0x120 [ 220.696302][T10133] ? __lock_acquire+0x7c80/0x7c80 [ 220.701349][T10133] should_fail_ex+0x39d/0x4d0 [ 220.706052][T10133] _copy_from_user+0x2f/0xe0 [ 220.710701][T10133] ___sys_sendmsg+0x159/0x290 [ 220.715427][T10133] ? __sys_sendmsg+0x270/0x270 [ 220.720230][T10133] ? __lock_acquire+0x7c80/0x7c80 [ 220.725288][T10133] __se_sys_sendmsg+0x1a5/0x270 [ 220.730154][T10133] ? __x64_sys_sendmsg+0x80/0x80 [ 220.735117][T10133] ? lockdep_hardirqs_on+0x98/0x150 [ 220.740332][T10133] do_syscall_64+0x55/0xb0 [ 220.744768][T10133] ? clear_bhb_loop+0x40/0x90 [ 220.749456][T10133] ? clear_bhb_loop+0x40/0x90 [ 220.754205][T10133] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 220.760266][T10133] RIP: 0033:0x7f7edd58ebe9 [ 220.764686][T10133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.784321][T10133] RSP: 002b:00007f7ede3a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 220.792735][T10133] RAX: ffffffffffffffda RBX: 00007f7edd7c5fa0 RCX: 00007f7edd58ebe9 [ 220.800706][T10133] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004 [ 220.808674][T10133] RBP: 00007f7ede3a8090 R08: 0000000000000000 R09: 0000000000000000 [ 220.816642][T10133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.824605][T10133] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 220.832594][T10133] [ 221.284517][T10151] Dead loop on virtual device ip6_vti0, fix it urgently! [ 222.575462][T10137] bridge0: port 3(bond0) entered blocking state [ 222.583683][T10137] bridge0: port 3(bond0) entered disabled state [ 222.611665][T10137] bond0: entered allmulticast mode [ 222.637747][T10137] bond_slave_0: entered allmulticast mode [ 222.645856][T10137] bond_slave_1: entered allmulticast mode [ 222.662983][T10137] bond0: entered promiscuous mode [ 222.668643][T10137] bond_slave_0: entered promiscuous mode [ 222.675251][T10137] bond_slave_1: entered promiscuous mode [ 222.685678][T10137] bridge0: port 3(bond0) entered blocking state [ 222.692789][T10137] bridge0: port 3(bond0) entered forwarding state [ 222.751773][T10139] bond0: left allmulticast mode [ 222.779113][T10139] bond_slave_0: left allmulticast mode [ 222.796859][T10139] bond_slave_1: left allmulticast mode [ 222.816718][T10139] bond0: left promiscuous mode [ 222.821536][T10139] bond_slave_0: left promiscuous mode [ 222.830266][T10139] bond_slave_1: left promiscuous mode [ 222.836067][T10139] bridge0: port 3(bond0) entered disabled state [ 223.251677][T10178] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1770'. [ 223.290882][T10178] netlink: 'syz.0.1770': attribute type 4 has an invalid length. [ 223.304536][T10178] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1770'. [ 223.327224][T10178] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 223.366805][T10184] Dead loop on virtual device ip6_vti0, fix it urgently! [ 223.473092][T10178] netlink: 'syz.0.1770': attribute type 39 has an invalid length. [ 223.785058][T10193] bridge0: port 3(bond0) entered blocking state [ 223.805954][T10193] bridge0: port 3(bond0) entered disabled state [ 223.813416][T10193] bond0: entered allmulticast mode [ 223.819035][T10193] bond_slave_0: entered allmulticast mode [ 223.825849][T10193] bond_slave_1: entered allmulticast mode [ 223.851380][T10193] bond0: entered promiscuous mode [ 223.865644][T10193] bond_slave_0: entered promiscuous mode [ 223.872994][T10193] bond_slave_1: entered promiscuous mode [ 223.887270][T10193] bridge0: port 3(bond0) entered blocking state [ 223.894235][T10193] bridge0: port 3(bond0) entered forwarding state [ 223.915820][T10195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1786'. [ 223.930391][T10200] bond0: left allmulticast mode [ 223.935290][T10200] bond_slave_0: left allmulticast mode [ 223.942467][T10200] bond_slave_1: left allmulticast mode [ 223.949372][T10208] FAULT_INJECTION: forcing a failure. [ 223.949372][T10208] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 223.953558][T10200] bond0: left promiscuous mode [ 223.969925][T10208] CPU: 1 PID: 10208 Comm: syz.1.1781 Not tainted syzkaller #0 [ 223.973717][T10200] bond_slave_0: left promiscuous mode [ 223.977408][T10208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 223.977442][T10208] Call Trace: [ 223.977451][T10208] [ 223.977458][T10208] dump_stack_lvl+0x16c/0x230 [ 223.977486][T10208] ? show_regs_print_info+0x20/0x20 [ 223.977505][T10208] ? load_image+0x3b0/0x3b0 [ 223.977522][T10208] ? __lock_acquire+0x7c80/0x7c80 [ 223.977541][T10208] ? snprintf+0xdb/0x120 [ 223.977564][T10208] should_fail_ex+0x39d/0x4d0 [ 223.977591][T10208] _copy_to_user+0x2f/0xa0 [ 224.031781][T10208] simple_read_from_buffer+0xe7/0x150 [ 224.037157][T10208] proc_fail_nth_read+0x1e3/0x250 [ 224.042181][T10208] ? proc_fault_inject_write+0x340/0x340 [ 224.047811][T10208] ? fsnotify_perm+0x271/0x5e0 [ 224.052572][T10208] ? proc_fault_inject_write+0x340/0x340 [ 224.058197][T10208] vfs_read+0x27e/0x920 [ 224.062355][T10208] ? kernel_read+0x1e0/0x1e0 [ 224.066936][T10208] ? __fget_files+0x28/0x4d0 [ 224.071516][T10208] ? __fget_files+0x44a/0x4d0 [ 224.076193][T10208] ? __fdget_pos+0x2a3/0x330 [ 224.080780][T10208] ? ksys_read+0x75/0x250 [ 224.085102][T10208] ksys_read+0x147/0x250 [ 224.089365][T10208] ? vfs_write+0x940/0x940 [ 224.093774][T10208] ? lockdep_hardirqs_on+0x98/0x150 [ 224.098969][T10208] do_syscall_64+0x55/0xb0 [ 224.103378][T10208] ? clear_bhb_loop+0x40/0x90 [ 224.108045][T10208] ? clear_bhb_loop+0x40/0x90 [ 224.112712][T10208] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 224.118599][T10208] RIP: 0033:0x7f2dcd98d5fc [ 224.123005][T10208] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 224.142601][T10208] RSP: 002b:00007f2dce856030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 224.151007][T10208] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98d5fc [ 224.158967][T10208] RDX: 000000000000000f RSI: 00007f2dce8560a0 RDI: 0000000000000004 [ 224.166929][T10208] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 224.174885][T10208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.182846][T10208] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 224.190827][T10208] [ 224.194992][T10200] bond_slave_1: left promiscuous mode [ 224.208361][T10200] bridge0: port 3(bond0) entered disabled state [ 224.221256][T10202] netlink: 'syz.2.1786': attribute type 4 has an invalid length. [ 224.229232][T10202] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1786'. [ 224.238392][T10202] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 224.255238][T10205] bridge0: port 3(team0) entered blocking state [ 224.261844][T10205] bridge0: port 3(team0) entered disabled state [ 224.269481][T10205] team0: entered allmulticast mode [ 224.274640][T10205] team_slave_0: entered allmulticast mode [ 224.280972][T10205] team_slave_1: entered allmulticast mode [ 224.288660][T10205] team0: entered promiscuous mode [ 224.293823][T10205] team_slave_0: entered promiscuous mode [ 224.301496][T10205] team_slave_1: entered promiscuous mode [ 224.310602][T10205] bridge0: port 3(team0) entered blocking state [ 224.317031][T10205] bridge0: port 3(team0) entered forwarding state [ 224.324035][T10206] netlink: 'syz.2.1786': attribute type 39 has an invalid length. [ 224.341922][T10212] netlink: 'syz.1.1782': attribute type 2 has an invalid length. [ 224.360684][T10212] netlink: 'syz.1.1782': attribute type 8 has an invalid length. [ 224.389843][T10212] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1782'. [ 224.536879][T10217] Dead loop on virtual device ip6_vti0, fix it urgently! [ 224.597540][T10219] netlink: 184 bytes leftover after parsing attributes in process `syz.1.1785'. [ 225.273773][T10247] Dead loop on virtual device ip6_vti0, fix it urgently! [ 225.520364][T10256] FAULT_INJECTION: forcing a failure. [ 225.520364][T10256] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.542680][T10256] CPU: 1 PID: 10256 Comm: syz.1.1803 Not tainted syzkaller #0 [ 225.550207][T10256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 225.560293][T10256] Call Trace: [ 225.563592][T10256] [ 225.566550][T10256] dump_stack_lvl+0x16c/0x230 [ 225.571269][T10256] ? show_regs_print_info+0x20/0x20 [ 225.576502][T10256] ? load_image+0x3b0/0x3b0 [ 225.581049][T10256] ? __might_fault+0xaa/0x120 [ 225.585759][T10256] ? __lock_acquire+0x7c80/0x7c80 [ 225.590816][T10256] ? perf_trace_lock_acquire+0x32a/0x3e0 [ 225.596488][T10256] should_fail_ex+0x39d/0x4d0 [ 225.601201][T10256] _copy_from_user+0x2f/0xe0 [ 225.605820][T10256] ___sys_sendmsg+0x159/0x290 [ 225.610536][T10256] ? __sys_sendmsg+0x270/0x270 [ 225.615372][T10256] ? __lock_acquire+0x7c80/0x7c80 [ 225.620476][T10256] __se_sys_sendmsg+0x1a5/0x270 [ 225.625367][T10256] ? __x64_sys_sendmsg+0x80/0x80 [ 225.630377][T10256] ? lockdep_hardirqs_on+0x98/0x150 [ 225.635618][T10256] do_syscall_64+0x55/0xb0 [ 225.640079][T10256] ? clear_bhb_loop+0x40/0x90 [ 225.644786][T10256] ? clear_bhb_loop+0x40/0x90 [ 225.649497][T10256] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.655427][T10256] RIP: 0033:0x7f2dcd98ebe9 [ 225.659866][T10256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.679497][T10256] RSP: 002b:00007f2dce856038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.687931][T10256] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98ebe9 [ 225.695916][T10256] RDX: 0000000000000084 RSI: 0000200000000600 RDI: 000000000000000d [ 225.703881][T10256] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 225.711940][T10256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.719956][T10256] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 225.727965][T10256] [ 228.078140][T10323] FAULT_INJECTION: forcing a failure. [ 228.078140][T10323] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.133891][T10323] CPU: 1 PID: 10323 Comm: syz.0.1823 Not tainted syzkaller #0 [ 228.141395][T10323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 228.151441][T10323] Call Trace: [ 228.154714][T10323] [ 228.157637][T10323] dump_stack_lvl+0x16c/0x230 [ 228.162313][T10323] ? show_regs_print_info+0x20/0x20 [ 228.167506][T10323] ? load_image+0x3b0/0x3b0 [ 228.172002][T10323] ? __lock_acquire+0x7c80/0x7c80 [ 228.177024][T10323] ? snprintf+0xdb/0x120 [ 228.181263][T10323] should_fail_ex+0x39d/0x4d0 [ 228.185939][T10323] _copy_to_user+0x2f/0xa0 [ 228.190351][T10323] simple_read_from_buffer+0xe7/0x150 [ 228.195725][T10323] proc_fail_nth_read+0x1e3/0x250 [ 228.200747][T10323] ? proc_fault_inject_write+0x340/0x340 [ 228.206376][T10323] ? fsnotify_perm+0x271/0x5e0 [ 228.211132][T10323] ? proc_fault_inject_write+0x340/0x340 [ 228.216756][T10323] vfs_read+0x27e/0x920 [ 228.220907][T10323] ? kernel_read+0x1e0/0x1e0 [ 228.225490][T10323] ? __fget_files+0x28/0x4d0 [ 228.230077][T10323] ? __fget_files+0x44a/0x4d0 [ 228.234755][T10323] ? __fdget_pos+0x2a3/0x330 [ 228.239335][T10323] ? ksys_read+0x75/0x250 [ 228.243661][T10323] ksys_read+0x147/0x250 [ 228.247898][T10323] ? vfs_write+0x940/0x940 [ 228.252314][T10323] ? lockdep_hardirqs_on+0x98/0x150 [ 228.257508][T10323] do_syscall_64+0x55/0xb0 [ 228.261916][T10323] ? clear_bhb_loop+0x40/0x90 [ 228.266583][T10323] ? clear_bhb_loop+0x40/0x90 [ 228.271252][T10323] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 228.277140][T10323] RIP: 0033:0x7ff51138d5fc [ 228.281549][T10323] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 228.301149][T10323] RSP: 002b:00007ff51212f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 228.309559][T10323] RAX: ffffffffffffffda RBX: 00007ff5115c5fa0 RCX: 00007ff51138d5fc [ 228.317521][T10323] RDX: 000000000000000f RSI: 00007ff51212f0a0 RDI: 0000000000000004 [ 228.325484][T10323] RBP: 00007ff51212f090 R08: 0000000000000000 R09: 0000000000000000 [ 228.333444][T10323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.341407][T10323] R13: 00007ff5115c6038 R14: 00007ff5115c5fa0 R15: 00007fffd3f0e298 [ 228.349383][T10323] [ 229.618882][T10350] netlink: 'syz.0.1832': attribute type 1 has an invalid length. [ 229.656446][T10350] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1832'. [ 229.698464][T10353] FAULT_INJECTION: forcing a failure. [ 229.698464][T10353] name failslab, interval 1, probability 0, space 0, times 0 [ 229.716410][T10353] CPU: 1 PID: 10353 Comm: syz.3.1833 Not tainted syzkaller #0 [ 229.723921][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 229.733998][T10353] Call Trace: [ 229.737294][T10353] [ 229.740227][T10353] dump_stack_lvl+0x16c/0x230 [ 