last executing test programs: 22.620916357s ago: executing program 1 (id=1955): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907a56675f37538ec86dd6317ce22667f1100db5b686158bbcfe8875a65969ff57b03000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4062, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000040)='cpuset.sched_load_balance\x00', 0x2, 0x0) write$cgroup_int(r8, 0x0, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1200000007000000040000000200000000000000", @ANYRES32, @ANYBLOB="0000000000000000ffffffdd1900000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r9, &(0x7f0000000240), &(0x7f0000000340)=""/86}, 0x20) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 21.604546388s ago: executing program 1 (id=1958): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb006014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) 21.499695282s ago: executing program 0 (id=1959): bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000001200000024000000080000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='cachefiles_read\x00', r0, 0x0, 0x1}, 0x18) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x40000000001, 0xffffffffffffffff, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) socketpair(0x29, 0x5, 0x8, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x12, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2a2b}, {}, {}, [@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff9}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32, @ANYRES32], 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x1c0) write$cgroup_subtree(r6, 0x0, 0x9a) ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000780)={'bond_slave_1\x00', 0x200}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x100) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0xfffc, 0x4, @dev, 0xf5}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000100100000100007200f90000"], 0x18}, 0xfc00) sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000200)}], 0x1, 0x0, 0x0, 0x4000000}, 0x8000) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='devlink_hwerr\x00', r0}, 0x11) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b001ba2b5690800000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e00)={0x6, 0x10, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xe}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@ldst={0x2, 0x2, 0x3, 0x9, 0x0, 0xfffffffffffffff4, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 21.43834767s ago: executing program 3 (id=1960): bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000001200000024000000080000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='cachefiles_read\x00', r0, 0x0, 0x1}, 0x18) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x40000000001, 0xffffffffffffffff, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) socketpair(0x29, 0x5, 0x8, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x12, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2a2b}, {}, {}, [@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff9}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32, @ANYRES32], 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x1c0) write$cgroup_subtree(r6, 0x0, 0x9a) ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000780)={'bond_slave_1\x00', 0x200}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x100) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0xfffc, 0x4, @dev, 