last executing test programs: 59.296417646s ago: executing program 1 (id=2235): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x50) 59.15991978s ago: executing program 1 (id=2237): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x3, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$PROG_LOAD(0x5, 0x0, 0x0) 59.073964723s ago: executing program 1 (id=2239): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0xffffffffffffffff, 0x12) 58.947676587s ago: executing program 1 (id=2241): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0xe, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc1, 0x5, 0x0, 0x0, 0x0, 0x8, 0x20089, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x1013c4, 0x33, 0x0, 0x304a1c9621a140f8, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000001380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x4009) sendmsg$inet(r1, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x8000) close(r0) 58.781969743s ago: executing program 1 (id=2243): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB='\n\x00\x00'], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x400c844) close(0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7}]}, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 58.58315396s ago: executing program 1 (id=2245): bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002140)={@fallback, 0x10, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711817000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x1004006, 0x5}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r2}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000001740), 0x2, r2}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x10, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711216000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r1}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r3}, 0x38) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85000000070000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x9, '\x00', 0x0, r4, 0x2}, 0x50) socketpair$nbd(0x1, 0x1, 0x0, 0x0) close(r5) socketpair$unix(0x1, 0x1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r6, &(0x7f00000000c0)="ad", &(0x7f0000000000)=""/3, 0x2}, 0x20) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001bc0)={r4, 0x20, &(0x7f0000001b80)={&(0x7f0000000a80)=""/4096, 0x1000, 0x0, &(0x7f0000001a80)=""/247, 0xf7}}, 0x10) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r7, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)='%pB \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r8}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x4e, &(0x7f00000000c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000200), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) 43.407697023s ago: executing program 32 (id=2245): bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002140)={@fallback, 0x10, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000010000000000000000000000711817000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x1004006, 0x5}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r2}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000001740), 0x2, r2}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x10, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711216000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r1}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r3}, 0x38) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85000000070000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x9, '\x00', 0x0, r4, 0x2}, 0x50) socketpair$nbd(0x1, 0x1, 0x0, 0x0) close(r5) socketpair$unix(0x1, 0x1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r6, &(0x7f00000000c0)="ad", &(0x7f0000000000)=""/3, 0x2}, 0x20) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001bc0)={r4, 0x20, &(0x7f0000001b80)={&(0x7f0000000a80)=""/4096, 0x1000, 0x0, &(0x7f0000001a80)=""/247, 0xf7}}, 0x10) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r7, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)='%pB \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r8}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x4e, &(0x7f00000000c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000200), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) 32.160454652s ago: executing program 3 (id=2290): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85823d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2ba9c29faa38c409d32b6b7d6cf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e933119c5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fa62fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120bed64069dcf82d3e5e0361e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a1000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c607ef50a991c410f7c60e45b5c193f813a36d841165b91b5e170f6ba24558df57145eb8142a6ed87c6d5cbae3e52d569996604669a6e9ca1a3689c795970b4bcd00881faff52a6766fafa07ed7d4a49f47d34fd76a394adcb33a270b6a14e74bca7c2ea92dd845d3f774fde1bbea911c1ea76d52f7912e2597e6a33380647ed44956730b5b84662b8e659124379c0d86b1d28fdfa3cd2013103e3048c4ad4f5a4dcd133b2fc8fae3b51e4433cee7c08e67c7d7ed4432045e10f8718e5c163b1704fa2c707b61a1a9f63edfceff1a0cd7baf4a15b2fd607a09d398d73243bdcc664fbd5f582e48af2a18b02f0184a7bdd95ac78241e6749e74b152702333c56588375f806f10578eaae329c4f8dfb83e5524e2c9aa59ce7828bd1f146b2a4150fb2a8ced08e2ffac81e921e8a6f0071361a0acdbd125fb5f5e9ffe98e38508582a496afd30ca460dbfca77915a18b7b9ef6c1d6e13bc12fe43063cfecfafb05bf2339ad61533fbf3e410b403182742fa2d40c402cb83c2fef46a36f17c1abf97b0e2d114bd1472ab4207aa060f9e5d91c4a4911b1a1df47b858be141ab3386f26f561df35678489dc1b9f10eee1b2ab3dfdaedd7e06ff8a127f1743fcb32d7f80d40aebc1ea72edc348f5f9ba4bace97db948c24c679c74cd4336a7233d836082bb0e8b013bd1ee3612cd43cd2a3cb83754bb3408"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x8, 0x1000000}, 0xfffffedf, 0x10, &(0x7f0000000040), 0xeafcf7e0, 0x0, 0xffffffffffffffff, 0xd}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r0, 0x4) sendmsg$unix(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000580)="b324", 0x2}], 0x1, 0x0, 0x0, 0x800}, 0x40044) 31.980531529s ago: executing program 3 (id=2292): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000300), 0x75, r4}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000380)=r5) write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 29.140065954s ago: executing program 3 (id=2303): perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0xecc}, 0x0, 0x2d63}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0xa0800, 0x0) perf_event_open(0x0, 0x0, 0xa, 0xffffffffffffffff, 0x8) close(0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x17, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000bb000000bf09000000000000550901000074f6967d00000000000000180100002020702500000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 28.904042702s ago: executing program 3 (id=2307): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd, 0xd, 0x3, [@datasec={0xa, 0x0, 0x0, 0xf, 0x1, [], "d8"}]}, {0x0, [0x3e]}}, 0x0, 0x2b, 0x0, 0x0, 0xffffffff, 0x10000}, 0x28) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, 0x0}, 0x20) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000c40)={0xffffffffffffffff, &(0x7f0000000a80)="d88638d30bf47fa21f9aeb084dd5f6123baa2501f222dc32c6d64d619c4e93c7763da3e00aff6e47346eb9462d660e6e3d3051178a482d85874ce29462cd41b960bf7c2b357961aa3c99c3ee9870713aaf9e541736def4848568ae5f414833f8dd75cb4ff33439067b9c80a1c71ffdf105d6c56d2932e6faf1753a2a898a9f13c9e5cd3690210cc4e7f02ddb599d63f46f65839c42", &(0x7f0000000b40)=""/209}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xd, 0x7, 0x4, 0x1, 0x0, r2}, 0x50) r3 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@cgroup, 0xffffffffffffffff, 0x24, 0x0, 0x0, @void, @value=r3}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x65, 0x1, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x80000000000, 0x6}, 0xb0c, 0x0, 0xffff, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 28.335866802s ago: executing program 0 (id=2314): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)=r3}, 0x20) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000380)=r6) write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 27.692330283s ago: executing program 3 (id=2317): openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='memory.oom.group\x00', 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1ff, 0x0, 0xa8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) 27.376787113s ago: executing program 3 (id=2319): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18029a344e40ba6da7a1000008000000850000002c0000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0xfffffffd, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r3) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800004000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) close(0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x11, 0x96, 0x0, &(0x7f00000004c0)="a0d0599774e458062246043ca4835b0400df860f82081bce7ebf93d74e0f95e553934f6ebb65b8ac4c86c3f9ad463e847f162a673c9bde2ee6fd992e61f0215f1ac0e8a4ad04d0ab1493ea64968ab414cd47410c0abd40c99e19e1beb5a0fa3e45c4fa46978b2b9e99bc8bfc272f0f1febc6d25d21ee48ef99685961152b4dd93e08a1e281da8536b2aa5afda72e3db4bfaa6056012e", 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xa3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000340)={0x0, 0x0}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000080)={'pim6reg0\x00', @random="40a0382961e2"}) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={@fallback, 0x5, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1200000007000000040000000200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000003ac88fb441f002fba3b4793731210c54fb1d1cce32172b7e0676261f206eec8da5a046abcea14ee7b377630936899164"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r8}, &(0x7f0000000300), &(0x7f0000000140)=r7}, 0x20) perf_event_open(&(0x7f0000001340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x10020, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x8e1f, 0xa2a}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xff}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 24.011853247s ago: executing program 0 (id=2322): bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x4000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x100000, 0x0, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x1}, 0x40, 0x0, 0x0, 0x5, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="0004f678ec630000000066"], 0xd) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x8202) 21.440252944s ago: executing program 0 (id=2327): bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x16, 0x13, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x3, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r1}, 0xc) socketpair(0x1, 0x1, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xa, 0x4, &(0x7f0000000040)=ANY=[], 0x0}, 0x94) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) 21.383952776s ago: executing program 0 (id=2328): r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x3, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_clone(0x40100000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000fffffff700000000faffffff8500000005"], 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 16.222027021s ago: executing program 0 (id=2339): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%-5lx \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r1}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000640)=@framed={{}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffd}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 15.983620168s ago: executing program 0 (id=2341): perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000600)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b00)={0x1b, 0x0, 0x0, 0x739b, 0x0, 0x1, 0xfffffffb, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x5}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x10, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3}, 0x50) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a089, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x2018, 0x0, 0x0, 0x8, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_clone(0x62005000, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000540)=ANY=[@ANYBLOB="1806000000000400000000000000000018120000", @ANYRES32, @ANYBLOB="004d11c4673744a1791268aa99f04100000000000000b703000000000000850000000c000000b7070000000000001801007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000012000085000000060000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/28], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, &(0x7f0000000080)="2e7b8acc3fe41f8c8c", 0x0, 0x3, 0x0, 0x7}, 0x50) perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000f75ffffff0e000000000000000300000007000000030000ca75ffffff00000000000000002e"], 0x0, 0x46}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000}, 0x38) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0600000004000000090000000800000000000000", @ANYRES32, @ANYBLOB="0000001a00"/20, @ANYRES32=0x0, @ANYRES32], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000680)={@fallback=r0, r4, 0x10, 0x10, r2, @void, @value=r1}, 0x20) r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) syz_clone(0x41980100, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x8, 0x1}, 0x50) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001680)={r6, &(0x7f0000001500), &(0x7f00000015c0)=""/133}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000c00)=ANY=[], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r7 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, 0xffffffffffffffff) 4.290177374s ago: executing program 4 (id=2365): openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='memory.oom.group\x00', 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1ff, 0x0, 0xa8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) 4.081395981s ago: executing program 2 (id=2366): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7daa000000000000711005000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x94) 4.081101441s ago: executing program 2 (id=2367): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x702, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x94e4, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xfffffffa, 0x4, @perf_bp={0x0, 0x6}, 0x19987, 0x201, 0x5, 0xb, 0x6, 0x904813a5, 0x14, 0x0, 0x1, 0x0, 0xffffffffffff0000}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f0, &(0x7f0000000080)) 3.932626716s ago: executing program 4 (id=2368): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) close(0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18, 0x4000000}, 0x0) close(0x4) 3.868124437s ago: executing program 2 (id=2369): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="0131014010ff"}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000085200000ffffffff9500000000000000d80fed16e80662f868a2fdb9326673f6154cde6df86be92ebf9f0437b1a0eac1d41f517344f1f99d3657c9900d7b65868435e6ead9f4f2d88d977e1f9d6736737641b3048ce6d22bebcc721609f5e0bc8e8c408f8889d6ddfdffd2406bbaa6e6230b124e5709b379fba167cf89971d00b1ff1d67ae0ddab86893025b1a257c998ef870c2ebef7aa9ba6ba5a9de7e1c04fe6b7436d1f0955d4fa2f1330149e03ad03d7c35d565d22f9cf85a153694d38a54c3d02abb66d9bb20a6e6af11cf1e8341a3f7f5917b2a2a22ff25231554856178151da94f78e5350be92fd5618276cb4ede18c2c3f6f7870188"], &(0x7f0000000280)='GPL\x00', 0x3, 0xf2, &(0x7f0000000a40)=""/242}, 0x94) ioctl$TUNSETIFF(r2, 0x400454ca, 0x0) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000040)={0x0, 0x0}) mkdir(0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x100}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0xe9, 0x4, 0x0, 0x4, 0x0, 0x3, 0x41, 0x9, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xf, 0x1, @perf_bp={0x0, 0xe}, 0x2, 0x8000, 0x6, 0x8, 0x81, 0x4, 0xf3, 0x0, 0xffffffbd, 0x0, 0x400000000002}, 0x0, 0xe, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) 3.703021293s ago: executing program 4 (id=2370): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0xff, 0x5, 0x7f, 0x1, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x62a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000580)='ns/pid_for_children\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='memory.stat\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0xc}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 2.759391442s ago: executing program 4 (id=2371): openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x14, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB='1-2:'], 0x31) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) r6 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f00000001c0)='(pu&\"&\t&&') ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'sit0\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000e00)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @ptr={0xd, 0x0, 0x0, 0x2, 0x1}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000"], 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000000000130000000000000000850000009b000000180100002020702500000000002020247b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000080)='GPL\x00'}, 0x94) 1.774621943s ago: executing program 4 (id=2372): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfe103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x4, 0x8}, 0x2000, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.774366234s ago: executing program 2 (id=2373): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000001800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001860000000000000e9ff00000400000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.669557837s ago: executing program 2 (id=2374): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2e}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.5680352s ago: executing program 2 (id=2375): socketpair$tipc(0x1e, 0x4, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000080)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETFILTEREBPF(r3, 0x800454e1, &(0x7f0000000380)=r5) write$cgroup_devices(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 