229.744918][T10353] ? show_regs_print_info+0x20/0x20 [ 229.750111][T10353] ? load_image+0x3b0/0x3b0 [ 229.754605][T10353] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 229.760581][T10353] should_fail_ex+0x39d/0x4d0 [ 229.765268][T10353] should_failslab+0x9/0x20 [ 229.769763][T10353] slab_pre_alloc_hook+0x59/0x310 [ 229.774781][T10353] ? __local_bh_enable_ip+0x12e/0x1c0 [ 229.780152][T10353] kmem_cache_alloc+0x5a/0x2e0 [ 229.784911][T10353] ? dst_alloc+0x105/0x170 [ 229.789337][T10353] dst_alloc+0x105/0x170 [ 229.793572][T10353] ip_route_output_key_hash_rcu+0x1471/0x2350 [ 229.799653][T10353] ? ip_route_output_key_hash+0x12f/0x340 [ 229.805364][T10353] ip_route_output_key_hash+0x20b/0x340 [ 229.810900][T10353] ? ip_route_input_rcu+0x3010/0x3010 [ 229.816279][T10353] ? __lock_acquire+0x7c80/0x7c80 [ 229.821320][T10353] ip_route_output_flow+0x2a/0x150 [ 229.826419][T10353] ? security_sk_classify_flow+0x7b/0x90 [ 229.832043][T10353] raw_sendmsg+0x1093/0x1950 [ 229.836631][T10353] ? compat_raw_ioctl+0x70/0x70 [ 229.841478][T10353] ? aa_sk_perm+0x7fc/0x930 [ 229.845974][T10353] ? tomoyo_socket_sendmsg_permission+0x216/0x2f0 [ 229.852383][T10353] ? sock_rps_record_flow+0x19/0x400 [ 229.857658][T10353] ? inet_send_prepare+0x260/0x260 [ 229.862754][T10353] ? inet_sendmsg+0x7c/0x2f0 [ 229.867325][T10353] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 229.872686][T10353] ? security_socket_sendmsg+0x80/0xa0 [ 229.878134][T10353] ? inet_send_prepare+0x260/0x260 [ 229.883230][T10353] ____sys_sendmsg+0x5bf/0x950 [ 229.887994][T10353] ? __sys_sendmsg_sock+0x30/0x30 [ 229.893010][T10353] ? __import_iovec+0x5f2/0x860 [ 229.897868][T10353] ? import_iovec+0x73/0xa0 [ 229.902364][T10353] ___sys_sendmsg+0x220/0x290 [ 229.907033][T10353] ? __sys_sendmsg+0x270/0x270 [ 229.911805][T10353] ? __lock_acquire+0x7c80/0x7c80 [ 229.916842][T10353] __se_sys_sendmsg+0x1a5/0x270 [ 229.921684][T10353] ? __x64_sys_sendmsg+0x80/0x80 [ 229.926620][T10353] ? lockdep_hardirqs_on+0x98/0x150 [ 229.931815][T10353] do_syscall_64+0x55/0xb0 [ 229.936228][T10353] ? clear_bhb_loop+0x40/0x90 [ 229.940899][T10353] ? clear_bhb_loop+0x40/0x90 [ 229.945564][T10353] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 229.951450][T10353] RIP: 0033:0x7fa4f058ebe9 [ 229.955855][T10353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.975456][T10353] RSP: 002b:00007fa4f14d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 229.983868][T10353] RAX: ffffffffffffffda RBX: 00007fa4f07c5fa0 RCX: 00007fa4f058ebe9 [ 229.991835][T10353] RDX: 0000000000000000 RSI: 00002000000009c0 RDI: 0000000000000003 [ 229.999796][T10353] RBP: 00007fa4f14d7090 R08: 0000000000000000 R09: 0000000000000000 [ 230.007755][T10353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.015731][T10353] R13: 00007fa4f07c6038 R14: 00007fa4f07c5fa0 R15: 00007fffa8be80f8 [ 230.023703][T10353] [ 230.102111][T10355] netlink: 'syz.2.1834': attribute type 39 has an invalid length. [ 230.430334][T10366] FAULT_INJECTION: forcing a failure. [ 230.430334][T10366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 230.456608][T10366] CPU: 0 PID: 10366 Comm: syz.1.1839 Not tainted syzkaller #0 [ 230.464128][T10366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 230.474203][T10366] Call Trace: [ 230.477498][T10366] [ 230.480442][T10366] dump_stack_lvl+0x16c/0x230 [ 230.485140][T10366] ? show_regs_print_info+0x20/0x20 [ 230.490379][T10366] ? load_image+0x3b0/0x3b0 [ 230.494902][T10366] ? __might_fault+0xaa/0x120 [ 230.499593][T10366] ? __lock_acquire+0x7c80/0x7c80 [ 230.504633][T10366] should_fail_ex+0x39d/0x4d0 [ 230.509330][T10366] _copy_from_iter+0x1d3/0x1290 [ 230.514199][T10366] ? slab_post_alloc_hook+0x8a/0x4d0 [ 230.519532][T10366] ? __virt_addr_valid+0x18c/0x540 [ 230.524676][T10366] ? __lock_acquire+0x7c80/0x7c80 [ 230.529714][T10366] ? rcu_is_watching+0x15/0xb0 [ 230.534496][T10366] ? copyout_mc+0x70/0x70 [ 230.538843][T10366] ? __virt_addr_valid+0x18c/0x540 [ 230.543975][T10366] ? __virt_addr_valid+0x18c/0x540 [ 230.549111][T10366] ? __virt_addr_valid+0x469/0x540 [ 230.554239][T10366] ? __check_object_size+0x506/0xa30 [ 230.559546][T10366] netlink_sendmsg+0x75c/0xbe0 [ 230.564338][T10366] ? netlink_getsockopt+0x580/0x580 [ 230.569555][T10366] ? aa_sock_msg_perm+0x94/0x150 [ 230.574490][T10366] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 230.579772][T10366] ? security_socket_sendmsg+0x80/0xa0 [ 230.585240][T10366] ? netlink_getsockopt+0x580/0x580 [ 230.590453][T10366] ____sys_sendmsg+0x5bf/0x950 [ 230.595229][T10366] ? __asan_memset+0x22/0x40 [ 230.599815][T10366] ? __sys_sendmsg_sock+0x30/0x30 [ 230.604832][T10366] ? __import_iovec+0x5f2/0x860 [ 230.609683][T10366] ? import_iovec+0x73/0xa0 [ 230.614181][T10366] ___sys_sendmsg+0x220/0x290 [ 230.618855][T10366] ? __sys_sendmsg+0x270/0x270 [ 230.623623][T10366] ? __lock_acquire+0x7c80/0x7c80 [ 230.628655][T10366] __se_sys_sendmsg+0x1a5/0x270 [ 230.633510][T10366] ? __x64_sys_sendmsg+0x80/0x80 [ 230.638453][T10366] ? lockdep_hardirqs_on+0x98/0x150 [ 230.643785][T10366] do_syscall_64+0x55/0xb0 [ 230.648193][T10366] ? clear_bhb_loop+0x40/0x90 [ 230.652857][T10366] ? clear_bhb_loop+0x40/0x90 [ 230.657522][T10366] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 230.663417][T10366] RIP: 0033:0x7f2dcd98ebe9 [ 230.667823][T10366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.687425][T10366] RSP: 002b:00007f2dce856038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 230.695828][T10366] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98ebe9 [ 230.703793][T10366] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 230.711778][T10366] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 230.719751][T10366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.727716][T10366] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 230.735692][T10366] [ 231.274789][T10376] FAULT_INJECTION: forcing a failure. [ 231.274789][T10376] name failslab, interval 1, probability 0, space 0, times 0 [ 231.306425][T10376] CPU: 0 PID: 10376 Comm: syz.1.1842 Not tainted syzkaller #0 [ 231.313945][T10376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.324022][T10376] Call Trace: [ 231.327319][T10376] [ 231.330272][T10376] dump_stack_lvl+0x16c/0x230 [ 231.334995][T10376] ? show_regs_print_info+0x20/0x20 [ 231.340213][T10376] ? load_image+0x3b0/0x3b0 [ 231.344729][T10376] ? __lock_acquire+0x7c80/0x7c80 [ 231.349769][T10376] should_fail_ex+0x39d/0x4d0 [ 231.354474][T10376] should_failslab+0x9/0x20 [ 231.358993][T10376] slab_pre_alloc_hook+0x59/0x310 [ 231.364040][T10376] ? sk_prot_alloc+0xe7/0x210 [ 231.368724][T10376] ? sk_prot_alloc+0xe7/0x210 [ 231.373396][T10376] __kmem_cache_alloc_node+0x53/0x260 [ 231.378770][T10376] ? sk_prot_alloc+0xe7/0x210 [ 231.383433][T10376] __kmalloc+0xa4/0x240 [ 231.387594][T10376] sk_prot_alloc+0xe7/0x210 [ 231.392083][T10376] ? sk_alloc+0x24/0x360 [ 231.396313][T10376] sk_alloc+0x3a/0x360 [ 231.400371][T10376] ? bpf_ctx_init+0x163/0x1a0 [ 231.405037][T10376] ? bpf_prog_test_run_skb+0x268/0x11c0 [ 231.410578][T10376] bpf_prog_test_run_skb+0x39a/0x11c0 [ 231.415988][T10376] ? __fget_files+0x28/0x4d0 [ 231.420600][T10376] ? cpu_online+0x60/0x60 [ 231.424939][T10376] bpf_prog_test_run+0x321/0x390 [ 231.429879][T10376] __sys_bpf+0x440/0x800 [ 231.434215][T10376] ? bpf_link_show_fdinfo+0x350/0x350 [ 231.439588][T10376] ? lock_chain_count+0x20/0x20 [ 231.444438][T10376] __x64_sys_bpf+0x7c/0x90 [ 231.448844][T10376] do_syscall_64+0x55/0xb0 [ 231.453253][T10376] ? clear_bhb_loop+0x40/0x90 [ 231.457916][T10376] ? clear_bhb_loop+0x40/0x90 [ 231.462581][T10376] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 231.468470][T10376] RIP: 0033:0x7f2dcd98ebe9 [ 231.472876][T10376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.492474][T10376] RSP: 002b:00007f2dce856038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 231.500967][T10376] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98ebe9 [ 231.508931][T10376] RDX: 0000000000000050 RSI: 0000200000000900 RDI: 000000000000000a [ 231.516897][T10376] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 231.524872][T10376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.532867][T10376] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 231.540843][T10376] [ 231.881058][T10388] FAULT_INJECTION: forcing a failure. [ 231.881058][T10388] name failslab, interval 1, probability 0, space 0, times 0 [ 231.914385][T10388] CPU: 0 PID: 10388 Comm: syz.2.1844 Not tainted syzkaller #0 [ 231.921901][T10388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.931973][T10388] Call Trace: [ 231.935265][T10388] [ 231.938208][T10388] dump_stack_lvl+0x16c/0x230 [ 231.942902][T10388] ? show_regs_print_info+0x20/0x20 [ 231.948099][T10388] ? load_image+0x3b0/0x3b0 [ 231.952593][T10388] ? __might_sleep+0xe0/0xe0 [ 231.957175][T10388] ? __lock_acquire+0x7c80/0x7c80 [ 231.962190][T10388] should_fail_ex+0x39d/0x4d0 [ 231.966864][T10388] should_failslab+0x9/0x20 [ 231.971358][T10388] slab_pre_alloc_hook+0x59/0x310 [ 231.976380][T10388] kmem_cache_alloc+0x5a/0x2e0 [ 231.981135][T10388] ? sk_prot_alloc+0x57/0x210 [ 231.985804][T10388] sk_prot_alloc+0x57/0x210 [ 231.990293][T10388] ? sk_alloc+0x24/0x360 [ 231.994535][T10388] sk_alloc+0x3a/0x360 [ 231.998601][T10388] unix_create1+0xb0/0x790 [ 232.003010][T10388] unix_create+0x154/0x1f0 [ 232.007417][T10388] __sock_create+0x4a6/0x940 [ 232.012045][T10388] __sys_socketpair+0x1c1/0x550 [ 232.016894][T10388] __x64_sys_socketpair+0x9b/0xb0 [ 232.021906][T10388] do_syscall_64+0x55/0xb0 [ 232.026312][T10388] ? clear_bhb_loop+0x40/0x90 [ 232.030978][T10388] ? clear_bhb_loop+0x40/0x90 [ 232.035646][T10388] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 232.041532][T10388] RIP: 0033:0x7f7edd58ebe9 [ 232.045936][T10388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.065531][T10388] RSP: 002b:00007f7ede366038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 232.074010][T10388] RAX: ffffffffffffffda RBX: 00007f7edd7c6180 RCX: 00007f7edd58ebe9 [ 232.082047][T10388] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 232.090007][T10388] RBP: 00007f7ede366090 R08: 0000000000000000 R09: 0000000000000000 [ 232.097964][T10388] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.105924][T10388] R13: 00007f7edd7c6218 R14: 00007f7edd7c6180 R15: 00007ffdb79d7ac8 [ 232.113897][T10388] [ 232.700954][T10403] Dead loop on virtual device ip6_vti0, fix it urgently! [ 232.828321][T10405] netlink: 'syz.2.1853': attribute type 13 has an invalid length. [ 233.222545][T10417] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1854'. [ 233.336601][T10417] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 233.843962][T10431] FAULT_INJECTION: forcing a failure. [ 233.843962][T10431] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.881255][T10417] syzkaller0: entered promiscuous mode [ 233.896267][T10431] CPU: 1 PID: 10431 Comm: syz.1.1863 Not tainted syzkaller #0 [ 233.903783][T10431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 233.913870][T10431] Call Trace: [ 233.917173][T10431] [ 233.920125][T10431] dump_stack_lvl+0x16c/0x230 [ 233.924836][T10431] ? show_regs_print_info+0x20/0x20 [ 233.930064][T10431] ? load_image+0x3b0/0x3b0 [ 233.934642][T10431] ? __might_fault+0xaa/0x120 [ 233.939353][T10431] ? __lock_acquire+0x7c80/0x7c80 [ 233.944408][T10431] ? __virt_addr_valid+0x18c/0x540 [ 233.949564][T10431] should_fail_ex+0x39d/0x4d0 [ 233.954279][T10431] _copy_from_user+0x2f/0xe0 [ 233.958899][T10431] bpf_prog_test_run_skb+0x259/0x11c0 [ 233.964301][T10431] ? __fget_files+0x28/0x4d0 [ 233.968924][T10431] ? __fget_files+0x44a/0x4d0 [ 233.973639][T10431] ? cpu_online+0x60/0x60 [ 233.978000][T10431] bpf_prog_test_run+0x321/0x390 [ 233.982966][T10431] __sys_bpf+0x440/0x800 [ 233.987240][T10431] ? bpf_link_show_fdinfo+0x350/0x350 [ 233.992655][T10431] ? lock_chain_count+0x20/0x20 [ 233.997549][T10431] __x64_sys_bpf+0x7c/0x90 [ 234.001992][T10431] do_syscall_64+0x55/0xb0 [ 234.006435][T10431] ? clear_bhb_loop+0x40/0x90 [ 234.011133][T10431] ? clear_bhb_loop+0x40/0x90 [ 234.015837][T10431] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 234.021760][T10431] RIP: 0033:0x7f2dcd98ebe9 [ 234.026202][T10431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.045833][T10431] RSP: 002b:00007f2dce856038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 234.054279][T10431] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98ebe9 [ 234.062282][T10431] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a [ 234.070280][T10431] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 234.078280][T10431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.086286][T10431] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 234.094344][T10431] [ 234.106239][T10417] syzkaller0: entered allmulticast mode [ 234.113142][T10429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1862'. [ 234.193826][T10432] netlink: 'syz.3.1862': attribute type 4 has an invalid length. [ 234.227273][T10432] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1862'. [ 234.266254][T10432] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 234.316575][T10433] netlink: 'syz.3.1862': attribute type 39 has an invalid length. [ 234.740160][T10444] netlink: 'syz.2.1866': attribute type 4 has an invalid length. [ 234.769889][T10444] netlink: 'syz.2.1866': attribute type 3 has an invalid length. [ 234.818509][T10444] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1866'. [ 234.951573][T10448] Dead loop on virtual device ip6_vti0, fix it urgently! [ 237.862486][T10435] netlink: 'syz.1.1864': attribute type 13 has an invalid length. [ 238.411164][T10475] FAULT_INJECTION: forcing a failure. [ 238.411164][T10475] name failslab, interval 1, probability 0, space 0, times 0 [ 238.424400][T10475] CPU: 1 PID: 10475 Comm: syz.2.1888 Not tainted syzkaller #0 [ 238.431882][T10475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 238.441963][T10475] Call Trace: [ 238.445274][T10475] [ 238.448225][T10475] dump_stack_lvl+0x16c/0x230 [ 238.452935][T10475] ? show_regs_print_info+0x20/0x20 [ 238.458154][T10475] ? load_image+0x3b0/0x3b0 [ 238.462671][T10475] ? mark_lock+0x94/0x320 [ 238.467040][T10475] ? __lock_acquire+0x1334/0x7c80 [ 238.472098][T10475] should_fail_ex+0x39d/0x4d0 [ 238.476803][T10475] should_failslab+0x9/0x20 [ 238.481332][T10475] slab_pre_alloc_hook+0x59/0x310 [ 238.486419][T10475] kmem_cache_alloc+0x5a/0x2e0 [ 238.491215][T10475] ? radix_tree_node_alloc+0x7e/0x3a0 [ 238.496619][T10475] radix_tree_node_alloc+0x7e/0x3a0 [ 238.501847][T10475] idr_get_free+0x2b3/0xa60 [ 238.506473][T10475] idr_alloc_cyclic+0x1a2/0x530 [ 238.511361][T10475] ? idr_alloc+0x2c0/0x2c0 [ 238.515801][T10475] ? do_raw_spin_lock+0x121/0x2c0 [ 238.520857][T10475] ? bpf_map_alloc_id+0x21/0xd0 [ 238.525733][T10475] bpf_map_alloc_id+0x40/0xd0 [ 238.530428][T10475] map_create+0xccc/0x1110 [ 238.534854][T10475] ? security_bpf+0x7e/0xa0 [ 238.539452][T10475] __sys_bpf+0x5f0/0x800 [ 238.543699][T10475] ? bpf_link_show_fdinfo+0x350/0x350 [ 238.549080][T10475] ? lock_chain_count+0x20/0x20 [ 238.553931][T10475] __x64_sys_bpf+0x7c/0x90 [ 238.558353][T10475] do_syscall_64+0x55/0xb0 [ 238.562762][T10475] ? clear_bhb_loop+0x40/0x90 [ 238.567426][T10475] ? clear_bhb_loop+0x40/0x90 [ 238.572091][T10475] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 238.577978][T10475] RIP: 0033:0x7f7edd58ebe9 [ 238.582401][T10475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.602033][T10475] RSP: 002b:00007f7ede3a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 238.610491][T10475] RAX: ffffffffffffffda RBX: 00007f7edd7c5fa0 RCX: 00007f7edd58ebe9 [ 238.618480][T10475] RDX: 0000000000000048 RSI: 0000200000000740 RDI: 0000000000000000 [ 238.626452][T10475] RBP: 00007f7ede3a8090 R08: 0000000000000000 R09: 0000000000000000 [ 238.634417][T10475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.642468][T10475] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 238.650447][T10475] [ 238.740389][T10483] netlink: 'syz.3.1881': attribute type 13 has an invalid length. [ 238.754363][T10482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1882'. [ 238.820476][T10482] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1882'. [ 238.853669][T10482] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 239.038220][T10482] syzkaller0: entered promiscuous mode [ 239.047896][T10482] syzkaller0: entered allmulticast mode [ 240.052130][T10503] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1887'. [ 240.076409][T10503] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 240.345873][T10507] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1889'. [ 240.405733][T10507] openvswitch: netlink: Tunnel attr 0 has unexpected len 3060 expected 8 [ 243.508068][T10500] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1887'. [ 243.592025][T10506] syzkaller0: entered promiscuous mode [ 243.598220][T10506] syzkaller0: entered allmulticast mode [ 244.034098][T10522] FAULT_INJECTION: forcing a failure. [ 244.034098][T10522] name failslab, interval 1, probability 0, space 0, times 0 [ 244.080569][T10522] CPU: 0 PID: 10522 Comm: syz.1.1893 Not tainted syzkaller #0 [ 244.088100][T10522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.098176][T10522] Call Trace: [ 244.101474][T10522] [ 244.104425][T10522] dump_stack_lvl+0x16c/0x230 [ 244.109133][T10522] ? perf_trace_run_bpf_submit+0xf4/0x1c0 [ 244.114874][T10522] ? show_regs_print_info+0x20/0x20 [ 244.120098][T10522] ? load_image+0x3b0/0x3b0 [ 244.124636][T10522] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 244.130647][T10522] should_fail_ex+0x39d/0x4d0 [ 244.135350][T10522] should_failslab+0x9/0x20 [ 244.139878][T10522] slab_pre_alloc_hook+0x59/0x310 [ 244.144930][T10522] ? lockdep_hardirqs_on+0x98/0x150 [ 244.150164][T10522] kmem_cache_alloc+0x5a/0x2e0 [ 244.154952][T10522] ? dst_alloc+0x105/0x170 [ 244.159404][T10522] dst_alloc+0x105/0x170 [ 244.163674][T10522] ip_route_output_key_hash_rcu+0x1471/0x2350 [ 244.169781][T10522] ? ip_route_output_key_hash+0x12f/0x340 [ 244.175532][T10522] ip_route_output_key_hash+0x20b/0x340 [ 244.181106][T10522] ? ip_route_input_rcu+0x3010/0x3010 [ 244.186598][T10522] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 244.192780][T10522] ip_route_output_flow+0x2a/0x150 [ 244.197913][T10522] ? security_sk_classify_flow+0x7b/0x90 [ 244.203571][T10522] raw_sendmsg+0x1093/0x1950 [ 244.208186][T10522] ? compat_raw_ioctl+0x70/0x70 [ 244.213071][T10522] ? lockdep_hardirqs_on+0x98/0x150 [ 244.218310][T10522] ? sock_rps_record_flow+0x19/0x400 [ 244.220373][T10533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1895'. [ 244.223605][T10522] ? inet_send_prepare+0x260/0x260 [ 244.223631][T10522] ? inet_sendmsg+0x7c/0x2f0 [ 244.223645][T10522] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 244.243971][T10533] netlink: 'syz.2.1895': attribute type 4 has an invalid length. [ 244.247430][T10522] ? security_socket_sendmsg+0x80/0xa0 [ 244.247459][T10522] ? inet_send_prepare+0x260/0x260 [ 244.247476][T10522] ____sys_sendmsg+0x5bf/0x950 [ 244.255441][T10533] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1895'. [ 244.260641][T10522] ? __sys_sendmsg_sock+0x30/0x30 [ 244.260668][T10522] ? __import_iovec+0x3fa/0x860 [ 244.260697][T10522] ? import_iovec+0x73/0xa0 [ 244.266819][T10533] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 244.270554][T10522] ___sys_sendmsg+0x220/0x290 [ 244.270585][T10522] ? __sys_sendmsg+0x270/0x270 [ 244.294999][T10533] netlink: 'syz.2.1895': attribute type 39 has an invalid length. [ 244.309940][T10522] ? seqcount_lockdep_reader_access+0x160/0x1c0 [ 244.309993][T10522] __se_sys_sendmsg+0x1a5/0x270 [ 244.310014][T10522] ? perf_trace_preemptirq_template+0x281/0x340 [ 244.310035][T10522] ? __x64_sys_sendmsg+0x80/0x80 [ 244.310071][T10522] ? lockdep_hardirqs_on+0x98/0x150 [ 244.310095][T10522] do_syscall_64+0x55/0xb0 [ 244.310111][T10522] ? clear_bhb_loop+0x40/0x90 [ 244.363745][T10522] ? clear_bhb_loop+0x40/0x90 [ 244.368415][T10522] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 244.374304][T10522] RIP: 0033:0x7f2dcd98ebe9 [ 244.378709][T10522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.398325][T10522] RSP: 002b:00007f2dce856038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 244.406772][T10522] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98ebe9 [ 244.414743][T10522] RDX: 00000000200040c4 RSI: 0000200000001640 RDI: 0000000000000005 [ 244.422713][T10522] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 244.430679][T10522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.438642][T10522] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 244.446634][T10522] [ 244.645599][T10538] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1899'. [ 244.761397][T10540] netlink: 14719 bytes leftover after parsing attributes in process `syz.3.1898'. [ 244.825791][T10540] syzkaller0: left promiscuous mode [ 245.567512][T10555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1902'. [ 245.652526][T10555] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1902'. [ 245.683773][T10555] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 245.899868][T10555] syzkaller0: entered promiscuous mode [ 245.922543][T10555] syzkaller0: entered allmulticast mode [ 246.054628][T10581] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1911'. [ 246.092249][T10581] openvswitch: netlink: Tunnel attr 0 has unexpected len 3060 expected 8 [ 246.892665][T10600] netlink: 14719 bytes leftover after parsing attributes in process `syz.0.1917'. [ 249.045187][T10629] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1928'. [ 249.099473][T10629] openvswitch: netlink: Tunnel attr 0 has unexpected len 3060 expected 8 [ 250.300592][T10637] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1932'. [ 250.314213][T10637] syzkaller0: create flow: hash 2196570412 index 1 [ 250.536340][T10636] syzkaller0: delete flow: hash 2196570412 index 1 [ 250.779243][T10657] netlink: 14719 bytes leftover after parsing attributes in process `syz.2.1938'. [ 255.766439][T10686] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1944'. [ 255.783617][T10686] openvswitch: netlink: Tunnel attr 0 has unexpected len 3060 expected 8 [ 255.924611][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.931007][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.448462][T10701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1951'. [ 256.483278][T10701] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1951'. [ 256.505203][T10701] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 256.623469][T10697] syzkaller0: entered promiscuous mode [ 256.629860][T10697] syzkaller0: entered allmulticast mode [ 256.637404][T10706] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1954'. [ 258.603820][T10722] netlink: 14719 bytes leftover after parsing attributes in process `syz.1.1958'. [ 258.629155][T10722] syzkaller0: entered allmulticast mode [ 260.906001][T10755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1968'. [ 260.949460][T10755] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1968'. [ 260.969770][T10755] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 261.177773][T10751] syzkaller0: entered promiscuous mode [ 261.183489][T10751] syzkaller0: entered allmulticast mode [ 261.663800][T10778] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1974'. [ 261.756930][T10778] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 263.345059][T10776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1974'. [ 263.374437][T10769] syzkaller0: entered promiscuous mode [ 263.412567][T10787] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1977'. [ 263.996936][T10805] netlink: 14719 bytes leftover after parsing attributes in process `syz.2.1982'. [ 264.128194][T10803] syzkaller0: entered allmulticast mode [ 264.926459][T10817] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1987'. [ 264.946417][T10817] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 265.383272][T10815] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1987'. [ 265.469330][T10814] syzkaller0: entered promiscuous mode [ 265.474878][T10814] syzkaller0: entered allmulticast mode [ 267.025267][T10832] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1988'. [ 267.055781][T10832] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 268.681605][T10830] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1988'. [ 269.395902][T10879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2008'. [ 269.420452][T10879] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2008'. [ 269.430526][T10879] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 269.551719][T10883] FAULT_INJECTION: forcing a failure. [ 269.551719][T10883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.565519][T10883] CPU: 0 PID: 10883 Comm: syz.2.2012 Not