0xf5}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000100100000100007200f90000"], 0x18}, 0xfc00) sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000200)}], 0x1, 0x0, 0x0, 0x4000000}, 0x8000) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='devlink_hwerr\x00', r0}, 0x11) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b001ba2b5690800000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e00)={0x6, 0x10, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xe}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@ldst={0x2, 0x2, 0x3, 0x9, 0x0, 0xfffffffffffffff4, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 21.425529841s ago: executing program 1 (id=1961): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4135, 0x1027}], 0x1}, 0x42) r1 = socket$kcm(0x10, 0x400000002, 0x0) perf_event_open(&(0x7f0000000040)={0x3, 0x80, 0xf0, 0x61, 0x9f, 0x4, 0x0, 0x1000000000006, 0x30d31, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800009, 0x2, @perf_config_ext={0x4, 0x8}, 0x10002, 0x9dd, 0x80000020, 0x6, 0x400, 0x8, 0x8, 0x0, 0x100, 0x0, 0x201}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@type_tag={0x7, 0x0, 0x0, 0x12, 0x1}]}, {0x0, [0x30, 0x0, 0x0, 0x30, 0x0, 0x0, 0x5f]}}, 0x0, 0x2d}, 0x28) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000950000"], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0xd, '\x00', 0x0, @sk_msg}, 0x94) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000), 0xe) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000012002f8c35093f974b21b92e0a", 0x11}], 0x1}, 0x40010) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1310000016"], 0xfe33) 21.350671081s ago: executing program 0 (id=1962): socket$kcm(0x10, 0x2, 0x0) (async) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000c80)}, 0x40012100) 21.323403225s ago: executing program 2 (id=1963): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x88, 0x0, 0x0, 0x0, 0xfffdfffd}, [@call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x5, &(0x7f00000006c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ffffc}, 0x94) r1 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x11, 0x0, 0x40019) r2 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffe}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x702, 0xe, 0x0, &(0x7f00000004c0)="e460334470b8d480eb00c1520800", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000640)=@generic={&(0x7f0000000600)='./file0\x00', 0x0, 0x18}, 0x18) r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000008c0)=@bpf_ext={0x1c, 0x11, 0x0, &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1866b, r0, 0x0, &(0x7f0000000880)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x17bf6}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="460a00000000000061115c00000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)={@map=r4, r0, 0x19, 0x3, r2, @void, @value=r5}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 21.187336652s ago: executing program 3 (id=1964): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000028000b05d2600d00030009000100ff35", 0x14}], 0x1}, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time_for_children\x00') perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400), 0x620401, 0x0) socketpair(0x26, 0x1, 0x9, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8941, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000580), 0x8) r2 