last executing test programs: 6.976360018s ago: executing program 0 (id=2280): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x28, 0x4, 0x2}, 0x50) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/29], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000100), &(0x7f0000000140)=r2}, 0x20) 6.708515309s ago: executing program 0 (id=2283): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xd, 0x0, &(0x7f0000000200)="df33c9f7b9a600000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 6.45562176s ago: executing program 0 (id=2285): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x5000000000000, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1000000000040}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@pptp={0x18, 0x2, {0x1, @local}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0x1}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3272, 0x40, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_bp={0x0, 0x5}, 0x0, 0x2, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080b01000000e8fe55a1180015000600142603600e120800180000000401040016000a00104006001000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f4d360000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10) 5.812285162s ago: executing program 0 (id=2289): r0 = gettid() r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xee, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x17f6, 0x0, 0x0, 0x0, 0xffffffff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = syz_clone(0x40000200, &(0x7f0000000100)="debbc77c8009a6286cd47c16f5b5b7e02b7902552abeacdd5e15611d14c77b5c0154e546b8b5ee20cab0853a6d780a40ed31b669b155ca3e489cd4dded4272fd8261f770d6a89919b5a90fd26f07fded52a73b196c112f05253070e00c4ae7fc5ad83c414f7d58b391b5f8f70f7d40508f63742abeea7aab014c3fc8879453", 0x7f, &(0x7f00000012c0), &(0x7f0000001300), &(0x7f0000001340)="543d74d8054e54e391d495e2bc35a45fe3ad050eed43677f753807e2a1d7f8a759c6ea13b11512ec5caef88452a185f4acac33ddb64910c7590ae4cf0bbb46e4a15432f8eff0bc312bac96ae0f7445ca0f60fb2b8c550ceac8f90620d21fad6587297325eaec7391587ffd1e28e54fa5f9e07bc72573a53a061495921e1c23ce69b8616f7342c05c9bed373fc069a54df01f4be0d116504b668a1bf832527d74f3a1a5cbd4089b73a3d5abadc5686f34c62e62724be3d2952c0e901009641aa790fa63377fccfe8024ffab551b3ea979f2e7551550f3a5a48e126308c4b71710") syz_open_procfs$namespace(r3, &(0x7f0000001440)='ns/cgroup\x00') perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x10000000000000}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0xffffffff}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f00000014c0)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x2) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000020000000000000000000850000007b00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800008a0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008c50b00b704000002000000850000008600000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r5}, 0xc) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0x0, 0xffffffffffffffff, 0x0, 0x16, &(0x7f0000000000)='/proc/net/\x01?\fX\a0\x04\x00\x00\x82q\xee'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) 5.205673961s ago: executing program 0 (id=2292): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x84800) recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000003080)=[{&(0x7f0000001bc0)=""/270, 0x10e}, {&(0x7f0000000840)=""/230, 0xe6}, {&(0x7f0000003200)=""/236, 0xec}, {&(0x7f0000000740)=""/208, 0xd0}, {&(0x7f0000002080)=""/4059, 0xfdb}, {&(0x7f0000000a00)=""/196, 0xc4}, {&(0x7f0000000500)=""/210, 0xd2}], 0x7}, 0x40012100) 4.430445983s ago: executing program 3 (id=2297): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x5000000000000, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1000000000040}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@pptp={0x18, 0x2, {0x1, @local}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0x1}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3272, 0x40, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_bp={0x0, 0x5}, 0x0, 0x2, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080b01000000e8fe55a1180015000600142603600e120800180000000401040016000a00104006001000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f4d360000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10) 4.060461483s ago: executing program 0 (id=2298): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848120000005e0c0000000000000e000a001400000002", 0x29}], 0x1}, 0x0) 3.715355531s ago: executing program 3 (id=2301): bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 3.570605242s ago: executing program 1 (id=2303): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x28, 0x4, 0x2}, 0x50) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/29], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000100), &(0x7f0000000140)=r2}, 0x20) 3.10442362s ago: executing program 1 (id=2304): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000040) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xc, 0x0, 0x5d31, 0x8482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x80000001, 0x4}, 0x100502, 0x0, 0x1000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x7, 0xffffffffffffffff, 0xb) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)="2e0000001100818804e5689563fe6be69ddcbbc0d80000000001000000108d32de878a170c3a9ce20d8e4f40e363650be98496dca8b808ff2e428cae3aa166c7b132e32bfdc00856476d5d0c56db12b9ae390550119dce8c872eae4fedd460e567621a98517cf6dc1a0d8295031aa2747cbf3241662350bcad5268cd984a5f7a19338b0607c5014ebbac5c36397b00"/158, 0x2e}], 0x1, 0x0, 0xfffffffffffffde5}, 0x4000080) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='percpu_alloc_percpu\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='devices.list\x00', 0x26e1, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x3) recvmsg$unix(0xffffffffffffffff, 0x0, 0x40) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c096) write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1) sendmsg$kcm(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=ANY=[], 0xe0}, 0x20004065) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800004018210000", @ANYRES32, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0xfe6a, &(0x7f00000014c0)=""/4098, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe65}, 0x23) 2.893845507s ago: executing program 3 (id=2306): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x84800) recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000003080)=[{&(0x7f0000001bc0)=""/270, 0x10e}, {&(0x7f0000000840)=""/230, 0xe6}, {&(0x7f0000003200)=""/236, 0xec}, {&(0x7f0000000740)=""/208, 0xd0}, {&(0x7f0000002080)=""/4059, 0xfdb}, {&(0x7f0000000a00)=""/196, 0xc4}, {&(0x7f0000000500)=""/210, 0xd2}], 0x7}, 0x40012100) 2.000344708s ago: executing program 1 (id=2310): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848120000005e0c0000000000000e000a001400000002800000", 0x2c}], 0x1}, 0x0) 1.659602216s ago: executing program 2 (id=2312): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x20242, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="1e0301003c05000128876b60864668f82ffdeefa000000000000ffd2acb165fe580cd568020031b87b548cb74136f366da0abe01"], 0xffdd) 1.472285501s ago: executing program 3 (id=2313): bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 1.282534476s ago: executing program 1 (id=2314): close(0x3) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x800, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50) 1.053774065s ago: executing program 2 (id=2315): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r0) socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c096) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1e, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xe}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) sendmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=ANY=[], 0xe0}, 0x20004065) 840.357842ms ago: executing program 1 (id=2316): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x5000000000000, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1000000000040}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@pptp={0x18, 0x2, {0x1, @local}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0x1}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3272, 0x40, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_bp={0x0, 0x5}, 0x0, 0x2, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080b01000000e8fe55a1180015000600142603600e120800180000000401040016000a00104006001000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f4d360000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r4, 0x0, 0x0}, 0x10) 840.101082ms ago: executing program 3 (id=2317): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000040) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0xc, 0x0, 0x5d31, 0x8482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x80000001, 0x4}, 0x100502, 0x0, 0x1000, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x7, 0xffffffffffffffff, 0xb) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)="2e0000001100818804e5689563fe6be69ddcbbc0d80000000001000000108d32de878a170c3a9ce20d8e4f40e363650be98496dca8b808ff2e428cae3aa166c7b132e32bfdc00856476d5d0c56db12b9ae390550119dce8c872eae4fedd460e567621a98517cf6dc1a0d8295031aa2747cbf3241662350bcad5268cd984a5f7a19338b0607c5014ebbac5c36397b00"/158, 0x2e}], 0x1, 0x0, 0xfffffffffffffde5}, 0x4000080) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='percpu_alloc_percpu\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='devices.list\x00', 0x26e1, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x3) recvmsg$unix(0xffffffffffffffff, 0x0, 0x40) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c096) write$cgroup_type(r2, &(0x7f0000000080), 0x11ffffce1) sendmsg$kcm(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=ANY=[], 0xe0}, 0x20004065) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800004018210000", @ANYRES32, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0xfe6a, &(0x7f00000014c0)=""/4098, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe65}, 0x23) 839.826402ms ago: executing program 2 (id=2318): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="1802000086770000000000000000000018010000202070250000001f002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000000600000018"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200}) socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080)) 581.150713ms ago: executing program 2 (id=2319): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x28, 0x4, 0x2}, 0x50) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000100), &(0x7f0000000140)=r2}, 0x20) 385.654699ms ago: executing program 1 (id=2320): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x84800) recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000003080)=[{&(0x7f0000001bc0)=""/270, 0x10e}, {&(0x7f0000000840)=""/230, 0xe6}, {&(0x7f0000003200)=""/236, 0xec}, {&(0x7f0000000740)=""/208, 0xd0}, {&(0x7f0000002080)=""/4059, 0xfdb}, {&(0x7f0000000a00)=""/196, 0xc4}, {&(0x7f0000000500)=""/210, 0xd2}], 0x7}, 0x40012100) 349.343162ms ago: executing program 2 (id=2321): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848120000005e0c0000000000000e000a001400000002800000", 0x2c}], 0x1}, 0x0) 159.252217ms ago: executing program 2 (id=2322): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x20242, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="1e0301003c05000128876b60864668f82ffdeefa000000000000ffd2acb165fe580cd568020031b87b548cb74136f366da0abe01"], 0xffdd) 0s ago: executing program 3 (id=2323): close(0x3) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x800, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50) kernel console output (not intermixed with test programs): .724330][ T7700] ? aa_file_perm+0x120/0xec0 [ 432.729033][ T7700] ? aa_file_perm+0x3e8/0xec0 [ 432.733735][ T7700] ? rcu_read_unlock+0xa0/0xa0 [ 432.738553][ T7700] ? tun_get+0x1c/0x2e0 [ 432.742914][ T7700] ? __lock_acquire+0x7c80/0x7c80 [ 432.748055][ T7700] ? tun_get+0x1c/0x2e0 [ 432.752263][ T7700] tun_chr_write_iter+0x119/0x200 [ 432.757348][ T7700] vfs_write+0x43b/0x940 [ 432.761642][ T7700] ? file_end_write+0x250/0x250 [ 432.766710][ T7700] ? __fget_files+0x44a/0x4d0 [ 432.771517][ T7700] ? __fdget_pos+0x1d8/0x330 [ 432.776187][ T7700] ? ksys_write+0x75/0x250 [ 432.780719][ T7700] ksys_write+0x147/0x250 [ 432.785095][ T7700] ? __ia32_sys_read+0x90/0x90 [ 432.789981][ T7700] ? lockdep_hardirqs_on+0x98/0x150 [ 432.795217][ T7700] do_syscall_64+0x55/0xb0 [ 432.799760][ T7700] ? clear_bhb_loop+0x40/0x90 [ 432.804463][ T7700] ? clear_bhb_loop+0x40/0x90 [ 432.809187][ T7700] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 432.815135][ T7700] RIP: 0033:0x7f5942f8ebe9 [ 432.819579][ T7700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.839531][ T7700] RSP: 002b:00007f5943e8d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 432.848259][ T7700] RAX: ffffffffffffffda RBX: 00007f59431b6090 RCX: 00007f5942f8ebe9 [ 432.856353][ T7700] RDX: 000000000000ffdd RSI: 0000200000000000 RDI: 0000000000000003 [ 432.864381][ T7700] RBP: 00007f5943e8d090 R08: 0000000000000000 R09: 0000000000000000 [ 432.872485][ T7700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.880589][ T7700] R13: 00007f59431b6128 R14: 00007f59431b6090 R15: 00007ffe91aa6628 [ 432.888614][ T7700] [ 436.176715][ T7708] netlink: 188 bytes leftover after parsing attributes in process `syz.3.680'. [ 437.582429][ T7749] syzkaller0: entered promiscuous mode [ 437.588097][ T7749] syzkaller0: entered allmulticast mode [ 439.009712][ T7747] syzkaller0: entered promiscuous mode [ 439.015345][ T7747] syzkaller0: entered allmulticast mode [ 439.966090][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.979466][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.880961][ T7772] netlink: 'syz.3.696': attribute type 16 has an invalid length. [ 441.888870][ T7772] netlink: 152 bytes leftover after parsing attributes in process `syz.3.696'. [ 442.359432][ T7791] FAULT_INJECTION: forcing a failure. [ 442.359432][ T7791] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.402352][ T7791] CPU: 0 PID: 7791 Comm: syz.0.704 Not tainted syzkaller #0 [ 442.409810][ T7791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 442.420941][ T7791] Call Trace: [ 442.424251][ T7791] [ 442.427227][ T7791] dump_stack_lvl+0x16c/0x230 [ 442.431953][ T7791] ? show_regs_print_info+0x20/0x20 [ 442.437185][ T7791] ? load_image+0x3b0/0x3b0 [ 442.441805][ T7791] ? __lock_acquire+0x7c80/0x7c80 [ 442.446864][ T7791] ? snprintf+0xdb/0x120 [ 442.451206][ T7791] should_fail_ex+0x39d/0x4d0 [ 442.456032][ T7791] _copy_to_user+0x2f/0xa0 [ 442.460494][ T7791] simple_read_from_buffer+0xe7/0x150 [ 442.466031][ T7791] proc_fail_nth_read+0x1e3/0x250 [ 442.471104][ T7791] ? proc_fault_inject_write+0x340/0x340 [ 442.476949][ T7791] ? fsnotify_perm+0x271/0x5e0 [ 442.481735][ T7791] ? proc_fault_inject_write+0x340/0x340 [ 442.487475][ T7791] vfs_read+0x27e/0x920 [ 442.491745][ T7791] ? kernel_read+0x1e0/0x1e0 [ 442.496357][ T7791] ? __fget_files+0x28/0x4d0 [ 442.501051][ T7791] ? __fget_files+0x44a/0x4d0 [ 442.505754][ T7791] ? __fdget_pos+0x2a3/0x330 [ 442.510369][ T7791] ? ksys_read+0x75/0x250 [ 442.514718][ T7791] ksys_read+0x147/0x250 [ 442.518986][ T7791] ? vfs_write+0x940/0x940 [ 442.523432][ T7791] ? lockdep_hardirqs_on+0x98/0x150 [ 442.528662][ T7791] do_syscall_64+0x55/0xb0 [ 442.533090][ T7791] ? clear_bhb_loop+0x40/0x90 [ 442.537784][ T7791] ? clear_bhb_loop+0x40/0x90 [ 442.542479][ T7791] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 442.548424][ T7791] RIP: 0033:0x7ff57358d5fc [ 442.552975][ T7791] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 442.572704][ T7791] RSP: 002b:00007ff5743ea030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 442.581156][ T7791] RAX: ffffffffffffffda RBX: 00007ff5737b6090 RCX: 00007ff57358d5fc [ 442.589150][ T7791] RDX: 000000000000000f RSI: 00007ff5743ea0a0 RDI: 0000000000000003 [ 442.597153][ T7791] RBP: 00007ff5743ea090 R08: 0000000000000000 R09: 0000000000000000 [ 442.605167][ T7791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.613165][ T7791] R13: 00007ff5737b6128 R14: 00007ff5737b6090 R15: 00007ffdd4f06e78 [ 442.621271][ T7791] [ 442.846642][ T7802] netlink: 'syz.1.708': attribute type 2 has an invalid length. [ 442.863249][ T7802] netlink: 51 bytes leftover after parsing attributes in process `syz.1.708'. [ 443.204233][ T7812] netlink: 152 bytes leftover after parsing attributes in process `syz.2.711'. [ 443.238256][ T7812] netlink: 6 bytes leftover after parsing attributes in process `syz.2.711'. [ 443.282024][ T7815] netlink: 'syz.2.711': attribute type 17 has an invalid length. [ 443.296912][ T7815] netlink: 148 bytes leftover after parsing attributes in process `syz.2.711'. [ 443.528923][ T7825] netlink: 'syz.3.717': attribute type 3 has an invalid length. [ 443.589225][ T7825] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.717'. [ 443.604874][ T7823] netlink: 'syz.1.715': attribute type 17 has an invalid length. [ 443.621621][ T7823] netlink: 148 bytes leftover after parsing attributes in process `syz.1.715'. [ 443.789308][ T7832] netlink: 'syz.2.719': attribute type 17 has an invalid length. [ 443.808031][ T7832] netlink: 148 bytes leftover after parsing attributes in process `syz.2.719'. [ 443.830283][ T7834] netlink: 