10.30775ms ago: executing program 33 (id=2341): perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000600)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b00)={0x1b, 0x0, 0x0, 0x739b, 0x0, 0x1, 0xfffffffb, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x5}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x10, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3}, 0x50) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a089, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x2018, 0x0, 0x0, 0x8, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) syz_clone(0x62005000, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000540)=ANY=[@ANYBLOB="1806000000000400000000000000000018120000", @ANYRES32, @ANYBLOB="004d11c4673744a1791268aa99f04100000000000000b703000000000000850000000c000000b7070000000000001801007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000012000085000000060000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/28], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, &(0x7f0000000080)="2e7b8acc3fe41f8c8c", 0x0, 0x3, 0x0, 0x7}, 0x50) perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x2, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000f75ffffff0e000000000000000300000007000000030000ca75ffffff00000000000000002e"], 0x0, 0x46}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000}, 0x38) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0600000004000000090000000800000000000000", @ANYRES32, @ANYBLOB="0000001a00"/20, @ANYRES32=0x0, @ANYRES32], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000680)={@fallback=r0, r4, 0x10, 0x10, r2, @void, @value=r1}, 0x20) r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) syz_clone(0x41980100, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x8, 0x1}, 0x50) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001680)={r6, &(0x7f0000001500), &(0x7f00000015c0)=""/133}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000c00)=ANY=[], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r7 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, 0xffffffffffffffff) 0s ago: executing program 4 (id=2377): r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, 0x0, &(0x7f0000000200)='GPL\x00', 0x7, 0xa4, &(0x7f0000000000)=""/164}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000800)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000880), 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) kernel console output (not intermixed with test programs): has an invalid length. [ 329.205749][ T8980] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1056'. [ 334.262198][ T8997] netlink: 'syz.0.1062': attribute type 3 has an invalid length. [ 334.270225][ T8997] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1062'. [ 334.389325][ T9018] netlink: 'syz.1.1069': attribute type 46 has an invalid length. [ 335.134875][ T9031] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1074'. [ 337.571390][ T9035] netlink: 'syz.2.1075': attribute type 39 has an invalid length. [ 337.638576][ T9043] netlink: 'syz.3.1076': attribute type 2 has an invalid length. [ 337.695693][ T9035] hsr_slave_1 (unregistering): left promiscuous mode [ 337.771326][ T9041] netlink: 'syz.1.1078': attribute type 3 has an invalid length. [ 337.779834][ T9041] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1078'. [ 337.793712][ T9043] netlink: 'syz.3.1076': attribute type 10 has an invalid length. [ 337.802590][ T9043] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1076'. [ 337.838561][ T9043] batadv_slave_1: entered promiscuous mode [ 337.857442][ T9043] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 337.884085][ T9043] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 338.249347][ T9057] netlink: 121460 bytes leftover after parsing attributes in process `syz.1.1083'. [ 338.279100][ T9057] netlink: 21068 bytes leftover after parsing attributes in process `syz.1.1083'. [ 338.293537][ T9057] tipc: Started in network mode [ 338.327404][ T9057] tipc: Node identity b, cluster identity 73 [ 338.346846][ T9057] tipc: Node number set to 11 [ 338.361381][ T9057] netlink: 'syz.1.1083': attribute type 41 has an invalid length. [ 338.416120][ T9059] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1084'. [ 338.595047][ T9065] netlink: 'syz.3.1086': attribute type 46 has an invalid length. [ 338.909127][ T9070] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1095'. [ 341.009809][ T9087] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1092'. [ 341.029670][ T9086] netlink: 'syz.2.1091': attribute type 3 has an invalid length. [ 341.048381][ T9086] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1091'. [ 341.459877][ T9103] netlink: 'syz.2.1099': attribute type 46 has an invalid length. [ 344.830206][ T9116] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1104'. [ 344.873694][ T9121] netlink: 'syz.3.1104': attribute type 40 has an invalid length. [ 344.880036][ T9116] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 345.034357][ T9124] netlink: 'syz.0.1106': attribute type 3 has an invalid length. [ 345.076137][ T9124] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1106'. [ 345.171041][ T9127] netlink: 121460 bytes leftover after parsing attributes in process `syz.3.1107'. [ 345.183119][ T9127] netlink: 21068 bytes leftover after parsing attributes in process `syz.3.1107'. [ 345.194053][ T9127] tipc: Started in network mode [ 345.199076][ T9127] tipc: Node identity b, cluster identity 73 [ 345.206002][ T9127] tipc: Node number set to 11 [ 345.225390][ T9127] netlink: 'syz.3.1107': attribute type 41 has an invalid length. [ 345.652087][ T9143] netlink: 'syz.1.1113': attribute type 46 has an invalid length. [ 345.977544][ T9153] netlink: 'syz.0.1116': attribute type 3 has an invalid length. [ 345.988129][ T9153] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1116'. [ 348.887657][ T9162] netlink: 121460 bytes leftover after parsing attributes in process `syz.0.1120'. [ 348.901487][ T9162] netlink: 21068 bytes leftover after parsing attributes in process `syz.0.1120'. [ 348.928977][ T9162] tipc: Started in network mode [ 348.933911][ T9162] tipc: Node identity b, cluster identity 73 [ 348.959500][ T9162] tipc: Node number set to 11 [ 348.978899][ T9168] netlink: 'syz.0.1120': attribute type 41 has an invalid length. [ 349.076375][ T9169] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1122'. [ 349.504737][ T9186] netlink: 'syz.0.1128': attribute type 3 has an invalid length. [ 349.524235][ T9186] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1128'. [ 352.501878][ T9195] netlink: 'syz.1.1129': attribute type 46 has an invalid length. [ 352.660744][ T9202] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1132'. [ 352.713100][ T9201] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1132'. [ 352.770876][ T9202] netlink: 'syz.0.1132': attribute type 10 has an invalid length. [ 352.816621][ T9202] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.1132'. [ 355.790949][ T9232] netlink: 'syz.2.1140': attribute type 3 has an invalid length. [ 355.801855][ T9232] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1140'. [ 356.816759][ T9231] FAULT_INJECTION: forcing a failure. [ 356.816759][ T9231] name failslab, interval 1, probability 0, space 0, times 0 [ 356.836867][ T9231] CPU: 0 PID: 9231 Comm: syz.1.1142 Not tainted syzkaller #0 [ 356.844270][ T9231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 356.854357][ T9231] Call Trace: [ 356.857650][ T9231] [ 356.860594][ T9231] dump_stack_lvl+0x18c/0x250 [ 356.865290][ T9231] ? show_regs_print_info+0x20/0x20 [ 356.870492][ T9231] ? load_image+0x420/0x420 [ 356.875015][ T9231] ? __might_sleep+0xe0/0xe0 [ 356.879623][ T9231] ? __lock_acquire+0x7d40/0x7d40 [ 356.884667][ T9231] should_fail_ex+0x39d/0x4d0 [ 356.889376][ T9231] should_failslab+0x9/0x20 [ 356.893918][ T9231] slab_pre_alloc_hook+0x59/0x310 [ 356.898968][ T9231] ? page_pool_create+0x71/0x5c0 [ 356.903919][ T9231] __kmem_cache_alloc_node+0x53/0x250 [ 356.909293][ T9231] ? page_pool_create+0x71/0x5c0 [ 356.914222][ T9231] kmalloc_node_trace+0x26/0xe0 [ 356.919066][ T9231] page_pool_create+0x71/0x5c0 [ 356.923821][ T9231] bpf_test_run_xdp_live+0x203/0x1b20 [ 356.929201][ T9231] ? 0xffffffffa0004740 [ 356.933342][ T9231] ? 0xffffffffa0004740 [ 356.937477][ T9231] ? bpf_dispatcher_change_prog+0xcbf/0xf10 [ 356.943354][ T9231] ? 0xffffffffa0004740 [ 356.947492][ T9231] ? xdp_convert_md_to_buff+0x330/0x330 [ 356.953047][ T9231] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 356.959285][ T9231] ? xdp_convert_md_to_buff+0x5b/0x330 [ 356.964734][ T9231] bpf_prog_test_run_xdp+0x7ca/0x10e0 [ 356.970105][ T9231] ? lock_chain_count+0x20/0x20 [ 356.974949][ T9231] ? dev_put+0x80/0x80 [ 356.979014][ T9231] ? dev_put+0x80/0x80 [ 356.983069][ T9231] bpf_prog_test_run+0x321/0x390 [ 356.987990][ T9231] __sys_bpf+0x49d/0x890 [ 356.992236][ T9231] ? bpf_link_show_fdinfo+0x390/0x390 [ 356.997603][ T9231] ? lock_chain_count+0x20/0x20 [ 357.002462][ T9231] __x64_sys_bpf+0x7c/0x90 [ 357.006892][ T9231] do_syscall_64+0x55/0xb0 [ 357.011316][ T9231] ? clear_bhb_loop+0x40/0x90 [ 357.015982][ T9231] ? clear_bhb_loop+0x40/0x90 [ 357.020655][ T9231] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 357.026541][ T9231] RIP: 0033:0x7f041af9ce59 [ 357.030941][ T9231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 357.050537][ T9231] RSP: 002b:00007f041bee3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 357.058936][ T9231] RAX: ffffffffffffffda RBX: 00007f041b216090 RCX: 00007f041af9ce59 [ 357.066890][ T9231] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 357.074850][ T9231] RBP: 00007f041bee3090 R08: 0000000000000000 R09: 0000000000000000 [ 357.082822][ T9231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 357.090784][ T9231] R13: 00007f041b216128 R14: 00007f041b216090 R15: 00007ffe4e4a4388 [ 357.098754][ T9231] [ 358.421380][ T9262] netlink: 'syz.2.1150': attribute type 46 has an invalid length. [ 362.119820][ T9285] netlink: 'syz.3.1158': attribute type 10 has an invalid length. [ 362.180616][ T9285] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 362.198217][ T9286] netlink: 'syz.0.1157': attribute type 3 has an invalid length. [ 362.225264][ T9286] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1157'. [ 363.711138][ T9308] netlink: 'syz.2.1164': attribute type 46 has an invalid length. [ 366.841512][ T9322] netlink: 'syz.1.1170': attribute type 3 has an invalid length. [ 366.857320][ T9322] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1170'. [ 370.281158][ T9354] sit0: left promiscuous mode [ 370.636831][ T9360] netlink: 'syz.0.1183': attribute type 3 has an invalid length. [ 370.657892][ T9360] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1183'. [ 373.975689][ T9407] netlink: 'syz.2.1197': attribute type 3 has an invalid length. [ 373.985483][ T9407] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1197'. [ 378.051781][ T9436] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1208'. [ 378.061752][ T9436] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 378.078926][ T9444] netlink: 'syz.1.1211': attribute type 3 has an invalid length. [ 378.086676][ T9444] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1211'. [ 378.724104][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.730559][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.031578][ T9478] FAULT_INJECTION: forcing a failure. [ 379.031578][ T9478] name failslab, interval 1, probability 0, space 0, times 0 [ 379.044281][ T9478] CPU: 0 PID: 9478 Comm: syz.0.1223 Not tainted syzkaller #0 [ 379.051670][ T9478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 379.061717][ T9478] Call Trace: [ 379.064996][ T9478] [ 379.067917][ T9478] dump_stack_lvl+0x18c/0x250 [ 379.072590][ T9478] ? show_regs_print_info+0x20/0x20 [ 379.077780][ T9478] ? load_image+0x420/0x420 [ 379.082285][ T9478] ? kasan_quarantine_put+0xd8/0x220 [ 379.087571][ T9478] should_fail_ex+0x39d/0x4d0 [ 379.092250][ T9478] should_failslab+0x9/0x20 [ 379.096770][ T9478] slab_pre_alloc_hook+0x59/0x310 [ 379.101811][ T9478] ? kmem_cache_free+0xf8/0x270 [ 379.106669][ T9478] kmem_cache_alloc+0x5a/0x2d0 [ 379.111431][ T9478] ? skb_clone+0x1eb/0x370 [ 379.115848][ T9478] skb_clone+0x1eb/0x370 [ 379.120091][ T9478] bpf_clone_redirect+0x167/0x4a0 [ 379.125117][ T9478] bpf_prog_bf17f61a12bc632f+0x5e/0x63 [ 379.130573][ T9478] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 379.136548][ T9478] ? preempt_schedule+0xc0/0xd0 [ 379.141390][ T9478] ? bpf_test_run+0x174/0x870 [ 379.146056][ T9478] ? preempt_schedule_common+0x82/0xc0 [ 379.151504][ T9478] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 379.157476][ T9478] ? lockdep_softirqs_on+0x580/0x580 [ 379.162753][ T9478] ? lock_chain_count+0x20/0x20 [ 379.167597][ T9478] ? __local_bh_disable_ip+0x108/0x1a0 [ 379.173046][ T9478] ? __cant_sleep+0x220/0x220 [ 379.177712][ T9478] ? __local_bh_enable_ip+0x13a/0x1c0 [ 379.183073][ T9478] ? _local_bh_enable+0xa0/0xa0 [ 379.187915][ T9478] ? bpf_test_timer_continue+0x135/0x380 [ 379.193552][ T9478] ? bpf_test_run+0x174/0x870 [ 379.198221][ T9478] bpf_test_run+0x2df/0x870 [ 379.202722][ T9478] ? bpf_test_run+0x174/0x870 [ 379.207394][ T9478] ? convert___skb_to_skb+0x590/0x590 [ 379.212758][ T9478] ? eth_get_headlen+0x210/0x210 [ 379.217688][ T9478] ? slab_build_skb+0x25f/0x3f0 [ 379.222537][ T9478] ? convert___skb_to_skb+0x3d/0x590 [ 379.227814][ T9478] bpf_prog_test_run_skb+0xad2/0x12b0 [ 379.233187][ T9478] ? cpu_online+0x60/0x60 [ 379.237508][ T9478] bpf_prog_test_run+0x321/0x390 [ 379.242437][ T9478] __sys_bpf+0x49d/0x890 [ 379.246679][ T9478] ? bpf_link_show_fdinfo+0x390/0x390 [ 379.252050][ T9478] ? lock_chain_count+0x20/0x20 [ 379.256896][ T9478] __x64_sys_bpf+0x7c/0x90 [ 379.261300][ T9478] do_syscall_64+0x55/0xb0 [ 379.265708][ T9478] ? clear_bhb_loop+0x40/0x90 [ 379.270377][ T9478] ? clear_bhb_loop+0x40/0x90 [ 379.275043][ T9478] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 379.280926][ T9478] RIP: 0033:0x7fa58fb9ce59 [ 379.285329][ T9478] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 379.304929][ T9478] RSP: 002b:00007fa5909e8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 379.313337][ T9478] RAX: ffffffffffffffda RBX: 00007fa58fe15fa0 RCX: 00007fa58fb9ce59 [ 379.321298][ T9478] RDX: 0000000000000050 RSI: 0000200000001040 RDI: 000000000000000a [ 379.329259][ T9478] RBP: 00007fa5909e8090 R08: 0000000000000000 R09: 0000000000000000 [ 379.337217][ T9478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 379.345175][ T9478] R13: 00007fa58fe16038 R14: 00007fa58fe15fa0 R15: 00007fff82eb9608 [ 379.353157][ T9478] [ 381.237090][ T9487] netlink: 'syz.1.1225': attribute type 3 has an invalid length. [ 381.245145][ T9487] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1225'. [ 381.407053][ T9496] FAULT_INJECTION: forcing a failure. [ 381.407053][ T9496] name failslab, interval 1, probability 0, space 0, times 0 [ 381.420529][ T9496] CPU: 1 PID: 9496 Comm: syz.2.1227 Not tainted syzkaller #0 [ 381.427935][ T9496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 381.438008][ T9496] Call Trace: [ 381.441393][ T9496] [ 381.444334][ T9496] dump_stack_lvl+0x18c/0x250 [ 381.449028][ T9496] ? show_regs_print_info+0x20/0x20 [ 381.454249][ T9496] ? load_image+0x420/0x420 [ 381.458771][ T9496] ? lockdep_hardirqs_on+0x98/0x150 [ 381.464000][ T9496] should_fail_ex+0x39d/0x4d0 [ 381.468706][ T9496] should_failslab+0x9/0x20 [ 381.473233][ T9496] slab_pre_alloc_hook+0x59/0x310 [ 381.478280][ T9496] ? __get_vm_area_node+0x125/0x370 [ 381.483489][ T9496] __kmem_cache_alloc_node+0x53/0x250 [ 381.488858][ T9496] ? __get_vm_area_node+0x125/0x370 [ 381.494050][ T9496] kmalloc_node_trace+0x26/0xe0 [ 381.498898][ T9496] __get_vm_area_node+0x125/0x370 [ 381.503919][ T9496] __vmalloc_node_range+0x36e/0x1330 [ 381.509198][ T9496] ? netlink_sendmsg+0x602/0xbf0 [ 381.514131][ T9496] ? netlink_insert+0x109f/0x13a0 [ 381.519166][ T9496] ? netlink_data_ready+0x10/0x10 [ 381.524185][ T9496] ? free_vm_area+0x50/0x50 [ 381.528704][ T9496] ? netlink_sendmsg+0x602/0xbf0 [ 381.533662][ T9496] vmalloc+0x79/0x90 [ 381.537563][ T9496] ? netlink_sendmsg+0x602/0xbf0 [ 381.542499][ T9496] netlink_sendmsg+0x602/0xbf0 [ 381.547268][ T9496] ? netlink_getsockopt+0x590/0x590 [ 381.552468][ T9496] ? aa_sock_msg_perm+0x94/0x150 [ 381.557402][ T9496] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 381.562676][ T9496] ? security_socket_sendmsg+0x80/0xa0 [ 381.568124][ T9496] ? netlink_getsockopt+0x590/0x590 [ 381.573320][ T9496] ____sys_sendmsg+0x5ba/0x960 [ 381.578086][ T9496] ? __asan_memset+0x22/0x40 [ 381.582673][ T9496] ? __sys_sendmsg_sock+0x30/0x30 [ 381.587688][ T9496] ? __import_iovec+0x3fa/0x850 [ 381.592547][ T9496] ? import_iovec+0x73/0xa0 [ 381.597042][ T9496] ___sys_sendmsg+0x2a6/0x360 [ 381.601713][ T9496] ? __sys_sendmsg+0x2a0/0x2a0 [ 381.606476][ T9496] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 381.612723][ T9496] __se_sys_sendmsg+0x1c2/0x2b0 [ 381.617563][ T9496] ? __x64_sys_sendmsg+0x80/0x80 [ 381.622499][ T9496] ? lockdep_hardirqs_on+0x98/0x150 [ 381.627690][ T9496] do_syscall_64+0x55/0xb0 [ 381.632096][ T9496] ? clear_bhb_loop+0x40/0x90 [ 381.636762][ T9496] ? clear_bhb_loop+0x40/0x90 [ 381.641428][ T9496] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 381.647311][ T9496] RIP: 0033:0x7fb76639ce59 [ 381.651720][ T9496] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 381.671312][ T9496] RSP: 002b:00007fb7672df028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 381.679727][ T9496] RAX: ffffffffffffffda RBX: 00007fb766615fa0 RCX: 00007fb76639ce59 [ 381.687703][ T9496] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000006 [ 381.695664][ T9496] RBP: 00007fb7672df090 R08: 0000000000000000 R09: 0000000000000000 [ 381.703621][ T9496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 381.711576][ T9496] R13: 00007fb766616038 R14: 00007fb766615fa0 R15: 00007ffe3f9dd948 [ 381.719546][ T9496] [ 381.755512][ T9496] syz.2.1227: vmalloc error: size 65088, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 