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x19) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x28e, @mcast1, 0x9}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000140)="f4000900062b2c25fe80000000000000dc8b850f", 0x14}, {0x0}], 0x2}, 0x20000884) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07006706000002000000270600000ee60000bf2500000000000073350000000000006507000002001000070700004c0000001f75000000000000bf54000000000000070400004400f9f0ad32010000000000950000000000000005000000000000009500000000000000debfa255e44e4cc39f211fb04d7f202e6a53bd86bde99b679b4e6d24b8125690361eec3b181dcfd7c2fb2d1f8975b579a085bee32d414c1f3ab987a9de6385ae8021f4ca33b9b35fe817e98beb9cefe7f40fd6f0ea3affbdaaa897c70fb01d270a7b00d36fb5ab8fa92ac014a106e3e4decc68652503ca54fcef437d96c8a05d59ddcc8abf09cd77e93e940207b03189c5d4661e43df6f1f036c8d85a2ad7615a021f8cbe507ef94fb9f33315366e9ae080000001b532226b63b460d68808a67529637bf7f6731ad0cf1718bae3c8b9d2f89050cb496fe791381af6fab290900000000000000d640a5fde1f7d5eaa97cd25523fbd77300000000000000d67559b0c848aa3e7091f33e2dfc351e903ce85488fb25691249545bcf877011847df184bae6d3f5d0c016ec7d581d5b2fcb494d8c2df1929398ec5c3675ed16c27fff46a695eed7f50c531a612d5677b5e949ee4f16d10e41074702c4e89ee401ec2ec65f38f64189f1fa2cc0a42add3119025764759de2f093c26fe51d2f7635bb06bdf0b97d4a96cb0813e084232421c6026629fbf4c81954d11e154659b54fcf3468577295c700000000000000000000000000000000fe31e1e02dd54ac3c7af2b3d76a63b79ca6f9a20b26761254aee1352ad08118a58802cc8f107852b"], &(0x7f0000000100)='GPL\x00'}, 0x94) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x29, &(0x7f0000000000), 0x4) sendmsg$kcm(r5, &(0x7f00000002c0)={&(0x7f0000000100)=@in6={0xa, 0x4e23, 0x0, @loopback={0xffffff7f00000000}}, 0x80, 0x0}, 0x0) sendmsg$inet(r4, 0x0, 0x0) recvmsg$unix(r3, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600), 0x3e}, 0x100) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x6d) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200}) r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x4, 0x1}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)='%pK \x00'}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) r7 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r7, &(0x7f0000001ec0)=ANY=[@ANYBLOB="004000003a00913a74067388481f9c0e0a"], 0xfe33) 21.131889939s ago: executing program 0 (id=1966): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xe8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815001b001105142603600e12080005007a010401a800160020e0034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993b134e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db79826521340fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x44000) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu&\t\t') r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='inet_sock_set_state\x00', r2}, 0x18) 21.104104783s ago: executing program 1 (id=1967): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110630000000000dc0500002000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48) (async, rerun: 32) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0x1, 0x58, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (rerun: 32) perf_event_open(&(0x7f0000002380)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000002400), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xfe80000000000000, 0x22072a18}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)='\x00<', 