tainted syzkaller #0 [ 269.573006][T10883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 269.583082][T10883] Call Trace: [ 269.586380][T10883] [ 269.589322][T10883] dump_stack_lvl+0x16c/0x230 [ 269.594025][T10883] ? show_regs_print_info+0x20/0x20 [ 269.599253][T10883] ? load_image+0x3b0/0x3b0 [ 269.603785][T10883] ? shmem_get_folio_gfp+0x138c/0x2ac0 [ 269.609266][T10883] ? __lock_acquire+0x7c80/0x7c80 [ 269.614304][T10883] ? __rwlock_init+0x150/0x150 [ 269.619089][T10883] should_fail_ex+0x39d/0x4d0 [ 269.623800][T10883] copy_page_from_iter_atomic+0x2a2/0x1530 [ 269.629737][T10883] ? shmem_get_folio_gfp+0x2705/0x2ac0 [ 269.635250][T10883] ? iov_iter_zero+0x1120/0x1120 [ 269.640225][T10883] ? shmem_write_begin+0x1cf/0x420 [ 269.645360][T10883] generic_perform_write+0x350/0x5b0 [ 269.650697][T10883] ? generic_file_direct_write+0x3e0/0x3e0 [ 269.656529][T10883] ? down_write+0x162/0x1f0 [ 269.661074][T10883] ? file_update_time+0x98/0x1b0 [ 269.666041][T10883] shmem_file_write_iter+0xfb/0x120 [ 269.671273][T10883] vfs_write+0x43b/0x940 [ 269.675546][T10883] ? file_end_write+0x250/0x250 [ 269.680420][T10883] ? __fget_files+0x44a/0x4d0 [ 269.685118][T10883] ? __fdget_pos+0x2a3/0x330 [ 269.689716][T10883] ? ksys_write+0x75/0x250 [ 269.694140][T10883] ksys_write+0x147/0x250 [ 269.698477][T10883] ? __ia32_sys_read+0x90/0x90 [ 269.703238][T10883] ? lockdep_hardirqs_on+0x98/0x150 [ 269.708442][T10883] do_syscall_64+0x55/0xb0 [ 269.712850][T10883] ? clear_bhb_loop+0x40/0x90 [ 269.717545][T10883] ? clear_bhb_loop+0x40/0x90 [ 269.722223][T10883] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 269.728109][T10883] RIP: 0033:0x7f7edd58ebe9 [ 269.732512][T10883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.752109][T10883] RSP: 002b:00007f7ede3a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 269.760518][T10883] RAX: ffffffffffffffda RBX: 00007f7edd7c5fa0 RCX: 00007f7edd58ebe9 [ 269.768568][T10883] RDX: 0000000000040010 RSI: 0000200000000180 RDI: 0000000000000007 [ 269.776705][T10883] RBP: 00007f7ede3a8090 R08: 0000000000000000 R09: 0000000000000000 [ 269.784734][T10883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.792707][T10883] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 269.800687][T10883] [ 269.959106][T10890] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2011'. [ 270.006132][T10890] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2011'. [ 270.015732][T10890] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 270.203454][T10890] syzkaller0: entered promiscuous mode [ 270.222040][T10890] syzkaller0: entered allmulticast mode [ 270.502283][T10913] FAULT_INJECTION: forcing a failure. [ 270.502283][T10913] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.523138][T10913] CPU: 1 PID: 10913 Comm: syz.1.2024 Not tainted syzkaller #0 [ 270.530651][T10913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 270.540720][T10913] Call Trace: [ 270.543996][T10913] [ 270.546928][T10913] dump_stack_lvl+0x16c/0x230 [ 270.551604][T10913] ? show_regs_print_info+0x20/0x20 [ 270.556794][T10913] ? load_image+0x3b0/0x3b0 [ 270.561290][T10913] ? __might_fault+0xaa/0x120 [ 270.565958][T10913] ? __lock_acquire+0x7c80/0x7c80 [ 270.571084][T10913] should_fail_ex+0x39d/0x4d0 [ 270.575766][T10913] _copy_from_iter+0x1d3/0x1290 [ 270.580631][T10913] ? slab_post_alloc_hook+0x8a/0x4d0 [ 270.585935][T10913] ? __virt_addr_valid+0x18c/0x540 [ 270.591058][T10913] ? __lock_acquire+0x7c80/0x7c80 [ 270.596081][T10913] ? rcu_is_watching+0x15/0xb0 [ 270.600843][T10913] ? copyout_mc+0x70/0x70 [ 270.605167][T10913] ? __virt_addr_valid+0x18c/0x540 [ 270.610276][T10913] ? __virt_addr_valid+0x18c/0x540 [ 270.615380][T10913] ? __virt_addr_valid+0x469/0x540 [ 270.620486][T10913] ? __check_object_size+0x506/0xa30 [ 270.625768][T10913] netlink_sendmsg+0x75c/0xbe0 [ 270.630533][T10913] ? netlink_getsockopt+0x580/0x580 [ 270.635730][T10913] ? aa_sock_msg_perm+0x94/0x150 [ 270.640666][T10913] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 270.645944][T10913] ? security_socket_sendmsg+0x80/0xa0 [ 270.651395][T10913] ? netlink_getsockopt+0x580/0x580 [ 270.656587][T10913] ____sys_sendmsg+0x5bf/0x950 [ 270.661379][T10913] ? __asan_memset+0x22/0x40 [ 270.665961][T10913] ? __sys_sendmsg_sock+0x30/0x30 [ 270.670983][T10913] ? __import_iovec+0x5f2/0x860 [ 270.675842][T10913] ? import_iovec+0x73/0xa0 [ 270.680343][T10913] ___sys_sendmsg+0x220/0x290 [ 270.685018][T10913] ? __sys_sendmsg+0x270/0x270 [ 270.689793][T10913] ? __lock_acquire+0x7c80/0x7c80 [ 270.694839][T10913] __se_sys_sendmsg+0x1a5/0x270 [ 270.699687][T10913] ? __x64_sys_sendmsg+0x80/0x80 [ 270.704630][T10913] ? lockdep_hardirqs_on+0x98/0x150 [ 270.709832][T10913] do_syscall_64+0x55/0xb0 [ 270.714239][T10913] ? clear_bhb_loop+0x40/0x90 [ 270.718908][T10913] ? clear_bhb_loop+0x40/0x90 [ 270.723576][T10913] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 270.729467][T10913] RIP: 0033:0x7f2dcd98ebe9 [ 270.733874][T10913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.753493][T10913] RSP: 002b:00007f2dce856038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 270.761908][T10913] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98ebe9 [ 270.769872][T10913] RDX: 0000000000000094 RSI: 0000200000000600 RDI: 0000000000000003 [ 270.777840][T10913] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 270.785801][T10913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.793800][T10913] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 270.801802][T10913] [ 272.944731][T10945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2038'. [ 272.956520][T10946] netlink: 'syz.3.2038': attribute type 4 has an invalid length. [ 272.971285][T10946] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2038'. [ 272.980789][T10946] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 273.003424][T10947] netlink: 'syz.3.2038': attribute type 39 has an invalid length. [ 273.171716][T10954] FAULT_INJECTION: forcing a failure. [ 273.171716][T10954] name failslab, interval 1, probability 0, space 0, times 0 [ 273.191366][T10954] CPU: 0 PID: 10954 Comm: syz.1.2041 Not tainted syzkaller #0 [ 273.198871][T10954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 273.208922][T10954] Call Trace: [ 273.212192][T10954] [ 273.215111][T10954] dump_stack_lvl+0x16c/0x230 [ 273.219786][T10954] ? show_regs_print_info+0x20/0x20 [ 273.225058][T10954] ? load_image+0x3b0/0x3b0 [ 273.229552][T10954] ? __lock_acquire+0x7c80/0x7c80 [ 273.234571][T10954] should_fail_ex+0x39d/0x4d0 [ 273.239245][T10954] should_failslab+0x9/0x20 [ 273.243739][T10954] slab_pre_alloc_hook+0x59/0x310 [ 273.248755][T10954] ? sk_prot_alloc+0xe7/0x210 [ 273.253427][T10954] ? sk_prot_alloc+0xe7/0x210 [ 273.258090][T10954] __kmem_cache_alloc_node+0x53/0x260 [ 273.263545][T10954] ? sk_prot_alloc+0xe7/0x210 [ 273.268209][T10954] __kmalloc+0xa4/0x240 [ 273.272365][T10954] sk_prot_alloc+0xe7/0x210 [ 273.276854][T10954] ? sk_alloc+0x24/0x360 [ 273.281085][T10954] sk_alloc+0x3a/0x360 [ 273.285137][T10954] ? bpf_ctx_init+0x163/0x1a0 [ 273.289804][T10954] ? bpf_prog_test_run_skb+0x268/0x11c0 [ 273.295344][T10954] bpf_prog_test_run_skb+0x39a/0x11c0 [ 273.300710][T10954] ? __fget_files+0x28/0x4d0 [ 273.305299][T10954] ? cpu_online+0x60/0x60 [ 273.309620][T10954] bpf_prog_test_run+0x321/0x390 [ 273.314548][T10954] __sys_bpf+0x440/0x800 [ 273.318811][T10954] ? bpf_link_show_fdinfo+0x350/0x350 [ 273.324212][T10954] ? lock_chain_count+0x20/0x20 [ 273.329073][T10954] __x64_sys_bpf+0x7c/0x90 [ 273.333484][T10954] do_syscall_64+0x55/0xb0 [ 273.337891][T10954] ? clear_bhb_loop+0x40/0x90 [ 273.342555][T10954] ? clear_bhb_loop+0x40/0x90 [ 273.347217][T10954] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 273.353103][T10954] RIP: 0033:0x7f2dcd98ebe9 [ 273.357509][T10954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.377103][T10954] RSP: 002b:00007f2dce856038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 273.385521][T10954] RAX: ffffffffffffffda RBX: 00007f2dcdbc5fa0 RCX: 00007f2dcd98ebe9 [ 273.393568][T10954] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 273.401573][T10954] RBP: 00007f2dce856090 R08: 0000000000000000 R09: 0000000000000000 [ 273.409544][T10954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 273.417508][T10954] R13: 00007f2dcdbc6038 R14: 00007f2dcdbc5fa0 R15: 00007fff6eef3138 [ 273.425483][T10954] [ 273.721184][T10967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2048'. [ 273.795016][T10967] netlink: 'syz.0.2048': attribute type 4 has an invalid length. [ 273.803256][T10967] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2048'. [ 273.813011][T10967] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 273.855053][T10967] netlink: 'syz.0.2048': attribute type 39 has an invalid length. [ 273.997468][T10971] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.006749][T10971] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.036828][T10971] bridge0: entered allmulticast mode [ 274.437285][T10999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2061'. [ 274.450959][T10999] netlink: 'syz.3.2061': attribute type 4 has an invalid length. [ 274.458843][T10999] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2061'. [ 274.517774][T10999] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 274.535937][T11002] netlink: 'syz.3.2061': attribute type 39 has an invalid length. [ 275.051419][T11026] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2074'. [ 275.081685][T11026] netlink: 'syz.0.2074': attribute type 4 has an invalid length. [ 275.110213][T11026] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2074'. [ 275.143509][T11026] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 275.177052][T11027] netlink: 'syz.0.2074': attribute type 39 has an invalid length. [ 275.740116][T11054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2087'. [ 275.756000][T11054] netlink: 'syz.3.2087': attribute type 4 has an invalid length. [ 275.764502][T11054] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2087'. [ 275.775620][T11054] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 275.793619][T11054] netlink: 'syz.3.2087': attribute type 39 has an invalid length. [ 276.429708][T11076] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 276.913658][T11094] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 277.063774][T11094] syzkaller0: entered promiscuous mode [ 277.077974][T11094] syzkaller0: entered allmulticast mode [ 278.085439][T11120] FAULT_INJECTION: forcing a failure. [ 278.085439][T11120] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 278.098847][T11120] CPU: 1 PID: 11120 Comm: syz.3.2114 Not tainted syzkaller #0 [ 278.106349][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 278.116440][T11120] Call Trace: [ 278.119721][T11120] [ 278.122654][T11120] dump_stack_lvl+0x16c/0x230 [ 278.127335][T11120] ? shmem_get_folio_gfp+0x138c/0x2ac0 [ 278.132805][T11120] ? show_regs_print_info+0x20/0x20 [ 278.138006][T11120] ? load_image+0x3b0/0x3b0 [ 278.142551][T11120] ? shmem_get_folio_gfp+0x138c/0x2ac0 [ 278.148054][T11120] ? __lock_acquire+0x7c80/0x7c80 [ 278.153091][T11120] ? __rwlock_init+0x150/0x150 [ 278.157863][T11120] should_fail_ex+0x39d/0x4d0 [ 278.162577][T11120] copy_page_from_iter_atomic+0x2a2/0x1530 [ 278.168425][T11120] ? shmem_get_folio_gfp+0x2705/0x2ac0 [ 278.173924][T11120] ? iov_iter_zero+0x1120/0x1120 [ 278.178883][T11120] ? shmem_write_begin+0x1cf/0x420 [ 278.184026][T11120] generic_perform_write+0x350/0x5b0 [ 278.189379][T11120] ? generic_file_direct_write+0x3e0/0x3e0 [ 278.195195][T11120] ? down_write+0x162/0x1f0 [ 278.199717][T11120] ? file_update_time+0x98/0x1b0 [ 278.204659][T11120] shmem_file_write_iter+0xfb/0x120 [ 278.209862][T11120] vfs_write+0x43b/0x940 [ 278.214117][T11120] ? file_end_write+0x250/0x250 [ 278.218986][T11120] ? __fget_files+0x44a/0x4d0 [ 278.223677][T11120] ? __fdget_pos+0x2a3/0x330 [ 278.228268][T11120] ? ksys_write+0x75/0x250 [ 278.232691][T11120] ksys_write+0x147/0x250 [ 278.237026][T11120] ? __ia32_sys_read+0x90/0x90 [ 278.241793][T11120] ? lockdep_hardirqs_on+0x98/0x150 [ 278.246996][T11120] do_syscall_64+0x55/0xb0 [ 278.251410][T11120] ? clear_bhb_loop+0x40/0x90 [ 278.256083][T11120] ? clear_bhb_loop+0x40/0x90 [ 278.260780][T11120] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 278.266704][T11120] RIP: 0033:0x7fa4f058ebe9 [ 278.271126][T11120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.290757][T11120] RSP: 