381.771751][ T9496] CPU: 1 PID: 9496 Comm: syz.2.1227 Not tainted syzkaller #0 [ 381.779160][ T9496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 381.789232][ T9496] Call Trace: [ 381.792523][ T9496] [ 381.795467][ T9496] dump_stack_lvl+0x18c/0x250 [ 381.800162][ T9496] ? show_regs_print_info+0x20/0x20 [ 381.805377][ T9496] ? load_image+0x420/0x420 [ 381.809905][ T9496] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 381.816343][ T9496] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 381.822863][ T9496] warn_alloc+0x246/0x340 [ 381.827213][ T9496] ? __get_vm_area_node+0x125/0x370 [ 381.832412][ T9496] ? zone_watermark_ok_safe+0x230/0x230 [ 381.837951][ T9496] ? rcu_is_watching+0x15/0xb0 [ 381.842710][ T9496] ? __get_vm_area_node+0x356/0x370 [ 381.847905][ T9496] __vmalloc_node_range+0x393/0x1330 [ 381.853188][ T9496] ? netlink_insert+0x109f/0x13a0 [ 381.858219][ T9496] ? netlink_data_ready+0x10/0x10 [ 381.863237][ T9496] ? free_vm_area+0x50/0x50 [ 381.867736][ T9496] ? netlink_sendmsg+0x602/0xbf0 [ 381.872673][ T9496] vmalloc+0x79/0x90 [ 381.876558][ T9496] ? netlink_sendmsg+0x602/0xbf0 [ 381.881487][ T9496] netlink_sendmsg+0x602/0xbf0 [ 381.886272][ T9496] ? netlink_getsockopt+0x590/0x590 [ 381.891578][ T9496] ? aa_sock_msg_perm+0x94/0x150 [ 381.896521][ T9496] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 381.901802][ T9496] ? security_socket_sendmsg+0x80/0xa0 [ 381.907253][ T9496] ? netlink_getsockopt+0x590/0x590 [ 381.912455][ T9496] ____sys_sendmsg+0x5ba/0x960 [ 381.917213][ T9496] ? __asan_memset+0x22/0x40 [ 381.921794][ T9496] ? __sys_sendmsg_sock+0x30/0x30 [ 381.926811][ T9496] ? __import_iovec+0x3fa/0x850 [ 381.931660][ T9496] ? import_iovec+0x73/0xa0 [ 381.936155][ T9496] ___sys_sendmsg+0x2a6/0x360 [ 381.940824][ T9496] ? __sys_sendmsg+0x2a0/0x2a0 [ 381.945592][ T9496] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 381.951843][ T9496] __se_sys_sendmsg+0x1c2/0x2b0 [ 381.956706][ T9496] ? __x64_sys_sendmsg+0x80/0x80 [ 381.961645][ T9496] ? lockdep_hardirqs_on+0x98/0x150 [ 381.966924][ T9496] do_syscall_64+0x55/0xb0 [ 381.971331][ T9496] ? clear_bhb_loop+0x40/0x90 [ 381.976001][ T9496] ? clear_bhb_loop+0x40/0x90 [ 381.980670][ T9496] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 381.986552][ T9496] RIP: 0033:0x7fb76639ce59 [ 381.990959][ T9496] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 382.010556][ T9496] RSP: 002b:00007fb7672df028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 382.018958][ T9496] RAX: ffffffffffffffda RBX: 00007fb766615fa0 RCX: 00007fb76639ce59 [ 382.026918][ T9496] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000006 [ 382.034881][ T9496] RBP: 00007fb7672df090 R08: 0000000000000000 R09: 0000000000000000 [ 382.042841][ T9496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.050805][ T9496] R13: 00007fb766616038 R14: 00007fb766615fa0 R15: 00007ffe3f9dd948 [ 382.058785][ T9496] [ 382.099752][ T9496] Mem-Info: [ 382.108946][ T9496] active_anon:14220 inactive_anon:0 isolated_anon:0 [ 382.108946][ T9496] active_file:18656 inactive_file:40061 isolated_file:0 [ 382.108946][ T9496] unevictable:768 dirty:119 writeback:0 [ 382.108946][ T9496] slab_reclaimable:9941 slab_unreclaimable:92658 [ 382.108946][ T9496] mapped:26231 shmem:3213 pagetables:557 [ 382.108946][ T9496] sec_pagetables:0 bounce:0 [ 382.108946][ T9496] kernel_misc_reclaimable:0 [ 382.108946][ T9496] free:1338098 free_pcp:9128 free_cma:0 [ 382.155276][ T9496] Node 0 active_anon:57880kB inactive_anon:0kB active_file:74624kB inactive_file:160044kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106024kB dirty:476kB writeback:0kB shmem:12316kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10776kB pagetables:2228kB sec_pagetables:0kB all_unreclaimable? no [ 382.190571][ T9496] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 382.221411][ T9496] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 382.249176][ T9496] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 382.255447][ T9496] Node 0 DMA32 free:1444128kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:59664kB inactive_anon:0kB active_file:74624kB inactive_file:159216kB unevictable:1536kB writepending:476kB present:3129332kB managed:2586944kB mlocked:0kB bounce:0kB free_pcp:17700kB local_pcp:11060kB free_cma:0kB [ 382.288647][ T9496] lowmem_reserve[]: 0 0 0 0 0 [ 382.295122][ T9496] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 382.322274][ T9496] lowmem_reserve[]: 0 0 0 0 0 [ 382.327056][ T9496] Node 1 Normal free:3890124kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18704kB local_pcp:6576kB free_cma:0kB [ 382.357537][ T9496] lowmem_reserve[]: 0 0 0 0 0 [ 382.365853][ T9496] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 382.383344][ T9496] Node 0 DMA32: 2586*4kB (UM) 1389*8kB (UE) 1838*16kB (UME) 1051*32kB (UME) 641*64kB (UME) 400*128kB (UME) 245*256kB (UME) 139*512kB (UME) 80*1024kB (UM) 4*2048kB (UM) 254*4096kB (UM) = 1441104kB [ 382.413911][ T9496] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 382.426436][ T9496] Node 1 Normal: 245*4kB (UME) 61*8kB (UME) 43*16kB (UME) 47*32kB (UME) 16*64kB (UME) 7*128kB (UME) 2*256kB (UM) 0*512kB 1*1024kB (U) 2*2048kB (UE) 947*4096kB (M) = 3890124kB [ 382.444844][ T9496] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 382.454956][ T9496] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 382.465263][ T9496] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 382.480091][ T9496] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 382.493161][ T9496] 64254 total pagecache pages [ 382.497958][ T9496] 0 pages in swap cache [ 382.503954][ T9496] Free swap = 124996kB [ 382.508201][ T9496] Total swap = 124996kB [ 382.518594][ T9496] 2097051 pages RAM [ 382.525334][ T9496] 0 pages HighMem/MovableOnly [ 382.533766][ T9496] 416929 pages reserved [ 382.538026][ T9496] 0 pages cma reserved [ 382.884603][ T9510] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1231'. [ 388.294771][ T9540] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1240'. [ 389.407512][ T9527] netlink: 'syz.0.1236': attribute type 3 has an invalid length. [ 389.415461][ T9527] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1236'. [ 390.609530][ T9575] netlink: 'syz.2.1253': attribute type 3 has an invalid length. [ 390.633697][ T9575] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1253'. [ 393.262402][ T9582] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.1255'. [ 394.087177][ T9580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 395.463469][ T9585] netlink: 'syz.3.1256': attribute type 10 has an invalid length. [ 395.481060][ T9585] team0: Device veth1_vlan failed to register rx_handler [ 395.594378][ T9587] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1257'. [ 395.803050][ T9595] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.839754][ T9595] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.863659][ T9595] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 395.886734][ T9595] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 396.341903][ T9610] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.1265'. [ 396.363539][ T9610] bridge_slave_1: default FDB implementation only supports local addresses [ 398.742060][ T9622] netlink: 'syz.1.1268': attribute type 3 has an invalid length. [ 398.750549][ T9622] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1268'. [ 398.760801][ T9624] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1269'. [ 399.594389][ T9646] syzkaller0: delete flow: hash 4248326450 index 1 [ 403.603294][ T9671] netlink: 'syz.2.1285': attribute type 3 has an invalid length. [ 403.617078][ T9671] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1285'. [ 404.550723][ T9712] netlink: 'syz.2.1302': attribute type 3 has an invalid length. [ 404.563678][ T9712] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1302'. [ 406.579460][ T9725] lo: entered allmulticast mode [ 406.768893][ T9734] netlink: 'syz.2.1308': attribute type 10 has an invalid length. [ 406.796677][ T9734] team0: Device ipvlan1 failed to register rx_handler [ 409.430814][ T9748] netlink: 'syz.2.1316': attribute type 3 has an invalid length. [ 409.438652][ T9748] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1316'. [ 409.660013][ T9761] netlink: 'syz.3.1321': attribute type 1 has an invalid length. [ 409.684507][ T9761] netlink: 'syz.3.1321': attribute type 3 has an invalid length. [ 409.716562][ T9761] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1321'. [ 409.873187][ T9767] Ÿë: port 1(ip6gretap0) entered blocking state [ 409.909045][ T9767] Ÿë: port 1(ip6gretap0) entered disabled state [ 409.926063][ T9767] ip6gretap0: entered allmulticast mode [ 409.944810][ T9767] ip6gretap0: entered promiscuous mode [ 410.587243][ T9774] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 410.648174][ T9780] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1326'. [ 410.916510][ T9785] netlink: 'syz.0.1325': attribute type 10 has an invalid length. [ 410.961612][ T9785] team0: Device ipvlan1 failed to register rx_handler [ 411.154942][ T9792] netlink: 209216 bytes leftover after parsing attributes in process `syz.2.1331'. [ 411.181343][ T9792] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 413.874675][ T9794] netlink: 'syz.2.1332': attribute type 3 has an invalid length. [ 413.882580][ T9794] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1332'. [ 414.169757][ T9818] netlink: 'syz.2.1342': attribute type 39 has an invalid length. [ 415.601478][ T9844] netlink: 209216 bytes leftover after parsing attributes in process `syz.3.1350'. [ 415.618654][ T9844] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 416.208301][ T9863] FAULT_INJECTION: forcing a failure. [ 416.208301][ T9863] name failslab, interval 1, probability 0, space 0, times 0 [ 416.221371][ T9863] CPU: 0 PID: 9863 Comm: syz.2.1356 Not tainted syzkaller #0 [ 416.228157][ T9865] FAULT_INJECTION: forcing a failure. [ 416.228157][ T9865] name failslab, interval 1, probability 0, space 0, times 0 [ 416.229103][ T9863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 416.229152][ T9863] Call Trace: [ 416.229160][ T9863] [ 416.229168][ T9863] dump_stack_lvl+0x18c/0x250 [ 416.262769][ T9863] ? show_regs_print_info+0x20/0x20 [ 416.267983][ T9863] ? load_image+0x420/0x420 [ 416.272496][ T9863] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 416.278496][ T9863] ? lock_chain_count+0x20/0x20 [ 416.283356][ T9863] ? ref_tracker_alloc+0x2f9/0x4c0 [ 416.288493][ T9863] should_fail_ex+0x39d/0x4d0 [ 416.293188][ T9863] should_failslab+0x9/0x20 [ 416.297705][ T9863] slab_pre_alloc_hook+0x59/0x310 [ 416.302749][ T9863] ? percpu_counter_set+0x1a0/0x1a0 [ 416.307959][ T9863] ? dst_cow_metrics_generic+0x56/0x1b0 [ 416.313515][ T9863] __kmem_cache_alloc_node+0x53/0x250 [ 416.318899][ T9863] ? dst_cow_metrics_generic+0x56/0x1b0 [ 416.324454][ T9863] kmalloc_trace+0x2a/0xe0 [ 416.328882][ T9863] dst_cow_metrics_generic+0x56/0x1b0 [ 416.334263][ T9863] icmp6_dst_alloc+0x22e/0x400 [ 416.339032][ T9863] ? icmpv6_flow_init+0x62/0x120 [ 416.343988][ T9863] ndisc_send_skb+0x44e/0x14f0 [ 416.348760][ T9863] ? ndisc_send_skb+0x1f5/0x14f0 [ 416.353706][ T9863] ? __ndisc_fill_addr_option+0x9c/0x130 [ 416.359344][ T9863] ? ndisc_mc_map+0x680/0x680 [ 416.364027][ T9863] ? __ndisc_fill_addr_option+0xdf/0x130 [ 416.369693][ T9863] ndisc_solicit+0x36f/0x660 [ 416.374300][ T9863] ? ndisc_cleanup+0x40/0x40 [ 416.378906][ T9863] ? ndisc_cleanup+0x40/0x40 [ 416.383505][ T9863] __neigh_event_send+0xed1/0x1440 [ 416.388631][ T9863] ? ___neigh_create+0x1df6/0x2440 [ 416.393761][ T9863] neigh_resolve_output+0x19b/0x730 [ 416.398978][ T9863] ? __ipv6_neigh_lookup_noref+0x5b9/0x7d0 [ 416.404804][ T9863] ip6_finish_output2+0xe3d/0x1630 [ 416.409948][ T9863] ? ip6_finish_output2+0x645/0x1630 [ 416.415269][ T9863] ? ip6_mtu+0x7d/0x3f0 [ 416.419446][ T9863] ? nf_hook+0x390/0x390 [ 416.423706][ T9863] ? ip6_finish_output+0x57b/0x820 [ 416.428838][ T9863] ? ip6_send_skb+0x10f/0x380 [ 416.433525][ T9863] ip6_send_skb+0x1d5/0x380 [ 416.438054][ T9863] l2tp_ip6_sendmsg+0x129b/0x1690 [ 416.443103][ T9863] ? __might_sleep+0xe0/0xe0 [ 416.447708][ T9863] ? l2tp_ip6_destroy_sock+0x60/0x60 [ 416.453030][ T9863] ? aa_af_perm+0x330/0x330 [ 416.457537][ T9863] ? tomoyo_socket_sendmsg_permission+0x216/0x2f0 [ 416.463961][ T9863] ? sock_rps_record_flow+0x19/0x3f0 [ 416.469350][ T9863] ? inet_sendmsg+0x7c/0x2f0 [ 416.473958][ T9863] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 416.479249][ T9863] ? security_socket_sendmsg+0x80/0xa0 [ 416.484712][ T9863] ? inet_send_prepare+0x260/0x260 [ 416.489837][ T9863] ____sys_sendmsg+0x5ba/0x960 [ 416.494610][ T9863] ? __lock_acquire+0x7d40/0x7d40 [ 416.499654][ T9863] ? __sys_sendmsg_sock+0x30/0x30 [ 416.504692][ T9863] ? __import_iovec+0x3fa/0x850 [ 416.509644][ T9863] ? import_iovec+0x73/0xa0 [ 416.514249][ T9863] ___sys_sendmsg+0x2a6/0x360 [ 416.518949][ T9863] ? get_pid_task+0x20/0x1e0 [ 416.523554][ T9863] ? __sys_sendmsg+0x2a0/0x2a0 [ 416.528348][ T9863] ? __lock_acquire+0x7d40/0x7d40 [ 416.533409][ T9863] __se_sys_sendmsg+0x1c2/0x2b0 [ 416.538278][ T9863] ? __x64_sys_sendmsg+0x80/0x80 [ 416.543238][ T9863] ? lockdep_hardirqs_on+0x98/0x150 [ 416.548456][ T9863] do_syscall_64+0x55/0xb0 [ 416.552880][ T9863] ? clear_bhb_loop+0x40/0x90 [ 416.557571][ T9863] ? clear_bhb_loop+0x40/0x90 [ 416.562259][ T9863] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 416.568165][ T9863] RIP: 0033:0x7fb76639ce59 [ 416.572591][ T9863] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 416.592209][ T9863] RSP: 002b:00007fb7672df028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 416.600639][ T9863] RAX: ffffffffffffffda RBX: 00007fb766615fa0 RCX: 00007fb76639ce59 [ 416.608619][ T9863] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 416.616599][ T9863] RBP: 00007fb7672df090 R08: 0000000000000000 R09: 0000000000000000 [ 416.624576][ T9863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 416.632551][ T9863] R13: 00007fb766616038 R14: 00007fb766615fa0 R15: 00007ffe3f9dd948 [ 416.640547][ T9863] [ 416.643574][ T9865] CPU: 1 PID: 9865 Comm: syz.3.1357 Not tainted syzkaller #0 [ 416.650964][ T9865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 416.661016][ T9865] Call Trace: [ 416.664288][ T9865] [ 416.667213][ T9865] dump_stack_lvl+0x18c/0x250 [ 416.671893][ T9865] ? show_regs_print_info+0x20/0x20 [ 416.677083][ T9865] ? load_image+0x420/0x420 [ 416.681581][ T9865] ? __kmem_cache_alloc_node+0x13a/0x250 [ 416.687218][ T9865] ? netdev_core_pick_tx+0x340/0x340 [ 416.692502][ T9865] should_fail_ex+0x39d/0x4d0 [ 416.697267][ T9865] should_failslab+0x9/0x20 [ 416.701765][ T9865] slab_pre_alloc_hook+0x59/0x310 [ 416.706790][ T9865] kmem_cache_alloc+0x5a/0x2d0 [ 416.711545][ T9865] ? skb_clone+0x1eb/0x370 [ 416.715957][ T9865] skb_clone+0x1eb/0x370 [ 416.720195][ T9865] bpf_clone_redirect+0x167/0x4a0 [ 416.725218][ T9865] bpf_prog_208b094576c80b22+0x5e/0x63 [ 416.730669][ T9865] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 416.736648][ T9865] ? lock_chain_count+0x20/0x20 [ 416.741511][ T9865] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 416.747492][ T9865] ? lockdep_softirqs_on+0x580/0x580 [ 416.752773][ T9865] ? lock_chain_count+0x20/0x20 [ 416.757625][ T9865] ? seqcount_lockdep_reader_access+0x191/0x1d0 [ 416.763873][ T9865] ? __local_bh_disable_ip+0x108/0x1a0 [ 416.769328][ T9865] ? __cant_sleep+0x220/0x220 [ 416.774000][ T9865] ? __local_bh_enable_ip+0x13a/0x1c0 [ 416.779362][ T9865] ? _local_bh_enable+0xa0/0xa0 [ 416.784204][ T9865] ? bpf_test_timer_continue+0x135/0x380 [ 416.789837][ T9865] ? bpf_test_run+0x174/0x870 [ 416.794596][ T9865] bpf_test_run+0x2df/0x870 [ 416.799106][ T9865] ? bpf_test_run+0x174/0x870 [ 416.803776][ T9865] ? convert___skb_to_skb+0x590/0x590 [ 416.809149][ T9865] ? eth_get_headlen+0x210/0x210 [ 416.814073][ T9865] ? bpf_prog_test_run_skb+0x7ad/0x12b0 [ 416.819612][ T9865] ? convert___skb_to_skb+0x3d/0x590 [ 416.824885][ T9865] bpf_prog_test_run_skb+0xad2/0x12b0 [ 416.830257][ T9865] ? cpu_online+0x60/0x60 [ 416.834577][ T9865] bpf_prog_test_run+0x321/0x390 [ 416.839515][ T9865] __sys_bpf+0x49d/0x890 [ 416.843778][ T9865] ? bpf_link_show_fdinfo+0x390/0x390 [ 416.849152][ T9865] ? lock_chain_count+0x20/0x20 [ 416.854002][ T9865] __x64_sys_bpf+0x7c/0x90 [ 416.858409][ T9865] do_syscall_64+0x55/0xb0 [ 416.862817][ T9865] ? clear_bhb_loop+0x40/0x90 [ 416.867490][ T9865] ? clear_bhb_loop+0x40/0x90 [ 416.872164][ T9865] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 416.878054][ T9865] RIP: 0033:0x7fa8ef19ce59 [ 416.882464][ T9865] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 416.902062][ T9865] RSP: 002b:00007fa8effe5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 416.910469][ T9865] RAX: ffffffffffffffda RBX: 00007fa8ef415fa0 RCX: 00007fa8ef19ce59 [ 416.918465][ T9865] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 416.926435][ T9865] RBP: 00007fa8effe5090 R08: 0000000000000000 R09: 0000000000000000 [ 416.934397][ T9865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 416.942358][ T9865] R13: 00007fa8ef416038 R14: 00007fa8ef415fa0 R15: 00007ffc76648af8 [ 416.950336][ T9865] [ 418.587887][ T9882] netlink: 'syz.3.1364': attribute type 39 has an invalid length. [ 418.588705][ T9880] netlink: 209216 bytes leftover after parsing attributes in process `syz.1.1362'. [ 418.629131][ T9880] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 421.637719][ T9918] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 421.684787][ T9925] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1377'. [ 422.390481][ T9943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1386'. [ 422.435178][ T9955] syz.1.1388[9955] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 422.435399][ T9955] syz.1.1388[9955] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 422.770904][ T9967] FAULT_INJECTION: forcing a failure. [ 422.770904][ T9967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.795681][ T9967] CPU: 1 PID: 9967 Comm: syz.3.1391 Not tainted syzkaller #0 [ 