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) (async) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000480)={{0x1, 0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)='%+9llu \x00'}, 0x20) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_kthread_stop_ret\x00'}, 0x18) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000000)=r7, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001fc0)={r0, 0xe0, &(0x7f0000001ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001ac0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6, &(0x7f0000001d40)=[0x0, 0x0, 0x0], &(0x7f0000001d80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcf, &(0x7f0000001dc0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000001e00), &(0x7f0000001e40), 0x8, 0xcb, 0x8, 0x8, &(0x7f0000001e80)}}, 0x10) (async) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r9, 0x58, &(0x7f0000000180)}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000002100)={0x20, 0x13, &(0x7f0000001b80)=@raw=[@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3af}}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x59, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffe}, @ldst={0x0, 0x0, 0x3, 0x4, 0x9, 0x20, 0xffffffffffffffff}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}], &(0x7f0000001a80)='syzkaller\x00', 0x9, 0xdd, &(0x7f0000001c40)=""/221, 0x40f00, 0x9, '\x00', r8, @fallback=0x10, r3, 0x8, &(0x7f0000002000)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000002040)={0x5, 0x1, 0x6, 0x7}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x3, &(0x7f0000002080)=[r9, r4, r4, r4], &(0x7f00000020c0)=[{0x1, 0x2, 0xc32, 0x9}, {0x1, 0x1, 0xf, 0x7}, {0x3, 0x2, 0xe, 0x9}], 0x10, 0x5}, 0x94) r10 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r10, &(0x7f0000000200)=0x1, 0x12) write$cgroup_int(r10, &(0x7f00000000c0), 0x12) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmsg$unix(r11, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r12, &(0x7f0000000000)=ANY=[], 0x15) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={0x1, 0xffffffffffffffff}, 0x4) r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x12, 0x1000, 0x10001, 0x1, 0x1000, 0xffffffffffffffff, 0x8a, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x50) (async) r15 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x1c6, 0x0, 0x1, 0x12000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x4}, 0x50) (async, rerun: 32) perf_event_open$cgroup(&(0x7f0000001b00)={0x3, 0x80, 0x7, 0x5, 0x3, 0x1, 0x0, 0x4, 0x1000c, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0xffffffc0, 0x2, @perf_bp={&(0x7f0000000880), 0xc}, 0x1d80, 0xce, 0x3ff, 0x5, 0x0, 0x3, 0xff, 0x0, 0x80000001, 0x0, 0xd540}, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0xc) (async, rerun: 32) r16 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, r16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{0x1, 0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000640)=r0}, 0x20) (async, rerun: 32) r18 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000700)=@o_path={&(0x7f00000006c0)='./file0\x00', 0x0, 0x0, r0}, 