'syz.1.720': attribute type 2 has an invalid length. [ 443.858277][ T7834] netlink: 'syz.1.720': attribute type 9 has an invalid length. [ 443.890188][ T7834] netlink: 132 bytes leftover after parsing attributes in process `syz.1.720'. [ 444.035148][ T7842] FAULT_INJECTION: forcing a failure. [ 444.035148][ T7842] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 444.075374][ T7842] CPU: 1 PID: 7842 Comm: syz.1.724 Not tainted syzkaller #0 [ 444.082829][ T7842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 444.093110][ T7842] Call Trace: [ 444.096423][ T7842] [ 444.099381][ T7842] dump_stack_lvl+0x16c/0x230 [ 444.104365][ T7842] ? show_regs_print_info+0x20/0x20 [ 444.109613][ T7842] ? load_image+0x3b0/0x3b0 [ 444.114171][ T7842] ? __might_fault+0xaa/0x120 [ 444.118889][ T7842] ? __lock_acquire+0x7c80/0x7c80 [ 444.123967][ T7842] should_fail_ex+0x39d/0x4d0 [ 444.128693][ T7842] _copy_from_user+0x2f/0xe0 [ 444.133595][ T7842] ___sys_sendmsg+0x159/0x290 [ 444.138764][ T7842] ? __sys_sendmsg+0x270/0x270 [ 444.143610][ T7842] ? __lock_acquire+0x7c80/0x7c80 [ 444.148706][ T7842] __se_sys_sendmsg+0x1a5/0x270 [ 444.153608][ T7842] ? __x64_sys_sendmsg+0x80/0x80 [ 444.158616][ T7842] ? lockdep_hardirqs_on+0x98/0x150 [ 444.164260][ T7842] do_syscall_64+0x55/0xb0 [ 444.168713][ T7842] ? clear_bhb_loop+0x40/0x90 [ 444.173432][ T7842] ? clear_bhb_loop+0x40/0x90 [ 444.178316][ T7842] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 444.184252][ T7842] RIP: 0033:0x7f0de718ebe9 [ 444.188792][ T7842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.208798][ T7842] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 444.217359][ T7842] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 444.225383][ T7842] RDX: 0000000000008080 RSI: 0000200000000080 RDI: 0000000000000003 [ 444.233403][ T7842] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 444.241682][ T7842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.249707][ T7842] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 444.257916][ T7842] [ 444.565849][ T7859] FAULT_INJECTION: forcing a failure. [ 444.565849][ T7859] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 444.579420][ T7859] CPU: 1 PID: 7859 Comm: syz.3.731 Not tainted syzkaller #0 [ 444.587052][ T7859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 444.597165][ T7859] Call Trace: [ 444.600487][ T7859] [ 444.603455][ T7859] dump_stack_lvl+0x16c/0x230 [ 444.608191][ T7859] ? show_regs_print_info+0x20/0x20 [ 444.613460][ T7859] ? load_image+0x3b0/0x3b0 [ 444.618185][ T7859] ? __might_fault+0xaa/0x120 [ 444.623011][ T7859] ? __lock_acquire+0x7c80/0x7c80 [ 444.628095][ T7859] should_fail_ex+0x39d/0x4d0 [ 444.632844][ T7859] _copy_from_user+0x2f/0xe0 [ 444.637476][ T7859] __sys_bpf+0x1e9/0x800 [ 444.641741][ T7859] ? bpf_link_show_fdinfo+0x350/0x350 [ 444.647159][ T7859] ? lock_chain_count+0x20/0x20 [ 444.652102][ T7859] __x64_sys_bpf+0x7c/0x90 [ 444.656534][ T7859] do_syscall_64+0x55/0xb0 [ 444.660965][ T7859] ? clear_bhb_loop+0x40/0x90 [ 444.665664][ T7859] ? clear_bhb_loop+0x40/0x90 [ 444.670360][ T7859] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 444.676305][ T7859] RIP: 0033:0x7f55fed8ebe9 [ 444.680731][ T7859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.700440][ T7859] RSP: 002b:00007f55ffbea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 444.708871][ T7859] RAX: ffffffffffffffda RBX: 00007f55fefb5fa0 RCX: 00007f55fed8ebe9 [ 444.716934][ T7859] RDX: 0000000000000020 RSI: 0000200000000780 RDI: 0000000000000002 [ 444.724906][ T7859] RBP: 00007f55ffbea090 R08: 0000000000000000 R09: 0000000000000000 [ 444.732897][ T7859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.740880][ T7859] R13: 00007f55fefb6038 R14: 00007f55fefb5fa0 R15: 00007fff31a35af8 [ 444.748875][ T7859] [ 444.964019][ T7865] netlink: 'syz.1.734': attribute type 1 has an invalid length. [ 445.000504][ T7865] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.734'. [ 445.097492][ T7870] FAULT_INJECTION: forcing a failure. [ 445.097492][ T7870] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 445.140105][ T7870] CPU: 0 PID: 7870 Comm: syz.0.736 Not tainted syzkaller #0 [ 445.147473][ T7870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 445.157740][ T7870] Call Trace: [ 445.161140][ T7870] [ 445.164121][ T7870] dump_stack_lvl+0x16c/0x230 [ 445.168844][ T7870] ? show_regs_print_info+0x20/0x20 [ 445.174081][ T7870] ? load_image+0x3b0/0x3b0 [ 445.178637][ T7870] ? __might_fault+0xaa/0x120 [ 445.183368][ T7870] ? __lock_acquire+0x7c80/0x7c80 [ 445.188518][ T7870] should_fail_ex+0x39d/0x4d0 [ 445.193255][ T7870] _copy_from_user+0x2f/0xe0 [ 445.197985][ T7870] __sys_bpf+0x1e9/0x800 [ 445.202364][ T7870] ? bpf_link_show_fdinfo+0x350/0x350 [ 445.207783][ T7870] ? lock_chain_count+0x20/0x20 [ 445.212672][ T7870] __x64_sys_bpf+0x7c/0x90 [ 445.217125][ T7870] do_syscall_64+0x55/0xb0 [ 445.221667][ T7870] ? clear_bhb_loop+0x40/0x90 [ 445.226377][ T7870] ? clear_bhb_loop+0x40/0x90 [ 445.231183][ T7870] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 445.237111][ T7870] RIP: 0033:0x7ff57358ebe9 [ 445.241569][ T7870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.261310][ T7870] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 445.269775][ T7870] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 445.277796][ T7870] RDX: 0000000000000094 RSI: 0000200000000040 RDI: 0000000000000005 [ 445.285810][ T7870] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 445.293826][ T7870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 445.301846][ T7870] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 445.309907][ T7870] [ 447.236841][ T7917] FAULT_INJECTION: forcing a failure. [ 447.236841][ T7917] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.276523][ T7917] CPU: 0 PID: 7917 Comm: syz.1.752 Not tainted syzkaller #0 [ 447.283890][ T7917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 447.293977][ T7917] Call Trace: [ 447.297284][ T7917] [ 447.300253][ T7917] dump_stack_lvl+0x16c/0x230 [ 447.304979][ T7917] ? show_regs_print_info+0x20/0x20 [ 447.310297][ T7917] ? load_image+0x3b0/0x3b0 [ 447.314838][ T7917] ? __lock_acquire+0x7c80/0x7c80 [ 447.319980][ T7917] ? snprintf+0xdb/0x120 [ 447.324262][ T7917] should_fail_ex+0x39d/0x4d0 [ 447.329141][ T7917] _copy_to_user+0x2f/0xa0 [ 447.333590][ T7917] simple_read_from_buffer+0xe7/0x150 [ 447.339132][ T7917] proc_fail_nth_read+0x1e3/0x250 [ 447.344291][ T7917] ? proc_fault_inject_write+0x340/0x340 [ 447.349963][ T7917] ? fsnotify_perm+0x271/0x5e0 [ 447.354906][ T7917] ? proc_fault_inject_write+0x340/0x340 [ 447.360572][ T7917] vfs_read+0x27e/0x920 [ 447.364853][ T7917] ? kernel_read+0x1e0/0x1e0 [ 447.369568][ T7917] ? __fget_files+0x28/0x4d0 [ 447.374288][ T7917] ? __fget_files+0x44a/0x4d0 [ 447.379006][ T7917] ? __fdget_pos+0x2a3/0x330 [ 447.383629][ T7917] ? ksys_read+0x75/0x250 [ 447.388000][ T7917] ksys_read+0x147/0x250 [ 447.392276][ T7917] ? vfs_write+0x940/0x940 [ 447.396728][ T7917] ? lockdep_hardirqs_on+0x98/0x150 [ 447.401965][ T7917] do_syscall_64+0x55/0xb0 [ 447.406433][ T7917] ? clear_bhb_loop+0x40/0x90 [ 447.411138][ T7917] ? clear_bhb_loop+0x40/0x90 [ 447.415934][ T7917] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 447.421982][ T7917] RIP: 0033:0x7f0de718d5fc [ 447.426523][ T7917] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 447.446171][ T7917] RSP: 002b:00007f0de7ff9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 447.454713][ T7917] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718d5fc [ 447.462726][ T7917] RDX: 000000000000000f RSI: 00007f0de7ff90a0 RDI: 0000000000000005 [ 447.470727][ T7917] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 447.478724][ T7917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.486800][ T7917] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 447.494806][ T7917] [ 447.499591][ T7907] netlink: 'syz.3.750': attribute type 16 has an invalid length. [ 447.527345][ T7907] netlink: 152 bytes leftover after parsing attributes in process `syz.3.750'. [ 448.488821][ T7946] FAULT_INJECTION: forcing a failure. [ 448.488821][ T7946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 448.524170][ T7946] CPU: 0 PID: 7946 Comm: syz.1.763 Not tainted syzkaller #0 [ 448.531566][ T7946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 448.532275][ T7947] syzkaller0: entered promiscuous mode [ 448.541644][ T7946] Call Trace: [ 448.541657][ T7946] [ 448.541668][ T7946] dump_stack_lvl+0x16c/0x230 [ 448.541705][ T7946] ? show_regs_print_info+0x20/0x20 [ 448.541733][ T7946] ? load_image+0x3b0/0x3b0 [ 448.547267][ T7947] syzkaller0: entered allmulticast mode [ 448.550484][ T7946] ? __might_fault+0xaa/0x120 [ 448.550512][ T7946] ? __lock_acquire+0x7c80/0x7c80 [ 448.550548][ T7946] should_fail_ex+0x39d/0x4d0 [ 448.588063][ T7946] _copy_from_user+0x2f/0xe0 [ 448.592808][ T7946] ___sys_sendmsg+0x159/0x290 [ 448.597637][ T7946] ? __sys_sendmsg+0x270/0x270 [ 448.602512][ T7946] ? __lock_acquire+0x7c80/0x7c80 [ 448.607790][ T7946] __se_sys_sendmsg+0x1a5/0x270 [ 448.612808][ T7946] ? __x64_sys_sendmsg+0x80/0x80 [ 448.617850][ T7946] ? lockdep_hardirqs_on+0x98/0x150 [ 448.623131][ T7946] do_syscall_64+0x55/0xb0 [ 448.627612][ T7946] ? clear_bhb_loop+0x40/0x90 [ 448.632325][ T7946] ? clear_bhb_loop+0x40/0x90 [ 448.637035][ T7946] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 448.642962][ T7946] RIP: 0033:0x7f0de718ebe9 [ 448.647486][ T7946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.667373][ T7946] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 448.675815][ T7946] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 448.683803][ T7946] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 448.691788][ T7946] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 448.699862][ T7946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 448.707944][ T7946] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 448.715961][ T7946] [ 450.788584][ T7978] FAULT_INJECTION: forcing a failure. [ 450.788584][ T7978] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 450.802348][ T7978] CPU: 0 PID: 7978 Comm: syz.0.774 Not tainted syzkaller #0 [ 450.809672][ T7978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 450.819746][ T7978] Call Trace: [ 450.823044][ T7978] [ 450.825993][ T7978] dump_stack_lvl+0x16c/0x230 [ 450.830665][ T7978] ? show_regs_print_info+0x20/0x20 [ 450.835873][ T7978] ? load_image+0x3b0/0x3b0 [ 450.840402][ T7978] ? __might_fault+0xaa/0x120 [ 450.845450][ T7978] ? __lock_acquire+0x7c80/0x7c80 [ 450.850679][ T7978] should_fail_ex+0x39d/0x4d0 [ 450.855535][ T7978] _copy_from_user+0x2f/0xe0 [ 450.860167][ T7978] tipc_setsockopt+0x4b3/0x970 [ 450.865067][ T7978] ? tipc_shutdown+0x4d0/0x4d0 [ 450.869939][ T7978] ? __fget_files+0x28/0x4d0 [ 450.874586][ T7978] ? aa_sock_opt_perm+0x74/0x100 [ 450.879664][ T7978] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 450.885336][ T7978] ? security_socket_setsockopt+0x7e/0xa0 [ 450.891089][ T7978] ? tipc_shutdown+0x4d0/0x4d0 [ 450.895854][ T7978] do_sock_setsockopt+0x175/0x1a0 [ 450.900905][ T7978] ? __fdget+0x180/0x210 [ 450.905275][ T7978] __x64_sys_setsockopt+0x184/0x200 [ 450.910607][ T7978] do_syscall_64+0x55/0xb0 [ 450.915084][ T7978] ? clear_bhb_loop+0x40/0x90 [ 450.920094][ T7978] ? clear_bhb_loop+0x40/0x90 [ 450.924854][ T7978] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 450.930964][ T7978] RIP: 0033:0x7ff57358ebe9 [ 450.935462][ T7978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.955246][ T7978] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 450.963939][ T7978] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 450.972032][ T7978] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000004 [ 450.980036][ T7978] RBP: 00007ff57440b090 R08: 00000000000004bd R09: 0000000000000000 [ 450.988024][ T7978] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 450.996012][ T7978] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 451.004040][ T7978] [ 451.074934][ T7980] netlink: 'syz.0.775': attribute type 3 has an invalid length. [ 451.084507][ T7980] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.775'. [ 451.354334][ T7992] FAULT_INJECTION: forcing a failure. [ 451.354334][ T7992] name failslab, interval 1, probability 0, space 0, times 0 [ 451.367863][ T7992] CPU: 0 PID: 7992 Comm: syz.3.779 Not tainted syzkaller #0 [ 451.375266][ T7992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 451.385422][ T7992] Call Trace: [ 451.388690][ T7992] [ 451.391611][ T7992] dump_stack_lvl+0x16c/0x230 [ 451.396387][ T7992] ? show_regs_print_info+0x20/0x20 [ 451.401605][ T7992] ? load_image+0x3b0/0x3b0 [ 451.406146][ T7992] ? __might_sleep+0xe0/0xe0 [ 451.410749][ T7992] ? __lock_acquire+0x7c80/0x7c80 [ 451.415808][ T7992] should_fail_ex+0x39d/0x4d0 [ 451.420675][ T7992] should_failslab+0x9/0x20 [ 451.425217][ T7992] slab_pre_alloc_hook+0x59/0x310 [ 451.430290][ T7992] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 451.436172][ T7992] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 451.441932][ T7992] __kmem_cache_alloc_node+0x53/0x260 [ 451.447369][ T7992] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 451.453299][ T7992] __kmalloc+0xa4/0x240 [ 451.457516][ T7992] tomoyo_realpath_from_path+0xe3/0x5d0 [ 451.463231][ T7992] tomoyo_path_number_perm+0x1ea/0x590 [ 451.468743][ T7992] ? tomoyo_path_number_perm+0x1ba/0x590 [ 451.474601][ T7992] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 451.480117][ T7992] ? ksys_write+0x1c1/0x250 [ 451.484704][ T7992] ? __fget_files+0x28/0x4d0 [ 451.489360][ T7992] security_file_ioctl+0x70/0xa0 [ 451.494348][ T7992] __se_sys_ioctl+0x48/0x170 [ 451.498989][ T7992] do_syscall_64+0x55/0xb0 [ 451.503458][ T7992] ? clear_bhb_loop+0x40/0x90 [ 451.508260][ T7992] ? clear_bhb_loop+0x40/0x90 [ 451.512961][ T7992] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 451.518901][ T7992] RIP: 0033:0x7f55fed8ebe9 [ 451.523338][ T7992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.543141][ T7992] RSP: 002b:00007f55ffbea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 451.551659][ T7992] RAX: ffffffffffffffda RBX: 00007f55fefb5fa0 RCX: 00007f55fed8ebe9 [ 451.559638][ T7992] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000043 [ 451.567643][ T7992] RBP: 00007f55ffbea090 R08: 0000000000000000 R09: 0000000000000000 [ 451.575623][ T7992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.583606][ T7992] R13: 00007f55fefb6038 R14: 00007f55fefb5fa0 R15: 00007fff31a35af8 [ 451.591601][ T7992] [ 451.612350][ T7992] ERROR: Out of memory at tomoyo_realpath_from_path. [ 452.282105][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 452.282663][ T5840] Bluetooth: hci0: command 0x0406 tx timeout [ 452.289783][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 452.300629][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 452.528264][ T8024] FAULT_INJECTION: forcing a failure. [ 452.528264][ T8024] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 452.572182][ T8024] CPU: 1 PID: 8024 Comm: syz.3.791 Not tainted syzkaller #0 [ 452.579558][ T8024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 452.589654][ T8024] Call Trace: [ 452.592965][ T8024] [ 452.595971][ T8024] dump_stack_lvl+0x16c/0x230 [ 452.600701][ T8024] ? show_regs_print_info+0x20/0x20 [ 452.605944][ T8024] ? load_image+0x3b0/0x3b0 [ 452.610648][ T8024] ? __might_fault+0xaa/0x120 [ 452.615346][ T8024] ? __lock_acquire+0x7c80/0x7c80 [ 452.620402][ T8024] should_fail_ex+0x39d/0x4d0 [ 452.625118][ T8024] _copy_from_user+0x2f/0xe0 [ 452.629739][ T8024] __sys_bpf+0x1e9/0x800 [ 452.634013][ T8024] ? bpf_link_show_fdinfo+0x350/0x350 [ 452.639431][ T8024] ? lock_chain_count+0x20/0x20 [ 452.644319][ T8024] __x64_sys_bpf+0x7c/0x90 [ 452.648764][ T8024] do_syscall_64+0x55/0xb0 [ 452.653209][ T8024] ? clear_bhb_loop+0x40/0x90 [ 452.657999][ T8024] ? clear_bhb_loop+0x40/0x90 [ 452.662706][ T8024] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 452.668837][ T8024] RIP: 0033:0x7f55fed8ebe9 [ 452.673279][ T8024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.693002][ T8024] RSP: 002b:00007f55ffbea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 452.701447][ T8024] RAX: ffffffffffffffda RBX: 00007f55fefb5fa0 RCX: 00007f55fed8ebe9 [ 452.709438][ T8024] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 452.717692][ T8024] RBP: 00007f55ffbea090 R08: 0000000000000000 R09: 0000000000000000 [ 452.725852][ T8024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 452.733844][ T8024] R13: 00007f55fefb6038 R14: 00007f55fefb5fa0 R15: 00007fff31a35af8 [ 452.741848][ T8024] [ 453.395622][ T8046] FAULT_INJECTION: forcing a failure. [ 453.395622][ T8046] name failslab, interval 1, probability 0, space 0, times 0 [ 453.442830][ T8046] CPU: 0 PID: 8046 Comm: syz.2.800 Not tainted syzkaller #0 [ 453.450300][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 453.460397][ T8046] Call Trace: [ 453.463694][ T8046] [ 453.466636][ T8046] dump_stack_lvl+0x16c/0x230 [ 453.471421][ T8046] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 453.477583][ T8046] ? show_regs_print_info+0x20/0x20 [ 453.482808][ T8046] ? load_image+0x3b0/0x3b0 [ 453.487353][ T8046] should_fail_ex+0x39d/0x4d0 [ 453.492247][ T8046] should_failslab+0x9/0x20 [ 453.496769][ T8046] slab_pre_alloc_hook+0x59/0x310 [ 453.501828][ T8046] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 453.507907][ T8046] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 453.513646][ T8046] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 453.519381][ T8046] __kmem_cache_alloc_node+0x53/0x260 [ 453.524774][ T8046] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 453.530507][ T8046] __kmalloc+0xa4/0x240 [ 453.534680][ T8046] tomoyo_realpath_from_path+0xe3/0x5d0 [ 453.540278][ T8046] tomoyo_path_number_perm+0x1ea/0x590 [ 453.545772][ T8046] ? tomoyo_path_number_perm+0x1ba/0x590 [ 453.551857][ T8046] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 453.557356][ T8046] ? hrtimer_interrupt+0x597/0x9c0 [ 453.562504][ T8046] ? ktime_get+0x7f/0x280 [ 453.566891][ T8046] ? __fget_files+0x28/0x4d0 [ 453.571534][ T8046] security_file_ioctl+0x70/0xa0 [ 453.576583][ T8046] __se_sys_ioctl+0x48/0x170 [ 453.581189][ T8046] do_syscall_64+0x55/0xb0 [ 453.585640][ T8046] ? clear_bhb_loop+0x40/0x90 [ 453.590347][ T8046] ? clear_bhb_loop+0x40/0x90 [ 453.595050][ T8046] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 453.600967][ T8046] RIP: 0033:0x7f5942f8ebe9 [ 453.605391][ T8046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.625031][ T8046] RSP: 002b:00007f5943eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 453.633456][ T8046] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 453.641570][ T8046] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 000000000000003f [ 453.649559][ T8046] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 453.657546][ T8046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.665614][ T8046] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 453.673632][ T8046] [ 453.700309][ T8046] ERROR: Out of memory at tomoyo_realpath_from_path. [ 454.707367][ T8075] netlink: 'syz.0.806': attribute type 10 has an invalid length. [ 454.715429][ T8075] netlink: 55 bytes leftover after parsing attributes in process `syz.0.806'. [ 455.901519][ T8093] FAULT_INJECTION: forcing a failure. [ 455.901519][ T8093] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 455.923312][ T8091] netlink: 'syz.3.812': attribute type 11 has an invalid length. [ 455.933464][ T8093] CPU: 0 PID: 8093 Comm: syz.1.814 Not tainted syzkaller #0 [ 455.940910][ T8093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 455.951007][ T8093] Call Trace: [ 455.954302][ T8093] [ 455.957309][ T8093] dump_stack_lvl+0x16c/0x230 [ 455.962105][ T8093] ? show_regs_print_info+0x20/0x20 [ 455.967316][ T8093] ? load_image+0x3b0/0x3b0 [ 455.971834][ T8093] ? __might_fault+0xaa/0x120 [ 455.976524][ T8093] ? __lock_acquire+0x7c80/0x7c80 [ 455.981654][ T8093] should_fail_ex+0x39d/0x4d0 [ 455.986527][ T8093] _copy_from_user+0x2f/0xe0 [ 455.991140][ T8093] __sys_bpf+0x1e9/0x800 [ 455.995502][ T8093] ? bpf_link_show_fdinfo+0x350/0x350 [ 456.000901][ T8093] ? lock_chain_count+0x20/0x20 [ 456.005773][ T8093] __x64_sys_bpf+0x7c/0x90 [ 456.010291][ T8093] do_syscall_64+0x55/0xb0 [ 456.014718][ T8093] ? clear_bhb_loop+0x40/0x90 [ 456.019407][ T8093] ? clear_bhb_loop+0x40/0x90 [ 456.024097][ T8093] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 456.030240][ T8093] RIP: 0033:0x7f0de718ebe9 [ 456.034753][ T8093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.054376][ T8093] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 456.062889][ T8093] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 456.070869][ T8093] RDX: 0000000000000048 RSI: 00002000000009c0 RDI: 0000000000000000 [ 456.078868][ T8093] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 456.086854][ T8093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 456.094921][ T8093] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 456.103031][ T8093] [ 456.108794][ T8091] netlink: 140 bytes leftover after parsing attributes in process `syz.3.812'. [ 456.196412][ T8096] netlink: 176 bytes leftover after parsing attributes in process `syz.3.812'. [ 457.075181][ T8127] FAULT_INJECTION: forcing a failure. [ 457.075181][ T8127] name failslab, interval 1, probability 0, space 0, times 0 [ 457.090428][ T8127] CPU: 1 PID: 8127 Comm: syz.1.824 Not tainted syzkaller #0 [ 457.097916][ T8127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 457.108100][ T8127] Call Trace: [ 457.111409][ T8127] [ 457.114361][ T8127] dump_stack_lvl+0x16c/0x230 [ 457.119262][ T8127] ? show_regs_print_info+0x20/0x20 [ 457.124484][ T8127] ? load_image+0x3b0/0x3b0 [ 457.129012][ T8127] ? __might_sleep+0xe0/0xe0 [ 457.133732][ T8127] ? __lock_acquire+0x7c80/0x7c80 [ 457.138785][ T8127] should_fail_ex+0x39d/0x4d0 [ 457.143585][ T8127] should_failslab+0x9/0x20 [ 457.148119][ T8127] slab_pre_alloc_hook+0x59/0x310 [ 457.153183][ T8127] ? kernfs_fop_write_iter+0x159/0x4d0 [ 457.158762][ T8127] ? kernfs_fop_write_iter+0x159/0x4d0 [ 457.164286][ T8127] __kmem_cache_alloc_node+0x53/0x260 [ 457.169693][ T8127] ? kernfs_fop_write_iter+0x159/0x4d0 [ 457.175232][ T8127] __kmalloc+0xa4/0x240 [ 457.179455][ T8127] kernfs_fop_write_iter+0x159/0x4d0 [ 457.184809][ T8127] vfs_write+0x43b/0x940 [ 457.189270][ T8127] ? file_end_write+0x250/0x250 [ 457.194688][ T8127] ? __fget_files+0x44a/0x4d0 [ 457.199401][ T8127] ? __fdget_pos+0x2a3/0x330 [ 457.204190][ T8127] ? ksys_write+0x75/0x250 [ 457.208642][ T8127] ksys_write+0x147/0x250 [ 457.213009][ T8127] ? __ia32_sys_read+0x90/0x90 [ 457.217808][ T8127] ? lockdep_hardirqs_on+0x98/0x150 [ 457.223039][ T8127] do_syscall_64+0x55/0xb0 [ 457.227660][ T8127] ? clear_bhb_loop+0x40/0x90 [ 457.232711][ T8127] ? clear_bhb_loop+0x40/0x90 [ 457.237500][ T8127] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 457.243438][ T8127] RIP: 0033:0x7f0de718ebe9 [ 457.247962][ T8127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.267768][ T8127] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 457.276224][ T8127] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 457.284317][ T8127] RDX: 0000000000000031 RSI: 0000200000000b40 RDI: 0000000000000004 [ 457.292313][ T8127] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 457.300388][ T8127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.308381][ T8127] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 457.316395][ T8127] [ 457.549785][ T8132] FAULT_INJECTION: forcing a failure. [ 457.549785][ T8132] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.571794][ T8133] netlink: 'syz.0.829': attribute type 10 has an invalid length. [ 457.600894][ T8132] CPU: 0 PID: 8132 Comm: syz.1.830 Not tainted syzkaller #0 [ 457.618096][ T8132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 457.639484][ T8132] Call Trace: [ 457.647692][ T8132] [ 457.675587][ T8132] dump_stack_lvl+0x16c/0x230 [ 457.694230][ T8132] ? show_regs_print_info+0x20/0x20 [ 457.737185][ T8132] ? load_image+0x3b0/0x3b0 [ 457.763664][ T8132] ? __might_fault+0xaa/0x120 [ 457.783845][ T8132] ? __lock_acquire+0x7c80/0x7c80 [ 457.801926][ T8132] should_fail_ex+0x39d/0x4d0 [ 457.833981][ T8132] _copy_from_user+0x2f/0xe0 [ 457.857341][ T8132] ___sys_sendmsg+0x159/0x290 [ 457.877287][ T8132] ? __sys_sendmsg+0x270/0x270 [ 457.891001][ T8132] ? __lock_acquire+0x7c80/0x7c80 [ 457.904229][ T8132] __se_sys_sendmsg+0x1a5/0x270 [ 457.924339][ T8132] ? __x64_sys_sendmsg+0x80/0x80 [ 457.931819][ T8132] ? lockdep_hardirqs_on+0x98/0x150 [ 457.942491][ T8132] do_syscall_64+0x55/0xb0 [ 457.959008][ T8132] ? clear_bhb_loop+0x40/0x90 [ 457.977999][ T8132] ? clear_bhb_loop+0x40/0x90 [ 457.991612][ T8132] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 458.024979][ T8132] RIP: 0033:0x7f0de718ebe9 [ 458.034500][ T8132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 458.101333][ T8132] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 458.166353][ T8132] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 458.207589][ T8132] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 458.246241][ T8132] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 458.271977][ T8132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 458.292913][ T8132] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 458.306881][ T8132] [ 458.394765][ T8133] team0: Port device wlan1 added [ 458.812017][ T8144] netlink: 'syz.1.833': attribute type 10 has an invalid length. [ 458.945040][ T8150] FAULT_INJECTION: forcing a failure. [ 458.945040][ T8150] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 458.965502][ T8150] CPU: 0 PID: 8150 Comm: syz.2.837 Not tainted syzkaller #0 [ 458.972872][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 458.983055][ T8150] Call Trace: [ 458.986545][ T8150] [ 458.989517][ T8150] dump_stack_lvl+0x16c/0x230 [ 458.994261][ T8150] ? show_regs_print_info+0x20/0x20 [ 458.999589][ T8150] ? load_image+0x3b0/0x3b0 [ 459.004130][ T8150] ? __might_fault+0xaa/0x120 [ 459.008844][ T8150] ? __lock_acquire+0x7c80/0x7c80 [ 459.013999][ T8150] should_fail_ex+0x39d/0x4d0 [ 459.018725][ T8150] _copy_from_user+0x2f/0xe0 [ 459.023364][ T8150] ___sys_recvmsg+0x12f/0x510 [ 459.028105][ T8150] ? __sys_recvmsg+0x270/0x270 [ 459.032927][ T8150] ? lock_chain_count+0x20/0x20 [ 459.037914][ T8150] ? __fget_files+0x44a/0x4d0 [ 459.042646][ T8150] __x64_sys_recvmsg+0x1f2/0x2c0 [ 459.047628][ T8150] ? ___sys_recvmsg+0x510/0x510 [ 459.052534][ T8150] ? syscall_enter_from_user_mode+0x2e/0x80 [ 459.058743][ T8150] do_syscall_64+0x55/0xb0 [ 459.063219][ T8150] ? clear_bhb_loop+0x40/0x90 [ 459.068021][ T8150] ? clear_bhb_loop+0x40/0x90 [ 459.072817][ T8150] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 459.078753][ T8150] RIP: 0033:0x7f5942f8ebe9 [ 459.083209][ T8150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.103203][ T8150] RSP: 002b:00007f5943eae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 459.111636][ T8150] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 459.119637][ T8150] RDX: 0000000040010140 RSI: 0000200000001540 RDI: 0000000000000005 [ 459.127616][ T8150] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 459.135596][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.143663][ T8150] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 459.151656][ T8150] [ 459.958803][ T8144] team0: Port device wlan1 added [ 459.977509][ T8170] FAULT_INJECTION: forcing a failure. [ 459.977509][ T8170] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.994398][ T8170] CPU: 1 PID: 8170 Comm: syz.2.844 Not tainted syzkaller #0 [ 460.001918][ T8170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 460.012019][ T8170] Call Trace: [ 460.015340][ T8170] [ 460.017748][ T8144] syz.1.833 (8144) used greatest stack depth: 18864 bytes left [ 460.018280][ T8170] dump_stack_lvl+0x16c/0x230 [ 460.030655][ T8170] ? show_regs_print_info+0x20/0x20 [ 460.035894][ T8170] ? load_image+0x3b0/0x3b0 [ 460.040464][ T8170] ? __might_fault+0xaa/0x120 [ 460.045178][ T8170] ? __lock_acquire+0x7c80/0x7c80 [ 460.050236][ T8170] should_fail_ex+0x39d/0x4d0 [ 460.054934][ T8170] _copy_from_user+0x2f/0xe0 [ 460.059534][ T8170] ___sys_recvmsg+0x12f/0x510 [ 460.064233][ T8170] ? __sys_recvmsg+0x270/0x270 [ 460.069020][ T8170] ? ksys_write+0x1c1/0x250 [ 460.073625][ T8170] ? __fget_files+0x44a/0x4d0 [ 460.078345][ T8170] __x64_sys_recvmsg+0x1f2/0x2c0 [ 460.083297][ T8170] ? ___sys_recvmsg+0x510/0x510 [ 460.088358][ T8170] ? lockdep_hardirqs_on+0x98/0x150 [ 460.093573][ T8170] do_syscall_64+0x55/0xb0 [ 460.097998][ T8170] ? clear_bhb_loop+0x40/0x90 [ 460.102688][ T8170] ? clear_bhb_loop+0x40/0x90 [ 460.107371][ T8170] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 460.113297][ T8170] RIP: 0033:0x7f5942f8ebe9 [ 460.117724][ T8170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.137512][ T8170] RSP: 002b:00007f5943eae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 460.145939][ T8170] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 460.153916][ T8170] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 460.161890][ T8170] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 460.169863][ T8170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.177846][ T8170] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 460.185837][ T8170] [ 460.699025][ T8184] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.850'. [ 461.111660][ T8189] netlink: 'syz.3.852': attribute type 21 has an invalid length. [ 461.234790][ T8189] netlink: 'syz.3.852': attribute type 1 has an invalid length. [ 461.511900][ T8201] FAULT_INJECTION: forcing a failure. [ 461.511900][ T8201] name failslab, interval 1, probability 0, space 0, times 0 [ 461.550548][ T8201] CPU: 1 PID: 8201 Comm: syz.2.855 Not tainted syzkaller #0 [ 461.558075][ T8201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 461.568202][ T8201] Call Trace: [ 461.571552][ T8201] [ 461.574549][ T8201] dump_stack_lvl+0x16c/0x230 [ 461.579318][ T8201] ? show_regs_print_info+0x20/0x20 [ 461.584769][ T8201] ? load_image+0x3b0/0x3b0 [ 461.589347][ T8201] ? __might_sleep+0xe0/0xe0 [ 461.594010][ T8201] ? __lock_acquire+0x7c80/0x7c80 [ 461.599137][ T8201] should_fail_ex+0x39d/0x4d0 [ 461.603915][ T8201] should_failslab+0x9/0x20 [ 461.608500][ T8201] slab_pre_alloc_hook+0x59/0x310 [ 461.613727][ T8201] kmem_cache_alloc_node+0x60/0x330 [ 461.619000][ T8201] ? lock_chain_count+0x20/0x20 [ 461.623913][ T8201] ? dup_task_struct+0x57/0x7c0 [ 461.628941][ T8201] dup_task_struct+0x57/0x7c0 [ 461.633690][ T8201] ? lockdep_hardirqs_on+0x98/0x150 [ 461.639236][ T8201] copy_process+0x549/0x3d70 [ 461.643896][ T8201] ? __might_fault+0xaa/0x120 [ 461.648721][ T8201] ? get_pid_task+0x20/0x1e0 [ 461.653397][ T8201] ? __pidfd_prepare+0x140/0x140 [ 461.658553][ T8201] kernel_clone+0x21b/0x840 [ 461.663137][ T8201] ? ksys_write+0x1c1/0x250 [ 461.667715][ T8201] ? create_io_thread+0x140/0x140 [ 461.672872][ T8201] __x64_sys_clone+0x18c/0x1e0 [ 461.677711][ T8201] ? __fget_files+0x44a/0x4d0 [ 461.682475][ T8201] ? __ia32_sys_vfork+0x100/0x100 [ 461.687605][ T8201] ? lock_chain_count+0x20/0x20 [ 461.692555][ T8201] ? lockdep_hardirqs_on+0x98/0x150 [ 461.697849][ T8201] do_syscall_64+0x55/0xb0 [ 461.702420][ T8201] ? clear_bhb_loop+0x40/0x90 [ 461.707160][ T8201] ? clear_bhb_loop+0x40/0x90 [ 461.711904][ T8201] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 461.717882][ T8201] RIP: 0033:0x7f5942f8ebe9 [ 461.722369][ T8201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 461.742215][ T8201] RSP: 002b:00007f5943eadfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 461.750698][ T8201] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 461.758722][ T8201] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000004000 [ 461.766833][ T8201] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 461.775046][ T8201] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 461.783075][ T8201] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 461.791163][ T8201] [ 462.182640][ T8206] netlink: 'syz.1.856': attribute type 10 has an invalid length. [ 462.540655][ T8208] netlink: 'syz.3.857': attribute type 3 has an invalid length. [ 462.597798][ T8208] netlink: 132 bytes leftover after parsing attributes in process `syz.3.857'. [ 463.021407][ T8218] FAULT_INJECTION: forcing a failure. [ 463.021407][ T8218] name failslab, interval 1, probability 0, space 0, times 0 [ 463.060131][ T8218] CPU: 1 PID: 8218 Comm: syz.3.862 Not tainted syzkaller #0 [ 463.067497][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 463.077595][ T8218] Call Trace: [ 463.080899][ T8218] [ 463.083840][ T8218] dump_stack_lvl+0x16c/0x230 [ 463.088536][ T8218] ? show_regs_print_info+0x20/0x20 [ 463.093753][ T8218] ? load_image+0x3b0/0x3b0 [ 463.098632][ T8218] ? __might_sleep+0xe0/0xe0 [ 463.103247][ T8218] ? __lock_acquire+0x7c80/0x7c80 [ 463.108299][ T8218] should_fail_ex+0x39d/0x4d0 [ 463.113297][ T8218] should_failslab+0x9/0x20 [ 463.117899][ T8218] slab_pre_alloc_hook+0x59/0x310 [ 463.122945][ T8218] kmem_cache_alloc_node+0x60/0x330 [ 463.128590][ T8218] ? __alloc_skb+0x108/0x2c0 [ 463.133309][ T8218] __alloc_skb+0x108/0x2c0 [ 463.137742][ T8218] alloc_skb_with_frags+0xca/0x7c0 [ 463.142871][ T8218] ? mark_lock+0x94/0x320 [ 463.147392][ T8218] sock_alloc_send_pskb+0x857/0x990 [ 463.152613][ T8218] ? sock_kzfree_s+0x50/0x50 [ 463.157331][ T8218] tun_get_user+0x9dc/0x3bf0 [ 463.161943][ T8218] ? aa_file_perm+0x120/0xec0 [ 463.166799][ T8218] ? aa_file_perm+0x3e8/0xec0 [ 463.171490][ T8218] ? rcu_read_unlock+0xa0/0xa0 [ 463.176269][ T8218] ? tun_get+0x1c/0x2e0 [ 463.180433][ T8218] ? __lock_acquire+0x7c80/0x7c80 [ 463.185477][ T8218] ? tun_get+0x1c/0x2e0 [ 463.189747][ T8218] tun_chr_write_iter+0x119/0x200 [ 463.194782][ T8218] vfs_write+0x43b/0x940 [ 463.199043][ T8218] ? file_end_write+0x250/0x250 [ 463.204180][ T8218] ? __fget_files+0x44a/0x4d0 [ 463.208878][ T8218] ? __fdget_pos+0x1d8/0x330 [ 463.213484][ T8218] ? ksys_write+0x75/0x250 [ 463.217918][ T8218] ksys_write+0x147/0x250 [ 463.222358][ T8218] ? __ia32_sys_read+0x90/0x90 [ 463.228130][ T8218] ? lockdep_hardirqs_on+0x98/0x150 [ 463.233453][ T8218] do_syscall_64+0x55/0xb0 [ 463.237892][ T8218] ? clear_bhb_loop+0x40/0x90 [ 463.242586][ T8218] ? clear_bhb_loop+0x40/0x90 [ 463.247267][ T8218] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 463.253183][ T8218] RIP: 0033:0x7f55fed8ebe9 [ 463.257636][ T8218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.277425][ T8218] RSP: 002b:00007f55ffbea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 463.285869][ T8218] RAX: ffffffffffffffda RBX: 00007f55fefb5fa0 RCX: 