422.803093][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 422.813190][ T9967] Call Trace: [ 422.816495][ T9967] [ 422.819453][ T9967] dump_stack_lvl+0x18c/0x250 [ 422.824179][ T9967] ? show_regs_print_info+0x20/0x20 [ 422.829421][ T9967] ? load_image+0x420/0x420 [ 422.833969][ T9967] ? __might_fault+0xaa/0x120 [ 422.838672][ T9967] ? __lock_acquire+0x7d40/0x7d40 [ 422.843707][ T9967] should_fail_ex+0x39d/0x4d0 [ 422.848397][ T9967] _copy_from_user+0x2f/0xe0 [ 422.852999][ T9967] generic_map_update_batch+0x54b/0x810 [ 422.858570][ T9967] ? rcu_read_unlock+0xa0/0xa0 [ 422.863348][ T9967] ? __fdget+0x180/0x210 [ 422.867600][ T9967] ? rcu_read_unlock+0xa0/0xa0 [ 422.872358][ T9967] bpf_map_do_batch+0x3d7/0x610 [ 422.877248][ T9967] __sys_bpf+0x381/0x890 [ 422.881523][ T9967] ? bpf_link_show_fdinfo+0x390/0x390 [ 422.886935][ T9967] ? lock_chain_count+0x20/0x20 [ 422.891813][ T9967] __x64_sys_bpf+0x7c/0x90 [ 422.896233][ T9967] do_syscall_64+0x55/0xb0 [ 422.900653][ T9967] ? clear_bhb_loop+0x40/0x90 [ 422.905339][ T9967] ? clear_bhb_loop+0x40/0x90 [ 422.910022][ T9967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 422.915920][ T9967] RIP: 0033:0x7fa8ef19ce59 [ 422.920339][ T9967] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 422.939948][ T9967] RSP: 002b:00007fa8effe5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 422.948364][ T9967] RAX: ffffffffffffffda RBX: 00007fa8ef415fa0 RCX: 00007fa8ef19ce59 [ 422.956342][ T9967] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a [ 422.964401][ T9967] RBP: 00007fa8effe5090 R08: 0000000000000000 R09: 0000000000000000 [ 422.972369][ T9967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 422.980431][ T9967] R13: 00007fa8ef416038 R14: 00007fa8ef415fa0 R15: 00007ffc76648af8 [ 422.988426][ T9967] [ 428.851903][T10037] netlink: 'syz.3.1413': attribute type 21 has an invalid length. [ 428.879142][T10037] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1413'. [ 428.888295][T10037] netlink: 'syz.3.1413': attribute type 5 has an invalid length. [ 428.910732][T10037] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1413'. [ 434.801227][T10077] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.814348][T10077] bridge0: entered allmulticast mode [ 434.886223][T10077] bridge_slave_0: left allmulticast mode [ 434.892485][T10077] bridge_slave_0: left promiscuous mode [ 434.900346][T10077] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.969396][T10111] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1439'. [ 440.195680][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.202520][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.210128][T10115] FAULT_INJECTION: forcing a failure. [ 440.210128][T10115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 440.248949][T10115] CPU: 0 PID: 10115 Comm: syz.0.1440 Not tainted syzkaller #0 [ 440.256490][T10115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 440.266576][T10115] Call Trace: [ 440.269885][T10115] [ 440.272836][T10115] dump_stack_lvl+0x18c/0x250 [ 440.277545][T10115] ? show_regs_print_info+0x20/0x20 [ 440.282783][T10115] ? load_image+0x420/0x420 [ 440.287322][T10115] ? __might_fault+0xaa/0x120 [ 440.292028][T10115] ? __lock_acquire+0x7d40/0x7d40 [ 440.297092][T10115] should_fail_ex+0x39d/0x4d0 [ 440.301812][T10115] _copy_from_iter+0x1d9/0x12e0 [ 440.306697][T10115] ? rep_movs_alternative+0x4a/0x90 [ 440.311925][T10115] ? _copy_from_iter+0x24e/0x12e0 [ 440.316988][T10115] ? __virt_addr_valid+0x18c/0x540 [ 440.322130][T10115] ? __lock_acquire+0x7d40/0x7d40 [ 440.327181][T10115] ? copyout_mc+0x70/0x70 [ 440.331559][T10115] ? copyout_mc+0x70/0x70 [ 440.335914][T10115] ? __virt_addr_valid+0x18c/0x540 [ 440.341066][T10115] ? page_copy_sane+0x16a/0x270 [ 440.345955][T10115] copy_page_from_iter+0x7b/0x100 [ 440.351020][T10115] skb_copy_datagram_from_iter+0x2e4/0x6e0 [ 440.356883][T10115] tun_get_user+0x15db/0x3ca0 [ 440.361610][T10115] ? aa_file_perm+0x11b/0xee0 [ 440.366326][T10115] ? rcu_read_unlock+0xa0/0xa0 [ 440.371141][T10115] ? tun_get+0x1c/0x2e0 [ 440.375322][T10115] ? __lock_acquire+0x7d40/0x7d40 [ 440.380383][T10115] ? tun_get+0x1c/0x2e0 [ 440.384577][T10115] tun_chr_write_iter+0x119/0x200 [ 440.389631][T10115] vfs_write+0x46c/0x990 [ 440.393911][T10115] ? file_end_write+0x250/0x250 [ 440.398782][T10115] ? __fget_files+0x43d/0x4b0 [ 440.403485][T10115] ? __fdget_pos+0x1d8/0x330 [ 440.408074][T10115] ? ksys_write+0x75/0x260 [ 440.412500][T10115] ksys_write+0x150/0x260 [ 440.416834][T10115] ? __ia32_sys_read+0x90/0x90 [ 440.421604][T10115] ? lockdep_hardirqs_on+0x98/0x150 [ 440.426812][T10115] do_syscall_64+0x55/0xb0 [ 440.431226][T10115] ? clear_bhb_loop+0x40/0x90 [ 440.435904][T10115] ? clear_bhb_loop+0x40/0x90 [ 440.440615][T10115] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 440.446507][T10115] RIP: 0033:0x7fa58fb9ce59 [ 440.450924][T10115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 440.470535][T10115] RSP: 002b:00007fa5909e8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 440.478954][T10115] RAX: ffffffffffffffda RBX: 00007fa58fe15fa0 RCX: 00007fa58fb9ce59 [ 440.486931][T10115] RDX: 000000000000fdef RSI: 0000200000000200 RDI: 00000000000000c8 [ 440.494907][T10115] RBP: 00007fa5909e8090 R08: 0000000000000000 R09: 0000000000000000 [ 440.502884][T10115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 440.510853][T10115] R13: 00007fa58fe16038 R14: 00007fa58fe15fa0 R15: 00007fff82eb9608 [ 440.518848][T10115] [ 442.890673][T10125] netlink: 'syz.3.1444': attribute type 10 has an invalid length. [ 442.904209][T10125] tap0: tun_chr_ioctl cmd 1074025677 [ 442.911658][T10125] tap0: linktype set to 774 [ 443.762736][ T5782] Bluetooth: hci1: unexpected event 0x34 length: 15 > 6 [ 448.257417][T10169] netlink: 'syz.1.1458': attribute type 10 has an invalid length. [ 448.351846][T10169] tap0: tun_chr_ioctl cmd 1074025677 [ 448.363250][T10169] tap0: linktype set to 774 [ 451.471514][T10185] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode [ 451.478510][T10185] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 453.676651][T10196] netlink: 'syz.2.1466': attribute type 10 has an invalid length. [ 453.684864][T10196] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1466'. [ 453.695651][T10196] hsr0: entered promiscuous mode [ 453.700902][T10196] FAULT_INJECTION: forcing a failure. [ 453.700902][T10196] name failslab, interval 1, probability 0, space 0, times 0 [ 453.714667][T10196] CPU: 1 PID: 10196 Comm: syz.2.1466 Not tainted syzkaller #0 [ 453.722158][T10196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 453.732231][T10196] Call Trace: [ 453.735526][T10196] [ 453.738465][T10196] dump_stack_lvl+0x18c/0x250 [ 453.743149][T10196] ? show_regs_print_info+0x20/0x20 [ 453.748333][T10196] ? load_image+0x420/0x420 [ 453.752821][T10196] ? trace_call_bpf+0x5e9/0x6c0 [ 453.757664][T10196] should_fail_ex+0x39d/0x4d0 [ 453.762332][T10196] should_failslab+0x9/0x20 [ 453.766822][T10196] slab_pre_alloc_hook+0x59/0x310 [ 453.771851][T10196] kmem_cache_alloc_node+0x60/0x320 [ 453.777059][T10196] ? __alloc_skb+0x103/0x2c0 [ 453.781634][T10196] __alloc_skb+0x103/0x2c0 [ 453.786030][T10196] rtmsg_ifinfo_build_skb+0x8c/0x260 [ 453.791301][T10196] rtmsg_ifinfo+0x8c/0x1a0 [ 453.795701][T10196] __dev_notify_flags+0xf3/0x310 [ 453.800626][T10196] ? __dev_change_flags+0x6a0/0x6a0 [ 453.805834][T10196] ? __dev_change_flags+0x4d4/0x6a0 [ 453.811020][T10196] ? dev_get_flags+0x1c0/0x1c0 [ 453.815767][T10196] ? printk_sprint+0x460/0x460 [ 453.820527][T10196] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 453.826426][T10196] ? _raw_spin_unlock+0x40/0x40 [ 453.831266][T10196] dev_change_flags+0xe8/0x1a0 [ 453.836020][T10196] do_setlink+0xc58/0x4130 [ 453.840420][T10196] ? arch_stack_walk+0x160/0x190 [ 453.845345][T10196] ? load_image+0x420/0x420 [ 453.849837][T10196] ? nlmsg_parse_deprecated_strict+0x110/0x110 [ 453.855975][T10196] ? rcu_is_watching+0x15/0xb0 [ 453.860726][T10196] ? do_trace_netlink_extack+0x7e/0x1a0 [ 453.866259][T10196] ? __nla_validate_parse+0x262c/0x2ea0 [ 453.871824][T10196] ? __nla_validate+0x50/0x50 [ 453.876524][T10196] ? validate_linkmsg+0x719/0x910 [ 453.881537][T10196] rtnl_newlink+0x17da/0x20a0 [ 453.886207][T10196] ? rtnl_newlink+0x4f1/0x20a0 [ 453.890959][T10196] ? rtnl_setlink+0x4e0/0x4e0 [ 453.895618][T10196] ? __rwlock_init+0x150/0x150 [ 453.900387][T10196] ? do_raw_spin_unlock+0x121/0x230 [ 453.905591][T10196] ? __mutex_lock+0x956/0xcc0 [ 453.910260][T10196] ? __mutex_lock+0x4f9/0xcc0 [ 453.914938][T10196] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 453.920052][T10196] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 453.925168][T10196] ? rtnl_setlink+0x4e0/0x4e0 [ 453.929828][T10196] rtnetlink_rcv_msg+0x869/0xfa0 [ 453.934753][T10196] ? rtnetlink_bind+0x80/0x80 [ 453.939422][T10196] ? perf_trace_preemptirq_template+0x269/0x330 [ 453.945667][T10196] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 453.951636][T10196] ? lock_chain_count+0x20/0x20 [ 453.956470][T10196] ? __local_bh_enable_ip+0x13a/0x1c0 [ 453.961826][T10196] ? lockdep_hardirqs_on+0x98/0x150 [ 453.967012][T10196] ? __local_bh_enable_ip+0x13a/0x1c0 [ 453.972384][T10196] ? _local_bh_enable+0xa0/0xa0 [ 453.977242][T10196] ? __dev_queue_xmit+0x265/0x3660 [ 453.982339][T10196] ? __dev_queue_xmit+0x265/0x3660 [ 453.987438][T10196] ? __dev_queue_xmit+0x1b2c/0x3660 [ 453.992625][T10196] ? __dev_queue_xmit+0x265/0x3660 [ 453.997725][T10196] ? ref_tracker_free+0x690/0x840 [ 454.002745][T10196] netlink_rcv_skb+0x241/0x4d0 [ 454.007499][T10196] ? rtnetlink_bind+0x80/0x80 [ 454.012158][T10196] ? netlink_ack+0x1180/0x1180 [ 454.016916][T10196] ? __lock_acquire+0x7d40/0x7d40 [ 454.021948][T10196] ? netlink_deliver_tap+0x2e/0x1b0 [ 454.027157][T10196] netlink_unicast+0x751/0x8d0 [ 454.031929][T10196] netlink_sendmsg+0x8d0/0xbf0 [ 454.036693][T10196] ? netlink_getsockopt+0x590/0x590 [ 454.041894][T10196] ? aa_sock_msg_perm+0x94/0x150 [ 454.046842][T10196] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 454.052133][T10196] ? security_socket_sendmsg+0x80/0xa0 [ 454.057587][T10196] ? netlink_getsockopt+0x590/0x590 [ 454.062778][T10196] ____sys_sendmsg+0x5ba/0x960 [ 454.067531][T10196] ? __asan_memset+0x22/0x40 [ 454.072130][T10196] ? __sys_sendmsg_sock+0x30/0x30 [ 454.077157][T10196] ? __import_iovec+0x5f2/0x850 [ 454.081996][T10196] ? import_iovec+0x73/0xa0 [ 454.086499][T10196] ___sys_sendmsg+0x2a6/0x360 [ 454.091170][T10196] ? get_pid_task+0x20/0x1e0 [ 454.095769][T10196] ? __sys_sendmsg+0x2a0/0x2a0 [ 454.100537][T10196] ? __lock_acquire+0x7d40/0x7d40 [ 454.105565][T10196] __se_sys_sendmsg+0x1c2/0x2b0 [ 454.110407][T10196] ? __x64_sys_sendmsg+0x80/0x80 [ 454.115339][T10196] ? lockdep_hardirqs_on+0x98/0x150 [ 454.120553][T10196] do_syscall_64+0x55/0xb0 [ 454.124979][T10196] ? clear_bhb_loop+0x40/0x90 [ 454.129647][T10196] ? clear_bhb_loop+0x40/0x90 [ 454.134317][T10196] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 454.140201][T10196] RIP: 0033:0x7fb76639ce59 [ 454.144619][T10196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 454.164222][T10196] RSP: 002b:00007fb7672df028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 454.172634][T10196] RAX: ffffffffffffffda RBX: 00007fb766615fa0 RCX: 00007fb76639ce59 [ 454.180607][T10196] RDX: 0000000000008000 RSI: 0000200000000040 RDI: 0000000000000006 [ 454.188561][T10196] RBP: 00007fb7672df090 R08: 0000000000000000 R09: 0000000000000000 [ 454.196521][T10196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.204476][T10196] R13: 00007fb766616038 R14: 00007fb766615fa0 R15: 00007ffe3f9dd948 [ 454.212439][T10196] [ 454.250417][T10214] netlink: 'syz.0.1472': attribute type 10 has an invalid length. [ 454.268095][T10216] tap0: tun_chr_ioctl cmd 1074025677 [ 454.282131][T10216] tap0: linktype set to 774 [ 454.467513][T10222] netlink: 'syz.1.1475': attribute type 2 has an invalid length. [ 454.492652][T10222] netlink: 'syz.1.1475': attribute type 1 has an invalid length. [ 454.504804][T10222] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1475'. [ 454.858063][T10233] netlink: 14975 bytes leftover after parsing attributes in process `syz.2.1479'. [ 456.056723][ T5782] Bluetooth: hci1: ISO packet for unknown connection handle 62 [ 456.426249][T10268] netlink: 'syz.3.1491': attribute type 2 has an invalid length. [ 456.434664][T10268] netlink: 'syz.3.1491': attribute type 1 has an invalid length. [ 456.449349][T10268] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1491'. [ 457.452017][T10256] netlink: 'syz.2.1485': attribute type 10 has an invalid length. [ 457.461260][T10260] tap0: tun_chr_ioctl cmd 1074025677 [ 457.466692][T10260] tap0: linktype set to 774 [ 458.327550][T10304] netlink: 'syz.0.1502': attribute type 2 has an invalid length. [ 458.336011][T10304] netlink: 'syz.0.1502': attribute type 1 has an invalid length. [ 458.359003][T10304] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1502'. [ 458.735470][T10313] pim6reg0: tun_chr_ioctl cmd 1074025672 [ 458.742430][T10313] pim6reg0: ignored: set checksum disabled [ 458.792214][T10315] sctp: [Deprecated]: syz.2.1508 (pid 10315) Use of int in max_burst socket option deprecated. [ 458.792214][T10315] Use struct sctp_assoc_value instead [ 459.719149][T10343] netlink: 'syz.1.1517': attribute type 21 has an invalid length. [ 459.749029][T10343] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1517'. [ 459.773065][T10343] netlink: 'syz.1.1517': attribute type 4 has an invalid length. [ 459.955617][T10346] netlink: 'syz.2.1518': attribute type 2 has an invalid length. [ 459.968964][T10346] netlink: 'syz.2.1518': attribute type 1 has an invalid length. [ 459.987210][T10346] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1518'. [ 460.015062][T10349] netlink: 'syz.1.1519': attribute type 15 has an invalid length. [ 460.025155][T10349] netlink: 11254 bytes leftover after parsing attributes in process `syz.1.1519'. [ 460.040877][T10349] netlink: 'syz.1.1519': attribute type 6 has an invalid length. [ 460.069036][T10349] netlink: 'syz.1.1519': attribute type 7 has an invalid length. [ 460.076834][T10349] netlink: 'syz.1.1519': attribute type 11 has an invalid length. [ 460.117432][T10349] netlink: 'syz.1.1519': attribute type 15 has an invalid length. [ 460.182466][T10349] netlink: 'syz.1.1519': attribute type 16 has an invalid length. [ 460.206038][T10353] FAULT_INJECTION: forcing a failure. [ 460.206038][T10353] name failslab, interval 1, probability 0, space 0, times 0 [ 460.248118][T10351] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1519'. [ 460.261579][T10353] CPU: 0 PID: 10353 Comm: syz.0.1521 Not tainted syzkaller #0 [ 460.269085][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 460.279164][T10353] Call Trace: [ 460.282466][T10353] [ 460.285413][T10353] dump_stack_lvl+0x18c/0x250 [ 460.290116][T10353] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 460.296306][T10353] ? show_regs_print_info+0x20/0x20 [ 460.301517][T10353] ? load_image+0x420/0x420 [ 460.306035][T10353] should_fail_ex+0x39d/0x4d0 [ 460.310726][T10353] should_failslab+0x9/0x20 [ 460.315232][T10353] slab_pre_alloc_hook+0x59/0x310 [ 460.320258][T10353] ? trace_call_bpf+0x5e9/0x6c0 [ 460.325118][T10353] kmem_cache_alloc+0x5a/0x2d0 [ 460.329887][T10353] ? alloc_empty_file+0x9e/0x1d0 [ 460.334829][T10353] alloc_empty_file+0x9e/0x1d0 [ 460.339597][T10353] path_openat+0x113/0x3230 [ 460.344102][T10353] ? perf_trace_run_bpf_submit+0x125/0x1c0 [ 460.349917][T10353] ? mark_lock+0x94/0x320 [ 460.354246][T10353] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 460.360229][T10353] ? lock_chain_count+0x20/0x20 [ 460.365074][T10353] ? do_filp_open+0x430/0x430 [ 460.369750][T10353] ? perf_trace_lock+0xfc/0x3b0 [ 460.374598][T10353] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 460.380754][T10353] ? trace_event_raw_event_lock+0x250/0x250 [ 460.386656][T10353] do_filp_open+0x1f5/0x430 [ 460.391157][T10353] ? alloc_fd+0x58f/0x630 [ 460.395494][T10353] ? vfs_tmpfile+0x490/0x490 [ 460.400108][T10353] ? _raw_spin_unlock+0x28/0x40 [ 460.404958][T10353] ? alloc_fd+0x58f/0x630 [ 460.409298][T10353] do_sys_openat2+0x134/0x1d0 [ 460.413979][T10353] ? do_sys_open+0xe0/0xe0 [ 460.418399][T10353] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 460.424561][T10353] __x64_sys_openat+0x139/0x160 [ 460.429414][T10353] do_syscall_64+0x55/0xb0 [ 460.433844][T10353] ? clear_bhb_loop+0x40/0x90 [ 460.438521][T10353] ? clear_bhb_loop+0x40/0x90 [ 460.443198][T10353] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 460.449091][T10353] RIP: 0033:0x7fa58fb5d68e [ 460.453504][T10353] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 460.473107][T10353] RSP: 002b:00007fa5909e7ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 460.481519][T10353] RAX: ffffffffffffffda RBX: 00007fa5909e86c0 RCX: 00007fa58fb5d68e [ 460.489487][T10353] RDX: 0000000000000000 RSI: 00007fa5909e7f90 RDI: ffffffffffffff9c [ 460.497453][T10353] RBP: 00007fa5909e8090 R08: 0000000000000000 R09: 0000000000000000 [ 460.505425][T10353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.513391][T10353] R13: 00007fa58fe16038 R14: 00007fa58fe15fa0 R15: 00007fff82eb9608 [ 460.521377][T10353] [ 460.922708][T10347] delete_channel: no stack [ 461.689376][T10373] tun0: tun_chr_ioctl cmd 1074025678 [ 461.734926][T10373] tun0: group set to 0 [ 461.911751][T10375] tun0: tun_chr_ioctl cmd 21731 [ 464.474107][T10385] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1528'. [ 465.227988][T10396] FAULT_INJECTION: forcing a failure. [ 465.227988][T10396] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 465.249585][T10396] CPU: 1 PID: 10396 Comm: syz.0.1532 Not tainted syzkaller #0 [ 465.257105][T10396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 465.267282][T10396] Call Trace: [ 465.270592][T10396] [ 465.273575][T10396] dump_stack_lvl+0x18c/0x250 [ 465.278299][T10396] ? show_regs_print_info+0x20/0x20 [ 465.283533][T10396] ? load_image+0x420/0x420 [ 465.288063][T10396] ? __lock_acquire+0x7d40/0x7d40 [ 465.293120][T10396] should_fail_ex+0x39d/0x4d0 [ 465.297843][T10396] _copy_from_user+0x2f/0xe0 [ 