0x18) (rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0x5, &(0x7f00000021c0)=ANY=[@ANYBLOB="18000000000800000000000000000000184b000007000000000000000000000095000000000072abb5818974efdea0df04e3a932e02c26f1ae47915b2b18c07742fad07bf05c95b9c298f010ea9760e35865844b6f4c652b2e7410d45192e47786f64c415a6f486e6f07b17961bf4790cf23ce6f92689aa2eea6069009a9ae8b9ed7e95084ba5263b5c33b09bdec20b5b0629c34d6246b92085a3bfb2e87f752845e79953193fcf09cec3ba24723ff1fb1afb9c3fa4d4f439798b2935551875f812044fef1a8e5df4461f6d73fb1e4a92c860d5f6574fedf7171a6d976b5d3c214bf58aa9fa497ec490af8748082dfb81cdb67ced84ce8453875525af3200b682d44dcf62df247acca5661d2730670255ffff55840f2da4543967522c9e2a079dcb27f2518cc64e2791a32f62711a6697e15bbec480656db961ac1d88c65a6ca466198219549c9cc6fe299019968e0dd839d24ecb4a5b92d17e8c2ed27304bbfb9548fc8f993f540b2cda286a2ad07864c8a15ff8cc13c64a25c8ab45cb664ad38811cb74e8e9c0700"/403], &(0x7f00000000c0)='GPL\x00', 0x9, 0x1000, &(0x7f0000000a80)=""/4096, 0x40f00, 0x44, '\x00', r1, 0x0, r3, 0x8, &(0x7f0000000200)={0x9, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000740)=[r4, r10, r12, r13, r14, r15, r16, r17, r18], &(0x7f0000000780)=[{0x0, 0x2, 0xe, 0x3}, {0x1, 0x2, 0x7, 0x9}, {0x5, 0x1, 0x8, 0x8}, {0x1, 0x1, 0x0, 0x3}], 0x10, 0x4f88}, 0x94) 21.096846264s ago: executing program 2 (id=1968): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907a56675f37538ec86dd6317ce22667f1100db5b686158bbcfe8875a65969ff57b03000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4062, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000040)='cpuset.sched_load_balance\x00', 0x2, 0x0) write$cgroup_int(r8, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000340)=""/86}, 0x20) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 20.89685881s ago: executing program 0 (id=1969): r0 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2e, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) socketpair$unix(0x1, 0x5, 0x0, 0x0) close(0xffffffffffffffff) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0), 0x20000, 0x0) close(r3) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x183081, 0x0) close(r4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r6 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r6, &(0x7f0000000300)={&(0x7f0000000140)=@in={0x2, 0x4e22, @loopback}, 0x80, &(0x7f00000002c0)=[{&(0x7f00000001c0)="f5789eb272b6", 0x6}, {&(0x7f0000000200)="9114f63a4be1986c49a8deb03400321924f3a3f3dbe991fade07c64e12a82a2deb4a67f5ca20f890331db3320f6304037925c8e399aec32e0052b4bb0b6cf5c2160f271f308eb65e6370446d27a1bea793503b996fc1787be5fea9f3eaf1d310a1386981f977a3b8dcd195ba794b498908cb1d1b2f4039a433da20714274fa997790c6ddccaebf7856aa8150129ac53e6c0dccb73e8ae6cd0722a81779a0c333f08218909a0554ce341313eeb6a7f0c8e3274fcf7243ea8d", 0xb8}, {&(0x7f0000000600)="95ec49317351f2b34105f3787ce33324db85a059363344f865f95dcf23ef0b590087135f23e9c887aa65c415affeb7972a24ba0b620c28334da4ec25484b2677e7ca8ba89b241f5a2c6cfaa90cea54adb8ccf9b72082fb334d42a66fdfd30d5671261efbf3a7cf19d6ca8ddb1deb9a300eb1e101eb883da0ccde272e12e2bb9a27c214cb9ff5fab2bdfe6e2acc8eee2267305037478183f1be32e8fa3cfbe391b175d3a47a285046dc2c035f227b7ec6ec3b257f386aefe4dea299522a7bd0308c4de5c909c7e0b498879a34885db3ef3f1494f31756fb1c9b460999e7abd79f83573bf3b39714db367c9ad4a0621b62b3b283649322cb8e25f10eefbcbf40f7a0a0d3e6bef25c4698bae19b5d63c2b6e1adf5f02616094c74aceca1d2472155e78a3df8cc91906164ff7a1c87cca2912f041187737f51b43ce62aba7174a2c1ae5e63f3b80d5dc590b71852f768db6a2bbe1d0b462e76be3869f6eeecda5651cfb209fb2b4620750d8bfe4c2a243b5a206a01db846ffd0d9486d8fc8c23aafb6fc434588d3cfaae54edf29157236dbcea52e74cdc31a1b49cc80464a36b4060d85bdb09c85c78be3c9fcb5444e5d993c6b1a7edc86dcc4322c6bdfd3e2942ccd99466536b82d1e5aefe9a2986482e0340ef51e9432f90c44e464ac835db116efaac09560a277e1b4c29fc68fd57ef45c72415e38703