00007f55fed8ebe9 [ 463.293956][ T8218] RDX: 000000000000fdef RSI: 0000200000000580 RDI: 00000000000000c8 [ 463.302243][ T8218] RBP: 00007f55ffbea090 R08: 0000000000000000 R09: 0000000000000000 [ 463.310238][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.318267][ T8218] R13: 00007f55fefb6038 R14: 00007f55fefb5fa0 R15: 00007fff31a35af8 [ 463.326447][ T8218] [ 463.800698][ T8233] netlink: 'syz.3.865': attribute type 29 has an invalid length. [ 463.826515][ T8233] netlink: 'syz.3.865': attribute type 29 has an invalid length. [ 464.942326][ T8251] FAULT_INJECTION: forcing a failure. [ 464.942326][ T8251] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 465.025108][ T8251] CPU: 1 PID: 8251 Comm: syz.2.872 Not tainted syzkaller #0 [ 465.043236][ T8251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 465.063260][ T8251] Call Trace: [ 465.068687][ T8251] [ 465.076887][ T8251] dump_stack_lvl+0x16c/0x230 [ 465.085436][ T8251] ? show_regs_print_info+0x20/0x20 [ 465.096214][ T8251] ? load_image+0x3b0/0x3b0 [ 465.106977][ T8251] ? __might_fault+0xaa/0x120 [ 465.129494][ T8251] ? __lock_acquire+0x7c80/0x7c80 [ 465.142673][ T8251] should_fail_ex+0x39d/0x4d0 [ 465.155395][ T8251] _copy_from_user+0x2f/0xe0 [ 465.162402][ T8251] __sys_bpf+0x1e9/0x800 [ 465.169712][ T8251] ? bpf_link_show_fdinfo+0x350/0x350 [ 465.180630][ T8251] ? lock_chain_count+0x20/0x20 [ 465.187204][ T8251] __x64_sys_bpf+0x7c/0x90 [ 465.192805][ T8251] do_syscall_64+0x55/0xb0 [ 465.199949][ T8251] ? clear_bhb_loop+0x40/0x90 [ 465.210993][ T8251] ? clear_bhb_loop+0x40/0x90 [ 465.216847][ T8251] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 465.226805][ T8251] RIP: 0033:0x7f5942f8ebe9 [ 465.231890][ T8251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.254938][ T8251] RSP: 002b:00007f5943eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 465.265668][ T8251] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 465.274050][ T8251] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a [ 465.282377][ T8251] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 465.290478][ T8251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.298896][ T8251] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 465.307093][ T8251] [ 466.423055][ T8269] FAULT_INJECTION: forcing a failure. [ 466.423055][ T8269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 466.477464][ T8269] CPU: 1 PID: 8269 Comm: syz.2.877 Not tainted syzkaller #0 [ 466.484830][ T8269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 466.494916][ T8269] Call Trace: [ 466.498218][ T8269] [ 466.501170][ T8269] dump_stack_lvl+0x16c/0x230 [ 466.505888][ T8269] ? show_regs_print_info+0x20/0x20 [ 466.511220][ T8269] ? load_image+0x3b0/0x3b0 [ 466.515753][ T8269] ? __might_fault+0xaa/0x120 [ 466.520459][ T8269] ? __lock_acquire+0x7c80/0x7c80 [ 466.525522][ T8269] should_fail_ex+0x39d/0x4d0 [ 466.530237][ T8269] _copy_from_user+0x2f/0xe0 [ 466.534862][ T8269] __sys_bpf+0x1e9/0x800 [ 466.539182][ T8269] ? bpf_link_show_fdinfo+0x350/0x350 [ 466.544622][ T8269] ? lock_chain_count+0x20/0x20 [ 466.549544][ T8269] __x64_sys_bpf+0x7c/0x90 [ 466.554016][ T8269] do_syscall_64+0x55/0xb0 [ 466.558483][ T8269] ? clear_bhb_loop+0x40/0x90 [ 466.563205][ T8269] ? clear_bhb_loop+0x40/0x90 [ 466.567928][ T8269] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 466.573872][ T8269] RIP: 0033:0x7f5942f8ebe9 [ 466.578326][ T8269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.597984][ T8269] RSP: 002b:00007f5943e8d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 466.606443][ T8269] RAX: ffffffffffffffda RBX: 00007f59431b6090 RCX: 00007f5942f8ebe9 [ 466.614458][ T8269] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a [ 466.622567][ T8269] RBP: 00007f5943e8d090 R08: 0000000000000000 R09: 0000000000000000 [ 466.630585][ T8269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 466.638593][ T8269] R13: 00007f59431b6128 R14: 00007f59431b6090 R15: 00007ffe91aa6628 [ 466.646602][ T8269] [ 467.244428][ T8284] netlink: 'syz.2.883': attribute type 21 has an invalid length. [ 467.284557][ T8284] netlink: 'syz.2.883': attribute type 12 has an invalid length. [ 467.294027][ T8284] netlink: 'syz.2.883': attribute type 13 has an invalid length. [ 467.306324][ T8284] netlink: 'syz.2.883': attribute type 14 has an invalid length. [ 467.347525][ T8284] netlink: 'syz.2.883': attribute type 15 has an invalid length. [ 467.362774][ T8284] netlink: 'syz.2.883': attribute type 16 has an invalid length. [ 467.380365][ T8284] netlink: 'syz.2.883': attribute type 19 has an invalid length. [ 467.423025][ T8284] netlink: 'syz.2.883': attribute type 21 has an invalid length. [ 467.450109][ T8284] netlink: 'syz.2.883': attribute type 22 has an invalid length. [ 467.457922][ T8284] netlink: 12226 bytes leftover after parsing attributes in process `syz.2.883'. [ 467.681542][ T8301] FAULT_INJECTION: forcing a failure. [ 467.681542][ T8301] name failslab, interval 1, probability 0, space 0, times 0 [ 467.728170][ T8301] CPU: 0 PID: 8301 Comm: syz.0.887 Not tainted syzkaller #0 [ 467.735543][ T8301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 467.745731][ T8301] Call Trace: [ 467.749044][ T8301] [ 467.752094][ T8301] dump_stack_lvl+0x16c/0x230 [ 467.756821][ T8301] ? show_regs_print_info+0x20/0x20 [ 467.762143][ T8301] ? load_image+0x3b0/0x3b0 [ 467.766693][ T8301] ? __might_sleep+0xe0/0xe0 [ 467.771348][ T8301] ? __lock_acquire+0x7c80/0x7c80 [ 467.776430][ T8301] should_fail_ex+0x39d/0x4d0 [ 467.781150][ T8301] should_failslab+0x9/0x20 [ 467.785769][ T8301] slab_pre_alloc_hook+0x59/0x310 [ 467.790812][ T8301] ? __get_vm_area_node+0x125/0x370 [ 467.796026][ T8301] __kmem_cache_alloc_node+0x53/0x260 [ 467.801417][ T8301] ? __get_vm_area_node+0x125/0x370 [ 467.806625][ T8301] kmalloc_node_trace+0x26/0xe0 [ 467.811490][ T8301] __get_vm_area_node+0x125/0x370 [ 467.816527][ T8301] __vmalloc_node_range+0x36e/0x1320 [ 467.821823][ T8301] ? netlink_sendmsg+0x5f3/0xbe0 [ 467.826767][ T8301] ? netlink_insert+0x106a/0x1370 [ 467.831813][ T8301] ? netlink_insert+0x2b3/0x1370 [ 467.836758][ T8301] ? netlink_data_ready+0x10/0x10 [ 467.841795][ T8301] ? free_vm_area+0x50/0x50 [ 467.846314][ T8301] ? netlink_sendmsg+0x5f3/0xbe0 [ 467.851265][ T8301] vmalloc+0x79/0x90 [ 467.855168][ T8301] ? netlink_sendmsg+0x5f3/0xbe0 [ 467.860122][ T8301] netlink_sendmsg+0x5f3/0xbe0 [ 467.864906][ T8301] ? netlink_getsockopt+0x580/0x580 [ 467.870165][ T8301] ? aa_sock_msg_perm+0x94/0x150 [ 467.875152][ T8301] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 467.880556][ T8301] ? security_socket_sendmsg+0x80/0xa0 [ 467.886052][ T8301] sock_write_iter+0x2bb/0x3f0 [ 467.890836][ T8301] ? sock_read_iter+0x3b0/0x3b0 [ 467.895717][ T8301] ? common_file_perm+0x198/0x1f0 [ 467.900758][ T8301] vfs_write+0x43b/0x940 [ 467.905020][ T8301] ? file_end_write+0x250/0x250 [ 467.909885][ T8301] ? __fget_files+0x44a/0x4d0 [ 467.914586][ T8301] ? __fdget_pos+0x1d8/0x330 [ 467.919188][ T8301] ? ksys_write+0x75/0x250 [ 467.923625][ T8301] ksys_write+0x147/0x250 [ 467.927964][ T8301] ? __ia32_sys_read+0x90/0x90 [ 467.932752][ T8301] ? lockdep_hardirqs_on+0x98/0x150 [ 467.938055][ T8301] do_syscall_64+0x55/0xb0 [ 467.942484][ T8301] ? clear_bhb_loop+0x40/0x90 [ 467.947170][ T8301] ? clear_bhb_loop+0x40/0x90 [ 467.951884][ T8301] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 467.957877][ T8301] RIP: 0033:0x7ff57358ebe9 [ 467.962404][ T8301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.982306][ T8301] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 467.990921][ T8301] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 467.998907][ T8301] RDX: 0000000000033fe0 RSI: 0000200000000000 RDI: 0000000000000004 [ 468.006887][ T8301] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 468.014952][ T8301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 468.023346][ T8301] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 468.031352][ T8301] [ 468.053778][ T8301] syz.0.887: vmalloc error: size 213312, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 468.068592][ T8301] CPU: 0 PID: 8301 Comm: syz.0.887 Not tainted syzkaller #0 [ 468.071604][ T8308] netlink: 'syz.2.888': attribute type 21 has an invalid length. [ 468.075900][ T8301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 468.075916][ T8301] Call Trace: [ 468.097027][ T8301] [ 468.100012][ T8301] dump_stack_lvl+0x16c/0x230 [ 468.104735][ T8301] ? show_regs_print_info+0x20/0x20 [ 468.109977][ T8301] ? load_image+0x3b0/0x3b0 [ 468.114529][ T8301] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 468.116588][ T8308] netlink: 9662 bytes leftover after parsing attributes in process `syz.2.888'. [ 468.121003][ T8301] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 468.121033][ T8301] warn_alloc+0x210/0x300 [ 468.121059][ T8301] ? __get_vm_area_node+0x125/0x370 [ 468.121085][ T8301] ? zone_watermark_ok_safe+0x230/0x230 [ 468.121111][ T8301] ? rcu_is_watching+0x15/0xb0 [ 468.121141][ T8301] ? __get_vm_area_node+0x356/0x370 [ 468.121171][ T8301] __vmalloc_node_range+0x393/0x1320 [ 468.167177][ T8301] ? netlink_insert+0x106a/0x1370 [ 468.172271][ T8301] ? netlink_insert+0x2b3/0x1370 [ 468.177349][ T8301] ? netlink_data_ready+0x10/0x10 [ 468.182523][ T8301] ? free_vm_area+0x50/0x50 [ 468.187165][ T8301] ? netlink_sendmsg+0x5f3/0xbe0 [ 468.192321][ T8301] vmalloc+0x79/0x90 [ 468.196291][ T8301] ? netlink_sendmsg+0x5f3/0xbe0 [ 468.201275][ T8301] netlink_sendmsg+0x5f3/0xbe0 [ 468.206189][ T8301] ? netlink_getsockopt+0x580/0x580 [ 468.211517][ T8301] ? aa_sock_msg_perm+0x94/0x150 [ 468.216490][ T8301] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 468.221819][ T8301] ? security_socket_sendmsg+0x80/0xa0 [ 468.227403][ T8301] sock_write_iter+0x2bb/0x3f0 [ 468.232210][ T8301] ? sock_read_iter+0x3b0/0x3b0 [ 468.237199][ T8301] ? common_file_perm+0x198/0x1f0 [ 468.242332][ T8301] vfs_write+0x43b/0x940 [ 468.246640][ T8301] ? file_end_write+0x250/0x250 [ 468.251636][ T8301] ? __fget_files+0x44a/0x4d0 [ 468.256375][ T8301] ? __fdget_pos+0x1d8/0x330 [ 468.261009][ T8301] ? ksys_write+0x75/0x250 [ 468.265642][ T8301] ksys_write+0x147/0x250 [ 468.270095][ T8301] ? __ia32_sys_read+0x90/0x90 [ 468.274992][ T8301] ? lockdep_hardirqs_on+0x98/0x150 [ 468.280354][ T8301] do_syscall_64+0x55/0xb0 [ 468.284911][ T8301] ? clear_bhb_loop+0x40/0x90 [ 468.289650][ T8301] ? clear_bhb_loop+0x40/0x90 [ 468.294370][ T8301] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 468.300311][ T8301] RIP: 0033:0x7ff57358ebe9 [ 468.304775][ T8301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.324520][ T8301] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 468.332985][ T8301] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 468.341010][ T8301] RDX: 0000000000033fe0 RSI: 0000200000000000 RDI: 0000000000000004 [ 468.349042][ T8301] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 468.357051][ T8301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 468.365074][ T8301] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 468.373188][ T8301] [ 468.379535][ T8301] Mem-Info: [ 468.383053][ T8301] active_anon:17117 inactive_anon:0 isolated_anon:0 [ 468.383053][ T8301] active_file:13437 inactive_file:39884 isolated_file:0 [ 468.383053][ T8301] unevictable:768 dirty:491 writeback:0 [ 468.383053][ T8301] slab_reclaimable:10159 slab_unreclaimable:90431 [ 468.383053][ T8301] mapped:24574 shmem:13423 pagetables:523 [ 468.383053][ T8301] sec_pagetables:0 bounce:0 [ 468.383053][ T8301] kernel_misc_reclaimable:0 [ 468.383053][ T8301] free:1343505 free_pcp:14478 free_cma:0 [ 468.443573][ T8301] Node 0 active_anon:64968kB inactive_anon:0kB active_file:53748kB inactive_file:159332kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98296kB dirty:1964kB writeback:0kB shmem:48656kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11252kB pagetables:2092kB sec_pagetables:0kB all_unreclaimable? no [ 468.524846][ T8301] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 468.571062][ T8301] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 468.618619][ T8301] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 468.626466][ T8301] Node 0 DMA32 free:1494716kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:55620kB inactive_anon:0kB active_file:53748kB inactive_file:158008kB unevictable:1536kB writepending:1964kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:21976kB local_pcp:4696kB free_cma:0kB [ 468.687579][ T8301] lowmem_reserve[]: 0 0 1 1 1 [ 468.695254][ T8301] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 468.756223][ T8301] lowmem_reserve[]: 0 0 0 0 0 [ 468.766476][ T8301] Node 1 Normal free:3893028kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20416kB local_pcp:8896kB free_cma:0kB [ 468.801526][ T8301] lowmem_reserve[]: 0 0 0 0 0 [ 468.806736][ T8301] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 468.870245][ T8301] Node 0 DMA32: 1649*4kB (UME) 1535*8kB (UME) 1052*16kB (UME) 1176*32kB (UME) 292*64kB (UME) 18*128kB (UME) 4*256kB (ME) 7*512kB (M) 4*1024kB (UME) 1*2048kB (E) 345*4096kB (M) = 1518204kB [ 468.915234][ T8320] FAULT_INJECTION: forcing a failure. [ 468.915234][ T8320] name failslab, interval 1, probability 0, space 0, times 0 [ 468.924408][ T8301] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB [ 468.928045][ T8320] CPU: 1 PID: 8320 Comm: syz.1.894 Not tainted syzkaller #0 [ 468.928054][ T8301] 0*4096kB [ 468.946231][ T8320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 468.956252][ T8301] = 12kB [ 468.959414][ T8320] Call Trace: [ 468.959425][ T8320] [ 468.962413][ T8301] Node 1 [ 468.965545][ T8320] dump_stack_lvl+0x16c/0x230 [ 468.968531][ T8301] Normal: [ 468.971405][ T8320] ? show_regs_print_info+0x20/0x20 [ 468.971432][ T8320] ? load_image+0x3b0/0x3b0 [ 468.988904][ T8320] ? __might_sleep+0xe0/0xe0 [ 468.993515][ T8320] ? __lock_acquire+0x7c80/0x7c80 [ 468.998554][ T8320] should_fail_ex+0x39d/0x4d0 [ 469.003254][ T8320] should_failslab+0x9/0x20 [ 469.007771][ T8320] slab_pre_alloc_hook+0x59/0x310 [ 469.012851][ T8320] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 469.018589][ T8320] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 469.024335][ T8320] __kmem_cache_alloc_node+0x53/0x260 [ 469.029997][ T8320] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 469.035743][ T8320] __kmalloc+0xa4/0x240 [ 469.039919][ T8320] tomoyo_realpath_from_path+0xe3/0x5d0 [ 469.045511][ T8320] tomoyo_path_number_perm+0x1ea/0x590 [ 469.050983][ T8320] ? tomoyo_path_number_perm+0x1ba/0x590 [ 469.056714][ T8320] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 469.062191][ T8320] ? ksys_write+0x1c1/0x250 [ 469.066732][ T8320] ? __fget_files+0x28/0x4d0 [ 469.071355][ T8320] security_file_ioctl+0x70/0xa0 [ 469.076310][ T8320] __se_sys_ioctl+0x48/0x170 [ 469.080919][ T8320] do_syscall_64+0x55/0xb0 [ 469.085439][ T8320] ? clear_bhb_loop+0x40/0x90 [ 469.090130][ T8320] ? clear_bhb_loop+0x40/0x90 [ 469.094883][ T8320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 469.100793][ T8320] RIP: 0033:0x7f0de718ebe9 [ 469.105219][ T8320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.125012][ T8320] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 469.133536][ T8320] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 469.141516][ T8320] RDX: 0000200000000000 RSI: 0000000000008b14 RDI: 0000000000000005 [ 469.149583][ T8320] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 469.157573][ T8320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 469.165807][ T8320] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 469.173799][ T8320] [ 469.190214][ T8320] ERROR: Out of memory at tomoyo_realpath_from_path. [ 469.198103][ T8301] 227*4kB (UME) 63*8kB (UME) 36*16kB (UME) 83*32kB (UME) 30*64kB (UE) 7*128kB (UME) 0*256kB 1*512kB (M) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3893028kB [ 469.289250][ T8301] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 469.309773][ T8301] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 469.345689][ T8301] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 469.382362][ T8301] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 469.391922][ T8301] 54719 total pagecache pages [ 469.396636][ T8301] 0 pages in swap cache [ 469.401134][ T8301] Free swap = 124996kB [ 469.405410][ T8301] Total swap = 124996kB [ 469.409595][ T8301] 2097051 pages RAM [ 469.418502][ T8301] 0 pages HighMem/MovableOnly [ 469.424008][ T8301] 416139 pages reserved [ 469.428274][ T8301] 0 pages cma reserved [ 470.087018][ T8345] netlink: 100 bytes leftover after parsing attributes in process `syz.3.903'. [ 470.508282][ T8333] FAULT_INJECTION: forcing a failure. [ 470.508282][ T8333] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 470.604005][ T8333] CPU: 1 PID: 8333 Comm: syz.1.900 Not tainted syzkaller #0 [ 470.611463][ T8333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 470.621637][ T8333] Call Trace: [ 470.624943][ T8333] [ 470.627894][ T8333] dump_stack_lvl+0x16c/0x230 [ 470.632606][ T8333] ? show_regs_print_info+0x20/0x20 [ 470.637831][ T8333] ? load_image+0x3b0/0x3b0 [ 470.642358][ T8333] ? __might_fault+0xaa/0x120 [ 470.647070][ T8333] ? __lock_acquire+0x7c80/0x7c80 [ 470.652212][ T8333] should_fail_ex+0x39d/0x4d0 [ 470.656928][ T8333] _copy_from_user+0x2f/0xe0 [ 470.661558][ T8333] ___sys_sendmsg+0x159/0x290 [ 470.666365][ T8333] ? __sys_sendmsg+0x270/0x270 [ 470.671189][ T8333] ? __lock_acquire+0x7c80/0x7c80 [ 470.676265][ T8333] __se_sys_sendmsg+0x1a5/0x270 [ 470.681170][ T8333] ? __x64_sys_sendmsg+0x80/0x80 [ 470.686245][ T8333] ? lockdep_hardirqs_on+0x98/0x150 [ 470.691485][ T8333] do_syscall_64+0x55/0xb0 [ 470.695925][ T8333] ? clear_bhb_loop+0x40/0x90 [ 470.700626][ T8333] ? clear_bhb_loop+0x40/0x90 [ 470.705325][ T8333] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 470.711255][ T8333] RIP: 0033:0x7f0de718ebe9 [ 470.715702][ T8333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.735343][ T8333] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 470.743863][ T8333] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 470.751845][ T8333] RDX: 0000000000000000 RSI: 0000200000000f40 RDI: 0000000000000005 [ 470.759823][ T8333] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 470.767984][ T8333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 470.776050][ T8333] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 470.784086][ T8333] [ 471.493595][ T8367] FAULT_INJECTION: forcing a failure. [ 471.493595][ T8367] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 471.507721][ T8367] CPU: 0 PID: 8367 Comm: syz.0.910 Not tainted syzkaller #0 [ 471.515145][ T8367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 471.525426][ T8367] Call Trace: [ 471.528749][ T8367] [ 471.531713][ T8367] dump_stack_lvl+0x16c/0x230 [ 471.536431][ T8367] ? show_regs_print_info+0x20/0x20 [ 471.541675][ T8367] ? load_image+0x3b0/0x3b0 [ 471.546216][ T8367] ? __might_fault+0xaa/0x120 [ 471.551085][ T8367] ? __lock_acquire+0x7c80/0x7c80 [ 471.556138][ T8367] should_fail_ex+0x39d/0x4d0 [ 471.560851][ T8367] _copy_from_user+0x2f/0xe0 [ 471.565454][ T8367] ___sys_sendmsg+0x159/0x290 [ 471.570168][ T8367] ? __sys_sendmsg+0x270/0x270 [ 471.574960][ T8367] ? __lock_acquire+0x7c80/0x7c80 [ 471.580019][ T8367] __se_sys_sendmsg+0x1a5/0x270 [ 471.584887][ T8367] ? __x64_sys_sendmsg+0x80/0x80 [ 471.589851][ T8367] ? lockdep_hardirqs_on+0x98/0x150 [ 471.595065][ T8367] do_syscall_64+0x55/0xb0 [ 471.599581][ T8367] ? clear_bhb_loop+0x40/0x90 [ 471.604544][ T8367] ? clear_bhb_loop+0x40/0x90 [ 471.609312][ T8367] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 471.615227][ T8367] RIP: 0033:0x7ff57358ebe9 [ 471.619651][ T8367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.639353][ T8367] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 471.647784][ T8367] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 471.655777][ T8367] RDX: 0000000004000004 RSI: 0000200000000340 RDI: 0000000000000003 [ 471.663841][ T8367] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 471.671819][ T8367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.679795][ T8367] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 471.687972][ T8367] [ 472.320930][ T8385] FAULT_INJECTION: forcing a failure. [ 472.320930][ T8385] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.381896][ T8385] CPU: 1 PID: 8385 Comm: syz.3.918 Not tainted syzkaller #0 [ 472.389339][ T8385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 472.399407][ T8385] Call Trace: [ 472.402731][ T8385] [ 472.405764][ T8385] dump_stack_lvl+0x16c/0x230 [ 472.410488][ T8385] ? show_regs_print_info+0x20/0x20 [ 472.415703][ T8385] ? load_image+0x3b0/0x3b0 [ 472.420316][ T8385] ? __might_fault+0xaa/0x120 [ 472.425005][ T8385] ? __lock_acquire+0x7c80/0x7c80 [ 472.430048][ T8385] should_fail_ex+0x39d/0x4d0 [ 472.434833][ T8385] _copy_from_user+0x2f/0xe0 [ 472.439531][ T8385] ___sys_sendmsg+0x159/0x290 [ 472.444234][ T8385] ? __sys_sendmsg+0x270/0x270 [ 472.449046][ T8385] ? __lock_acquire+0x7c80/0x7c80 [ 472.454117][ T8385] __se_sys_sendmsg+0x1a5/0x270 [ 472.458989][ T8385] ? __x64_sys_sendmsg+0x80/0x80 [ 472.463991][ T8385] ? lockdep_hardirqs_on+0x98/0x150 [ 472.469265][ T8385] do_syscall_64+0x55/0xb0 [ 472.473710][ T8385] ? clear_bhb_loop+0x40/0x90 [ 472.478413][ T8385] ? clear_bhb_loop+0x40/0x90 [ 472.483115][ T8385] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 472.489036][ T8385] RIP: 0033:0x7f55fed8ebe9 [ 472.493471][ T8385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.513223][ T8385] RSP: 002b:00007f55ffbea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 472.521663][ T8385] RAX: ffffffffffffffda RBX: 00007f55fefb5fa0 RCX: 00007f55fed8ebe9 [ 472.529825][ T8385] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000003 [ 472.537816][ T8385] RBP: 00007f55ffbea090 R08: 0000000000000000 R09: 0000000000000000 [ 472.545888][ T8385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.553964][ T8385] R13: 00007f55fefb6038 R14: 00007f55fefb5fa0 R15: 00007fff31a35af8 [ 472.562061][ T8385] [ 472.949620][ T8404] FAULT_INJECTION: forcing a failure. [ 472.949620][ T8404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.980100][ T8404] CPU: 1 PID: 8404 Comm: syz.2.926 Not tainted syzkaller #0 [ 472.987641][ T8404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 472.997735][ T8404] Call Trace: [ 473.001058][ T8404] [ 473.004127][ T8404] dump_stack_lvl+0x16c/0x230 [ 473.008925][ T8404] ? show_regs_print_info+0x20/0x20 [ 473.014142][ T8404] ? load_image+0x3b0/0x3b0 [ 473.018654][ T8404] ? __might_fault+0xaa/0x120 [ 473.023341][ T8404] ? __lock_acquire+0x7c80/0x7c80 [ 473.028385][ T8404] should_fail_ex+0x39d/0x4d0 [ 473.033100][ T8404] _copy_from_user+0x2f/0xe0 [ 473.037700][ T8404] __sys_bpf+0x1e9/0x800 [ 473.041953][ T8404] ? bpf_link_show_fdinfo+0x350/0x350 [ 473.047345][ T8404] ? lock_chain_count+0x20/0x20 [ 473.052208][ T8404] __x64_sys_bpf+0x7c/0x90 [ 473.056632][ T8404] do_syscall_64+0x55/0xb0 [ 473.061059][ T8404] ? clear_bhb_loop+0x40/0x90 [ 473.065745][ T8404] ? clear_bhb_loop+0x40/0x90 [ 473.070429][ T8404] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.076332][ T8404] RIP: 0033:0x7f5942f8ebe9 [ 473.080759][ T8404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.100376][ T8404] RSP: 002b:00007f5943eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 473.108895][ T8404] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 473.116879][ T8404] RDX: 0000000000000094 RSI: 0000200000000600 RDI: 0000000000000005 [ 473.125089][ T8404] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 473.133167][ T8404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 473.141234][ T8404] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 473.149227][ T8404] [ 473.228568][ T8412] netlink: 60 bytes leftover after parsing attributes in process `syz.3.927'. [ 473.249915][ T8412] netlink: 60 bytes leftover after parsing attributes in process `syz.3.927'. [ 473.267697][ T8406] netlink: 60 bytes leftover after parsing attributes in process `syz.3.927'. [ 473.440837][ T8421] FAULT_INJECTION: forcing a failure. [ 473.440837][ T8421] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 473.491378][ T8421] CPU: 1 PID: 8421 Comm: syz.0.933 Not tainted syzkaller #0 [ 473.498757][ T8421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 473.509125][ T8421] Call Trace: [ 473.512458][ T8421] [ 473.515441][ T8421] dump_stack_lvl+0x16c/0x230 [ 473.520182][ T8421] ? show_regs_print_info+0x20/0x20 [ 473.525709][ T8421] ? load_image+0x3b0/0x3b0 [ 473.530383][ T8421] ? __might_fault+0xaa/0x120 [ 473.535101][ T8421] ? __lock_acquire+0x7c80/0x7c80 [ 473.540272][ T8421] should_fail_ex+0x39d/0x4d0 [ 473.545095][ T8421] _copy_from_user+0x2f/0xe0 [ 473.549718][ T8421] ___sys_sendmsg+0x159/0x290 [ 473.554432][ T8421] ? __sys_sendmsg+0x270/0x270 [ 473.559345][ T8421] ? __lock_acquire+0x7c80/0x7c80 [ 473.564523][ T8421] __se_sys_sendmsg+0x1a5/0x270 [ 473.569592][ T8421] ? __x64_sys_sendmsg+0x80/0x80 [ 473.574580][ T8421] ? lockdep_hardirqs_on+0x98/0x150 [ 473.579807][ T8421] do_syscall_64+0x55/0xb0 [ 473.584240][ T8421] ? clear_bhb_loop+0x40/0x90 [ 473.588959][ T8421] ? clear_bhb_loop+0x40/0x90 [ 473.593683][ T8421] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 473.599620][ T8421] RIP: 0033:0x7ff57358ebe9 [ 473.604064][ T8421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.623701][ T8421] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 473.632165][ T8421] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 473.640365][ T8421] RDX: 00000000000003e8 RSI: 0000200000000300 RDI: 0000000000000006 [ 473.650176][ T8421] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 473.658184][ T8421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 473.666176][ T8421] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 473.674193][ T8421] [ 473.738550][ T8427] validate_nla: 2 callbacks suppressed [ 473.738565][ T8427] netlink: 'syz.3.935': attribute type 11 has an invalid length. [ 473.753417][ T8427] netlink: 132 bytes leftover after parsing attributes in process `syz.3.935'. [ 474.072838][ T8433] syz.0.938[8433] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 474.073099][ T8433] syz.0.938[8433] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 474.412627][ T8435] FAULT_INJECTION: forcing a failure. [ 474.412627][ T8435] name failslab, interval 1, probability 0, space 0, times 0 [ 474.510517][ T8435] CPU: 0 PID: 8435 Comm: syz.2.940 Not tainted syzkaller #0 [ 474.517899][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 474.527985][ T8435] Call Trace: [ 474.531294][ T8435] [ 474.534338][ T8435] dump_stack_lvl+0x16c/0x230 [ 474.539060][ T8435] ? show_regs_print_info+0x20/0x20 [ 474.544319][ T8435] ? load_image+0x3b0/0x3b0 [ 474.548880][ T8435] ? __might_sleep+0xe0/0xe0 [ 474.553534][ T8435] ? __lock_acquire+0x7c80/0x7c80 [ 474.558703][ T8435] should_fail_ex+0x39d/0x4d0 [ 474.563430][ T8435] should_failslab+0x9/0x20 [ 474.567969][ T8435] slab_pre_alloc_hook+0x59/0x310 [ 474.573122][ T8435] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 474.578886][ T8435] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 474.584643][ T8435] __kmem_cache_alloc_node+0x53/0x260 [ 474.590062][ T8435] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 474.595816][ T8435] __kmalloc+0xa4/0x240 [ 474.600286][ T8435] tomoyo_realpath_from_path+0xe3/0x5d0 [ 474.605979][ T8435] tomoyo_path_number_perm+0x1ea/0x590 [ 474.611469][ T8435] ? tomoyo_path_number_perm+0x1ba/0x590 [ 474.617150][ T8435] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 474.622650][ T8435] ? hrtimer_interrupt+0x81b/0x9c0 [ 474.627885][ T8435] ? ktime_get+0x7f/0x280 [ 474.632303][ T8435] ? __fget_files+0x28/0x4d0 [ 474.637037][ T8435] security_file_ioctl+0x70/0xa0 [ 474.642015][ T8435] __se_sys_ioctl+0x48/0x170 [ 474.646642][ T8435] do_syscall_64+0x55/0xb0 [ 474.651090][ T8435] ? clear_bhb_loop+0x40/0x90 [ 474.655792][ T8435] ? clear_bhb_loop+0x40/0x90 [ 474.660507][ T8435] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 474.666437][ T8435] RIP: 0033:0x7f5942f8ebe9 [ 474.670894][ T8435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.690711][ T8435] RSP: 002b:00007f5943eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 474.699162][ T8435] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 474.707172][ T8435] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000034 [ 474.715281][ T8435] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 474.723287][ T8435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 474.731404][ T8435] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 474.739405][ T8435] [ 475.009213][ T8435] ERROR: Out of memory at tomoyo_realpath_from_path. [ 475.786224][ T8458] netlink: 'syz.2.947': attribute type 10 has an invalid length. [ 476.488293][ T8469] FAULT_INJECTION: forcing a failure. [ 476.488293][ T8469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 476.515192][ T8469] CPU: 0 PID: 8469 Comm: syz.0.950 Not tainted syzkaller #0 [ 476.522616][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 476.532768][ T8469] Call Trace: [ 476.536095][ T8469] [ 476.539234][ T8469] dump_stack_lvl+0x16c/0x230 [ 476.544042][ T8469] ? show_regs_print_info+0x20/0x20 [ 476.549279][ T8469] ? load_image+0x3b0/0x3b0 [ 476.553795][ T8469] ? __might_fault+0xaa/0x120 [ 476.558579][ T8469] ? __lock_acquire+0x7c80/0x7c80 [ 476.563713][ T8469] should_fail_ex+0x39d/0x4d0 [ 476.568444][ T8469] _copy_from_user+0x2f/0xe0 [ 476.573155][ T8469] ___sys_recvmsg+0x12f/0x510 [ 476.577964][ T8469] ? __sys_recvmsg+0x270/0x270 [ 476.582752][ T8469] ? ksys_write+0x1c1/0x250 [ 476.587284][ T8469] ? __fget_files+0x44a/0x4d0 [ 476.591986][ T8469] __x64_sys_recvmsg+0x1f2/0x2c0 [ 476.596974][ T8469] ? ___sys_recvmsg+0x510/0x510 [ 476.601880][ T8469] ? lockdep_hardirqs_on+0x98/0x150 [ 476.607118][ T8469] do_syscall_64+0x55/0xb0 [ 476.611643][ T8469] ? clear_bhb_loop+0x40/0x90 [ 476.616330][ T8469] ? clear_bhb_loop+0x40/0x90 [ 476.621021][ T8469] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 476.626928][ T8469] RIP: 0033:0x7ff57358ebe9 [ 476.631357][ T8469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.651146][ T8469] RSP: 002b:00007ff5743ea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 476.659666][ T8469] RAX: ffffffffffffffda RBX: 00007ff5737b6090 RCX: 00007ff57358ebe9 [ 476.667654][ T8469] RDX: 0000000000010002 RSI: 0000200000000580 RDI: 0000000000000004 [ 476.675641][ T8469] RBP: 00007ff5743ea090 R08: 0000000000000000 R09: 0000000000000000 [ 476.683797][ T8469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 476.691979][ T8469] R13: 00007ff5737b6128 R14: 00007ff5737b6090 R15: 00007ffdd4f06e78 [ 476.700065][ T8469] [ 478.251355][ T8493] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.959'. [ 478.546400][ T8491] FAULT_INJECTION: forcing a failure. [ 478.546400][ T8491] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 478.611263][ T8491] CPU: 1 PID: 8491 Comm: syz.2.957 Not tainted syzkaller #0 [ 478.618740][ T8491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 478.629022][ T8491] Call Trace: [ 478.632437][ T8491] [ 478.635407][ T8491] dump_stack_lvl+0x16c/0x230 [ 478.640150][ T8491] ? show_regs_print_info+0x20/0x20 [ 478.645411][ T8491] ? load_image+0x3b0/0x3b0 [ 478.650067][ T8491] ? __lock_acquire+0x7c80/0x7c80 [ 478.655162][ T8491] ? snprintf+0xdb/0x120 [ 478.659486][ T8491] should_fail_ex+0x39d/0x4d0 [ 478.664253][ T8491] _copy_to_user+0x2f/0xa0 [ 478.668739][ T8491] simple_read_from_buffer+0xe7/0x150 [ 478.674193][ T8491] proc_fail_nth_read+0x1e3/0x250 [ 478.679294][ T8491] ? proc_fault_inject_write+0x340/0x340 [ 478.684992][ T8491] ? fsnotify_perm+0x271/0x5e0 [ 478.689911][ T8491] ? proc_fault_inject_write+0x340/0x340 [ 478.695592][ T8491] vfs_read+0x27e/0x920 [ 478.699825][ T8491] ? kernel_read+0x1e0/0x1e0 [ 478.704485][ T8491] ? __fget_files+0x28/0x4d0 [ 478.709164][ T8491] ? __fget_files+0x44a/0x4d0 [ 478.713932][ T8491] ? __fdget_pos+0x2a3/0x330 [ 478.718570][ T8491] ? ksys_read+0x75/0x250 [ 478.722963][ T8491] ksys_read+0x147/0x250 [ 478.727279][ T8491] ? vfs_write+0x940/0x940 [ 478.731757][ T8491] ? lockdep_hardirqs_on+0x98/0x150 [ 478.737027][ T8491] do_syscall_64+0x55/0xb0 [ 478.741495][ T8491] ? clear_bhb_loop+0x40/0x90 [ 478.746229][ T8491] ? clear_bhb_loop+0x40/0x90 [ 478.750950][ T8491] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 478.756900][ T8491] RIP: 0033:0x7f5942f8d5fc [ 478.761356][ T8491] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 478.781026][ T8491] RSP: 002b:00007f5943e8d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 478.789488][ T8491] RAX: ffffffffffffffda RBX: 00007f59431b6090 RCX: 00007f5942f8d5fc [ 478.797587][ T8491] RDX: 000000000000000f RSI: 00007f5943e8d0a0 RDI: 000000000000002d [ 478.805686][ T8491] RBP: 00007f5943e8d090 R08: 0000000000000000 R09: 0000000000000000 [ 478.813698][ T8491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 478.821704][ T8491] R13: 00007f59431b6128 R14: 00007f59431b6090 R15: 00007ffe91aa6628 [ 478.829751][ T8491] [ 479.184242][ T8501] netlink: 'syz.1.963': attribute type 10 has an invalid length. [ 479.193249][ T8501] netlink: 55 bytes leftover after parsing attributes in process `syz.1.963'. [ 479.773606][ T8507] netlink: 'syz.1.963': attribute type 10 has an invalid length. [ 480.082888][ T8523] FAULT_INJECTION: forcing a failure. [ 480.082888][ T8523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 480.105866][ T8523] CPU: 0 PID: 8523 Comm: syz.1.969 Not tainted syzkaller #0 [ 480.113225][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 480.123324][ T8523] Call Trace: [ 480.126657][ T8523] [ 480.129595][ T8523] dump_stack_lvl+0x16c/0x230 [ 480.134292][ T8523] ? show_regs_print_info+0x20/0x20 [ 480.139506][ T8523] ? load_image+0x3b0/0x3b0 [ 480.144021][ T8523] ? __might_fault+0xaa/0x120 [ 480.148724][ T8523] ? __lock_acquire+0x7c80/0x7c80 [ 480.153854][ T8523] should_fail_ex+0x39d/0x4d0 [ 480.158632][ T8523] _copy_from_user+0x2f/0xe0 [ 480.163262][ T8523] __sys_bpf+0x1e9/0x800 [ 480.167537][ T8523] ? bpf_link_show_fdinfo+0x350/0x350 [ 480.172940][ T8523] ? lock_chain_count+0x20/0x20 [ 480.177810][ T8523] __x64_sys_bpf+0x7c/0x90 [ 480.182239][ T8523] do_syscall_64+0x55/0xb0 [ 480.186679][ T8523] ? clear_bhb_loop+0x40/0x90 [ 480.191361][ T8523] ? clear_bhb_loop+0x40/0x90 [ 480.196043][ T8523] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 480.201973][ T8523] RIP: 0033:0x7f0de718ebe9 [ 480.206414][ T8523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.226112][ T8523] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 480.234625][ T8523] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 480.242705][ T8523] RDX: 0000000000000040 