465.302467][T10396] __copy_msghdr+0x3bb/0x580 [ 465.307092][T10396] ___sys_sendmsg+0x214/0x360 [ 465.311814][T10396] ? __sys_sendmsg+0x2a0/0x2a0 [ 465.316625][T10396] ? __lock_acquire+0x7d40/0x7d40 [ 465.321685][T10396] __se_sys_sendmsg+0x1c2/0x2b0 [ 465.326543][T10396] ? __x64_sys_sendmsg+0x80/0x80 [ 465.331503][T10396] ? lockdep_hardirqs_on+0x98/0x150 [ 465.336706][T10396] do_syscall_64+0x55/0xb0 [ 465.341122][T10396] ? clear_bhb_loop+0x40/0x90 [ 465.345799][T10396] ? clear_bhb_loop+0x40/0x90 [ 465.350477][T10396] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 465.356369][T10396] RIP: 0033:0x7fa58fb9ce59 [ 465.360793][T10396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.380398][T10396] RSP: 002b:00007fa5909e8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 465.388854][T10396] RAX: ffffffffffffffda RBX: 00007fa58fe15fa0 RCX: 00007fa58fb9ce59 [ 465.396822][T10396] RDX: 000000000004c810 RSI: 0000200000001280 RDI: 0000000000000004 [ 465.404789][T10396] RBP: 00007fa5909e8090 R08: 0000000000000000 R09: 0000000000000000 [ 465.412760][T10396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.420728][T10396] R13: 00007fa58fe16038 R14: 00007fa58fe15fa0 R15: 00007fff82eb9608 [ 465.428723][T10396] [ 465.458731][T10399] validate_nla: 7 callbacks suppressed [ 465.475117][T10399] netlink: 'syz.1.1533': attribute type 10 has an invalid length. [ 466.016252][T10406] netlink: 'syz.3.1536': attribute type 2 has an invalid length. [ 466.048975][T10406] netlink: 'syz.3.1536': attribute type 1 has an invalid length. [ 466.119025][T10406] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1536'. [ 467.235589][T10438] netlink: 'syz.1.1548': attribute type 2 has an invalid length. [ 467.256595][T10439] FAULT_INJECTION: forcing a failure. [ 467.256595][T10439] name failslab, interval 1, probability 0, space 0, times 0 [ 467.279196][T10438] netlink: 'syz.1.1548': attribute type 1 has an invalid length. [ 467.287418][T10439] CPU: 1 PID: 10439 Comm: syz.2.1549 Not tainted syzkaller #0 [ 467.294908][T10439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 467.304986][T10439] Call Trace: [ 467.308285][T10439] [ 467.309474][T10438] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1548'. [ 467.311218][T10439] dump_stack_lvl+0x18c/0x250 [ 467.311252][T10439] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 467.311276][T10439] ? show_regs_print_info+0x20/0x20 [ 467.311294][T10439] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 467.342837][T10439] ? dump_stack+0x9/0x20 [ 467.347111][T10439] should_fail_ex+0x39d/0x4d0 [ 467.351822][T10439] should_failslab+0x9/0x20 [ 467.356352][T10439] slab_pre_alloc_hook+0x59/0x310 [ 467.361407][T10439] ? sk_prot_alloc+0xe7/0x210 [ 467.366105][T10439] ? sk_prot_alloc+0xe7/0x210 [ 467.370808][T10439] __kmem_cache_alloc_node+0x53/0x250 [ 467.376215][T10439] ? sk_prot_alloc+0xe7/0x210 [ 467.380927][T10439] __kmalloc+0xa4/0x230 [ 467.385117][T10439] sk_prot_alloc+0xe7/0x210 [ 467.389644][T10439] ? sk_alloc+0x24/0x360 [ 467.393914][T10439] sk_alloc+0x3a/0x360 [ 467.398011][T10439] ? bpf_ctx_init+0x163/0x1a0 [ 467.402704][T10439] ? bpf_prog_test_run_skb+0x273/0x12b0 [ 467.408381][T10439] bpf_prog_test_run_skb+0x3a5/0x12b0 [ 467.413881][T10439] ? lockdep_hardirqs_on+0x98/0x150 [ 467.419115][T10439] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 467.425399][T10439] ? cpu_online+0x60/0x60 [ 467.429761][T10439] bpf_prog_test_run+0x321/0x390 [ 467.434732][T10439] __sys_bpf+0x49d/0x890 [ 467.439003][T10439] ? bpf_link_show_fdinfo+0x390/0x390 [ 467.444407][T10439] ? lock_chain_count+0x20/0x20 [ 467.449306][T10439] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 467.455318][T10439] __x64_sys_bpf+0x7c/0x90 [ 467.459762][T10439] do_syscall_64+0x55/0xb0 [ 467.464209][T10439] ? clear_bhb_loop+0x40/0x90 [ 467.468921][T10439] ? clear_bhb_loop+0x40/0x90 [ 467.473626][T10439] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 467.479552][T10439] RIP: 0033:0x7fb76639ce59 [ 467.483993][T10439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.503639][T10439] RSP: 002b:00007fb7672df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 467.512094][T10439] RAX: ffffffffffffffda RBX: 00007fb766615fa0 RCX: 00007fb76639ce59 [ 467.520091][T10439] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 467.528085][T10439] RBP: 00007fb7672df090 R08: 0000000000000000 R09: 0000000000000000 [ 467.536079][T10439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.544073][T10439] R13: 00007fb766616038 R14: 00007fb766615fa0 R15: 00007ffe3f9dd948 [ 467.552085][T10439] [ 467.901289][T10454] netlink: 'syz.0.1555': attribute type 2 has an invalid length. [ 467.909649][T10454] netlink: 'syz.0.1555': attribute type 1 has an invalid length. [ 467.919019][T10454] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1555'. [ 468.476453][T10471] netlink: 'syz.2.1562': attribute type 10 has an invalid length. [ 470.016064][T10519] delete_channel: no stack [ 470.021953][T10519] delete_channel: no stack [ 470.237082][T10526] netlink: 'syz.1.1586': attribute type 2 has an invalid length. [ 470.245127][T10526] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1586'. [ 470.661068][T10544] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.1593'. [ 470.972363][T10548] netlink: 'syz.2.1595': attribute type 2 has an invalid length. [ 470.992280][T10548] netlink: 'syz.2.1595': attribute type 1 has an invalid length. [ 471.005345][T10548] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1595'. [ 471.807313][T10582] FAULT_INJECTION: forcing a failure. [ 471.807313][T10582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 471.834124][T10582] CPU: 1 PID: 10582 Comm: syz.2.1608 Not tainted syzkaller #0 [ 471.841638][T10582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 471.851880][T10582] Call Trace: [ 471.855163][T10582] [ 471.858115][T10582] dump_stack_lvl+0x18c/0x250 [ 471.862821][T10582] ? show_regs_print_info+0x20/0x20 [ 471.868040][T10582] ? load_image+0x420/0x420 [ 471.872562][T10582] ? __lock_acquire+0x7d40/0x7d40 [ 471.877578][T10582] ? snprintf+0xe9/0x140 [ 471.881819][T10582] should_fail_ex+0x39d/0x4d0 [ 471.886497][T10582] _copy_to_user+0x2f/0xa0 [ 471.890932][T10582] simple_read_from_buffer+0xe7/0x150 [ 471.896322][T10582] proc_fail_nth_read+0x1e8/0x260 [ 471.901340][T10582] ? proc_fault_inject_write+0x360/0x360 [ 471.906973][T10582] ? fsnotify_perm+0x271/0x5e0 [ 471.911729][T10582] ? proc_fault_inject_write+0x360/0x360 [ 471.917354][T10582] vfs_read+0x28b/0x970 [ 471.921506][T10582] ? kernel_read+0x1e0/0x1e0 [ 471.926169][T10582] ? __fget_files+0x28/0x4b0 [ 471.930749][T10582] ? __fget_files+0x28/0x4b0 [ 471.935335][T10582] ? __fget_files+0x43d/0x4b0 [ 471.940027][T10582] ? __fdget_pos+0x2a3/0x330 [ 471.944637][T10582] ? ksys_read+0x75/0x260 [ 471.948964][T10582] ksys_read+0x150/0x260 [ 471.953208][T10582] ? vfs_write+0x990/0x990 [ 471.957709][T10582] ? lockdep_hardirqs_on+0x98/0x150 [ 471.962916][T10582] do_syscall_64+0x55/0xb0 [ 471.967334][T10582] ? clear_bhb_loop+0x40/0x90 [ 471.972000][T10582] ? clear_bhb_loop+0x40/0x90 [ 471.976670][T10582] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 471.982557][T10582] RIP: 0033:0x7fb76635d68e [ 471.986959][T10582] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 472.006571][T10582] RSP: 002b:00007fb7672defe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 472.015006][T10582] RAX: ffffffffffffffda RBX: 00007fb7672df6c0 RCX: 00007fb76635d68e [ 472.022976][T10582] RDX: 000000000000000f RSI: 00007fb7672df0a0 RDI: 0000000000000004 [ 472.030943][T10582] RBP: 00007fb7672df090 R08: 0000000000000000 R09: 0000000000000000 [ 472.038914][T10582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.046901][T10582] R13: 00007fb766616038 R14: 00007fb766615fa0 R15: 00007ffe3f9dd948 [ 472.054887][T10582] [ 472.375109][T10607] netlink: 'syz.0.1612': attribute type 2 has an invalid length. [ 472.383696][T10607] netlink: 'syz.0.1612': attribute type 1 has an invalid length. [ 472.408876][T10607] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1612'. [ 475.494285][T10622] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1618'. [ 475.542590][T10622] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 479.179718][T10655] netlink: 'syz.0.1631': attribute type 2 has an invalid length. [ 479.187659][T10655] netlink: 'syz.0.1631': attribute type 1 has an invalid length. [ 479.197017][T10655] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1631'. [ 483.294292][T10701] netlink: 'syz.1.1650': attribute type 2 has an invalid length. [ 483.303501][T10701] netlink: 'syz.1.1650': attribute type 1 has an invalid length. [ 483.312379][T10701] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1650'. [ 483.347516][T10704] netlink: 'syz.0.1651': attribute type 64 has an invalid length. [ 483.379609][T10704] netlink: 'syz.0.1651': attribute type 64 has an invalid length. [ 483.403280][T10699] netlink: 'syz.0.1651': attribute type 64 has an invalid length. [ 487.156588][T10743] netlink: 'syz.3.1665': attribute type 2 has an invalid length. [ 487.183722][T10743] netlink: 'syz.3.1665': attribute type 1 has an invalid length. [ 487.202085][T10743] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1665'. [ 487.396457][T10754] netlink: 'syz.1.1669': attribute type 9 has an invalid length. [ 487.404581][T10754] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1669'. [ 487.672076][T10754] netlink: 'syz.1.1669': attribute type 9 has an invalid length. [ 487.721392][T10754] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1669'. [ 487.781413][T10756] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1669'. [ 491.160741][T10777] syzkaller0: entered promiscuous mode [ 491.166270][T10777] syzkaller0: entered allmulticast mode [ 491.280376][T10787] netlink: 'syz.0.1680': attribute type 21 has an invalid length. [ 491.288399][T10787] netlink: 'syz.0.1680': attribute type 1 has an invalid length. [ 491.316703][T10787] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1680'. [ 491.344963][T10791] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.1680'. [ 491.414361][T10792] netlink: 'syz.3.1681': attribute type 2 has an invalid length. [ 491.424264][T10792] netlink: 'syz.3.1681': attribute type 1 has an invalid length. [ 491.432372][T10792] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1681'. [ 496.378642][T10816] netlink: 'syz.2.1692': attribute type 29 has an invalid length. [ 496.416688][T10816] netlink: 'syz.2.1692': attribute type 29 has an invalid length. [ 496.622645][T10820] FAULT_INJECTION: forcing a failure. [ 496.622645][T10820] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 496.652679][T10820] CPU: 1 PID: 10820 Comm: syz.3.1693 Not tainted syzkaller #0 [ 496.660197][T10820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 496.670282][T10820] Call Trace: [ 496.673577][T10820] [ 496.676527][T10820] dump_stack_lvl+0x18c/0x250 [ 496.681227][T10820] ? show_regs_print_info+0x20/0x20 [ 496.686443][T10820] ? load_image+0x420/0x420 [ 496.690972][T10820] ? __might_fault+0xaa/0x120 [ 496.695667][T10820] ? __lock_acquire+0x7d40/0x7d40 [ 496.700730][T10820] should_fail_ex+0x39d/0x4d0 [ 496.705440][T10820] _copy_from_user+0x2f/0xe0 [ 496.710053][T10820] generic_map_update_batch+0x59a/0x810 [ 496.715633][T10820] ? rcu_read_unlock+0xa0/0xa0 [ 496.720421][T10820] ? __fdget+0x180/0x210 [ 496.724682][T10820] ? rcu_read_unlock+0xa0/0xa0 [ 496.729467][T10820] bpf_map_do_batch+0x3d7/0x610 [ 496.734348][T10820] __sys_bpf+0x381/0x890 [ 496.738618][T10820] ? bpf_link_show_fdinfo+0x390/0x390 [ 496.744036][T10820] ? lock_chain_count+0x20/0x20 [ 496.748914][T10820] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 496.754931][T10820] __x64_sys_bpf+0x7c/0x90 [ 496.759367][T10820] do_syscall_64+0x55/0xb0 [ 496.763801][T10820] ? clear_bhb_loop+0x40/0x90 [ 496.768498][T10820] ? clear_bhb_loop+0x40/0x90 [ 496.773195][T10820] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 496.779107][T10820] RIP: 0033:0x7fa8ef19ce59 [ 496.783546][T10820] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 496.803175][T10820] RSP: 002b:00007fa8effe5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 496.811716][T10820] RAX: ffffffffffffffda RBX: 00007fa8ef415fa0 RCX: 00007fa8ef19ce59 [ 496.819720][T10820] RDX: 0000000000000038 RSI: 0000200000000180 RDI: 000000000000001a [ 496.827718][T10820] RBP: 00007fa8effe5090 R08: 0000000000000000 R09: 0000000000000000 [ 496.835714][T10820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 496.843712][T10820] R13: 00007fa8ef416038 R14: 00007fa8ef415fa0 R15: 00007ffc76648af8 [ 496.851729][T10820] [ 500.078620][T10832] netlink: 'syz.1.1698': attribute type 2 has an invalid length. [ 500.088070][T10832] netlink: 'syz.1.1698': attribute type 1 has an invalid length. [ 500.100882][T10832] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1698'. [ 501.593154][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.599578][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.167290][T10872] netlink: 'syz.3.1714': attribute type 2 has an invalid length. [ 502.176337][T10872] netlink: 'syz.3.1714': attribute type 1 has an invalid length. [ 502.184404][T10872] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1714'. [ 504.346948][T10919] FAULT_INJECTION: forcing a failure. [ 504.346948][T10919] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 504.391919][T10919] CPU: 1 PID: 10919 Comm: syz.0.1731 Not tainted syzkaller #0 [ 504.399436][T10919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 504.409514][T10919] Call Trace: [ 504.412803][T10919] [ 504.415743][T10919] dump_stack_lvl+0x18c/0x250 [ 504.420455][T10919] ? show_regs_print_info+0x20/0x20 [ 504.425675][T10919] ? load_image+0x420/0x420 [ 504.430202][T10919] ? __might_fault+0xaa/0x120 [ 504.434899][T10919] ? __lock_acquire+0x7d40/0x7d40 [ 504.439950][T10919] should_fail_ex+0x39d/0x4d0 [ 504.444658][T10919] _copy_from_user+0x2f/0xe0 [ 504.449273][T10919] __sys_bpf+0x23e/0x890 [ 504.453538][T10919] ? bpf_link_show_fdinfo+0x390/0x390 [ 504.458970][T10919] __x64_sys_bpf+0x7c/0x90 [ 504.463413][T10919] do_syscall_64+0x55/0xb0 [ 504.467853][T10919] ? clear_bhb_loop+0x40/0x90 [ 504.472554][T10919] ? clear_bhb_loop+0x40/0x90 [ 504.477263][T10919] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 504.483172][T10919] RIP: 0033:0x7fa58fb9ce59 [ 504.487606][T10919] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 504.507229][T10919] RSP: 002b:00007fa5909e8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 504.515670][T10919] RAX: ffffffffffffffda RBX: 00007fa58fe15fa0 RCX: 00007fa58fb9ce59 [ 504.523658][T10919] RDX: 0000000000000094 RSI: 0000200000000100 RDI: 0000000000000005 [ 504.531644][T10919] RBP: 00007fa5909e8090 R08: 0000000000000000 R09: 0000000000000000 [ 504.539629][T10919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 504.547615][T10919] R13: 00007fa58fe16038 R14: 00007fa58fe15fa0 R15: 00007fff82eb9608 [ 504.555616][T10919] [ 504.620191][T10921] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 504.667126][T10921] syzkaller0: entered promiscuous mode [ 504.673002][T10921] syzkaller0: entered allmulticast mode [ 504.759571][T10929] netlink: 207508 bytes leftover after parsing attributes in process `syz.0.1734'. [ 506.582929][T10954] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1737'. [ 508.235275][T10954] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1737'. [ 508.453633][T10970] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1747'. [ 508.964205][T10987] netlink: 'syz.0.1752': attribute type 2 has an invalid length. [ 508.977330][T10987] netlink: 'syz.0.1752': attribute type 1 has an invalid length. [ 508.988469][T10987] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1752'. [ 509.017878][T10986] netlink: 'syz.3.1753': attribute type 2 has an invalid length. [ 509.059845][T10986] netlink: 'syz.3.1753': attribute type 1 has an invalid length. [ 509.067982][T10986] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1753'. [ 509.657011][T10997] netlink: 207508 bytes leftover after parsing attributes in process `syz.3.1756'. [ 510.656825][T11026] netlink: 'syz.2.1765': attribute type 2 has an invalid length. [ 510.666340][T11026] netlink: 'syz.2.1765': attribute type 1 has an invalid length. [ 510.676708][T11026] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1765'. [ 513.409941][T11030] netlink: 'syz.0.1767': attribute type 10 has an invalid length. [ 513.647772][T11030] team0 (unregistering): Port device team_slave_0 removed [ 513.719112][T11030] team0 (unregistering): Port device team_slave_1 removed [ 513.731785][T11043] netlink: 207508 bytes leftover after parsing attributes in process `syz.2.1772'. [ 513.783488][T11030] veth1_vlan: left allmulticast mode [ 513.823124][T11030] team0 (unregistering): Port device macvlan0 removed [ 513.894540][T11046] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 513.912196][T11046] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 515.213990][T11077] netlink: 'syz.0.1779': attribute type 2 has an invalid length. [ 515.223476][T11077] netlink: 'syz.0.1779': attribute type 1 has an invalid length. [ 515.232390][T11077] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1779'. [ 518.049564][T11085] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 518.073980][T11085] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 518.095406][T11084] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 518.102928][T11084] IPv6: NLM_F_CREATE should be set when creating new route [ 518.110630][T11084] IPv6: NLM_F_CREATE should be set when creating new route [ 518.118072][T11084] IPv6: NLM_F_CREATE should be set when creating new route [ 524.664785][T11118] netlink: 'syz.3.1795': attribute type 2 has an invalid length. [ 524.672921][T11118] netlink: 'syz.3.1795': attribute type 1 has an invalid length. [ 524.681374][T11118] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1795'. [ 529.146537][T11146] netlink: 'syz.1.1807': attribute type 2 has an invalid length. [ 529.181216][T11146] netlink: 'syz.1.1807': attribute type 1 has an invalid length. [ 529.200234][T11146] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1807'. [ 