002b:00007fa4f14d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 278.299189][T11120] RAX: ffffffffffffffda RBX: 00007fa4f07c5fa0 RCX: 00007fa4f058ebe9 [ 278.307188][T11120] RDX: 0000000000040010 RSI: 0000200000000180 RDI: 000000000000000a [ 278.315173][T11120] RBP: 00007fa4f14d7090 R08: 0000000000000000 R09: 0000000000000000 [ 278.323150][T11120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.331122][T11120] R13: 00007fa4f07c6038 R14: 00007fa4f07c5fa0 R15: 00007fffa8be80f8 [ 278.339120][T11120] [ 279.410381][T11103] __nla_validate_parse: 4 callbacks suppressed [ 279.410397][T11103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2107'. [ 279.425924][T11104] validate_nla: 2 callbacks suppressed [ 279.425937][T11104] netlink: 'syz.1.2107': attribute type 4 has an invalid length. [ 279.449119][T11104] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2107'. [ 279.458385][T11104] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 279.475234][T11105] netlink: 'syz.1.2107': attribute type 39 has an invalid length. [ 279.499132][T11124] FAULT_INJECTION: forcing a failure. [ 279.499132][T11124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 279.512470][T11124] CPU: 0 PID: 11124 Comm: syz.3.2116 Not tainted syzkaller #0 [ 279.519956][T11124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 279.530029][T11124] Call Trace: [ 279.533329][T11124] [ 279.536286][T11124] dump_stack_lvl+0x16c/0x230 [ 279.541003][T11124] ? show_regs_print_info+0x20/0x20 [ 279.546237][T11124] ? load_image+0x3b0/0x3b0 [ 279.550740][T11124] ? __might_fault+0xaa/0x120 [ 279.555408][T11124] ? __lock_acquire+0x7c80/0x7c80 [ 279.560426][T11124] should_fail_ex+0x39d/0x4d0 [ 279.565101][T11124] _copy_to_user+0x2f/0xa0 [ 279.569517][T11124] wext_handle_ioctl+0x13e/0x1c0 [ 279.574456][T11124] ? call_commit_handler+0xf0/0xf0 [ 279.579572][T11124] sock_ioctl+0x160/0x7a0 [ 279.583900][T11124] ? sock_poll+0x3d0/0x3d0 [ 279.588322][T11124] ? bpf_lsm_file_ioctl+0x9/0x10 [ 279.593251][T11124] ? security_file_ioctl+0x80/0xa0 [ 279.598358][T11124] ? sock_poll+0x3d0/0x3d0 [ 279.602785][T11124] __se_sys_ioctl+0xfd/0x170 [ 279.607392][T11124] do_syscall_64+0x55/0xb0 [ 279.611810][T11124] ? clear_bhb_loop+0x40/0x90 [ 279.616482][T11124] ? clear_bhb_loop+0x40/0x90 [ 279.621152][T11124] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 279.627038][T11124] RIP: 0033:0x7fa4f058ebe9 [ 279.631465][T11124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 279.651063][T11124] RSP: 002b:00007fa4f14d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 279.659466][T11124] RAX: ffffffffffffffda RBX: 00007fa4f07c5fa0 RCX: 00007fa4f058ebe9 [ 279.667429][T11124] RDX: 0000200000000000 RSI: 0000000000008b15 RDI: 0000000000000005 [ 279.675416][T11124] RBP: 00007fa4f14d7090 R08: 0000000000000000 R09: 0000000000000000 [ 279.683390][T11124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 279.691356][T11124] R13: 00007fa4f07c6038 R14: 00007fa4f07c5fa0 R15: 00007fffa8be80f8 [ 279.699335][T11124] [ 280.335225][T11145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2125'. [ 280.362486][T11145] netlink: 'syz.2.2125': attribute type 4 has an invalid length. [ 280.378127][T11145] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2125'. [ 280.390258][T11145] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 280.415655][T11145] netlink: 'syz.2.2125': attribute type 39 has an invalid length. [ 280.715601][T11161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2128'. [ 280.746344][T11161] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2128'. [ 280.768738][T11161] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 280.952123][T11171] netlink: 'syz.3.2134': attribute type 9 has an invalid length. [ 280.965472][T11171] netlink: 76244 bytes leftover after parsing attributes in process `syz.3.2134'. [ 281.020663][T11156] syzkaller0: entered promiscuous mode [ 281.051395][T11156] syzkaller0: entered allmulticast mode [ 282.744471][T11176] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2138'. [ 282.762163][T11179] netlink: 'syz.3.2138': attribute type 4 has an invalid length. [ 282.770078][T11179] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2138'. [ 282.779598][T11179] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 282.795717][T11183] netlink: 'syz.3.2138': attribute type 39 has an invalid length. [ 283.021569][T11198] FAULT_INJECTION: forcing a failure. [ 283.021569][T11198] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 283.045954][T11198] CPU: 0 PID: 11198 Comm: syz.0.2146 Not tainted syzkaller #0 [ 283.053474][T11198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 283.063544][T11198] Call Trace: [ 283.066891][T11198] [ 283.070007][T11198] dump_stack_lvl+0x16c/0x230 [ 283.074704][T11198] ? show_regs_print_info+0x20/0x20 [ 283.079916][T11198] ? load_image+0x3b0/0x3b0 [ 283.084432][T11198] ? __lock_acquire+0x7c80/0x7c80 [ 283.089474][T11198] ? snprintf+0xdb/0x120 [ 283.093738][T11198] should_fail_ex+0x39d/0x4d0 [ 283.098440][T11198] _copy_to_user+0x2f/0xa0 [ 283.102875][T11198] simple_read_from_buffer+0xe7/0x150 [ 283.108270][T11198] proc_fail_nth_read+0x1e3/0x250 [ 283.113326][T11198] ? proc_fault_inject_write+0x340/0x340 [ 283.118985][T11198] ? fsnotify_perm+0x271/0x5e0 [ 283.123767][T11198] ? proc_fault_inject_write+0x340/0x340 [ 283.129417][T11198] vfs_read+0x27e/0x920 [ 283.133593][T11198] ? kernel_read+0x1e0/0x1e0 [ 283.138199][T11198] ? __fget_files+0x28/0x4d0 [ 283.142808][T11198] ? __fget_files+0x44a/0x4d0 [ 283.147516][T11198] ? __fdget_pos+0x2a3/0x330 [ 283.152118][T11198] ? ksys_read+0x75/0x250 [ 283.156464][T11198] ksys_read+0x147/0x250 [ 283.160727][T11198] ? vfs_write+0x940/0x940 [ 283.165164][T11198] ? lockdep_hardirqs_on+0x98/0x150 [ 283.170386][T11198] do_syscall_64+0x55/0xb0 [ 283.174820][T11198] ? clear_bhb_loop+0x40/0x90 [ 283.179517][T11198] ? clear_bhb_loop+0x40/0x90 [ 283.184217][T11198] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 283.190129][T11198] RIP: 0033:0x7ff51138d5fc [ 283.194559][T11198] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 283.214182][T11198] RSP: 002b:00007ff51212f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 283.222624][T11198] RAX: ffffffffffffffda RBX: 00007ff5115c5fa0 RCX: 00007ff51138d5fc [ 283.230615][T11198] RDX: 000000000000000f RSI: 00007ff51212f0a0 RDI: 0000000000000007 [ 283.238601][T11198] RBP: 00007ff51212f090 R08: 0000000000000000 R09: 0000000000000000 [ 283.246594][T11198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 283.254586][T11198] R13: 00007ff5115c6038 R14: 00007ff5115c5fa0 R15: 00007fffd3f0e298 [ 283.262595][T11198] [ 283.584262][T11212] netlink: 144 bytes leftover after parsing attributes in process `syz.1.2152'. [ 283.613044][T11208] netlink: 'syz.2.2151': attribute type 4 has an invalid length. [ 283.640841][T11208] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 283.701452][T11208] netlink: 'syz.2.2151': attribute type 39 has an invalid length. [ 284.492791][T11241] __nla_validate_parse: 2 callbacks suppressed [ 284.492808][T11241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2165'. [ 284.533892][T11241] netlink: 'syz.0.2165': attribute type 4 has an invalid length. [ 284.550049][T11241] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2165'. [ 284.574262][T11241] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 284.599882][T11241] netlink: 'syz.0.2165': attribute type 39 has an invalid length. [ 284.632656][T11253] netlink: 'syz.1.2169': attribute type 21 has an invalid length. [ 285.173729][T11273] netlink: 'syz.3.2178': attribute type 1 has an invalid length. [ 285.194746][T11273] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.2178'. [ 285.234595][T11278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2179'. [ 285.303346][T11273] team0: Port device team_slave_0 removed [ 285.310932][T11273] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 285.329666][T11278] netlink: 'syz.1.2179': attribute type 4 has an invalid length. [ 285.337940][T11278] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2179'. [ 285.352417][T11278] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 285.375339][T11281] netlink: 'syz.1.2179': attribute type 39 has an invalid length. [ 286.072866][T11308] FAULT_INJECTION: forcing a failure. [ 286.072866][T11308] name failslab, interval 1, probability 0, space 0, times 0 [ 286.085910][T11308] CPU: 0 PID: 11308 Comm: syz.2.2192 Not tainted syzkaller #0 [ 286.093401][T11308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 286.103477][T11308] Call Trace: [ 286.106766][T11308] [ 286.109700][T11308] dump_stack_lvl+0x16c/0x230 [ 286.114374][T11308] ? show_regs_print_info+0x20/0x20 [ 286.119569][T11308] ? load_image+0x3b0/0x3b0 [ 286.124064][T11308] ? __lock_acquire+0x7c80/0x7c80 [ 286.129095][T11308] should_fail_ex+0x39d/0x4d0 [ 286.133769][T11308] should_failslab+0x9/0x20 [ 286.138264][T11308] slab_pre_alloc_hook+0x59/0x310 [ 286.143279][T11308] ? sk_prot_alloc+0xe7/0x210 [ 286.147944][T11308] ? sk_prot_alloc+0xe7/0x210 [ 286.152609][T11308] __kmem_cache_alloc_node+0x53/0x260 [ 286.157976][T11308] ? sk_prot_alloc+0xe7/0x210 [ 286.162641][T11308] __kmalloc+0xa4/0x240 [ 286.166791][T11308] sk_prot_alloc+0xe7/0x210 [ 286.171285][T11308] ? sk_alloc+0x24/0x360 [ 286.175517][T11308] sk_alloc+0x3a/0x360 [ 286.179575][T11308] ? bpf_ctx_init+0x163/0x1a0 [ 286.184244][T11308] ? bpf_prog_test_run_skb+0x268/0x11c0 [ 286.189787][T11308] bpf_prog_test_run_skb+0x39a/0x11c0 [ 286.195155][T11308] ? __fget_files+0x28/0x4d0 [ 286.199930][T11308] ? cpu_online+0x60/0x60 [ 286.204358][T11308] bpf_prog_test_run+0x321/0x390 [ 286.209286][T11308] __sys_bpf+0x440/0x800 [ 286.213519][T11308] ? bpf_link_show_fdinfo+0x350/0x350 [ 286.218893][T11308] ? lock_chain_count+0x20/0x20 [ 286.223738][T11308] __x64_sys_bpf+0x7c/0x90 [ 286.228143][T11308] do_syscall_64+0x55/0xb0 [ 286.232545][T11308] ? clear_bhb_loop+0x40/0x90 [ 286.237209][T11308] ? clear_bhb_loop+0x40/0x90 [ 286.241875][T11308] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 286.247762][T11308] RIP: 0033:0x7f7edd58ebe9 [ 286.252168][T11308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.271764][T11308] RSP: 002b:00007f7ede3a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 286.280170][T11308] RAX: ffffffffffffffda RBX: 00007f7edd7c5fa0 RCX: 00007f7edd58ebe9 [ 286.288134][T11308] RDX: 0000000000000050 RSI: 0000200000000900 RDI: 000000000000000a [ 286.296095][T11308] RBP: 00007f7ede3a8090 R08: 0000000000000000 R09: 0000000000000000 [ 286.304060][T11308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.312021][T11308] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 286.319994][T11308] [ 286.362283][T11310] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2193'. [ 286.376283][T11310] netlink: 'syz.3.2193': attribute type 4 has an invalid length. [ 286.391321][T11310] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2193'. [ 286.400736][T11310] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 286.418190][T11310] netlink: 'syz.3.2193': attribute type 39 has an invalid length. [ 287.103487][T11346] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2208'. [ 287.140389][T11346] netlink: 'syz.2.2208': attribute type 4 has an invalid length. [ 287.157267][T11346] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2208'. [ 287.175609][T11346] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 287.198558][T11349] netlink: 'syz.2.2208': attribute type 39 has an invalid length. [ 287.827130][T11378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2222'. [ 287.842766][T11378] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 288.538532][T11407] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 289.241153][T11440] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 289.948623][T11469] __nla_validate_parse: 5 callbacks suppressed [ 289.948641][T11469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2264'. [ 289.986342][T11469] validate_nla: 6 callbacks suppressed [ 289.986355][T11469] netlink: 'syz.3.2264': attribute type 4 has an invalid length. [ 290.005304][T11469] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2264'. [ 290.038024][T11469] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 290.089535][T11476] netlink: 'syz.3.2264': attribute type 39 has an invalid length. [ 290.889795][T11504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2276'. [ 