RSI: 0000200000000240 RDI: 000000000000001c [ 480.250771][ T8523] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 480.258746][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 480.266899][ T8523] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 480.274919][ T8523] [ 480.538425][ T8527] netlink: 'syz.2.970': attribute type 10 has an invalid length. [ 480.598641][ T8527] team0: Port device wlan1 added [ 480.615537][ T8526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 481.267974][ T8537] netlink: 'syz.1.972': attribute type 22 has an invalid length. [ 481.306752][ T8537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.972'. [ 482.336125][ T8555] FAULT_INJECTION: forcing a failure. [ 482.336125][ T8555] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 482.380193][ T8555] CPU: 0 PID: 8555 Comm: syz.0.979 Not tainted syzkaller #0 [ 482.387573][ T8555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 482.397674][ T8555] Call Trace: [ 482.400991][ T8555] [ 482.403959][ T8555] dump_stack_lvl+0x16c/0x230 [ 482.408776][ T8555] ? show_regs_print_info+0x20/0x20 [ 482.414015][ T8555] ? load_image+0x3b0/0x3b0 [ 482.418571][ T8555] ? __might_fault+0xaa/0x120 [ 482.423322][ T8555] ? __lock_acquire+0x7c80/0x7c80 [ 482.428456][ T8555] should_fail_ex+0x39d/0x4d0 [ 482.433154][ T8555] _copy_from_user+0x2f/0xe0 [ 482.437756][ T8555] ___sys_sendmsg+0x159/0x290 [ 482.442541][ T8555] ? __sys_sendmsg+0x270/0x270 [ 482.447332][ T8555] ? __lock_acquire+0x7c80/0x7c80 [ 482.452491][ T8555] __se_sys_sendmsg+0x1a5/0x270 [ 482.457364][ T8555] ? __x64_sys_sendmsg+0x80/0x80 [ 482.462346][ T8555] ? lockdep_hardirqs_on+0x98/0x150 [ 482.467559][ T8555] do_syscall_64+0x55/0xb0 [ 482.471985][ T8555] ? clear_bhb_loop+0x40/0x90 [ 482.476667][ T8555] ? clear_bhb_loop+0x40/0x90 [ 482.481362][ T8555] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 482.487296][ T8555] RIP: 0033:0x7ff57358ebe9 [ 482.491774][ T8555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.511586][ T8555] RSP: 002b:00007ff5743c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 482.520025][ T8555] RAX: ffffffffffffffda RBX: 00007ff5737b6180 RCX: 00007ff57358ebe9 [ 482.528091][ T8555] RDX: 0000000004000040 RSI: 0000200000000200 RDI: 0000000000000003 [ 482.536066][ T8555] RBP: 00007ff5743c9090 R08: 0000000000000000 R09: 0000000000000000 [ 482.544131][ T8555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 482.552132][ T8555] R13: 00007ff5737b6218 R14: 00007ff5737b6180 R15: 00007ffdd4f06e78 [ 482.560153][ T8555] [ 483.056661][ T8567] FAULT_INJECTION: forcing a failure. [ 483.056661][ T8567] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.110182][ T8567] CPU: 0 PID: 8567 Comm: syz.2.982 Not tainted syzkaller #0 [ 483.117923][ T8567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 483.128138][ T8567] Call Trace: [ 483.131485][ T8567] [ 483.134479][ T8567] dump_stack_lvl+0x16c/0x230 [ 483.139259][ T8567] ? show_regs_print_info+0x20/0x20 [ 483.144541][ T8567] ? load_image+0x3b0/0x3b0 [ 483.149124][ T8567] ? __might_fault+0xaa/0x120 [ 483.153875][ T8567] ? __lock_acquire+0x7c80/0x7c80 [ 483.158970][ T8567] ? perf_trace_lock+0xf7/0x380 [ 483.163999][ T8567] should_fail_ex+0x39d/0x4d0 [ 483.168785][ T8567] _copy_from_user+0x2f/0xe0 [ 483.173492][ T8567] ___sys_sendmsg+0x159/0x290 [ 483.178279][ T8567] ? __sys_sendmsg+0x270/0x270 [ 483.183468][ T8567] ? __lock_acquire+0x7c80/0x7c80 [ 483.188687][ T8567] __se_sys_sendmsg+0x1a5/0x270 [ 483.193629][ T8567] ? __x64_sys_sendmsg+0x80/0x80 [ 483.198713][ T8567] ? lockdep_hardirqs_on+0x98/0x150 [ 483.204010][ T8567] do_syscall_64+0x55/0xb0 [ 483.208512][ T8567] ? clear_bhb_loop+0x40/0x90 [ 483.213270][ T8567] ? clear_bhb_loop+0x40/0x90 [ 483.218125][ T8567] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 483.224105][ T8567] RIP: 0033:0x7f5942f8ebe9 [ 483.228766][ T8567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.248446][ T8567] RSP: 002b:00007f5943e8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 483.257235][ T8567] RAX: ffffffffffffffda RBX: 00007f59431b6090 RCX: 00007f5942f8ebe9 [ 483.265453][ T8567] RDX: 00000000000003e8 RSI: 0000200000000300 RDI: 0000000000000003 [ 483.273669][ T8567] RBP: 00007f5943e8d090 R08: 0000000000000000 R09: 0000000000000000 [ 483.281721][ T8567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.289767][ T8567] R13: 00007f59431b6128 R14: 00007f59431b6090 R15: 00007ffe91aa6628 [ 483.297975][ T8567] [ 483.585248][ T8568] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 483.686480][ T8561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.981'. [ 483.746803][ T8573] syzkaller0: entered allmulticast mode [ 484.007969][ T8583] FAULT_INJECTION: forcing a failure. [ 484.007969][ T8583] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 484.035447][ T8583] CPU: 1 PID: 8583 Comm: syz.0.990 Not tainted syzkaller #0 [ 484.042828][ T8583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 484.053024][ T8583] Call Trace: [ 484.056349][ T8583] [ 484.059324][ T8583] dump_stack_lvl+0x16c/0x230 [ 484.064078][ T8583] ? show_regs_print_info+0x20/0x20 [ 484.069344][ T8583] ? load_image+0x3b0/0x3b0 [ 484.073913][ T8583] ? __might_fault+0xaa/0x120 [ 484.078820][ T8583] ? __lock_acquire+0x7c80/0x7c80 [ 484.083913][ T8583] should_fail_ex+0x39d/0x4d0 [ 484.088661][ T8583] _copy_from_user+0x2f/0xe0 [ 484.093312][ T8583] ___sys_sendmsg+0x159/0x290 [ 484.098053][ T8583] ? __sys_sendmsg+0x270/0x270 [ 484.102929][ T8583] ? __lock_acquire+0x7c80/0x7c80 [ 484.108078][ T8583] __se_sys_sendmsg+0x1a5/0x270 [ 484.113092][ T8583] ? __x64_sys_sendmsg+0x80/0x80 [ 484.118127][ T8583] ? lockdep_hardirqs_on+0x98/0x150 [ 484.123392][ T8583] do_syscall_64+0x55/0xb0 [ 484.127862][ T8583] ? clear_bhb_loop+0x40/0x90 [ 484.132592][ T8583] ? clear_bhb_loop+0x40/0x90 [ 484.137320][ T8583] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 484.143359][ T8583] RIP: 0033:0x7ff57358ebe9 [ 484.147821][ T8583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.167916][ T8583] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 484.176426][ T8583] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 484.184435][ T8583] RDX: 0000000000040000 RSI: 0000200000000140 RDI: 000000000000000b [ 484.192612][ T8583] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 484.200694][ T8583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.208677][ T8583] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 484.216689][ T8583] [ 484.477641][ T8588] netlink: 'syz.1.991': attribute type 39 has an invalid length. [ 484.673914][ T8590] syzkaller0: entered allmulticast mode [ 485.695386][ T8611] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1000'. [ 485.760391][ T8612] netlink: 'syz.1.999': attribute type 10 has an invalid length. [ 485.770280][ T8611] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 485.846516][ T8612] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.855167][ T8612] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.938276][ T8612] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.945579][ T8612] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.953215][ T8612] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.960473][ T8612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 485.979360][ T8615] FAULT_INJECTION: forcing a failure. [ 485.979360][ T8615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 486.029483][ T8615] CPU: 0 PID: 8615 Comm: syz.0.1001 Not tainted syzkaller #0 [ 486.033338][ T8612] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 486.036930][ T8615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 486.036947][ T8615] Call Trace: [ 486.059149][ T8615] [ 486.062135][ T8615] dump_stack_lvl+0x16c/0x230 [ 486.066873][ T8615] ? show_regs_print_info+0x20/0x20 [ 486.072123][ T8615] ? load_image+0x3b0/0x3b0 [ 486.076678][ T8615] ? __might_fault+0xaa/0x120 [ 486.081404][ T8615] ? __lock_acquire+0x7c80/0x7c80 [ 486.086466][ T8615] ? perf_trace_lock+0xf7/0x380 [ 486.091371][ T8615] should_fail_ex+0x39d/0x4d0 [ 486.096107][ T8615] _copy_from_user+0x2f/0xe0 [ 486.100737][ T8615] ___sys_sendmsg+0x159/0x290 [ 486.105561][ T8615] ? __sys_sendmsg+0x270/0x270 [ 486.110412][ T8615] ? __lock_acquire+0x7c80/0x7c80 [ 486.115643][ T8615] __se_sys_sendmsg+0x1a5/0x270 [ 486.120560][ T8615] ? __x64_sys_sendmsg+0x80/0x80 [ 486.125582][ T8615] ? lockdep_hardirqs_on+0x98/0x150 [ 486.130945][ T8615] do_syscall_64+0x55/0xb0 [ 486.135469][ T8615] ? clear_bhb_loop+0x40/0x90 [ 486.140199][ T8615] ? clear_bhb_loop+0x40/0x90 [ 486.144925][ T8615] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 486.150965][ T8615] RIP: 0033:0x7ff57358ebe9 [ 486.155421][ T8615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 486.175072][ T8615] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 486.183537][ T8615] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 486.191741][ T8615] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 486.199759][ T8615] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 486.207779][ T8615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 486.215791][ T8615] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 486.223825][ T8615] [ 486.474887][ T8625] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.1004'. [ 486.486340][ T8625] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.1004'. [ 487.202177][ T8642] FAULT_INJECTION: forcing a failure. [ 487.202177][ T8642] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.279055][ T8642] CPU: 1 PID: 8642 Comm: syz.0.1012 Not tainted syzkaller #0 [ 487.286513][ T8642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 487.296607][ T8642] Call Trace: [ 487.299919][ T8642] [ 487.302874][ T8642] dump_stack_lvl+0x16c/0x230 [ 487.307599][ T8642] ? show_regs_print_info+0x20/0x20 [ 487.312834][ T8642] ? load_image+0x3b0/0x3b0 [ 487.317372][ T8642] ? __might_fault+0xaa/0x120 [ 487.322089][ T8642] ? __lock_acquire+0x7c80/0x7c80 [ 487.327147][ T8642] should_fail_ex+0x39d/0x4d0 [ 487.331872][ T8642] _copy_from_user+0x2f/0xe0 [ 487.336505][ T8642] ___sys_sendmsg+0x159/0x290 [ 487.341199][ T8642] ? __sys_sendmsg+0x270/0x270 [ 487.345992][ T8642] ? __lock_acquire+0x7c80/0x7c80 [ 487.351076][ T8642] __se_sys_sendmsg+0x1a5/0x270 [ 487.355965][ T8642] ? __x64_sys_sendmsg+0x80/0x80 [ 487.360966][ T8642] ? lockdep_hardirqs_on+0x98/0x150 [ 487.366197][ T8642] do_syscall_64+0x55/0xb0 [ 487.370629][ T8642] ? clear_bhb_loop+0x40/0x90 [ 487.375323][ T8642] ? clear_bhb_loop+0x40/0x90 [ 487.380014][ T8642] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 487.386020][ T8642] RIP: 0033:0x7ff57358ebe9 [ 487.390475][ T8642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.410096][ T8642] RSP: 002b:00007ff57440b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 487.418604][ T8642] RAX: ffffffffffffffda RBX: 00007ff5737b5fa0 RCX: 00007ff57358ebe9 [ 487.426582][ T8642] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000004 [ 487.434574][ T8642] RBP: 00007ff57440b090 R08: 0000000000000000 R09: 0000000000000000 [ 487.442554][ T8642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.450532][ T8642] R13: 00007ff5737b6038 R14: 00007ff5737b5fa0 R15: 00007ffdd4f06e78 [ 487.458532][ T8642] [ 487.971323][ T8653] netlink: 'syz.3.1014': attribute type 21 has an invalid length. [ 488.343801][ T8666] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.1021'. [ 488.377397][ T8666] netlink: 16126 bytes leftover after parsing attributes in process `syz.2.1021'. [ 489.006014][ T8682] FAULT_INJECTION: forcing a failure. [ 489.006014][ T8682] name failslab, interval 1, probability 0, space 0, times 0 [ 489.051481][ T8682] CPU: 0 PID: 8682 Comm: syz.2.1025 Not tainted syzkaller #0 [ 489.059038][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 489.069132][ T8682] Call Trace: [ 489.072426][ T8682] [ 489.075369][ T8682] dump_stack_lvl+0x16c/0x230 [ 489.080076][ T8682] ? show_regs_print_info+0x20/0x20 [ 489.085291][ T8682] ? load_image+0x3b0/0x3b0 [ 489.089831][ T8682] ? __might_sleep+0xe0/0xe0 [ 489.094489][ T8682] ? __lock_acquire+0x7c80/0x7c80 [ 489.099637][ T8682] should_fail_ex+0x39d/0x4d0 [ 489.104349][ T8682] should_failslab+0x9/0x20 [ 489.108883][ T8682] slab_pre_alloc_hook+0x59/0x310 [ 489.113932][ T8682] ? kernfs_fop_write_iter+0x159/0x4d0 [ 489.119506][ T8682] ? kernfs_fop_write_iter+0x159/0x4d0 [ 489.125420][ T8682] __kmem_cache_alloc_node+0x53/0x260 [ 489.130813][ T8682] ? kernfs_fop_write_iter+0x159/0x4d0 [ 489.136292][ T8682] __kmalloc+0xa4/0x240 [ 489.140473][ T8682] kernfs_fop_write_iter+0x159/0x4d0 [ 489.145870][ T8682] vfs_write+0x43b/0x940 [ 489.150138][ T8682] ? file_end_write+0x250/0x250 [ 489.155038][ T8682] ? __fget_files+0x44a/0x4d0 [ 489.159764][ T8682] ? __fdget_pos+0x2a3/0x330 [ 489.164370][ T8682] ? ksys_write+0x75/0x250 [ 489.168804][ T8682] ksys_write+0x147/0x250 [ 489.173152][ T8682] ? __ia32_sys_read+0x90/0x90 [ 489.177933][ T8682] ? lockdep_hardirqs_on+0x98/0x150 [ 489.183241][ T8682] do_syscall_64+0x55/0xb0 [ 489.187669][ T8682] ? clear_bhb_loop+0x40/0x90 [ 489.192357][ T8682] ? clear_bhb_loop+0x40/0x90 [ 489.197132][ T8682] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 489.203040][ T8682] RIP: 0033:0x7f5942f8ebe9 [ 489.207499][ T8682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.227206][ T8682] RSP: 002b:00007f5943eae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 489.235730][ T8682] RAX: ffffffffffffffda RBX: 00007f59431b5fa0 RCX: 00007f5942f8ebe9 [ 489.243714][ T8682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 489.251800][ T8682] RBP: 00007f5943eae090 R08: 0000000000000000 R09: 0000000000000000 [ 489.259864][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.267950][ T8682] R13: 00007f59431b6038 R14: 00007f59431b5fa0 R15: 00007ffe91aa6628 [ 489.275984][ T8682] [ 489.663439][ T8691] netlink: 'syz.1.1028': attribute type 10 has an invalid length. [ 489.681882][ T8691] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1028'. [ 490.505512][ T8704] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.1035'. [ 490.525596][ T8704] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.1035'. [ 491.132969][ T8716] FAULT_INJECTION: forcing a failure. [ 491.132969][ T8716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 491.173663][ T8716] CPU: 1 PID: 8716 Comm: syz.2.1036 Not tainted syzkaller #0 [ 491.181125][ T8716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 491.191223][ T8716] Call Trace: [ 491.194537][ T8716] [ 491.197505][ T8716] dump_stack_lvl+0x16c/0x230 [ 491.202343][ T8716] ? show_regs_print_info+0x20/0x20 [ 491.207585][ T8716] ? load_image+0x3b0/0x3b0 [ 491.212129][ T8716] ? __might_fault+0xaa/0x120 [ 491.216842][ T8716] ? __lock_acquire+0x7c80/0x7c80 [ 491.222018][ T8716] should_fail_ex+0x39d/0x4d0 [ 491.226836][ T8716] _copy_from_user+0x2f/0xe0 [ 491.231479][ T8716] ___sys_sendmsg+0x159/0x290 [ 491.236197][ T8716] ? __sys_sendmsg+0x270/0x270 [ 491.241109][ T8716] ? __lock_acquire+0x7c80/0x7c80 [ 491.246208][ T8716] __se_sys_sendmsg+0x1a5/0x270 [ 491.251104][ T8716] ? __x64_sys_sendmsg+0x80/0x80 [ 491.256072][ T8716] ? lockdep_hardirqs_on+0x98/0x150 [ 491.261333][ T8716] do_syscall_64+0x55/0xb0 [ 491.265766][ T8716] ? clear_bhb_loop+0x40/0x90 [ 491.270461][ T8716] ? clear_bhb_loop+0x40/0x90 [ 491.276207][ T8716] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 491.282122][ T8716] RIP: 0033:0x7f5942f8ebe9 [ 491.286720][ T8716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.306424][ T8716] RSP: 002b:00007f5943e8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 491.314853][ T8716] RAX: ffffffffffffffda RBX: 00007f59431b6090 RCX: 00007f5942f8ebe9 [ 491.322861][ T8716] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 000000000000000d [ 491.330951][ T8716] RBP: 00007f5943e8d090 R08: 0000000000000000 R09: 0000000000000000 [ 491.338944][ T8716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.346926][ T8716] R13: 00007f59431b6128 R14: 00007f59431b6090 R15: 00007ffe91aa6628 [ 491.354919][ T8716] [ 492.328626][ T8749] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.1050'. [ 492.372109][ T8749] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1050'. [ 492.796518][ T8763] FAULT_INJECTION: forcing a failure. [ 492.796518][ T8763] name failslab, interval 1, probability 0, space 0, times 0 [ 492.809235][ T8763] CPU: 1 PID: 8763 Comm: syz.1.1055 Not tainted syzkaller #0 [ 492.816640][ T8763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 492.826741][ T8763] Call Trace: [ 492.830050][ T8763] [ 492.833022][ T8763] dump_stack_lvl+0x16c/0x230 [ 492.837837][ T8763] ? show_regs_print_info+0x20/0x20 [ 492.843080][ T8763] ? load_image+0x3b0/0x3b0 [ 492.847629][ T8763] ? __might_sleep+0xe0/0xe0 [ 492.852262][ T8763] ? __lock_acquire+0x7c80/0x7c80 [ 492.857355][ T8763] should_fail_ex+0x39d/0x4d0 [ 492.862085][ T8763] should_failslab+0x9/0x20 [ 492.866605][ T8763] slab_pre_alloc_hook+0x59/0x310 [ 492.871646][ T8763] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 492.877385][ T8763] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 492.883209][ T8763] __kmem_cache_alloc_node+0x53/0x260 [ 492.888601][ T8763] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 492.894345][ T8763] __kmalloc+0xa4/0x240 [ 492.898528][ T8763] tomoyo_realpath_from_path+0xe3/0x5d0 [ 492.904201][ T8763] tomoyo_path_number_perm+0x1ea/0x590 [ 492.909759][ T8763] ? tomoyo_path_number_perm+0x1ba/0x590 [ 492.915493][ T8763] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 492.920967][ T8763] ? ksys_write+0x1c1/0x250 [ 492.925521][ T8763] ? __fget_files+0x28/0x4d0 [ 492.930138][ T8763] security_file_ioctl+0x70/0xa0 [ 492.935095][ T8763] __se_sys_ioctl+0x48/0x170 [ 492.939784][ T8763] do_syscall_64+0x55/0xb0 [ 492.944212][ T8763] ? clear_bhb_loop+0x40/0x90 [ 492.948894][ T8763] ? clear_bhb_loop+0x40/0x90 [ 492.953611][ T8763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 492.959610][ T8763] RIP: 0033:0x7f0de718ebe9 [ 492.964041][ T8763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.983768][ T8763] RSP: 002b:00007f0de7ff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 492.992195][ T8763] RAX: ffffffffffffffda RBX: 00007f0de73b5fa0 RCX: 00007f0de718ebe9 [ 493.000264][ T8763] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000007 [ 493.008331][ T8763] RBP: 00007f0de7ff9090 R08: 0000000000000000 R09: 0000000000000000 [ 493.016314][ T8763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 493.024380][ T8763] R13: 00007f0de73b6038 R14: 00007f0de73b5fa0 R15: 00007ffc29bd3ad8 [ 493.032379][ T8763] [ 493.043613][ T8763] ERROR: Out of memory at tomoyo_realpath_from_path. [ 493.996208][ T8795] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1065'. [ 494.020881][ T8795] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1065'. [ 494.047729][ T8795] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1065'. [ 494.324920][ T8799] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.1067'. [ 494.355938][ T8799] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.1067'. [ 495.231493][ T8829] FAULT_INJECTION: forcing a failure. [ 495.231493][ T8829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 495.270111][ T8829] CPU: 0 PID: 8829 Comm: syz.3.1078 Not tainted syzkaller #0 [ 495.277602][ T8829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 495.287820][ T8829] Call Trace: [ 495.291163][ T8829] [ 495.294157][ T8829] dump_stack_lvl+0x16c/0x230 [ 495.298924][ T8829] ? show_regs_print_info+0x20/0x20 [ 495.304183][ T8829] ? load_image+0x3b0/0x3b0 [ 495.308732][ T8829] ? __lock_acquire+0x7c80/0x7c80 [ 495.313799][ T8829] ? snprintf+0xdb/0x120 [ 495.318175][ T8829] should_fail_ex+0x39d/0x4d0 [ 495.322920][ T8829] _copy_to_user+0x2f/0xa0 [ 495.327463][ T8829] simple_read_from_buffer+0xe7/0x150 [ 495.332887][ T8829] proc_fail_nth_read+0x1e3/0x250 [ 495.337956][ T8829] ? proc_fault_inject_write+0x340/0x340 [ 495.343639][ T8829] ? fsnotify_perm+0x271/0x5e0 [ 495.348539][ T8829] ? proc_fault_inject_write+0x340/0x340 [ 495.354208][ T8829] vfs_read+0x27e/0x920 [ 495.358504][ T8829] ? kernel_read+0x1e0/0x1e0 [ 495.363139][ T8829] ? __fget_files+0x28/0x4d0 [ 495.367772][ T8829] ? __fget_files+0x44a/0x4d0 [ 495.372594][ T8829] ? __fdget_pos+0x2a3/0x330 [ 495.377210][ T8829] ? ksys_read+0x75/0x250 [ 495.381596][ T8829] ksys_read+0x147/0x250 [ 495.385890][ T8829] ? vfs_write+0x940/0x940 [ 495.390391][ T8829] ? lockdep_hardirqs_on+0x98/0x150 [ 495.395719][ T8829] do_syscall_64+0x55/0xb0 [ 495.400168][ T8829] ? clear_bhb_loop+0x40/0x90 [ 495.404873][ T8829] ? clear_bhb_loop+0x40/0x90 [ 495.409597][ T8829] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 495.415551][ T8829] RIP: 0033:0x7f55fed8d5fc [ 495.420110][ T8829] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 495.440053][ T8829] RSP: 002b:00007f55ffbea030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 495.448507][ T8829] RAX: ffffffffffffffda RBX: 00007f55fefb5fa0 RCX: 00007f55fed8d5fc [ 495.456564][ T8829] RDX: 000000000000000f RSI: 00007f55ffbea0a0 RDI: 0000000000000006 [ 495.464563][ T8829] RBP: 00007f55ffbea090 R08: 0000000000000000 R09: 0000000000000000 [ 495.472566][ T8829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 495.480567][ T8829] R13: 00007f55fefb6038 R14: 00007f55fefb5fa0 R15: 00007fff31a35af8 [ 495.488646][ T8829] [ 496.810131][ T8849] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1088'. [ 496.819515][ T8849] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1088'. [ 496.834565][ T8849] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1088'. [ 499.135662][ T8911] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1111'. [ 499.166785][ T8911] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1111'. [ 499.193629][ T8911] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1111'. [ 500.875740][ T8963] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1135'. [ 500.910147][ T8963] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1135'. [ 500.930884][ T8966] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1135'. [ 501.770524][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.777449][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 513.393883][ T5831] Bluetooth: hci3: unexpected event 0x20 length: 15 > 7 [ 515.271261][ T5831] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6 [ 527.328193][ T5831] Bluetooth: hci2: unexpected event 0x20 length: 15 > 7 [ 528.237354][ T5831] Bluetooth: hci0: unexpected event 0x16 length: 15 > 6 [ 530.618405][ T5831] Bluetooth: hci1: unexpected event 0x16 length: 15 > 6 [ 530.705192][ T5831] Bluetooth: hci0: unexpected event 0x20 length: 15 > 7 [ 532.460567][ T5831] Bluetooth: hci3: unexpected event 0x20 length: 15 > 7 [ 550.399312][T10160] netlink: 'syz.0.1656': attribute type 10 has an invalid length. [ 550.412169][T10160] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1656'. [ 550.425823][T10160] ipvlan1: entered promiscuous mode [ 550.433715][T10160] ipvlan1: entered allmulticast mode [ 550.439318][T10160] veth0_vlan: entered allmulticast mode [ 550.473379][T10160] bridge0: port 3(ipvlan1) entered blocking state [ 550.510232][T10160] bridge0: port 3(ipvlan1) entered disabled state [ 550.547002][T10160] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 552.747852][T10208] netlink: 'syz.2.1662': attribute type 10 has an invalid length. [ 552.770445][T10208] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1662'. [ 552.786720][T10208] ipvlan1: entered promiscuous mode [ 552.817916][T10208] ipvlan1: entered allmulticast mode [ 552.825999][T10208] veth0_vlan: entered allmulticast mode [ 552.867396][T10208] bridge0: port 3(ipvlan1) entered blocking state [ 552.887416][T10208] bridge0: port 3(ipvlan1) entered disabled state [ 552.911051][T10208] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 554.755057][T10254] netlink: 'syz.3.1683': attribute type 10 has an invalid length. [ 554.769245][T10254] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1683'. [ 554.779222][T10254] ipvlan1: entered promiscuous mode [ 554.786355][T10254] ipvlan1: entered allmulticast mode [ 554.792281][T10254] veth0_vlan: entered allmulticast mode [ 554.830571][T10254] bridge0: port 3(ipvlan1) entered blocking state [ 554.837334][T10254] bridge0: port 3(ipvlan1) entered disabled state [ 554.884767][T10254] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 560.352081][T10404] netlink: 'syz.0.1750': attribute type 1 has an invalid length. [ 560.398588][T10404] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.1750'. [ 562.431864][T10442] netlink: 'syz.0.1763': attribute type 16 has an invalid length. [ 562.454826][T10442] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1763'. [ 562.527214][T10445] netlink: 'syz.2.1755': attribute type 1 has an invalid length. [ 562.553625][T10445] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1755'. [ 562.847909][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.856021][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.562276][T10478] netlink: 'syz.3.1768': attribute type 1 has an invalid length. [ 564.590360][T10478] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1768'. [ 564.640807][T10480] netlink: 'syz.1.1769': attribute type 16 has an invalid length. [ 564.648809][T10480] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1769'. [ 566.823199][T10518] netlink: 'syz.1.1783': attribute type 1 has an invalid length. [ 566.861965][T10518] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.1783'. [ 567.160567][T10529] netlink: 'syz.2.1785': attribute type 16 has an invalid length. [ 567.270060][T10529] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1785'. [ 569.409226][T10571] netlink: 'syz.2.1801': attribute type 1 has an invalid length. [ 569.450492][T10571] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1801'. [ 569.756504][T10578] netlink: 'syz.3.1804': attribute type 16 has an invalid length. [ 569.778406][T10578] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1804'. [ 571.428251][T10619] netlink: 'syz.0.1826': attribute type 11 has an invalid length. [ 571.500266][T10619] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1826'. [ 571.626812][T10619] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1826'. [ 571.753292][T10625] netlink: 'syz.1.1820': attribute type 16 has an invalid length. [ 571.778734][T10625] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1820'. [ 571.985574][T10630] netlink: 'syz.3.1823': attribute type 10 has an invalid length. [ 571.993939][T10630] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1823'. [ 573.260183][T10653] netlink: 'syz.1.1831': attribute type 11 has an invalid length. [ 573.279350][T10653] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1831'. [ 573.445151][T10658] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1831'. [ 573.521506][T10663] netlink: 'syz.3.1836': attribute type 16 has an invalid length. [ 573.533451][T10663] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1836'. [ 574.498897][T10685] netlink: 'syz.1.1843': attribute type 10 has an invalid length. [ 574.515126][T10685] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1843'. [ 575.093236][T10698] netlink: 'syz.3.1847': attribute type 16 has an invalid length. [ 575.135586][T10698] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1847'. [ 575.148057][T10699] Dead loop on virtual device ip6_vti0, fix it urgently! [ 575.317939][T10705] netlink: 'syz.2.1846': attribute type 11 has an invalid length. [ 575.421973][T10705] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1846'. [ 575.546815][T10704] netlink: 'syz.0.1855': attribute type 10 has an invalid length. [ 575.772107][T10707] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1846'. [ 577.340221][T10741] netlink: 'syz.2.1863': attribute type 10 has an invalid length. [ 577.404748][T10741] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1863'. [ 579.681295][T10793] Dead loop on virtual device ip6_vti0, fix it urgently! [ 579.888243][T10793] netlink: 'syz.3.1879': attribute type 10 has an invalid length. [ 580.068661][T10799] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.1883'. [ 580.614486][T10793] team0: Port device wlan1 added [ 584.230185][T10845] netlink: 'syz.0.1896': attribute type 16 has an invalid length. [ 584.251107][T10845] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1896'. [ 584.658034][T10849] netlink: 'syz.2.1897': attribute type 10 has an invalid length. [ 585.528848][T10856] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.1899'. [ 586.199224][T10880] netlink: 'syz.3.1909': attribute type 16 has an invalid length. [ 586.216091][T10880] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1909'. [ 586.261691][T10871] netlink: 'syz.0.1903': attribute type 10 has an invalid length. [ 587.163205][T10890] netlink: 'syz.1.1912': attribute type 10 has an invalid length. [ 590.289107][T10917] netlink: 'syz.3.1922': attribute type 16 has an invalid length. [ 590.301143][T10917] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1922'. [ 591.661383][T10946] netlink: 'syz.2.1923': attribute type 10 has an invalid length. [ 592.071830][T10954] netlink: 'syz.1.1934': attribute type 16 has an invalid length. [ 592.120415][T10954] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1934'. [ 593.470958][T10983] netlink: 'syz.0.1945': attribute type 16 has an invalid length. [ 593.479041][T10983] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1945'. [ 594.257710][T11001] syz.1.1951[11001] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 594.257981][T11001] syz.1.1951[11001] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 594.955757][T11013] netlink: 'syz.0.1956': attribute type 16 has an invalid length. [ 595.004728][T11013] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1956'. [ 595.467084][T11022] netlink: 'syz.2.1955': attribute type 10 has an invalid length. [ 596.514106][T11036] netlink: 'syz.1.1962': attribute type 10 has an invalid length. [ 598.101598][T11058] netlink: 'syz.2.1969': attribute type 16 has an invalid length. [ 598.160675][T11058] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1969'. [ 599.232131][T11069] syz.3.1973[11069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 599.232418][T11069] syz.3.1973[11069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 600.753137][T11101] netlink: 'syz.1.1980': attribute type 16 has an invalid length. [ 600.850888][T11101] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1980'. [ 601.120296][T11096] netlink: 'syz.2.1977': attribute type 10 has an invalid length. [ 601.446783][T11107] netlink: 'syz.3.1982': attribute type 10 has an invalid length. [ 601.921060][T11105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 602.712067][T11134] netlink: 'syz.0.1993': attribute type 16 has an invalid length. [ 602.730117][T11134] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1993'. [ 603.282330][T11147] syz.2.1995[11147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 603.282604][T11147] syz.2.1995[11147] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 603.831222][T11157] netlink: 'syz.0.1998': attribute type 10 has an invalid length. [ 604.424888][T11163] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 604.480099][T11162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1999'. [ 605.084733][T11174] netlink: 'syz.3.2004': attribute type 10 has an invalid length. [ 605.518150][T11177] netlink: 'syz.0.2005': attribute type 16 has an invalid length. [ 605.536917][T11177] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2005'. [ 605.728380][T11187] netlink: 'syz.0.2009': attribute type 10 has an invalid length. [ 606.061304][T11195] syz.3.2013[11195] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 606.061549][T11195] syz.3.2013[11195] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 607.842222][T11207] netlink: 'syz.1.2017': attribute type 10 has an invalid length. [ 607.973081][T11206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 608.059134][T11212] netlink: 'syz.0.2018': attribute type 16 has an invalid length. [ 608.102542][T11212] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2018'. [ 608.420495][T11218] netlink: 'syz.0.2024': attribute type 10 has an invalid length. [ 609.724490][T11250] netlink: 'syz.3.2032': attribute type 16 has an invalid length. [ 609.882377][T11250] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2032'. [ 610.896319][T11267] netlink: 'syz.0.2038': attribute type 10 has an invalid length. [ 610.912632][T11265] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 611.594339][T11286] netlink: 'syz.3.2046': attribute type 16 has an invalid length. [ 611.632732][T11286] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2046'. [ 612.616275][T11314] netlink: 'syz.0.2057': attribute type 10 has an invalid length. [ 612.672508][T11313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 614.614239][T11324] netlink: 'syz.3.2060': attribute type 16 has an invalid length. [ 614.774801][T11324] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2060'. [ 616.958601][T11361] netlink: 'syz.3.2072': attribute type 16 has an invalid length. [ 616.976428][T11361] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2072'. [ 617.546612][T11373] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 617.624403][T11369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2071'. [ 618.094689][T11397] netlink: 'syz.3.2088': attribute type 16 has an invalid length. [ 618.105475][T11397] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2088'. [ 619.351403][T11436] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 619.382172][T11436] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2098'. [ 619.441799][T11434] netlink: 'syz.2.2102': attribute type 16 has an invalid length. [ 619.484759][T11434] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2102'. [ 620.686640][T11469] netlink: 'syz.1.2114': attribute type 16 has an invalid length. [ 620.710149][T11469] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2114'. [ 621.687708][T11489] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 621.764205][T11489] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2120'. [ 622.791918][T11513] netlink: 'syz.0.2131': attribute type 16 has an invalid length. [ 622.840639][T11513] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2131'. [ 624.284146][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.290686][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.713274][T11551] netlink: 'syz.0.2147': attribute type 16 has an invalid length. [ 624.742225][T11551] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2147'. [ 626.299210][T11579] netlink: 'syz.3.2158': attribute type 16 has an invalid length. [ 626.329015][T11579] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2158'. [ 