529.687567][T11169] netlink: 'syz.2.1815': attribute type 2 has an invalid length. [ 529.698175][T11169] netlink: 'syz.2.1815': attribute type 1 has an invalid length. [ 529.708675][T11169] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1815'. [ 529.792606][T11174] netlink: 'syz.0.1816': attribute type 3 has an invalid length. [ 533.285407][T11196] netlink: 'syz.0.1824': attribute type 2 has an invalid length. [ 533.293558][T11196] netlink: 'syz.0.1824': attribute type 1 has an invalid length. [ 533.309751][T11196] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1824'. [ 533.371645][T11200] netlink: 'syz.1.1827': attribute type 3 has an invalid length. [ 533.676674][T11201] delete_channel: no stack [ 533.719113][T11210] netlink: 'syz.1.1831': attribute type 2 has an invalid length. [ 533.739080][T11210] netlink: 'syz.1.1831': attribute type 1 has an invalid length. [ 533.747071][T11210] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1831'. [ 536.581682][T11221] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1834'. [ 536.591690][T11221] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4. [ 536.713376][T11225] netlink: 'syz.2.1836': attribute type 2 has an invalid length. [ 536.728985][T11225] netlink: 'syz.2.1836': attribute type 1 has an invalid length. [ 536.736904][T11225] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1836'. [ 537.077271][T11235] netlink: 'syz.2.1838': attribute type 3 has an invalid length. [ 537.483301][T11239] delete_channel: no stack [ 537.578143][T11247] netlink: 'syz.3.1844': attribute type 2 has an invalid length. [ 537.604546][T11247] netlink: 'syz.3.1844': attribute type 1 has an invalid length. [ 537.628404][T11247] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1844'. [ 537.693679][T11253] netlink: 'syz.0.1847': attribute type 2 has an invalid length. [ 537.718950][T11253] netlink: 'syz.0.1847': attribute type 1 has an invalid length. [ 537.749855][T11253] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1847'. [ 541.257952][T11279] netlink: 'syz.3.1859': attribute type 25 has an invalid length. [ 541.514086][T11287] netlink: 'syz.3.1862': attribute type 2 has an invalid length. [ 541.519246][T11281] delete_channel: no stack [ 541.522926][T11287] netlink: 'syz.3.1862': attribute type 1 has an invalid length. [ 541.550572][T11287] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1862'. [ 542.144366][T11306] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 546.122232][T11327] netlink: 'syz.1.1875': attribute type 2 has an invalid length. [ 546.150774][T11327] netlink: 'syz.1.1875': attribute type 1 has an invalid length. [ 546.167584][T11327] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1875'. [ 549.160957][T11346] netlink: 13695 bytes leftover after parsing attributes in process `syz.2.1879'. [ 549.199553][T11344] netlink: 13695 bytes leftover after parsing attributes in process `syz.2.1879'. [ 549.767378][T11363] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.1886'. [ 549.791119][T11363] bridge_slave_1: default FDB implementation only supports local addresses [ 549.993332][T11365] netlink: 'syz.0.1887': attribute type 2 has an invalid length. [ 550.011431][T11365] netlink: 'syz.0.1887': attribute type 1 has an invalid length. [ 550.029723][T11365] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1887'. [ 553.809559][T11385] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1894'. [ 557.708894][T11424] netlink: 'syz.1.1906': attribute type 39 has an invalid length. [ 558.351289][T11427] netlink: 'syz.2.1905': attribute type 1 has an invalid length. [ 558.371230][T11427] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1905'. [ 558.735873][T11424] syz.1.1906 (11424) used greatest stack depth: 19272 bytes left [ 559.208586][T11443] netlink: 'syz.1.1915': attribute type 2 has an invalid length. [ 559.217050][T11443] netlink: 'syz.1.1915': attribute type 1 has an invalid length. [ 559.228657][T11443] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1915'. [ 559.608242][T11455] netlink: 'syz.2.1917': attribute type 2 has an invalid length. [ 559.634277][T11455] netlink: 'syz.2.1917': attribute type 1 has an invalid length. [ 559.660214][T11455] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1917'. [ 559.959624][T11458] netlink: 'syz.1.1918': attribute type 10 has an invalid length. [ 560.101399][T11458] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 561.632705][T11467] netlink: 'syz.3.1920': attribute type 39 has an invalid length. [ 562.126389][T11482] netlink: 'syz.2.1926': attribute type 2 has an invalid length. [ 562.197281][T11482] netlink: 'syz.2.1926': attribute type 1 has an invalid length. [ 562.286350][T11482] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1926'. [ 562.627845][T11488] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1925'. [ 563.031561][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.037912][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.642268][T11502] validate_nla: 1 callbacks suppressed [ 563.642282][T11502] netlink: 'syz.1.1931': attribute type 10 has an invalid length. [ 564.267989][T11502] FAULT_INJECTION: forcing a failure. [ 564.267989][T11502] name failslab, interval 1, probability 0, space 0, times 0 [ 564.284793][T11502] CPU: 1 PID: 11502 Comm: syz.1.1931 Not tainted syzkaller #0 [ 564.292295][T11502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 564.302370][T11502] Call Trace: [ 564.305665][T11502] [ 564.308611][T11502] dump_stack_lvl+0x18c/0x250 [ 564.313314][T11502] ? show_regs_print_info+0x20/0x20 [ 564.318530][T11502] ? load_image+0x420/0x420 [ 564.323063][T11502] ? __might_sleep+0xe0/0xe0 [ 564.327679][T11502] ? __lock_acquire+0x7d40/0x7d40 [ 564.332730][T11502] should_fail_ex+0x39d/0x4d0 [ 564.337442][T11502] should_failslab+0x9/0x20 [ 564.341966][T11502] slab_pre_alloc_hook+0x59/0x310 [ 564.347019][T11502] ? __dev_close_many+0x111/0x2b0 [ 564.352069][T11502] ? cfg80211_sinfo_alloc_tid_stats+0x73/0xf0 [ 564.358166][T11502] __kmem_cache_alloc_node+0x53/0x250 [ 564.363571][T11502] ? cfg80211_sinfo_alloc_tid_stats+0x73/0xf0 [ 564.369669][T11502] kmalloc_trace+0x2a/0xe0 [ 564.374115][T11502] cfg80211_sinfo_alloc_tid_stats+0x73/0xf0 [ 564.380035][T11502] sta_set_sinfo+0x1db0/0x45c0 [ 564.384859][T11502] __sta_info_destroy_part2+0x28c/0x420 [ 564.390441][T11502] __sta_info_flush+0x3e5/0x4f0 [ 564.395320][T11502] ? sta_info_stop+0x40/0x40 [ 564.399934][T11502] ? __local_bh_enable_ip+0x13a/0x1c0 [ 564.405325][T11502] ? _local_bh_enable+0xa0/0xa0 [ 564.410195][T11502] ? do_raw_spin_unlock+0x121/0x230 [ 564.415425][T11502] ieee80211_ibss_disconnect+0x262/0x700 [ 564.421087][T11502] ieee80211_ibss_leave+0x25/0x140 [ 564.426216][T11502] __cfg80211_leave_ibss+0x1d2/0x400 [ 564.431533][T11502] cfg80211_netdev_notifier_call+0x1f3/0x13f0 [ 564.437633][T11502] ? __schedule+0x155b/0x45a0 [ 564.442331][T11502] ? cfg80211_unhold_bss+0xc0/0xc0 [ 564.447472][T11502] ? mark_lock+0x94/0x320 [ 564.451833][T11502] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 564.457864][T11502] ? inetdev_event+0x49d/0x1630 [ 564.462754][T11502] ? igmp_netdev_event+0x7c/0x770 [ 564.467807][T11502] notifier_call_chain+0x197/0x380 [ 564.472948][T11502] __dev_close_many+0x111/0x2b0 [ 564.477817][T11502] ? dev_close_many+0x410/0x410 [ 564.482702][T11502] __dev_change_flags+0x2dc/0x6a0 [ 564.487754][T11502] ? vprintk_emit+0x53d/0x610 [ 564.492454][T11502] ? dev_get_flags+0x1c0/0x1c0 [ 564.497240][T11502] ? printk_sprint+0x460/0x460 [ 564.502030][T11502] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 564.507943][T11502] ? _raw_spin_unlock+0x40/0x40 [ 564.512815][T11502] dev_change_flags+0x88/0x1a0 [ 564.517605][T11502] do_setlink+0xc58/0x4130 [ 564.522034][T11502] ? arch_stack_walk+0x160/0x190 [ 564.526990][T11502] ? load_image+0x420/0x420 [ 564.531517][T11502] ? nlmsg_parse_deprecated_strict+0x110/0x110 [ 564.537690][T11502] ? stack_trace_save+0xaa/0x100 [ 564.542657][T11502] ? __nla_validate_parse+0x2522/0x2ea0 [ 564.548242][T11502] ? __nla_validate+0x50/0x50 [ 564.552971][T11502] ? validate_linkmsg+0x719/0x910 [ 564.558025][T11502] rtnl_newlink+0x17da/0x20a0 [ 564.562730][T11502] ? rtnl_newlink+0x4f1/0x20a0 [ 564.567521][T11502] ? rtnl_setlink+0x4e0/0x4e0 [ 564.572209][T11502] ? trace_raw_output_contention_end+0xd0/0xd0 [ 564.578384][T11502] ? rcu_is_watching+0x15/0xb0 [ 564.583167][T11502] ? trace_contention_end+0x39/0xe0 [ 564.588379][T11502] ? __mutex_lock+0x315/0xcc0 [ 564.593100][T11502] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 564.598228][T11502] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 564.603349][T11502] ? rtnl_setlink+0x4e0/0x4e0 [ 564.608043][T11502] rtnetlink_rcv_msg+0x869/0xfa0 [ 564.613016][T11502] ? lockdep_hardirqs_on+0x98/0x150 [ 564.618239][T11502] ? rtnetlink_bind+0x80/0x80 [ 564.622938][T11502] ? preempt_schedule_common+0x82/0xc0 [ 564.628414][T11502] ? preempt_schedule+0xc0/0xd0 [ 564.633275][T11502] ? schedule_preempt_disabled+0x20/0x20 [ 564.638919][T11502] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 564.644926][T11502] ? perf_trace_preemptirq_template+0xac/0x330 [ 564.651084][T11502] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 564.657069][T11502] ? lock_chain_count+0x20/0x20 [ 564.661918][T11502] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 564.667804][T11502] ? lockdep_hardirqs_on+0x98/0x150 [ 564.673041][T11502] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 564.678926][T11502] ? _raw_spin_unlock+0x40/0x40 [ 564.683775][T11502] ? rcu_preempt_deferred_qs_irqrestore+0x88e/0xce0 [ 564.690377][T11502] netlink_rcv_skb+0x241/0x4d0 [ 564.695139][T11502] ? rtnetlink_bind+0x80/0x80 [ 564.699808][T11502] ? netlink_ack+0x1180/0x1180 [ 564.704578][T11502] ? __lock_acquire+0x7d40/0x7d40 [ 564.709600][T11502] ? __rcu_read_unlock+0x7c/0xd0 [ 564.714540][T11502] ? netlink_deliver_tap+0x2e/0x1b0 [ 564.719741][T11502] netlink_unicast+0x751/0x8d0 [ 564.724510][T11502] netlink_sendmsg+0x8d0/0xbf0 [ 564.729276][T11502] ? netlink_getsockopt+0x590/0x590 [ 564.734485][T11502] ? aa_sock_msg_perm+0x94/0x150 [ 564.739418][T11502] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 564.744697][T11502] ? security_socket_sendmsg+0x80/0xa0 [ 564.750149][T11502] ? netlink_getsockopt+0x590/0x590 [ 564.755349][T11502] ____sys_sendmsg+0x5ba/0x960 [ 564.760115][T11502] ? __asan_memset+0x22/0x40 [ 564.764700][T11502] ? __sys_sendmsg_sock+0x30/0x30 [ 564.769717][T11502] ? __import_iovec+0x5f2/0x850 [ 564.774565][T11502] ? import_iovec+0x73/0xa0 [ 564.779090][T11502] ___sys_sendmsg+0x2a6/0x360 [ 564.783757][T11502] ? get_pid_task+0x20/0x1e0 [ 564.788343][T11502] ? __sys_sendmsg+0x2a0/0x2a0 [ 564.793120][T11502] ? __lock_acquire+0x7d40/0x7d40 [ 564.798156][T11502] __se_sys_sendmsg+0x1c2/0x2b0 [ 564.803014][T11502] ? __x64_sys_sendmsg+0x80/0x80 [ 564.807960][T11502] ? lockdep_hardirqs_on+0x98/0x150 [ 564.813154][T11502] do_syscall_64+0x55/0xb0 [ 564.817563][T11502] ? clear_bhb_loop+0x40/0x90 [ 564.822231][T11502] ? clear_bhb_loop+0x40/0x90 [ 564.826903][T11502] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 564.832788][T11502] RIP: 0033:0x7f041af9ce59 [ 564.837202][T11502] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 564.856802][T11502] RSP: 002b:00007f041bf04028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 564.865300][T11502] RAX: ffffffffffffffda RBX: 00007f041b215fa0 RCX: 00007f041af9ce59 [ 564.873265][T11502] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 564.881224][T11502] RBP: 00007f041bf04090 R08: 0000000000000000 R09: 0000000000000000 [ 564.889196][T11502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 564.897157][T11502] R13: 00007f041b216038 R14: 00007f041b215fa0 R15: 00007ffe4e4a4388 [ 564.905131][T11502] [ 566.112419][T11502] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 566.119705][T11502] mac80211_hwsim hwsim3 wlan1: left allmulticast mode [ 566.439587][T11516] netlink: 'syz.2.1937': attribute type 2 has an invalid length. [ 566.447556][T11516] netlink: 'syz.2.1937': attribute type 1 has an invalid length. [ 566.462388][T11516] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.1937'. [ 567.773815][T11525] netlink: 'syz.3.1939': attribute type 1 has an invalid length. [ 567.839029][T11525] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1939'. [ 569.503072][T11558] netlink: 'syz.3.1950': attribute type 2 has an invalid length. [ 569.553004][T11558] netlink: 'syz.3.1950': attribute type 1 has an invalid length. [ 569.590446][T11558] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1950'. [ 571.781544][T11572] netlink: 'syz.0.1956': attribute type 10 has an invalid length. [ 571.905162][T11576] netlink: 199824 bytes leftover after parsing attributes in process `syz.3.1954'. [ 572.329366][T11590] netlink: 'syz.0.1962': attribute type 2 has an invalid length. [ 572.339431][T11590] netlink: 'syz.0.1962': attribute type 1 has an invalid length. [ 572.350818][T11593] netlink: 'syz.2.1963': attribute type 3 has an invalid length. [ 572.365280][T11590] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1962'. [ 572.378960][T11593] netlink: 'syz.2.1963': attribute type 1 has an invalid length. [ 572.386720][T11593] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.1963'. [ 572.419591][T11593] netlink: 'syz.2.1963': attribute type 10 has an invalid length. [ 572.582867][T11593] mac80211_hwsim hwsim7 wlan1: left promiscuous mode [ 572.589829][T11593] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 575.136576][T11625] netlink: 'syz.0.1972': attribute type 2 has an invalid length. [ 575.169796][T11625] netlink: 'syz.0.1972': attribute type 1 has an invalid length. [ 575.177695][T11625] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.1972'. [ 576.851175][T11661] netlink: 'syz.1.1984': attribute type 10 has an invalid length. [ 576.907386][T11661] team0: Device wg1 is of different type [ 577.166090][T11669] netlink: 'syz.1.1986': attribute type 2 has an invalid length. [ 577.174255][T11669] netlink: 'syz.1.1986': attribute type 1 has an invalid length. [ 577.183258][T11669] netlink: 198800 bytes leftover after parsing attributes in process `syz.1.1986'. [ 578.551321][T11653] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1981'. [ 579.935366][T11697] netlink: 'syz.3.1997': attribute type 2 has an invalid length. [ 579.958921][T11697] netlink: 'syz.3.1997': attribute type 1 has an invalid length. [ 579.999595][T11697] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.1997'. [ 582.210884][T11712] netlink: 'syz.0.2001': attribute type 21 has an invalid length. [ 582.220619][T11712] netlink: 'syz.0.2001': attribute type 6 has an invalid length. [ 582.228339][T11712] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2001'. [ 582.237698][T11712] FAULT_INJECTION: forcing a failure. [ 582.237698][T11712] name failslab, interval 1, probability 0, space 0, times 0 [ 582.263754][T11712] CPU: 1 PID: 11712 Comm: syz.0.2001 Not tainted syzkaller #0 [ 582.271263][T11712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 582.281342][T11712] Call Trace: [ 582.284647][T11712] [ 582.287594][T11712] dump_stack_lvl+0x18c/0x250 [ 582.292300][T11712] ? show_regs_print_info+0x20/0x20 [ 582.297525][T11712] ? load_image+0x420/0x420 [ 582.302059][T11712] ? verify_lock_unused+0x140/0x140 [ 582.307300][T11712] should_fail_ex+0x39d/0x4d0 [ 582.312008][T11712] should_failslab+0x9/0x20 [ 582.316518][T11712] slab_pre_alloc_hook+0x59/0x310 [ 582.321552][T11712] kmem_cache_alloc+0x5a/0x2d0 [ 582.326332][T11712] ? skb_clone+0x1eb/0x370 [ 582.330745][T11712] skb_clone+0x1eb/0x370 [ 582.334982][T11712] __netlink_deliver_tap+0x41c/0x830 [ 582.340269][T11712] ? netlink_deliver_tap+0x2e/0x1b0 [ 582.345461][T11712] netlink_deliver_tap+0x19c/0x1b0 [ 582.350584][T11712] netlink_sendskb+0x68/0x130 [ 582.355260][T11712] netlink_ack+0xce1/0x1180 [ 582.359771][T11712] ? netlink_dump+0xe50/0xe50 [ 582.364440][T11712] ? perf_trace_lock+0x304/0x3b0 [ 582.369382][T11712] netlink_rcv_skb+0x2c5/0x4d0 [ 582.374145][T11712] ? rtnetlink_bind+0x80/0x80 [ 582.378816][T11712] ? netlink_ack+0x1180/0x1180 [ 582.383582][T11712] ? __lock_acquire+0x7d40/0x7d40 [ 582.388607][T11712] ? netlink_deliver_tap+0x2e/0x1b0 [ 582.393804][T11712] netlink_unicast+0x751/0x8d0 [ 582.398568][T11712] netlink_sendmsg+0x8d0/0xbf0 [ 582.403325][T11712] ? perf_trace_lock+0x304/0x3b0 [ 582.408260][T11712] ? netlink_getsockopt+0x590/0x590 [ 582.413453][T11712] ? aa_sock_msg_perm+0x94/0x150 [ 582.418393][T11712] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 582.423673][T11712] ? security_socket_sendmsg+0x80/0xa0 [ 582.429137][T11712] ? netlink_getsockopt+0x590/0x590 [ 582.434347][T11712] ____sys_sendmsg+0x5ba/0x960 [ 582.439119][T11712] ? __asan_memset+0x22/0x40 [ 582.443712][T11712] ? __sys_sendmsg_sock+0x30/0x30 [ 582.448733][T11712] ? __import_iovec+0x5f2/0x850 [ 582.453590][T11712] ? import_iovec+0x73/0xa0 [ 582.458086][T11712] ___sys_sendmsg+0x2a6/0x360 [ 582.462783][T11712] ? __sys_sendmsg+0x2a0/0x2a0 [ 582.467565][T11712] ? __lock_acquire+0x7d40/0x7d40 [ 582.472610][T11712] __se_sys_sendmsg+0x1c2/0x2b0 [ 582.477464][T11712] ? __x64_sys_sendmsg+0x80/0x80 [ 582.482406][T11712] ? lockdep_hardirqs_on+0x98/0x150 [ 582.487601][T11712] do_syscall_64+0x55/0xb0 [ 582.492012][T11712] ? clear_bhb_loop+0x40/0x90 [ 582.496702][T11712] ? clear_bhb_loop+0x40/0x90 [ 582.501390][T11712] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 582.507290][T11712] RIP: 0033:0x7fa58fb9ce59 [ 582.511701][T11712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 582.531334][T11712] RSP: 002b:00007fa5909e8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 582.539747][T11712] RAX: ffffffffffffffda RBX: 00007fa58fe15fa0 RCX: 00007fa58fb9ce59 [ 582.547709][T11712] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004 [ 582.555670][T11712] RBP: 00007fa5909e8090 R08: 0000000000000000 R09: 0000000000000000 [ 582.563640][T11712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 582.571602][T11712] R13: 00007fa58fe16038 R14: 00007fa58fe15fa0 R15: 00007fff82eb9608 [ 582.579580][T11712] [ 582.950649][T11734] netlink: 