290.909128][T11504] netlink: 'syz.0.2276': attribute type 4 has an invalid length. [ 290.918816][T11504] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2276'. [ 290.931261][T11504] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 290.967658][T11504] netlink: 'syz.0.2276': attribute type 39 has an invalid length. [ 291.212436][T11520] pim6reg1: entered promiscuous mode [ 291.233778][T11520] pim6reg1: entered allmulticast mode [ 291.416387][T11520] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2283'. [ 291.425581][T11520] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2283'. [ 291.471703][T11522] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2283'. [ 291.484902][T11520] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2283'. [ 291.665176][T11535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2290'. [ 291.705399][T11535] netlink: 'syz.2.2290': attribute type 4 has an invalid length. [ 291.749158][T11535] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2290'. [ 291.766767][T11535] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 291.823792][T11540] netlink: 'syz.2.2290': attribute type 39 has an invalid length. [ 292.697714][T11569] netlink: 'syz.2.2303': attribute type 4 has an invalid length. [ 292.722697][T11569] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 292.788223][T11569] netlink: 'syz.2.2303': attribute type 39 has an invalid length. [ 293.012843][ T5783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 293.022726][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 293.039126][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 293.049535][ T5783] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 293.057436][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 293.068696][ T5783] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 293.614346][T11603] netlink: 'syz.0.2315': attribute type 4 has an invalid length. [ 293.622456][T11603] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 293.643819][T11579] chnl_net:caif_netlink_parms(): no params data found [ 293.663507][T11603] netlink: 'syz.0.2315': attribute type 39 has an invalid length. [ 293.802848][T11579] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.817160][T11579] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.824503][T11579] bridge_slave_0: entered allmulticast mode [ 293.833616][T11579] bridge_slave_0: entered promiscuous mode [ 293.848454][T11579] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.856439][T11579] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.865538][T11579] bridge_slave_1: entered allmulticast mode [ 293.873677][T11579] bridge_slave_1: entered promiscuous mode [ 293.922241][T11579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 293.936701][T11579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 294.005605][T11579] team0: Port device team_slave_0 added [ 294.016206][T11579] team0: Port device team_slave_1 added [ 294.088139][T11579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 294.098281][T11579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.125699][T11579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 294.139375][T11579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 294.156328][T11579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 294.199498][T11579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 294.296114][T11579] hsr_slave_0: entered promiscuous mode [ 294.344698][T11579] hsr_slave_1: entered promiscuous mode [ 294.355337][T11579] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 294.366205][T11579] Cannot create hsr debugfs directory [ 294.714409][T11579] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.744818][T11633] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 295.057545][T11646] FAULT_INJECTION: forcing a failure. [ 295.057545][T11646] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.084468][T11646] CPU: 1 PID: 11646 Comm: syz.1.2329 Not tainted syzkaller #0 [ 295.091976][T11646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 295.102039][T11646] Call Trace: [ 295.105322][T11646] [ 295.108270][T11646] dump_stack_lvl+0x16c/0x230 [ 295.112967][T11646] ? show_regs_print_info+0x20/0x20 [ 295.118172][T11646] ? load_image+0x3b0/0x3b0 [ 295.122690][T11646] ? __might_fault+0xaa/0x120 [ 295.127374][T11646] ? __lock_acquire+0x7c80/0x7c80 [ 295.132414][T11646] should_fail_ex+0x39d/0x4d0 [ 295.137114][T11646] _copy_from_iter+0x1d3/0x1290 [ 295.141977][T11646] ? slab_post_alloc_hook+0x8a/0x4d0 [ 295.147271][T11646] ? __virt_addr_valid+0x18c/0x540 [ 295.152396][T11646] ? __lock_acquire+0x7c80/0x7c80 [ 295.157430][T11646] ? rcu_is_watching+0x15/0xb0 [ 295.162210][T11646] ? copyout_mc+0x70/0x70 [ 295.166547][T11646] ? __virt_addr_valid+0x18c/0x540 [ 295.171668][T11646] ? __virt_addr_valid+0x18c/0x540 [ 295.176785][T11646] ? __virt_addr_valid+0x469/0x540 [ 295.181906][T11646] ? __check_object_size+0x506/0xa30 [ 295.187209][T11646] netlink_sendmsg+0x75c/0xbe0 [ 295.187476][ T5787] Bluetooth: hci1: command tx timeout [ 295.191980][T11646] ? netlink_getsockopt+0x580/0x580 [ 295.202705][T11646] ? aa_sock_msg_perm+0x94/0x150 [ 295.207664][T11646] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 295.212968][T11646] ? security_socket_sendmsg+0x80/0xa0 [ 295.218437][T11646] ? netlink_getsockopt+0x580/0x580 [ 295.223656][T11646] ____sys_sendmsg+0x5bf/0x950 [ 295.228443][T11646] ? __asan_memset+0x22/0x40 [ 295.233047][T11646] ? __sys_sendmsg_sock+0x30/0x30 [ 295.238084][T11646] ? __import_iovec+0x5f2/0x860 [ 295.242956][T11646] ? import_iovec+0x73/0xa0 [ 295.247473][T11646] ___sys_sendmsg+0x220/0x290 [ 295.252172][T11646] ? __sys_sendmsg+0x270/0x270 [ 295.256981][T11646] ? __lock_acquire+0x7c80/0x7c80 [ 295.262035][T11646] __se_sys_sendmsg+0x1a5/0x270 [ 295.266900][T11646] ? __x64_sys_sendmsg+0x80/0x80 [ 295.271860][T11646] ? lockdep_hardirqs_on+0x98/0x150 [ 295.277069][T11646] do_syscall_64+0x55/0xb0 [ 295.281490][T11646] ? clear_bhb_loop+0x40/0x90 [ 295.286174][T11646] ? clear_bhb_loop+0x40/0x90 [ 295.290857][T11646] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 295.296761][T11646] RIP: 0033:0x7f2dcd98ebe9 [ 295.301185][T11646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.320804][T11646] RSP: 002b:00007f2dce835038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 295.329228][T11646] RAX: ffffffffffffffda RBX: 00007f2dcdbc6090 RCX: 00007f2dcd98ebe9 [ 295.337208][T11646] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 295.345192][T11646] RBP: 00007f2dce835090 R08: 0000000000000000 R09: 0000000000000000 [ 295.353173][T11646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 295.361144][T11646] R13: 00007f2dcdbc6128 R14: 00007f2dcdbc6090 R15: 00007fff6eef3138 [ 295.369149][T11646] [ 295.400806][T11579] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.613162][T11579] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.711932][T11579] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.937508][T11665] __nla_validate_parse: 7 callbacks suppressed [ 295.937527][T11665] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2337'. [ 295.995819][T11665] validate_nla: 2 callbacks suppressed [ 295.995834][T11665] netlink: 'syz.2.2337': attribute type 4 has an invalid length. [ 296.019022][T11665] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2337'. [ 296.034615][T11665] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 296.064095][T11671] netlink: 'syz.2.2337': attribute type 39 has an invalid length. [ 296.083089][T11579] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 296.097516][T11579] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 296.120885][T11579] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 296.142425][T11579] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 296.372358][T11579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 296.405919][T11579] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.441726][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.449759][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.481863][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.489001][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.858432][T11708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2350'. [ 296.907254][T11708] netlink: 'syz.0.2350': attribute type 4 has an invalid length. [ 296.915031][T11708] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2350'. [ 296.924746][T11708] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 296.952929][T11708] netlink: 'syz.0.2350': attribute type 39 has an invalid length. [ 296.990245][T11579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.088625][T11579] veth0_vlan: entered promiscuous mode [ 297.103257][T11579] veth1_vlan: entered promiscuous mode [ 297.166382][T11579] veth0_macvtap: entered promiscuous mode [ 297.184928][T11579] veth1_macvtap: entered promiscuous mode [ 297.228749][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.254130][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.266548][ T5787] Bluetooth: hci1: command tx timeout [ 297.283996][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.294993][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.305721][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.319718][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.330081][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.343133][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.355412][T11579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.375570][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.405933][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.421449][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.432941][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.442841][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.454802][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.465183][T11579] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.491073][T11579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.504009][T11579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 297.522509][T11579] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.543396][T11579] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.553654][T11579] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.568239][T11579] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.738298][ T162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.758658][ T162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.793923][T11728] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2359'. [ 297.819718][T11728] netlink: 'syz.2.2359': attribute type 4 has an invalid length. [ 297.838882][T11728] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2359'. [ 297.848803][T11728] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 297.889040][T11728] netlink: 'syz.2.2359': attribute type 39 has an invalid length. [ 297.899609][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.915911][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.555731][T11755] netlink: 'syz.2.2368': attribute type 33 has an invalid length. [ 298.578381][T11755] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2368'. [ 298.814071][T11759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2370'. [ 298.848399][T11759] netlink: 'syz.2.2370': attribute type 4 has an invalid length. [ 298.866559][T11759] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2370'. [ 298.882647][T11759] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 298.902533][T11759] netlink: 'syz.2.2370': attribute type 39 has an invalid length. [ 299.346924][ T5787] Bluetooth: hci1: command tx timeout [ 299.575252][T11782] sit0: entered promiscuous mode [ 299.859422][T11789] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2384'. [ 299.885025][T11794] netlink: 'syz.3.2384': attribute type 4 has an invalid length. [ 299.916730][T11794] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 300.501613][T11820] FAULT_INJECTION: forcing a failure. [ 300.501613][T11820] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.535694][T11820] CPU: 1 PID: 11820 Comm: syz.2.2397 Not tainted syzkaller #0 [ 300.543264][T11820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 300.553385][T11820] Call Trace: [ 300.556782][T11820] [ 300.559737][T11820] dump_stack_lvl+0x16c/0x230 [ 300.564458][T11820] ? show_regs_print_info+0x20/0x20 [ 