627.678852][T11609] netlink: 'syz.1.2169': attribute type 16 has an invalid length. [ 627.712161][T11609] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2169'. [ 628.893354][T11643] netlink: 'syz.2.2183': attribute type 16 has an invalid length. [ 628.935558][T11643] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2183'. [ 645.252618][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 645.262655][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 645.270812][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 645.279209][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 645.288359][ T5842] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 645.296152][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 646.657086][T11959] chnl_net:caif_netlink_parms(): no params data found [ 647.282386][T11959] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.289666][T11959] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.299088][T11959] bridge_slave_0: entered allmulticast mode [ 647.312387][T11959] bridge_slave_0: entered promiscuous mode [ 647.321968][T11959] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.329158][T11959] bridge0: port 2(bridge_slave_1) entered disabled state [ 647.338756][T11959] bridge_slave_1: entered allmulticast mode [ 647.346680][T11959] bridge_slave_1: entered promiscuous mode [ 647.400169][ T5842] Bluetooth: hci4: command tx timeout [ 647.422239][T11959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 647.453818][T11959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 647.592369][T11959] team0: Port device team_slave_0 added [ 647.622993][T11959] team0: Port device team_slave_1 added [ 647.796501][T11959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 647.818609][T11959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.901891][T11959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 647.968855][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.991746][T11959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 647.998853][T11959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 648.031888][T11959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 648.101545][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.185161][T11959] hsr_slave_0: entered promiscuous mode [ 648.192636][T11959] hsr_slave_1: entered promiscuous mode [ 648.199830][T11959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 648.210992][T11959] Cannot create hsr debugfs directory [ 648.238621][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.319857][ T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 649.480769][ T5842] Bluetooth: hci4: command tx timeout [ 649.532110][T11959] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 649.542929][T11959] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 649.554183][T11959] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 649.565907][T11959] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 649.596528][ T59] [ 649.599003][ T59] ====================================================== [ 649.606038][ T59] WARNING: possible circular locking dependency detected [ 649.613048][ T59] syzkaller #0 Not tainted [ 649.617441][ T59] ------------------------------------------------------ [ 649.624452][ T59] kworker/u4:4/59 is trying to acquire lock: [ 649.630410][ T59] ffff88802526cd00 (team->team_lock_key){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0 [ 649.639786][ T59] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 649.639786][ T59] but task is already holding lock: [ 649.647131][ T59] ffff88801cf70768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680 [ 649.657479][ T59] [ 649.657479][ T59] which lock already depends on the new lock. [ 649.657479][ T59] [ 649.667919][ T59] [ 649.667919][ T59] the existing dependency chain (in reverse order) is: [ 649.677011][ T59] [ 649.677011][ T59] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}: [ 649.684960][ T59] __mutex_lock+0x129/0xcc0 [ 649.690050][ T59] ieee80211_open+0x144/0x200 [ 649.695380][ T59] __dev_open+0x2bc/0x430 [ 649.700271][ T59] dev_open+0xab/0x170 [ 649.704883][ T59] team_add_slave+0xae7/0x2660 [ 649.710186][ T59] do_setlink+0xe14/0x3fb0 [ 649.715155][ T59] rtnl_newlink+0x175b/0x2020 [ 649.720381][ T59] rtnetlink_rcv_msg+0x7c7/0xf10 [ 649.725872][ T59] netlink_rcv_skb+0x216/0x480 [ 649.731192][ T59] netlink_unicast+0x751/0x8d0 [ 649.736500][ T59] netlink_sendmsg+0x8c1/0xbe0 [ 649.741820][ T59] ____sys_sendmsg+0x5bf/0x950 [ 649.747223][ T59] ___sys_sendmsg+0x220/0x290 [ 649.752456][ T59] __se_sys_sendmsg+0x1a5/0x270 [ 649.757858][ T59] do_syscall_64+0x55/0xb0 [ 649.762826][ T59] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 649.769359][ T59] [ 649.769359][ T59] -> #0 (team->team_lock_key){+.+.}-{3:3}: [ 649.777396][ T59] __lock_acquire+0x2ddb/0x7c80 [ 649.782826][ T59] lock_acquire+0x197/0x410 [ 649.787879][ T59] __mutex_lock+0x129/0xcc0 [ 649.792934][ T59] team_del_slave+0x32/0x1c0 [ 649.798069][ T59] team_device_event+0x28d/0xa20 [ 649.803636][ T59] notifier_call_chain+0x197/0x390 [ 649.809294][ T59] unregister_netdevice_many_notify+0xf36/0x1810 [ 649.816257][ T59] unregister_netdevice_queue+0x324/0x360 [ 649.822506][ T59] _cfg80211_unregister_wdev+0x16b/0x580 [ 649.828669][ T59] ieee80211_remove_interfaces+0x496/0x680 [ 649.835186][ T59] ieee80211_unregister_hw+0x5d/0x2a0 [ 649.841082][ T59] mac80211_hwsim_del_radio+0x274/0x450 [ 649.847152][ T59] hwsim_exit_net+0x585/0x640 [ 649.852354][ T59] cleanup_net+0x6f4/0xb90 [ 649.857295][ T59] process_scheduled_works+0xa45/0x15b0 [ 649.863363][ T59] worker_thread+0xa55/0xfc0 [ 649.868477][ T59] kthread+0x2fa/0x390 [ 649.873063][ T59] ret_from_fork+0x48/0x80 [ 649.877999][ T59] ret_from_fork_asm+0x11/0x20 [ 649.883287][ T59] [ 649.883287][ T59] other info that might help us debug this: [ 649.883287][ T59] [ 649.893513][ T59] Possible unsafe locking scenario: [ 649.893513][ T59] [ 649.900962][ T59] CPU0 CPU1 [ 649.906408][ T59] ---- ---- [ 649.911765][ T59] lock(&rdev->wiphy.mtx); [ 649.916276][ T59] lock(team->team_lock_key); [ 649.923619][ T59] lock(&rdev->wiphy.mtx); [ 649.930812][ T59] lock(team->team_lock_key); [ 649.935577][ T59] [ 649.935577][ T59] *** DEADLOCK *** [ 649.935577][ T59] [ 649.943717][ T59] 5 locks held by kworker/u4:4/59: [ 649.948910][ T59] #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 649.959800][ T59] #1: ffffc900015a7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 649.970340][ T59] #2: ffffffff8dfaf510 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x136/0xb90 [ 649.979766][ T59] #3: ffffffff8dfbc348 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0 [ 649.989614][ T59] #4: ffff88801cf70768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680 [ 650.000410][ T59] [ 650.000410][ T59] stack backtrace: [ 650.006295][ T59] CPU: 0 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 650.013690][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 650.023833][ T59] Workqueue: netns cleanup_net [ 650.028631][ T59] Call Trace: [ 650.031912][ T59] [ 650.034847][ T59] dump_stack_lvl+0x16c/0x230 [ 650.039530][ T59] ? load_image+0x3b0/0x3b0 [ 650.044064][ T59] ? show_regs_print_info+0x20/0x20 [ 650.049356][ T59] ? print_circular_bug+0x12b/0x1a0 [ 650.054567][ T59] check_noncircular+0x2bd/0x3c0 [ 650.059508][ T59] ? print_deadlock_bug+0x5d0/0x5d0 [ 650.064709][ T59] ? lockdep_lock+0xe0/0x220 [ 650.069300][ T59] ? _find_first_zero_bit+0xd3/0x100 [ 650.074594][ T59] __lock_acquire+0x2ddb/0x7c80 [ 650.079456][ T59] ? verify_lock_unused+0x140/0x140 [ 650.084655][ T59] ? verify_lock_unused+0x140/0x140 [ 650.089988][ T59] lock_acquire+0x197/0x410 [ 650.094495][ T59] ? team_del_slave+0x32/0x1c0 [ 650.099265][ T59] ? __might_sleep+0xe0/0xe0 [ 650.103858][ T59] ? read_lock_is_recursive+0x20/0x20 [ 650.109242][ T59] __mutex_lock+0x129/0xcc0 [ 650.113751][ T59] ? team_del_slave+0x32/0x1c0 [ 650.118523][ T59] ? __lock_acquire+0x7c80/0x7c80 [ 650.123639][ T59] ? rcu_is_watching+0x15/0xb0 [ 650.128415][ T59] ? trace_contention_end+0x39/0xe0 [ 650.133621][ T59] ? __mutex_lock+0x304/0xcc0 [ 650.138302][ T59] ? team_del_slave+0x32/0x1c0 [ 650.143242][ T59] ? mutex_lock_nested+0x20/0x20 [ 650.148192][ T59] ? bond_netdev_event+0xe1/0xef0 [ 650.153246][ T59] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 650.158885][ T59] ? bond_ipsec_offload_ok+0x410/0x410 [ 650.164354][ T59] team_del_slave+0x32/0x1c0 [ 650.168947][ T59] team_device_event+0x28d/0xa20 [ 650.173891][ T59] notifier_call_chain+0x197/0x390 [ 650.179009][ T59] unregister_netdevice_many_notify+0xf36/0x1810 [ 650.185347][ T59] ? lock_chain_count+0x20/0x20 [ 650.190206][ T59] ? unregister_netdevice_many+0x20/0x20 [ 650.195844][ T59] ? kernfs_remove_by_name_ns+0x117/0x150 [ 650.201574][ T59] ? __lock_acquire+0x7c80/0x7c80 [ 650.206693][ T59] unregister_netdevice_queue+0x324/0x360 [ 650.212414][ T59] ? list_netdevice+0x730/0x730 [ 650.217260][ T59] ? kernfs_remove_by_name_ns+0x117/0x150 [ 650.222991][ T59] _cfg80211_unregister_wdev+0x16b/0x580 [ 650.228661][ T59] ieee80211_remove_interfaces+0x496/0x680 [ 650.234562][ T59] ? ieee80211_do_stop+0x1db0/0x1db0 [ 650.240031][ T59] ? rcu_is_watching+0x15/0xb0 [ 650.244817][ T59] ieee80211_unregister_hw+0x5d/0x2a0 [ 650.250196][ T59] mac80211_hwsim_del_radio+0x274/0x450 [ 650.255745][ T59] ? rhashtable_remove_fast+0xbf0/0xbf0 [ 650.261387][ T59] hwsim_exit_net+0x585/0x640 [ 650.266068][ T59] ? hwsim_init_net+0x90/0x90 [ 650.270753][ T59] ? __ip_vs_dev_cleanup_batch+0x238/0x250 [ 650.276574][ T59] cleanup_net+0x6f4/0xb90 [ 650.280997][ T59] ? ops_free_list+0x3b0/0x3b0 [ 650.285770][ T59] ? _raw_spin_unlock_irq+0x23/0x50 [ 650.290983][ T59] ? process_scheduled_works+0x957/0x15b0 [ 650.296795][ T59] ? process_scheduled_works+0x957/0x15b0 [ 650.302525][ T59] process_scheduled_works+0xa45/0x15b0 [ 650.308097][ T59] ? assign_work+0x400/0x400 [ 650.312691][ T59] ? assign_work+0x39e/0x400 [ 650.317282][ T59] worker_thread+0xa55/0xfc0 [ 650.321876][ T59] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 650.327778][ T59] ? _raw_spin_unlock+0x40/0x40 [ 650.332660][ T59] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 650.338569][ T59] kthread+0x2fa/0x390 [ 650.342641][ T59] ? pr_cont_work+0x560/0x560 [ 650.347322][ T59] ? kthread_blkcg+0xd0/0xd0 [ 650.352001][ T59] ret_from_fork+0x48/0x80 [ 650.356426][ T59] ? kthread_blkcg+0xd0/0xd0 [ 650.361042][ T59] ret_from_fork_asm+0x11/0x20 [ 650.365844][ T59] [ 650.563992][ T59] team0: Port device wlan1 removed [ 650.708098][T11959] kthread_run failed with err -4 [ 650.851304][ T59] hsr_slave_0: left promiscuous mode [ 650.857377][ T59] hsr_slave_1: left promiscuous mode [ 650.871084][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 650.878635][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.889623][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.900826][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.918964][ T59] bridge_slave_1: left allmulticast mode [ 650.925013][ T59] bridge_slave_1: left promiscuous mode [ 650.938870][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.947862][ T59] bridge_slave_0: left allmulticast mode [ 650.955191][ T59] bridge_slave_0: left promiscuous mode [ 650.960973][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.973001][ T59] veth1_vlan: left promiscuous mode [ 650.978537][ T59] veth0_vlan: left promiscuous mode [ 651.124759][ T59] team0 (unregistering): Port device team_slave_1 removed [ 651.149062][ T59] team0 (unregistering): Port device team_slave_0 removed [ 651.170179][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 651.193456][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 651.285476][ T59] bond0 (unregistering): Released all slaves [ 651.866025][ T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.924566][ T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 651.973610][ T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.014378][ T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.334675][ T59] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.357680][ T59] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.435788][ T59] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.493224][ T59] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.616524][ T59] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.656836][ T59] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.707839][ T59] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.750732][ T59] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.686664][ T59] team0: Port device wlan1 removed [ 653.842844][ T59] team0: Port device wlan1 removed [ 654.002495][ T59] team0: Port device wlan1 removed [ 654.158124][ T59] hsr_slave_0: left promiscuous mode [ 654.167042][ T59] hsr_slave_1: left promiscuous mode [ 654.175050][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 654.184207][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 654.195626][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 654.204719][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 654.212716][ T59] bridge_slave_1: left allmulticast mode [ 654.218383][ T59] bridge_slave_1: left promiscuous mode [ 654.226488][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.235644][ T59] bridge_slave_0: left allmulticast mode [ 654.242888][ T59] bridge_slave_0: left promiscuous mode [ 654.248815][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.263732][ T59] hsr_slave_0: left promiscuous mode [ 654.269692][ T59] hsr_slave_1: left promiscuous mode [ 654.276696][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 654.287274][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 654.296654][ T59] bridge_slave_1: left allmulticast mode [ 654.304183][ T59] bridge_slave_1: left promiscuous mode [ 654.310774][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.319322][ T59] bridge_slave_0: left allmulticast mode [ 654.327034][ T59] bridge_slave_0: left promiscuous mode [ 654.333019][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.346456][ T59] hsr_slave_0: left promiscuous mode [ 654.352516][ T59] hsr_slave_1: left promiscuous mode [ 654.358558][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 654.367748][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 654.378033][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 654.387109][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 654.396888][ T59] bridge_slave_1: left allmulticast mode [ 654.404189][ T59] bridge_slave_1: left promiscuous mode [ 654.410431][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.419504][ T59] bridge_slave_0: left allmulticast mode [ 654.426977][ T59] bridge_slave_0: left promiscuous mode [ 654.433301][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.446552][ T59] hsr_slave_0: left promiscuous mode [ 654.453292][ T59] hsr_slave_1: left promiscuous mode [ 654.459369][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 654.467018][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 654.474604][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 654.482248][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 654.489788][ T59] bridge_slave_1: left allmulticast mode [ 654.495813][ T59] bridge_slave_1: left promiscuous mode [ 654.501558][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.509373][ T59] bridge_slave_0: left allmulticast mode [ 654.515156][ T59] bridge_slave_0: left promiscuous mode [ 654.521111][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.533120][ T59] veth1_vlan: left promiscuous mode [ 654.538446][ T59] veth0_vlan: left promiscuous mode [ 654.544548][ T59] veth1_vlan: left promiscuous mode [ 654.549790][ T59] veth0_vlan: left promiscuous mode [ 654.555846][ T59] veth1_vlan: left promiscuous mode [ 654.561957][ T59] veth0_vlan: left promiscuous mode [ 654.754896][ T59] team0 (unregistering): Port device team_slave_1 removed [ 654.778678][ T59] team0 (unregistering): Port device team_slave_0 removed [ 654.791132][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 654.806524][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 654.866947][ T59] bond0 (unregistering): Released all slaves [ 655.012638][ T59] team0 (unregistering): Port device team_slave_1 removed [ 655.036128][ T59] team0 (unregistering): Port device team_slave_0 removed [ 655.059118][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 655.084041][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 655.132316][ T59] bond0 (unregistering): Released all slaves [ 655.246758][ T59] team0 (unregistering): Port device team_slave_1 removed [ 655.268124][ T59] team0 (unregistering): Port device team_slave_0 removed [ 655.292531][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 655.314950][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 655.361863][ T59] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 655.392145][ T59] bond0 (unregistering): Released all slaves [ 655.529033][ T59] team0 (unregistering): Port device team_slave_1 removed [ 655.550689][ T59] team0 (unregistering): Port device team_slave_0 removed [ 655.561593][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 655.573731][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 655.636194][ T59] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 655.647432][ T59] bond0 (unregistering): Released all slaves