'syz.0.2011': attribute type 2 has an invalid length. [ 582.969873][T11734] netlink: 'syz.0.2011': attribute type 1 has an invalid length. [ 582.977846][T11734] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.2011'. [ 585.667826][T11767] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2020'. [ 585.892866][T11777] netlink: 'syz.1.2025': attribute type 39 has an invalid length. [ 585.983297][T11779] netlink: 'syz.2.2026': attribute type 2 has an invalid length. [ 585.993614][T11779] netlink: 'syz.2.2026': attribute type 1 has an invalid length. [ 586.002801][T11779] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.2026'. [ 587.278982][T11807] netlink: 16182 bytes leftover after parsing attributes in process `syz.3.2034'. [ 587.302425][T11798] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2032'. [ 587.927970][T11829] netlink: 'syz.3.2039': attribute type 2 has an invalid length. [ 587.949001][T11829] netlink: 'syz.3.2039': attribute type 1 has an invalid length. [ 587.956989][T11829] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.2039'. [ 590.639474][T11839] delete_channel: no stack [ 590.644461][T11839] delete_channel: no stack [ 592.034437][T11880] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2056'. [ 593.427872][T11901] netlink: 'syz.3.2068': attribute type 2 has an invalid length. [ 593.437869][T11901] netlink: 'syz.3.2068': attribute type 1 has an invalid length. [ 593.449417][T11901] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.2068'. [ 594.012211][T11922] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2080'. [ 594.032189][T11922] openvswitch: netlink: Tunnel attr 0 has unexpected len 3 expected 8 [ 594.312681][T11930] netlink: 144316 bytes leftover after parsing attributes in process `syz.2.2075'. [ 594.336412][T11930] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2075'. [ 594.378070][T11930] syz.2.2075[11930] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 594.378295][T11930] syz.2.2075[11930] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 594.682298][T11950] netlink: 'syz.2.2084': attribute type 27 has an invalid length. [ 594.685493][T11946] netlink: 'syz.0.2083': attribute type 2 has an invalid length. [ 594.711132][T11946] netlink: 'syz.0.2083': attribute type 1 has an invalid length. [ 594.742789][T11946] netlink: 198800 bytes leftover after parsing attributes in process `syz.0.2083'. [ 595.079456][T11950] bond0: (slave bond_slave_0): Releasing backup interface [ 595.168449][T11953] netlink: 'syz.2.2084': attribute type 10 has an invalid length. [ 595.176574][T11953] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 595.777318][T11957] FAULT_INJECTION: forcing a failure. [ 595.777318][T11957] name fail_futex, interval 1, probability 0, space 0, times 1 [ 595.817382][T11957] CPU: 1 PID: 11957 Comm: syz.1.2086 Not tainted syzkaller #0 [ 595.824897][T11957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 595.834993][T11957] Call Trace: [ 595.838315][T11957] [ 595.841273][T11957] dump_stack_lvl+0x18c/0x250 [ 595.846072][T11957] ? show_regs_print_info+0x20/0x20 [ 595.851313][T11957] ? load_image+0x420/0x420 [ 595.855850][T11957] ? __lock_acquire+0x1347/0x7d40 [ 595.860915][T11957] should_fail_ex+0x39d/0x4d0 [ 595.865624][T11957] get_futex_key+0x136/0x1010 [ 595.870345][T11957] ? futex_setup_timer+0xc0/0xc0 [ 595.875311][T11957] ? trace_call_bpf+0xc3/0x6c0 [ 595.880102][T11957] ? trace_call_bpf+0x5e9/0x6c0 [ 595.884984][T11957] futex_wake+0x127/0x4f0 [ 595.889332][T11957] ? __bpf_trace_bpf_trace_printk+0x100/0x100 [ 595.895598][T11957] ? futex_wake_mark+0x150/0x150 [ 595.900573][T11957] do_futex+0x35d/0x3e0 [ 595.904756][T11957] ? __might_fault+0xaa/0x120 [ 595.909458][T11957] ? __ia32_sys_get_robust_list+0x110/0x110 [ 595.915372][T11957] ? __might_fault+0xc6/0x120 [ 595.920066][T11957] mm_release+0x184/0x3a0 [ 595.924503][T11957] ? exit_mm_release+0x30/0x30 [ 595.929281][T11957] ? lockdep_hardirqs_on+0x98/0x150 [ 595.934507][T11957] exit_mm+0xa6/0x350 [ 595.938515][T11957] ? do_exit+0x2460/0x2460 [ 595.942951][T11957] ? taskstats_exit+0x3d5/0x9d0 [ 595.947836][T11957] do_exit+0x8dd/0x2460 [ 595.952028][T11957] ? put_task_struct+0xc0/0xc0 [ 595.956823][T11957] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 595.962824][T11957] ? get_signal+0x1068/0x13f0 [ 595.967522][T11957] ? lock_chain_count+0x20/0x20 [ 595.972387][T11957] ? _raw_spin_lock_irq+0xbb/0xf0 [ 595.977479][T11957] do_group_exit+0x21b/0x2d0 [ 595.982094][T11957] ? lockdep_hardirqs_on+0x98/0x150 [ 595.987326][T11957] get_signal+0x12fc/0x13f0 [ 595.991888][T11957] arch_do_signal_or_restart+0xc2/0x800 [ 595.997471][T11957] ? get_sigframe_size+0x20/0x20 [ 596.002449][T11957] ? exit_to_user_mode_loop+0x3b/0x110 [ 596.007935][T11957] exit_to_user_mode_loop+0x70/0x110 [ 596.013259][T11957] exit_to_user_mode_prepare+0xee/0x180 [ 596.018851][T11957] syscall_exit_to_user_mode+0x1a/0x50 [ 596.024335][T11957] do_syscall_64+0x61/0xb0 [ 596.028762][T11957] ? clear_bhb_loop+0x40/0x90 [ 596.033456][T11957] ? clear_bhb_loop+0x40/0x90 [ 596.038154][T11957] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 596.044154][T11957] RIP: 0033:0x7f041af9ce59 [ 596.048580][T11957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 596.068221][T11957] RSP: 002b:00007f041bf04028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 596.076664][T11957] RAX: fffffffffffffffc RBX: 00007f041b215fa0 RCX: 00007f041af9ce59 [ 596.084662][T11957] RDX: 000000000000fc40 RSI: 0000200000000080 RDI: 000000000000000b [ 596.092655][T11957] RBP: 00007f041bf04090 R08: 0000000000000000 R09: 0000000000000000 [ 596.100657][T11957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 596.108649][T11957] R13: 00007f041b216038 R14: 00007f041b215fa0 R15: 00007ffe4e4a4388 [ 596.116671][T11957] [ 596.818961][T11986] netlink: 'syz.1.2093': attribute type 10 has an invalid length. [ 597.515406][T11986] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 597.589255][T12004] netlink: 'syz.3.2097': attribute type 2 has an invalid length. [ 597.622462][T12004] netlink: 'syz.3.2097': attribute type 1 has an invalid length. [ 597.653763][T12004] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.2097'. [ 599.259563][T12038] netlink: 'syz.0.2111': attribute type 8 has an invalid length. [ 599.276582][T12038] netlink: 'syz.0.2111': attribute type 9 has an invalid length. [ 599.306516][T12038] netlink: 'syz.0.2111': attribute type 10 has an invalid length. [ 599.325593][T12038] netlink: 'syz.0.2111': attribute type 11 has an invalid length. [ 599.338889][T12038] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2111'. [ 600.641826][T12067] FAULT_INJECTION: forcing a failure. [ 600.641826][T12067] name failslab, interval 1, probability 0, space 0, times 0 [ 600.687784][T12067] CPU: 0 PID: 12067 Comm: syz.1.2119 Not tainted syzkaller #0 [ 600.695305][T12067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 600.705380][T12067] Call Trace: [ 600.708665][T12067] [ 600.711607][T12067] dump_stack_lvl+0x18c/0x250 [ 600.716306][T12067] ? show_regs_print_info+0x20/0x20 [ 600.721516][T12067] ? load_image+0x420/0x420 [ 600.726037][T12067] ? __might_sleep+0xe0/0xe0 [ 600.730636][T12067] ? __lock_acquire+0x7d40/0x7d40 [ 600.735675][T12067] should_fail_ex+0x39d/0x4d0 [ 600.740372][T12067] should_failslab+0x9/0x20 [ 600.744889][T12067] slab_pre_alloc_hook+0x59/0x310 [ 600.749934][T12067] ? tomoyo_encode+0x28b/0x540 [ 600.754717][T12067] ? tomoyo_encode+0x28b/0x540 [ 600.759573][T12067] __kmem_cache_alloc_node+0x53/0x250 [ 600.764964][T12067] ? tomoyo_encode+0x28b/0x540 [ 600.769824][T12067] __kmalloc+0xa4/0x230 [ 600.773991][T12067] tomoyo_encode+0x28b/0x540 [ 600.778601][T12067] tomoyo_realpath_from_path+0x592/0x5d0 [ 600.784258][T12067] tomoyo_path_number_perm+0x248/0x620 [ 600.789741][T12067] ? tomoyo_path_number_perm+0x217/0x620 [ 600.795388][T12067] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 600.800896][T12067] ? __fget_files+0x28/0x4b0 [ 600.805496][T12067] ? __fget_files+0x28/0x4b0 [ 600.810105][T12067] security_file_ioctl+0x70/0xa0 [ 600.815049][T12067] __se_sys_ioctl+0x48/0x170 [ 600.819654][T12067] do_syscall_64+0x55/0xb0 [ 600.824075][T12067] ? clear_bhb_loop+0x40/0x90 [ 600.828771][T12067] ? clear_bhb_loop+0x40/0x90 [ 600.833473][T12067] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 600.839382][T12067] RIP: 0033:0x7f041af9ce59 [ 600.843809][T12067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 600.863431][T12067] RSP: 002b:00007f041bf04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 600.871862][T12067] RAX: ffffffffffffffda RBX: 00007f041b215fa0 RCX: 00007f041af9ce59 [ 600.879844][T12067] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000006 [ 600.887825][T12067] RBP: 00007f041bf04090 R08: 0000000000000000 R09: 0000000000000000 [ 600.896236][T12067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 600.904218][T12067] R13: 00007f041b216038 R14: 00007f041b215fa0 R15: 00007ffe4e4a4388 [ 600.912213][T12067] [ 600.921186][T12067] ERROR: Out of memory at tomoyo_realpath_from_path. [ 606.111034][T12119] netlink: 16182 bytes leftover after parsing attributes in process `syz.1.2138'. [ 608.087746][T12161] FAULT_INJECTION: forcing a failure. [ 608.087746][T12161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.124928][T12161] CPU: 1 PID: 12161 Comm: syz.0.2152 Not tainted syzkaller #0 [ 608.132445][T12161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 608.142533][T12161] Call Trace: [ 608.145834][T12161] [ 608.148783][T12161] dump_stack_lvl+0x18c/0x250 [ 608.153509][T12161] ? show_regs_print_info+0x20/0x20 [ 608.158731][T12161] ? load_image+0x420/0x420 [ 608.163274][T12161] ? __lock_acquire+0x7d40/0x7d40 [ 608.168320][T12161] ? snprintf+0xe9/0x140 [ 608.172599][T12161] should_fail_ex+0x39d/0x4d0 [ 608.177330][T12161] _copy_to_user+0x2f/0xa0 [ 608.181779][T12161] simple_read_from_buffer+0xe7/0x150 [ 608.187189][T12161] proc_fail_nth_read+0x1e8/0x260 [ 608.192242][T12161] ? proc_fault_inject_write+0x360/0x360 [ 608.197893][T12161] ? fsnotify_perm+0x271/0x5e0 [ 608.202657][T12161] ? proc_fault_inject_write+0x360/0x360 [ 608.208288][T12161] vfs_read+0x28b/0x970 [ 608.212444][T12161] ? kernel_read+0x1e0/0x1e0 [ 608.217025][T12161] ? __fget_files+0x28/0x4b0 [ 608.221612][T12161] ? __fget_files+0x28/0x4b0 [ 608.226195][T12161] ? __fget_files+0x43d/0x4b0 [ 608.230869][T12161] ? __fdget_pos+0x2a3/0x330 [ 608.235449][T12161] ? ksys_read+0x75/0x260 [ 608.239775][T12161] ksys_read+0x150/0x260 [ 608.244014][T12161] ? vfs_write+0x990/0x990 [ 608.248424][T12161] ? lockdep_hardirqs_on+0x98/0x150 [ 608.253616][T12161] do_syscall_64+0x55/0xb0 [ 608.258025][T12161] ? clear_bhb_loop+0x40/0x90 [ 608.262697][T12161] ? clear_bhb_loop+0x40/0x90 [ 608.267366][T12161] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 608.273248][T12161] RIP: 0033:0x7fa58fb5d68e [ 608.277654][T12161] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 608.297282][T12161] RSP: 002b:00007fa5909e7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 608.305699][T12161] RAX: ffffffffffffffda RBX: 00007fa5909e86c0 RCX: 00007fa58fb5d68e [ 608.313671][T12161] RDX: 000000000000000f RSI: 00007fa5909e80a0 RDI: 0000000000000006 [ 608.321635][T12161] RBP: 00007fa5909e8090 R08: 0000000000000000 R09: 0000000000000000 [ 608.329598][T12161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.337564][T12161] R13: 00007fa58fe16038 R14: 00007fa58fe15fa0 R15: 00007fff82eb9608 [ 608.345541][T12161] [ 608.634381][T12167] FAULT_INJECTION: forcing a failure. [ 608.634381][T12167] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.668601][T12167] CPU: 1 PID: 12167 Comm: syz.3.2154 Not tainted syzkaller #0 [ 608.676119][T12167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 608.686205][T12167] Call Trace: [ 608.689513][T12167] [ 608.692471][T12167] dump_stack_lvl+0x18c/0x250 [ 608.697191][T12167] ? show_regs_print_info+0x20/0x20 [ 608.702447][T12167] ? load_image+0x420/0x420 [ 608.706992][T12167] ? __might_fault+0xaa/0x120 [ 608.711703][T12167] ? __lock_acquire+0x7d40/0x7d40 [ 608.716756][T12167] should_fail_ex+0x39d/0x4d0 [ 608.721473][T12167] _copy_from_user+0x2f/0xe0 [ 608.726100][T12167] ___sys_sendmsg+0x1c7/0x360 [ 608.730814][T12167] ? __sys_sendmsg+0x2a0/0x2a0 [ 608.735638][T12167] ? __lock_acquire+0x7d40/0x7d40 [ 608.740728][T12167] __se_sys_sendmsg+0x1c2/0x2b0 [ 608.745612][T12167] ? __x64_sys_sendmsg+0x80/0x80 [ 608.750599][T12167] ? lockdep_hardirqs_on+0x98/0x150 [ 608.755835][T12167] do_syscall_64+0x55/0xb0 [ 608.760291][T12167] ? clear_bhb_loop+0x40/0x90 [ 608.765001][T12167] ? clear_bhb_loop+0x40/0x90 [ 608.769716][T12167] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 608.775643][T12167] RIP: 0033:0x7fa8ef19ce59 [ 608.780087][T12167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 608.799724][T12167] RSP: 002b:00007fa8effe5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 608.808178][T12167] RAX: ffffffffffffffda RBX: 00007fa8ef415fa0 RCX: 00007fa8ef19ce59 [ 608.816271][T12167] RDX: 0000000000008000 RSI: 0000200000000380 RDI: 0000000000000003 [ 608.824292][T12167] RBP: 00007fa8effe5090 R08: 0000000000000000 R09: 0000000000000000 [ 608.832301][T12167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.840309][T12167] R13: 00007fa8ef416038 R14: 00007fa8ef415fa0 R15: 00007ffc76648af8 [ 608.848340][T12167] [ 609.247779][T12173] netlink: 'syz.2.2158': attribute type 2 has an invalid length. [ 609.320749][T12173] netlink: 'syz.2.2158': attribute type 1 has an invalid length. [ 609.363676][T12173] netlink: 198800 bytes leftover after parsing attributes in process `syz.2.2158'. [ 611.186719][T12207] netlink: 'syz.3.2170': attribute type 2 has an invalid length. [ 611.220904][T12207] netlink: 'syz.3.2170': attribute type 1 has an invalid length. [ 611.259692][T12207] netlink: 198800 bytes leftover after parsing attributes in process `syz.3.2170'. [ 611.597562][T12220] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2174'. [ 611.614166][T12220] openvswitch: netlink: Tunnel attr 0 has unexpected len 5 expected 8 [ 611.653718][T12222] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2175'. [ 611.678920][T12222] openvswitch: netlink: Tunnel attr 0 has unexpected len 5 expected 8 [ 611.724442][T12222] FAULT_INJECTION: forcing a failure. [ 611.724442][T12222] name failslab, interval 1, probability 0, space 0, times 0 [ 611.749041][T12222] CPU: 0 PID: 12222 Comm: syz.3.2175 Not tainted syzkaller #0 [ 611.756565][T12222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 611.766646][T12222] Call Trace: [ 611.769961][T12222] [ 611.772917][T12222] dump_stack_lvl+0x18c/0x250 [ 611.777634][T12222] ? show_regs_print_info+0x20/0x20 [ 611.782859][T12222] ? load_image+0x420/0x420 [ 611.787404][T12222] ? __might_sleep+0xe0/0xe0 [ 611.792025][T12222] ? __lock_acquire+0x7d40/0x7d40 [ 611.797083][T12222] should_fail_ex+0x39d/0x4d0 [ 611.801800][T12222] should_failslab+0x9/0x20 [ 611.806331][T12222] slab_pre_alloc_hook+0x59/0x310 [ 611.811390][T12222] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 611.817131][T12222] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 611.822867][T12222] __kmem_cache_alloc_node+0x53/0x250 [ 611.828285][T12222] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 611.834031][T12222] __kmalloc+0xa4/0x230 [ 611.838222][T12222] tomoyo_realpath_from_path+0xe3/0x5d0 [ 611.843805][T12222] tomoyo_path_number_perm+0x248/0x620 [ 611.849306][T12222] ? tomoyo_path_number_perm+0x217/0x620 [ 611.854974][T12222] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 611.860478][T12222] ? ksys_write+0x1c4/0x260 [ 611.865041][T12222] ? __fget_files+0x28/0x4b0 [ 611.869657][T12222] ? __fget_files+0x28/0x4b0 [ 611.874288][T12222] security_file_ioctl+0x70/0xa0 [ 611.879251][T12222] __se_sys_ioctl+0x48/0x170 [ 611.883876][T12222] do_syscall_64+0x55/0xb0 [ 611.888321][T12222] ? clear_bhb_loop+0x40/0x90 [ 611.893027][T12222] ? clear_bhb_loop+0x40/0x90 [ 611.897736][T12222] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 611.903652][T12222] RIP: 0033:0x7fa8ef19ce59 [ 611.908093][T12222] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 611.927722][T12222] RSP: 002b:00007fa8effe5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 611.936164][T12222] RAX: ffffffffffffffda RBX: 00007fa8ef415fa0 RCX: 00007fa8ef19ce59 [ 611.944158][T12222] RDX: 0000200000000280 RSI: 0000000000008b26 RDI: 000000000000000c [ 611.952153][T12222] RBP: 00007fa8effe5090 R08: 0000000000000000 R09: 0000000000000000 [ 611.960154][T12222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 611.968150][T12222] R13: 00007fa8ef416038 R14: 00007fa8ef415fa0 R15: 00007ffc76648af8 [ 611.976162][T12222] [ 612.012631][T12222] ERROR: Out of memory at tomoyo_realpath_from_path. [ 616.485379][T12392] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.493176][T12392] bridge0: entered allmulticast mode [ 616.515920][T12394] bridge_slave_0: left allmulticast mode [ 616.528057][T12394] bridge_slave_0: left promiscuous mode [ 616.540270][T12394] bridge0: port 1(bridge_slave_0) entered disabled state [ 617.532610][T12433] syzkaller0: entered promiscuous mode [ 617.541427][T12433] syzkaller0: entered allmulticast mode [ 623.317128][T12469] syzkaller0: entered promiscuous mode [ 623.322746][T12469] syzkaller0: entered allmulticast mode [ 624.475294][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.482920][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.498836][T12510] veth0_vlan: entered allmulticast mode [ 627.549399][T12512] veth0_vlan: left promiscuous mode [ 627.609075][T12512] veth0_vlan: entered promiscuous mode [ 627.731502][T12517] syzkaller0: entered promiscuous mode [ 627.737054][T12517] syzkaller0: entered allmulticast mode [ 632.067278][T12552] syzkaller0: entered promiscuous mode [ 632.076230][T12552] syzkaller0: entered allmulticast mode [ 633.351095][T12571] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 633.373746][T12571] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 633.387740][T12571] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 633.406432][T12571] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 