300.569687][T11820] ? load_image+0x3b0/0x3b0 [ 300.574226][T11820] ? __might_fault+0xaa/0x120 [ 300.578953][T11820] ? __lock_acquire+0x7c80/0x7c80 [ 300.584028][T11820] should_fail_ex+0x39d/0x4d0 [ 300.588785][T11820] _copy_from_user+0x2f/0xe0 [ 300.593441][T11820] __sys_bpf+0x1e9/0x800 [ 300.597747][T11820] ? bpf_link_show_fdinfo+0x350/0x350 [ 300.603221][T11820] ? lock_chain_count+0x20/0x20 [ 300.608248][T11820] __x64_sys_bpf+0x7c/0x90 [ 300.612719][T11820] do_syscall_64+0x55/0xb0 [ 300.617165][T11820] ? clear_bhb_loop+0x40/0x90 [ 300.621862][T11820] ? clear_bhb_loop+0x40/0x90 [ 300.626594][T11820] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 300.632532][T11820] RIP: 0033:0x7f7edd58ebe9 [ 300.637087][T11820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.656738][T11820] RSP: 002b:00007f7ede3a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 300.665183][T11820] RAX: ffffffffffffffda RBX: 00007f7edd7c5fa0 RCX: 00007f7edd58ebe9 [ 300.673211][T11820] RDX: 0000000000000010 RSI: 0000200000000300 RDI: 000000000000000f [ 300.681240][T11820] RBP: 00007f7ede3a8090 R08: 0000000000000000 R09: 0000000000000000 [ 300.689230][T11820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.697224][T11820] R13: 00007f7edd7c6038 R14: 00007f7edd7c5fa0 R15: 00007ffdb79d7ac8 [ 300.705283][T11820] [ 300.888016][T11826] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 301.426557][ T5787] Bluetooth: hci1: command tx timeout [ 301.441522][ T5780] cgroup: fork rejected by pids controller in /syz0 [ 301.565010][T11850] FAULT_INJECTION: forcing a failure. [ 301.565010][T11850] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.603079][T11850] CPU: 1 PID: 11850 Comm: syz.3.2410 Not tainted syzkaller #0 [ 301.610588][T11850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 301.620760][T11850] Call Trace: [ 301.624051][T11850] [ 301.626994][T11850] dump_stack_lvl+0x16c/0x230 [ 301.631701][T11850] ? show_regs_print_info+0x20/0x20 [ 301.636920][T11850] ? load_image+0x3b0/0x3b0 [ 301.641434][T11850] ? __might_fault+0xaa/0x120 [ 301.646124][T11850] ? __lock_acquire+0x7c80/0x7c80 [ 301.651161][T11850] should_fail_ex+0x39d/0x4d0 [ 301.655855][T11850] _copy_from_iter+0x1d3/0x1290 [ 301.660722][T11850] ? slab_post_alloc_hook+0x8a/0x4d0 [ 301.666029][T11850] ? __virt_addr_valid+0x18c/0x540 [ 301.671160][T11850] ? __lock_acquire+0x7c80/0x7c80 [ 301.676196][T11850] ? rcu_is_watching+0x15/0xb0 [ 301.680973][T11850] ? copyout_mc+0x70/0x70 [ 301.685410][T11850] ? __virt_addr_valid+0x18c/0x540 [ 301.690532][T11850] ? __virt_addr_valid+0x18c/0x540 [ 301.695656][T11850] ? __virt_addr_valid+0x469/0x540 [ 301.700816][T11850] ? __check_object_size+0x506/0xa30 [ 301.706136][T11850] netlink_sendmsg+0x75c/0xbe0 [ 301.710937][T11850] ? netlink_getsockopt+0x580/0x580 [ 301.716165][T11850] ? aa_sock_msg_perm+0x94/0x150 [ 301.721126][T11850] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 301.726429][T11850] ? security_socket_sendmsg+0x80/0xa0 [ 301.731901][T11850] ? netlink_getsockopt+0x580/0x580 [ 301.737117][T11850] ____sys_sendmsg+0x5bf/0x950 [ 301.741912][T11850] ? __asan_memset+0x22/0x40 [ 301.746512][T11850] ? __sys_sendmsg_sock+0x30/0x30 [ 301.751549][T11850] ? __import_iovec+0x5f2/0x860 [ 301.756433][T11850] ? import_iovec+0x73/0xa0 [ 301.760946][T11850] ___sys_sendmsg+0x220/0x290 [ 301.765634][T11850] ? __sys_sendmsg+0x270/0x270 [ 301.770407][T11850] ? __lock_acquire+0x7c80/0x7c80 [ 301.775438][T11850] __se_sys_sendmsg+0x1a5/0x270 [ 301.780283][T11850] ? __x64_sys_sendmsg+0x80/0x80 [ 301.785222][T11850] ? lockdep_hardirqs_on+0x98/0x150 [ 301.790414][T11850] do_syscall_64+0x55/0xb0 [ 301.794821][T11850] ? clear_bhb_loop+0x40/0x90 [ 301.799483][T11850] ? clear_bhb_loop+0x40/0x90 [ 301.804158][T11850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 301.810049][T11850] RIP: 0033:0x7fb9ed18ebe9 [ 301.814454][T11850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.834055][T11850] RSP: 002b:00007fb9edfd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 301.842461][T11850] RAX: ffffffffffffffda RBX: 00007fb9ed3c5fa0 RCX: 00007fb9ed18ebe9 [ 301.850419][T11850] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 301.858383][T11850] RBP: 00007fb9edfd7090 R08: 0000000000000000 R09: 0000000000000000 [ 301.866347][T11850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.874307][T11850] R13: 00007fb9ed3c6038 R14: 00007fb9ed3c5fa0 R15: 00007ffea837f958 [ 301.882279][T11850] [ 302.048124][ T5783] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 302.058539][ T5783] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 302.067483][ T5783] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 302.077088][ T5783] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 302.095320][ T5783] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 302.102882][ T5783] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 302.153310][T11857] __nla_validate_parse: 4 callbacks suppressed [ 302.153324][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2411'. [ 302.247129][T11857] validate_nla: 3 callbacks suppressed [ 302.247144][T11857] netlink: 'syz.2.2411': attribute type 4 has an invalid length. [ 302.292405][T11857] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2411'. [ 302.328082][T11857] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 302.360889][T11857] netlink: 'syz.2.2411': attribute type 39 has an invalid length. [ 302.793703][T11870] netlink: 'syz.3.2416': attribute type 21 has an invalid length. [ 302.871471][T11853] chnl_net:caif_netlink_parms(): no params data found [ 303.072036][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 303.087917][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 303.100672][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 303.121711][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 303.134712][T11853] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.134982][ T5787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 303.150764][T11853] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.158100][T11853] bridge_slave_0: entered allmulticast mode [ 303.164482][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 303.181613][T11853] bridge_slave_0: entered promiscuous mode [ 303.201496][T11853] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.211311][T11853] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.219510][T11853] bridge_slave_1: entered allmulticast mode [ 303.229656][T11853] bridge_slave_1: entered promiscuous mode [ 303.318761][T11853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.380017][T11853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.480921][T11853] team0: Port device team_slave_0 added [ 303.495669][T11891] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2422'. [ 303.511836][T11891] netlink: 'syz.2.2422': attribute type 4 has an invalid length. [ 303.520074][T11891] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2422'. [ 303.529513][T11891] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 303.551856][T11853] team0: Port device team_slave_1 added [ 303.605202][ T11] [ 303.607572][ T11] ====================================================== [ 303.614574][ T11] WARNING: possible circular locking dependency detected [ 303.621585][ T11] syzkaller #0 Not tainted [ 303.625991][ T11] ------------------------------------------------------ [ 303.632985][ T11] kworker/u4:0/11 is trying to acquire lock: [ 303.638946][ T11] ffff88802bc64d00 (team->team_lock_key#2){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0 [ 303.648507][ T11] [ 303.648507][ T11] but task is already holding lock: [ 303.655851][ T11] ffff88807bc40768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680 [ 303.666193][ T11] [ 303.666193][ T11] which lock already depends on the new lock. [ 303.666193][ T11] [ 303.676588][ T11] [ 303.676588][ T11] the existing dependency chain (in reverse order) is: [ 303.685674][ T11] [ 303.685674][ T11] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}: [ 303.693395][ T11] __mutex_lock+0x129/0xcc0 [ 303.698411][ T11] ieee80211_open+0x144/0x200 [ 303.703597][ T11] __dev_open+0x2bc/0x430 [ 303.708449][ T11] dev_open+0xab/0x170 [ 303.713027][ T11] team_add_slave+0xae7/0x2660 [ 303.718293][ T11] do_setlink+0xe14/0x3fb0 [ 303.723216][ T11] rtnl_newlink+0x175b/0x2020 [ 303.728405][ T11] rtnetlink_rcv_msg+0x7c7/0xf10 [ 303.733859][ T11] netlink_rcv_skb+0x216/0x480 [ 303.739128][ T11] netlink_unicast+0x751/0x8d0 [ 303.744394][ T11] netlink_sendmsg+0x8c1/0xbe0 [ 303.749663][ T11] ____sys_sendmsg+0x5bf/0x950 [ 303.754943][ T11] ___sys_sendmsg+0x220/0x290 [ 303.760126][ T11] __se_sys_sendmsg+0x1a5/0x270 [ 303.765494][ T11] do_syscall_64+0x55/0xb0 [ 303.770415][ T11] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 303.776823][ T11] [ 303.776823][ T11] -> #0 (team->team_lock_key#2){+.+.}-{3:3}: [ 303.784979][ T11] __lock_acquire+0x2ddb/0x7c80 [ 303.790337][ T11] lock_acquire+0x197/0x410 [ 303.795343][ T11] __mutex_lock+0x129/0xcc0 [ 303.800352][ T11] team_del_slave+0x32/0x1c0 [ 303.805445][ T11] team_device_event+0x28d/0xa20 [ 303.810901][ T11] notifier_call_chain+0x197/0x390 [ 303.816541][ T11] unregister_netdevice_many_notify+0xf36/0x1810 [ 303.823374][ T11] unregister_netdevice_queue+0x324/0x360 [ 303.829598][ T11] _cfg80211_unregister_wdev+0x16b/0x580 [ 303.835738][ T11] ieee80211_remove_interfaces+0x496/0x680 [ 303.842050][ T11] ieee80211_unregister_hw+0x5d/0x2a0 [ 303.847933][ T11] mac80211_hwsim_del_radio+0x274/0x450 [ 303.853992][ T11] hwsim_exit_net+0x585/0x640 [ 303.859173][ T11] cleanup_net+0x6f4/0xb90 [ 303.864096][ T11] process_scheduled_works+0xa45/0x15b0 [ 303.870145][ T11] worker_thread+0xa55/0xfc0 [ 303.875244][ T11] kthread+0x2fa/0x390 [ 303.879815][ T11] ret_from_fork+0x48/0x80 [ 303.884738][ T11] ret_from_fork_asm+0x11/0x20 [ 303.890009][ T11] [ 303.890009][ T11] other info that might help us debug this: [ 303.890009][ T11] [ 303.900240][ T11] Possible unsafe locking scenario: [ 303.900240][ T11] [ 303.907690][ T11] CPU0 CPU1 [ 303.913042][ T11] ---- ---- [ 303.918397][ T11] lock(&rdev->wiphy.mtx); [ 303.922889][ T11] lock(team->team_lock_key#2); [ 303.930338][ T11] lock(&rdev->wiphy.mtx); [ 303.937346][ T11] lock(team->team_lock_key#2); [ 303.942273][ T11] [ 303.942273][ T11] *** DEADLOCK *** [ 303.942273][ T11] [ 303.950395][ T11] 5 locks held by kworker/u4:0/11: [ 303.955487][ T11] #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 303.966350][ T11] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 303.976860][ T11] #2: ffffffff8dfaf510 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x136/0xb90 [ 303.986252][ T11] #3: ffffffff8dfbc348 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0 [ 303.996090][ T11] #4: ffff88807bc40768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680 [ 304.006962][ T11] [ 304.006962][ T11] stack backtrace: [ 304.012831][ T11] CPU: 0 PID: 11 Comm: kworker/u4:0 Not tainted syzkaller #0 [ 304.020187][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 304.030226][ T11] Workqueue: netns cleanup_net [ 304.034986][ T11] Call Trace: [ 304.038252][ T11] [ 304.041170][ T11] dump_stack_lvl+0x16c/0x230 [ 304.045836][ T11] ? load_image+0x3b0/0x3b0 [ 304.050325][ T11] ? show_regs_print_info+0x20/0x20 [ 304.055599][ T11] ? print_circular_bug+0x12b/0x1a0 [ 304.060787][ T11] check_noncircular+0x2bd/0x3c0 [ 304.065712][ T11] ? print_deadlock_bug+0x5d0/0x5d0 [ 304.070895][ T11] ? lockdep_lock+0xe0/0x220 [ 304.075480][ T11] ? _find_first_zero_bit+0xd3/0x100 [ 304.080755][ T11] __lock_acquire+0x2ddb/0x7c80 [ 304.085601][ T11] ? verify_lock_unused+0x140/0x140 [ 304.090788][ T11] ? verify_lock_unused+0x140/0x140 [ 304.095978][ T11] lock_acquire+0x197/0x410 [ 304.100480][ T11] ? team_del_slave+0x32/0x1c0 [ 304.105229][ T11] ? __might_sleep+0xe0/0xe0 [ 304.109808][ T11] ? read_lock_is_recursive+0x20/0x20 [ 304.115166][ T11] __mutex_lock+0x129/0xcc0 [ 304.119656][ T11] ? team_del_slave+0x32/0x1c0 [ 304.124403][ T11] ? __lock_acquire+0x7c80/0x7c80 [ 304.129414][ T11] ? rcu_is_watching+0x15/0xb0 [ 304.134166][ T11] ? trace_contention_end+0x39/0xe0 [ 304.139352][ T11] ? __mutex_lock+0x304/0xcc0 [ 304.144021][ T11] ? team_del_slave+0x32/0x1c0 [ 304.148769][ T11] ? mutex_lock_nested+0x20/0x20 [ 304.153691][ T11] ? bond_netdev_event+0xe1/0xef0 [ 304.158708][ T11] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 304.164329][ T11] ? bond_ipsec_offload_ok+0x410/0x410 [ 