d3ae4af8f416b99f0c0e4da4859406cb8b4d889c94c6cc8d54fa70ebea5cef8a107775d8f486cf388334f956a78e67b6dde718226b64f87cc97268814f7b64d95d48a0eee64723a975b90bd0c74578f697e24e413af8ee85889178564e2bd6df5d2d38d3a1a51e5add715675ef915c38e1b8c42be172d11ffe32d6700b3f2e6f3f856f6b5b213b357e3ce134ca24c54cf7a773589c88fa44bad41f2acf9765b570485340133adc7d9b548676fb8371fb8cce219772114ef719f92dd113fb8cc490c501e30eaa28513b4bbae5ad9b949787a30eb0a1dae9d85a507eba9651dba8239ec3d62dad0c41e256c654bbf1de3de24dc2bd71175723fd789f4be351d88e183d4e35243863e0e9a0bb9bc8900bd84ab0da4e5716913866f84a7223bdfef5b06aef21efbf429dbee04856b5f324cf3ea8fe0f0d7de38328c3488d4abfe563d2782d22bc5310d01c4cc9a475021378b594c53bc387aa3f0b286b8e345b674384bdd35d31f7b72f7c28314b3c0c1e3225f5e71a6fff09e110be1f4b6515a866845664b0cdb4b9f375e6bd1368d8d0bfd1a385e988e2edddc7ad40f3bc3ea31700338e9d130dfd9d066933831d87a5c37b00ff6b930aa3b8e8c613a38241b2e7b9c53717855eeca549e8ac37cd3e42ac3a9d51002f39ce63ab5cb5bbc1320b92a41b29e7ac2efe93d3ca14b313238ed656778bb56785d079fdcda8aea0972380f27e16c72114839884d5d47b55acae514d55dc198a681d3d73b052638891fed81b6c76974c9540d3053f8db0c68f40d0db5e698a4b760771a0fed09a3ff822b4938def48d84258f4f2236f52e454e6637e1fa2298ab9abff16e370df87fc06e626ff8cb9517d26b64e58ccf1223b27f3910d5a6824fd840c2aed131ca82c962ea99acedca03e378d150a14c6d9cdcc864d9d78d015c6318265dd680c8fccb22e0872926b31ac8b6297d27e083834343bf94f74c8960293852e7ec081aff36702f0b4d3a111b165802a3e3c0235de79939f7df11989577eead71f58b777fcae8132a908ac216b6e4da08d9080e0867e023a1874c570a673b968f3f4e44a79d9fe1eaab89ff044036bce8343a3311292af4e131688d8700b9c92b2a7e777e2703e164f38ebc3b2ba59882d9600fe1d28857b2a1c1872356e9a2483fa2302a137636e9e35963757b7eac767538b8b1d360402564a60602f65556d916f52a3bde3ffa0cc54c762ee9a95a0d17e396f93d45096014de4d0e3b58caf98cbf0af2131d75e802e4927669a42ec7243c80fccfbd5d6a7aadb5983c15f515e975f86bf309ffe7abf352325964dce2f82dd0fa34567c3cdad55f2dceb978b0261b363a078b9f8ccaca5c04e310fad60c9fd8ecd258df7d8ce42a01b93763f498aa218dd45fee9042ebece434af4d19433c09048bb7f25b793908f0f4936fbe0804cbe849e7f35c8b588d36d4379239b76116bef3c55fe1e154ba994fdeb32e127c5e5e4f94c74862a9be7c41655843ee97525b98eaadc684f6824921665b53ee957320aafcda1a411c94771c8416538360e4690778edbfa549c1c08d0b5b77015f422af9d2883181e6c74e3c8ea2b410dc4ff510e31547de5de30802c0d45f33407cb6e6bf0bd0d99997911b7bacc3c49917ff0f10c35c70b79bf2fd73b41bc0c83c132818f63c5f0821eb178b482c0b07cb46d22afbea1a44aefcf25ad313f0e09da16896b664f87ffd3199239f057f483ee8a9409c65235d1a3445a5bfcc17c722925fcce28c6b46f81d8a8a880540f6470e463929c62d54384ffc5afd139a1c38d4276c4f2b723c53c1b72e00879e8b981f2bf97cfaa914b8a66f272f7e31d2604d3f12c09d2bf26fd0f1527296fe35ca45f7799ca65a0b4f265afee74ddf66071d33bc154e51571d393dfb6f346becaddb10ce9e5156a826fba2a3135591d8187208f9638939945e11f739f38fb134706b55fec3c9aa1f6dd807f5a9cd32884a66f9025808d68a990ead9b53bdbf33324f3f3e61bda260ccee7acdb3ec75f4b32b65460aa6a5e43d1771a9ea2944898a1f73784e5ad2650b28407e545f1135339976cc37b126907398964c67eaf797e9caf671f6db33358e288a541d2bb47a4a51f61f28af49c5c373d8746ce408a8b3f25fbd276d2a10ef24337f90718b39623a184620d5c98f9691b4c94de5416b166d2a93a91a00d16a128b2fde36a2c4b5af9abb8647c50519abc76a0d2c1e0abf32961e904d815604290855470b312fc39e95d619ef8246ff73d598083a89d86a82c536079e876a4801cc9da9673937c4e7c3142b19b9d3defb3334eccac6a8870c4758db44ddf43d9de0aa68060c1f92b0002d473673588bbf3d5049885484e3e351a6c8dd0f58c3ba7508ff42532263ed3c0948b2ca36d7d9729111474d5a6dcaa452f5