633.416165][T12571] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 633.425972][T12571] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 635.519601][ T5782] Bluetooth: hci4: command tx timeout [ 635.642728][T12562] syzkaller0: entered promiscuous mode [ 635.650009][T12562] syzkaller0: entered allmulticast mode [ 637.589097][ T5782] Bluetooth: hci4: command tx timeout [ 637.997231][T12569] chnl_net:caif_netlink_parms(): no params data found [ 638.128727][T12569] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.136124][T12569] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.143500][T12569] bridge_slave_0: entered allmulticast mode [ 638.150873][T12569] bridge_slave_0: entered promiscuous mode [ 638.162683][T12569] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.169997][T12569] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.177265][T12569] bridge_slave_1: entered allmulticast mode [ 638.184788][T12569] bridge_slave_1: entered promiscuous mode [ 638.240808][T12569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 638.259760][T12569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 638.343980][T12569] team0: Port device team_slave_0 added [ 638.361445][T12569] team0: Port device team_slave_1 added [ 638.415981][T12569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.423323][T12569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.449823][T12569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.476916][T12569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.485410][T12569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.513555][T12569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.572409][T12569] hsr_slave_0: entered promiscuous mode [ 638.584460][T12569] hsr_slave_1: entered promiscuous mode [ 638.592876][T12569] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 638.601337][T12569] Cannot create hsr debugfs directory [ 638.658027][T12323] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.724192][T12323] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.825454][T12323] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.931312][T12569] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 638.942037][T12569] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 638.974157][T12323] bond0: (slave netdevsim0): Releasing backup interface [ 638.987053][T12323] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.006868][T12569] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 639.020917][T12569] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 639.233789][T12323] tipc: Left network mode [ 639.248332][T12569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 639.292397][T12569] 8021q: adding VLAN 0 to HW filter on device team0 [ 639.395273][T12323] ip6gretap0 (unregistering): left allmulticast mode [ 639.402802][T12323] ip6gretap0 (unregistering): left promiscuous mode [ 639.411021][T12323] Ÿë: port 1(ip6gretap0) entered disabled state [ 639.460243][T12327] bridge0: port 1(bridge_slave_0) entered blocking state [ 639.468161][T12327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 639.496887][T12327] bridge0: port 2(bridge_slave_1) entered blocking state [ 639.504098][T12327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 639.680514][ T5782] Bluetooth: hci4: command tx timeout [ 640.026454][T12569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 640.462818][T12323] hsr_slave_0: left promiscuous mode [ 640.474578][T12323] hsr_slave_1: left promiscuous mode [ 640.485239][T12323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 640.493140][T12323] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 640.505908][T12323] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 640.514563][T12323] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 640.544144][T12323] veth0_macvtap: left promiscuous mode [ 640.549978][T12323] veth1_vlan: left promiscuous mode [ 641.023111][T12323] team0 (unregistering): Port device team_slave_1 removed [ 641.089407][T12323] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 641.126480][T12323] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 641.165779][T12323] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 641.370695][T12323] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 641.413455][T12323] bond0 (unregistering): Released all slaves [ 641.508355][T12569] veth0_vlan: entered promiscuous mode [ 641.535335][T12569] veth1_vlan: entered promiscuous mode [ 641.585626][T12569] veth0_macvtap: entered promiscuous mode [ 641.606651][T12569] veth1_macvtap: entered promiscuous mode [ 641.638498][T12569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.652052][T12569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.672107][T12569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 641.694202][T12569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.715665][T12569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.728651][T12569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 641.744575][T12569] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.757410][ T5782] Bluetooth: hci4: command tx timeout [ 641.768918][T12569] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.777630][T12569] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.804374][T12569] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 641.951948][T12337] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 641.971467][T12337] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.013179][T12323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 642.021955][T12323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 642.385478][T12647] syzkaller0: entered promiscuous mode [ 644.342631][T12673] syzkaller0: entered promiscuous mode [ 644.348154][T12673] syzkaller0: entered allmulticast mode [ 648.345996][T12740] syzkaller0: entered promiscuous mode [ 648.358830][T12740] syzkaller0: entered allmulticast mode [ 648.505630][T12750] syzkaller0: entered promiscuous mode [ 648.511389][T12750] syzkaller0: entered allmulticast mode [ 652.582771][T12792] syzkaller0: entered promiscuous mode [ 652.753746][T12803] syzkaller0: entered promiscuous mode [ 652.770951][T12803] syzkaller0: entered allmulticast mode [ 653.051755][T12571] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 653.062281][T12571] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 653.070656][T12571] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 653.094080][T12571] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 653.105323][T12571] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 653.115964][T12571] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 655.194776][ T5782] Bluetooth: hci0: command tx timeout [ 656.216863][T12323] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.323878][T12323] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.415964][T12323] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.502216][T12323] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.850988][T12812] chnl_net:caif_netlink_parms(): no params data found [ 656.936568][T12323] tipc: Left network mode [ 657.271182][ T5782] Bluetooth: hci0: command tx timeout [ 657.278690][T12812] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.290122][T12812] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.314355][T12812] bridge_slave_0: entered allmulticast mode [ 657.331630][T12812] bridge_slave_0: entered promiscuous mode [ 657.450395][T12812] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.473343][T12812] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.489855][T12812] bridge_slave_1: entered allmulticast mode [ 657.503602][T12812] bridge_slave_1: entered promiscuous mode [ 657.580174][T12812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 657.647953][T12812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 659.350470][ T5782] Bluetooth: hci0: command tx timeout [ 659.692087][T12812] team0: Port device team_slave_0 added [ 659.706332][T12812] team0: Port device team_slave_1 added [ 659.874300][T12812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 659.889475][T12812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 659.948908][T12812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.039938][T12812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.046937][T12812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.139196][T12812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 660.367917][T12812] hsr_slave_0: entered promiscuous mode [ 660.416137][T12812] hsr_slave_1: entered promiscuous mode [ 661.440874][ T5782] Bluetooth: hci0: command tx timeout [ 662.767171][T12323] hsr_slave_0: left promiscuous mode [ 662.874266][T12323] hsr_slave_1: left promiscuous mode [ 662.882136][T12323] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 662.889661][T12323] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.897618][T12323] bridge_slave_0: left allmulticast mode [ 662.908581][T12323] bridge_slave_0: left promiscuous mode [ 662.914744][T12323] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.946361][T12323] veth1_macvtap: left promiscuous mode [ 662.962378][T12323] veth0_macvtap: left promiscuous mode [ 662.968203][T12323] veth0_vlan: left promiscuous mode [ 664.669154][T12323] team0 (unregistering): Port device team_slave_1 removed [ 664.781973][T12323] team0 (unregistering): Port device team_slave_0 removed [ 664.929310][T12323] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 665.016823][T12323] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 665.074981][T12323] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 665.434469][T12323] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 665.500609][T12323] bond0 (unregistering): Released all slaves [ 665.626254][T12910] syzkaller0: entered promiscuous mode [ 665.633840][T12910] syzkaller0: entered allmulticast mode [ 667.251131][T12933] syzkaller0: entered promiscuous mode [ 667.256623][T12933] syzkaller0: entered allmulticast mode [ 670.187974][T12953] syzkaller0: entered promiscuous mode [ 670.193656][T12953] syzkaller0: entered allmulticast mode [ 672.184336][T12812] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 672.255455][T12812] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 672.310921][T12812] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 673.284594][T12812] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 673.927433][T13001] veth0_vlan: entered allmulticast mode [ 674.072593][T13003] veth0_vlan: left promiscuous mode [ 674.107554][T13003] veth0_vlan: entered promiscuous mode [ 674.184257][T13006] sit0: entered allmulticast mode [ 674.587590][T13018] syzkaller0: entered promiscuous mode [ 674.593232][T13018] syzkaller0: entered allmulticast mode [ 676.120760][T13025] [ 676.126551][T13025] ============================= [ 676.131514][T13025] WARNING: suspicious RCU usage [ 676.136461][T13025] syzkaller #0 Not tainted [ 676.141144][T13025] ----------------------------- [ 676.146020][T13025] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage! [ 676.155433][T13025] [ 676.155433][T13025] other info that might help us debug this: [ 676.155433][T13025] [ 676.165829][T13025] [ 676.165829][T13025] rcu_scheduler_active = 2, debug_locks = 1 [ 676.174012][T13025] 1 lock held by syz.4.2377/13025: [ 676.179210][T13025] #0: ffffffff8d132340 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 [ 676.189538][T13025] [ 676.189538][T13025] stack backtrace: [ 676.195540][T13025] CPU: 1 PID: 13025 Comm: syz.4.2377 Not tainted syzkaller #0 [ 676.203023][T13025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 676.213099][T13025] Call Trace: [ 676.216396][T13025] [ 676.219343][T13025] dump_stack_lvl+0x18c/0x250 [ 676.224052][T13025] ? show_regs_print_info+0x20/0x20 [ 676.229270][T13025] ? load_image+0x420/0x420 [ 676.233812][T13025] lockdep_rcu_suspicious+0x1e1/0x300 [ 676.239213][T13025] get_callchain_entry+0x2a9/0x3c0 [ 676.244348][T13025] get_perf_callchain+0xc6/0x510 [ 676.249306][T13025] ? put_callchain_entry+0xb0/0xb0 [ 676.254454][T13025] __bpf_get_stack+0x2e4/0x540 [ 676.259243][T13025] ? stack_map_get_build_id_offset+0x720/0x720 [ 676.265398][T13025] ? __cant_sleep+0x220/0x220 [ 676.270068][T13025] ? bpf_prog_14d9fb3786f83342+0x45/0x49 [ 676.275784][T13025] bpf_get_stack_raw_tp+0x1a9/0x210 [ 676.280980][T13025] bpf_prog_14d9fb3786f83342+0x45/0x49 [ 676.286430][T13025] bpf_prog_run_pin_on_cpu+0x64/0x150 [ 676.291796][T13025] bpf_prog_test_run_syscall+0x317/0x4a0 [ 676.297423][T13025] ? sock_gen_cookie+0x60/0x60 [ 676.302187][T13025] ? sock_gen_cookie+0x60/0x60 [ 676.306949][T13025] bpf_prog_test_run+0x321/0x390 [ 676.311974][T13025] __sys_bpf+0x49d/0x890 [ 676.316215][T13025] ? bpf_link_show_fdinfo+0x390/0x390 [ 676.321590][T13025] ? lock_chain_count+0x20/0x20 [ 676.326436][T13025] __x64_sys_bpf+0x7c/0x90 [ 676.330848][T13025] do_syscall_64+0x55/0xb0 [ 676.335254][T13025] ? clear_bhb_loop+0x40/0x90 [ 676.339925][T13025] ? clear_bhb_loop+0x40/0x90 [ 676.344605][T13025] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 676.350500][T13025] RIP: 0033:0x7fcdb079ce59 [ 676.354909][T13025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 676.374518][T13025] RSP: 002b:00007fcdb15a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 676.382926][T13025] RAX: ffffffffffffffda RBX: 00007fcdb0a15fa0 RCX: 00007fcdb079ce59 [ 676.390890][T13025] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a [ 676.398864][T13025] RBP: 00007fcdb0832d6f R08: 0000000000000000 R09: 0000000000000000 [ 676.406842][T13025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.414817][T13025] R13: 00007fcdb0a16038 R14: 00007fcdb0a15fa0 R15: 00007ffe33f5f978 [ 676.422793][T13025] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 679.436312][T12337] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.564841][T12337] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.685310][T12337] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 679.805008][T12337] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.062131][T12337] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.162391][T12337] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.272399][T12337] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 680.381061][T12337] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.428113][T12337] hsr_slave_0: left promiscuous mode [ 682.436114][T12337] hsr_slave_1: left promiscuous mode [ 682.446315][T12337] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.454471][T12337] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 682.464067][T12337] bridge_slave_1: left allmulticast mode [ 682.469779][T12337] bridge_slave_1: left promiscuous mode [ 682.475445][T12337] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.483801][T12337] bridge_slave_0: left allmulticast mode [ 682.489551][T12337] bridge_slave_0: left promiscuous mode [ 682.495322][T12337] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.509380][T12337] hsr_slave_0: left promiscuous mode [ 682.515327][T12337] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 682.523510][T12337] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.531348][T12337] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 682.538882][T12337] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 682.550273][T12337] hsr_slave_0: left promiscuous mode [ 682.556052][T12337] hsr_slave_1: left promiscuous mode [ 682.562135][T12337] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 682.569630][T12337] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.577242][T12337] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 682.585389][T12337] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 682.593118][T12337] bridge_slave_1: left allmulticast mode [ 682.598945][T12337] bridge_slave_1: left promiscuous mode [ 682.604702][T12337] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.614629][T12337] bridge_slave_0: left allmulticast mode [ 682.620662][T12337] bridge_slave_0: left promiscuous mode [ 682.626307][T12337] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.655503][T12337] veth1_macvtap: left promiscuous mode [ 682.661088][T12337] veth0_macvtap: left promiscuous mode [ 682.666637][T12337] veth1_vlan: left promiscuous mode [ 682.673194][T12337] veth0_vlan: left promiscuous mode [ 682.680036][T12337] veth1_macvtap: left promiscuous mode [ 682.685553][T12337] veth0_macvtap: left promiscuous mode [ 682.691422][T12337] veth1_vlan: left promiscuous mode [ 682.696723][T12337] veth0_vlan: left promiscuous mode [ 682.996626][T12337] team0 (unregistering): Port device team_slave_1 removed [ 683.032682][T12337] team0 (unregistering): Port device team_slave_0 removed [ 683.061623][T12337] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 683.088663][T12337] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 683.196639][T12337] bond0 (unregistering): Released all slaves [ 683.665811][T12337] team0 (unregistering): Port device team_slave_1 removed [ 683.706023][T12337] team0 (unregistering): Port device team_slave_0 removed [ 683.744635][T12337] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 683.792248][T12337] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 684.001321][T12337] bond0 (unregistering): Released all slaves [ 684.427764][T12337] team0 (unregistering): Port device team_slave_1 removed [ 684.468136][T12337] team0 (unregistering): Port device team_slave_0 removed [ 684.505014][T12337] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 684.545857][T12337] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 684.819028][T12337] bond0 (unregistering): Released all slaves [ 685.747491][T12337] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.845655][T12337] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.912930][T12337] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.926800][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.933217][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.975432][T12337] bond0: (slave netdevsim0): Releasing backup interface [ 685.986277][T12337] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0