304.169780][ T11] team_del_slave+0x32/0x1c0 [ 304.174357][ T11] team_device_event+0x28d/0xa20 [ 304.179281][ T11] notifier_call_chain+0x197/0x390 [ 304.184380][ T11] unregister_netdevice_many_notify+0xf36/0x1810 [ 304.190703][ T11] ? lock_chain_count+0x20/0x20 [ 304.195543][ T11] ? unregister_netdevice_many+0x20/0x20 [ 304.201163][ T11] ? kernfs_remove_by_name_ns+0x117/0x150 [ 304.206871][ T11] ? __lock_acquire+0x7c80/0x7c80 [ 304.211883][ T11] unregister_netdevice_queue+0x324/0x360 [ 304.217592][ T11] ? list_netdevice+0x730/0x730 [ 304.222432][ T11] ? kernfs_remove_by_name_ns+0x117/0x150 [ 304.228141][ T11] _cfg80211_unregister_wdev+0x16b/0x580 [ 304.233765][ T11] ieee80211_remove_interfaces+0x496/0x680 [ 304.239562][ T11] ? ieee80211_do_stop+0x1db0/0x1db0 [ 304.244835][ T11] ? rcu_is_watching+0x15/0xb0 [ 304.249598][ T11] ieee80211_unregister_hw+0x5d/0x2a0 [ 304.254961][ T11] mac80211_hwsim_del_radio+0x274/0x450 [ 304.260496][ T11] ? rhashtable_remove_fast+0xbf0/0xbf0 [ 304.266035][ T11] hwsim_exit_net+0x585/0x640 [ 304.270700][ T11] ? hwsim_init_net+0x90/0x90 [ 304.275366][ T11] ? __ip_vs_dev_cleanup_batch+0x238/0x250 [ 304.281190][ T11] cleanup_net+0x6f4/0xb90 [ 304.285605][ T11] ? ops_free_list+0x3b0/0x3b0 [ 304.290355][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 304.295541][ T11] ? process_scheduled_works+0x957/0x15b0 [ 304.301248][ T11] ? process_scheduled_works+0x957/0x15b0 [ 304.306950][ T11] process_scheduled_works+0xa45/0x15b0 [ 304.312493][ T11] ? assign_work+0x400/0x400 [ 304.317070][ T11] ? assign_work+0x39e/0x400 [ 304.321646][ T11] worker_thread+0xa55/0xfc0 [ 304.326232][ T11] kthread+0x2fa/0x390 [ 304.330282][ T11] ? pr_cont_work+0x560/0x560 [ 304.334945][ T11] ? kthread_blkcg+0xd0/0xd0 [ 304.339517][ T11] ret_from_fork+0x48/0x80 [ 304.343916][ T11] ? kthread_blkcg+0xd0/0xd0 [ 304.348487][ T11] ret_from_fork_asm+0x11/0x20 [ 304.353248][ T11] [ 304.358654][ T5783] Bluetooth: hci0: command tx timeout [ 304.374135][ T11] team0: Port device wlan1 removed [ 304.383322][T11891] netlink: 'syz.2.2422': attribute type 39 has an invalid length. [ 304.418610][T11853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.425799][T11853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.452234][T11853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.464391][T11853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.478128][T11853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.505639][T11853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 304.564641][T11853] hsr_slave_0: entered promiscuous mode [ 304.571849][T11853] hsr_slave_1: entered promiscuous mode [ 304.582430][T11853] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 304.590474][T11853] Cannot create hsr debugfs directory [ 304.611362][ T11] hsr_slave_0: left promiscuous mode [ 304.617687][ T11] hsr_slave_1: left promiscuous mode [ 304.623443][ T11] batman_adv: batadv0: Removing interface: team0 [ 304.631581][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.639992][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.647648][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.655049][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.662823][ T11] bridge_slave_1: left allmulticast mode [ 304.668489][ T11] bridge_slave_1: left promiscuous mode [ 304.674122][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.682250][ T11] bridge_slave_0: left allmulticast mode [ 304.688007][ T11] bridge_slave_0: left promiscuous mode [ 304.693678][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.704140][ T11] veth1_macvtap: left promiscuous mode [ 304.709899][ T11] veth0_macvtap: left promiscuous mode [ 304.715463][ T11] veth1_vlan: left promiscuous mode [ 304.720931][ T11] veth0_vlan: left promiscuous mode [ 305.268652][ T5783] Bluetooth: hci2: command tx timeout [ 306.225036][ T11] team0 (unregistering): Port device team_slave_1 removed [ 306.277274][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.301805][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.386313][ T5783] Bluetooth: hci0: command tx timeout [ 306.467414][ T11] bond0 (unregistering): Released all slaves [ 306.654626][T11853] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.675480][T11882] chnl_net:caif_netlink_parms(): no params data found [ 306.719273][T11853] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.754042][T11882] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.761404][T11882] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.768750][T11882] bridge_slave_0: entered allmulticast mode [ 306.775327][T11882] bridge_slave_0: entered promiscuous mode [ 306.796586][T11853] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.811958][T11882] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.819370][T11882] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.827190][T11882] bridge_slave_1: entered allmulticast mode [ 306.833862][T11882] bridge_slave_1: entered promiscuous mode [ 306.862330][T11882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.876523][T11853] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.891647][T11882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.917944][T11882] team0: Port device team_slave_0 added [ 306.928946][T11882] team0: Port device team_slave_1 added [ 306.967345][T11882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 306.974310][T11882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.000734][T11882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.013122][T11882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.020479][T11882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.049210][T11882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.096509][T11882] hsr_slave_0: entered promiscuous mode [ 307.102671][T11882] hsr_slave_1: entered promiscuous mode [ 307.110811][T11882] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.118576][T11882] Cannot create hsr debugfs directory [ 307.129814][T11853] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 307.147182][T11853] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 307.160045][T11853] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 307.175702][T11853] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 307.245332][T11882] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.289876][T11853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.305490][T11882] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.329205][T11853] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.339925][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.347084][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 307.354464][ T5783] Bluetooth: hci2: command tx timeout [ 307.363226][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.370376][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.391633][T11882] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.464919][T11882] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.529583][T11853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.582549][T11853] veth0_vlan: entered promiscuous mode [ 307.593607][T11853] veth1_vlan: entered promiscuous mode [ 307.621337][T11882] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 307.632050][T11882] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 307.641797][T11882] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 307.650926][T11882] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 307.667947][T11853] veth0_macvtap: entered promiscuous mode [ 307.681885][T11853] veth1_macvtap: entered promiscuous mode [ 307.703848][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 307.714536][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.725421][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 307.737671][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.748525][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 307.759286][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.769499][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 307.779934][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.790918][T11853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 307.804010][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 307.815380][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.826017][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 307.836748][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.849646][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 307.860135][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.870306][T11853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 307.880876][T11853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.891774][T11853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 307.904444][T11853] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.913263][T11853] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.922209][T11853] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.932170][T11853] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.979976][T11853] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 308.009080][T11882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.017975][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.019174][T11853] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 308.026057][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.048033][T11882] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.071302][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.078485][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.094214][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.095853][ T162] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.102986][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.109210][ T162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.239968][T11882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 308.272720][T11882] veth0_vlan: entered promiscuous mode [ 308.283036][T11882] veth1_vlan: entered promiscuous mode [ 308.304263][T11882] veth0_macvtap: entered promiscuous mode [ 308.314671][T11882] veth1_macvtap: entered promiscuous mode [ 308.329419][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.339998][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.349987][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.360469][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.370463][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.381017][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.391163][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.403076][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.412972][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.423702][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.434582][T11882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 308.447047][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.458429][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.468723][ T5783] Bluetooth: hci0: command tx timeout [ 308.469226][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.487362][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.497462][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.508247][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.518399][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.529526][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.539439][T11882] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.550768][T11882] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.561742][T11882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 308.573291][T11882] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.582793][T11882] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.591696][T11882] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.601247][T11882] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.639855][T11882] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' [ 308.664335][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.667551][T11882] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 308.679077][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.699301][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.708003][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.427418][ T5783] Bluetooth: hci2: command tx timeout [ 310.546326][ T5783] Bluetooth: hci0: command tx timeout [ 311.506320][ T5783] Bluetooth: hci2: command tx timeout