aff077a4ba22cd20eb7896a483f1fbb9d041a9a347a6e322753b612a548c8c04061f199886696a9b9b3b744ec079f252d064dad699a43717e1b4dc794962b97b9956e5c8c0f78c803dbc44bbec1b45e986655c0c06af7babab794670345504203b2a687c88ec87dd4ed5df0c8ef3e0f89189fe12f3461a355d7ed1ad6ee03720a994df395f41872614e330ad1f0f889afb9479638ea3906a9801782e19d7cfac4733ca96ebdec2bba246b2bc81ff045189cadb3c0f2fcd2537f2d146f0e1300ec42e728a4e2252b31ead26f5c62f07f607474dc52ee05331564bc6558a299cc3a141b28ee6be14ae18ee6b92179f76f52a241c81f1a5d43d5b2ef10d84abda6aaf5ae1328a8c85e6a31f55dc66b417dc3f344e899bf4165cd22ff8f20a72b5c553ffaf71bb3d40b0650d75d81356d494da90a8184621cd285ade7db38e0eebaff53121b9515768138dd667f7de8f6d60218d940d3a6ad1b5d4b736542f5459a0bbeb70744c7503dabcd0bceff6f09cc556dbae0102c54472d4d6cf9a0300fabc3bd71826ad475335e9c7c923a37e08d66a6f684301c3be6b3ecd9732fccc26f5c51c739da70e4401e5c163a2465ff8a565c6ca5c5bb52ca80d0d6d1fe715982e526b24fdb73f0e03c80cb880e1ac6787c3c9381e51a82f8ec1296c699bd4cf55775d5b66cd84376e72761f64fb60437c55f83136548ec64f27f158fe675da7057c847c2e4e8f5f4b7682f3e8c098d6e4148329ec65bf6950ad5ba66213cf8f6cba2361dc7a365c2c58f1b2a8f227c9fc38bc7b6eaf1b76c914e9e15929ca2fb1943354529d4f110f8b8d325aff97579e7a2c18fb3bf278af50e84422ac31851d6099224e20079bcd3e6b6bba462b0e39e2659eb81b3fa789061dfb016c730492e46064246a6d60efae49258013f553cb1116ada1cad46f34eab64112966cf9a23d5028293a9e53ec177379734e32a5ad6b11187a4d12a9ef8b3c41a8074a8033dfde335348d3926b8ddc19fc03c81e39b8508e2833d1645b82a9ba176118cd111ca2f2975fd8ce446201c67b69147fbae9e0b0ea1a5deecf6ffaa4293ccb0c8ab0108f2d15274a6895daaddafd7bbf30c057b07b4e1bb4874e57c9e4da00a79b12871d680ec87287fdd4417c911bb596a407f890ccdd77b2682f573cd29efb6b3deb4b622cc3c98fb7707c08f890bf49e5b0b55608717c6c3e7c9ac706c9f1f6e96b6e9387b1e91bceb6b4aad6c40dc441af22ce3246647dfd276d663d0be0622991d749f56be00c868be61e684107ef238c88aa562795cbbe2c0ca39f0fa5590c32c00f0932f7fd1b52be2f9203cd1b3fc16d62941c5428935dd7a8d797e36198db9564ff50fd66c0381c3898941fd70f8ddf36189d5677424d761cfd0e845a10c0772b6f97175e234bdd5d8579ef377074f6046b1e440d020934b337901a34d75d8e57e86e6fd490d3acea79257062418a7cdad231df477602fa84f0959a11abf54577ba4c1f7c93f6d8bb9131887b645a956f003e4743b16a3ddd4150712ce40f7eb615043bfa38778442ad161b41537f219ff0e302e171007ee3569f962bce61df03e557bcf2ff22656b5fddbe068a1357d452f11296777528c87a6620c7e7b38b9d049e62cd6fbfc06f9df6f8191ea50076656c24f4f677d51fd887f2ac1287ef15f967371148f086fc3ae69e2f75253e0bf171e248d55f856a5127112da4621f9d7a2fe98293ff181dd3e5d1c5c72793a09496d9f384bb4988abad36f44773a249a3898d04c067dd9a1250d9a560be7241ffdedc0214645e63ba7f2c2c97a8ae30a2befa5b808b7c72f5dd3d7555efd7db7a925deb00e27ba4350969504084ddc5be74ad5d239ffefe5d0edf52622a1d79591ea792164e0e39c46e42a51e66e1f537de82b94577d596f1c11b5b0da4e99913f3d39be4eca0c11da9a0db61e2ac36c74b5ba8cc2eeb6c5f15c066738eed1d1f99ef0b4ac9173f6c0778c09d978b56acc579106ab8e1b9e42ffcc4dfe044586a8c40dafcb6ec92fe996236045a172d4a2efbec757280ddb097c1d85cd7ddf78775d3659de3b78dc63ced879ae3c8c5bdea9da10f9a0a5c2e6eeb62dcd72041d3ee9dd6aa01654519b4480b679e71990c74a3608f7ad9a1c9b39c6a80c01e087149453b20cd0b6c99c7a9d5e830cd7b84e7dbe754d283f077879a5bfdf51b425cf6e79db95824541ad94ed650eb44d72c67f91e232d1b144844d068de2fbaf65304ebef9a99bcfbfcd158e012e9458d00606ccaede3ab93b3b395c32a046b5d037beb94b28a3b0d270c05e2b89c0cd1f783c8747f81c729e69e1be255decd8e789682c1abb6a3dc01f9276c5bb90697693f0682f21374a870f472dd1b32f69b94e4193a7aa896330a555cd0d44e96595c96768952710989b919dab5b535fa08104d107cfce455d76d56b3903a2bdbb35f4468c287f34f176b7433679ae2b81bb6d0711516285274c24f26d316586434d046abfd866a61033c11dd56a06814e705317999d8548ab229bc6faee27fe6176fb85a9e3ba7c9465327f72f0b163ccefd6730b146da3cd51788b54ebe0d82957236898b8cc165f839fcaf05fdf49be97e066b7dd97ca5c6b17f4917dc80696e8fd009ac576823df4cd676b9ae853b455bdc72813f3", 0x1000}], 0x3, &(0x7f0000002a00)=[{0xd8, 0x112, 0x7ff, "03f0d20ea64715bd290677764557ed956eb360c235fee5c6733948bf325e3b661aab500dad14b899669325fa610d11cc0f05d4906b39991340d283e7a27ad5ea2403f87f415a06a85bde7ba5d20326b660342173359e53ca8516cb1536be5ec9be850a4fd3dbd372f2748fb4d4e4fa39b9f22bb1ed434d10f264954e13fe0dbce07d246a4bf1406b36aa0deb1212198b4730d6f9cae57e1a0b7955f15f12def0c69324b49fb94bc86c0776d8d431de871e3358f7330bf8202c3dbeaa99b08404b4"}, {0x1010, 0x0, 0x6, "674001d238cf2068fbc71f806a47f8da85e1176fae8b31e6f8a4dd9d9e7fa88eaa7d51b3a7962d4cda6e6ac5eea6c00b02d37c3c753b33ccefdad3bde32971a9215039b80b44483280a394ad247176793ef5d7391f661ff7e50f3b8cc7c2239f780df057e401e96b1d233b16e62dbe632c012dbbf007c9410fcac86c395af6a3baa55bc5fe8ed5d6693fa0868f6828fef3e2594b1fd2d2d38b54f4c3b1b65dfe547d63d91a34fb462ae14aa08f025beb23a53c131c70047a3bf81b1500405b1de48fa6a5b74643aec9bf19fe84559c40d7527aa8419be0cc67967540d179acfa5ac267e2ac362309f920d8bdee85273c6b1e615a5ebb10a9103b6a85a74badf92cb1aa02e68adc5f8ba7ae601fa8a133fbd200da39dfdf542a199d8986ec95682d9d7bb5f4f7365482be9fccc59ce01f892f26346d232a927e59e05b775172b0e176de90aa180985457b2ebf9dbc52c8cc89e8f28422a4ccd14a94f38c6d2f0d59a5adb4d1e9c28a0fd9a1b954ce580b9c79a8b6ce673edd38858fd6ff39e11421f32940afb57d2a6f0dcea029bdacd763981c1dc8ef60e47db1545daf95e09e434ad0eeb9d23394088939bb37eafe1d30b2b9c9f3c58409f33e99e3062228564c30b60823214494e574912f56d3c343c05e6591c9bb3fc2f024c5c15a63d14112db78300875bc540206ea40c6e844c130192130a0324073ddd4f44aaf6315dc104f199a1451e7c29753887b770be0fc0c2abf67e264af46ab7de71a96cab58c450dec8b216ab5d81e0f97b795ff4286c8407b6c7b881bebf43c0a6738cc12b9f3bb0ead53a07c22c68a520087b5101d4a91fae344be7fbdc57434501d83b2ba09cd5b21c1a58ba094f1cafe3a8448b5ef71145b3f02d0ba2fed773f38fd5d0288ee2d4f4cfbb3194ca34a7d7cc044e4e79d309e7ce2826c0542cbb1c99a67cd289d5028621121e087115e79cf250e1f941a84ef55d9ca18a44316017e5a89772b210a9ecbdc31a22c2f558011c58654577aeba710ed62545faee1cb894c767ee81c23641f9f92a80190aa542a8261c4246c269803db4947a8f7ca9bf624e7993f94f23c659b786b542775834d0b4e38814c63350b18cb22bab26989bbd329c48cb2cf77ad26137805c57b6c70320a8ddfc0b62d2602371d6f9450693142f99c492f2228a29f91140bccf9f8ed60087ed854156d69644a8c5d300ff94c35ae3ccff494e16e201e0a6474d453f8bfb6ae8c09a89500a1fab6b9317b50ebd0ed75536a26095276575379ceba3cdc191ce632ae239a73778e32722dfec2cfef70265bc62ddbb78667c7e73402696e1c633356108fd54a07ddf32a1b05ebe7fe3368c441cf55d91764daf245fc6acfd76626f1d3d7d9050aba6927bc0554baf2d9a84781bb9b5d8d18d1622d4e0a893523da170439ec538083105a56ed5aea0a21a40ff45bdf6a366f51d1e2b30186f541174bf85ee501e9a46caaed0b7ca675619b68385587574fadb1974ce1bf5c7f16e922f1439933ede8039dcb87d6cf41741d6858f1bea3e356392359d4175276042ab66a60c25ae3126fe90017a95c023d19cdf1ee29be5026e1e0e6ab86052c32bb678e5c77461d67c9874c8f6b1dae4cfbbb7895c9ffb57918c651e911502d56b5b6ced7a1916e614b8f8336f309efd20fa2415c763bef9a54bcc52d8677e00cbab856a9729937432d3c1c8420ec21d66c01b232517ad6a771e5f51a406f2fb422d9d99d0f58aad293c8698535672cdaef151e2324d4b923060d71398214ffd7c1457820377ddffa1d142ddf18a4f0034b78672c9cfd75610a21b9cfbc80f929b6bf94e4b0b8354e1395e7e4315c106d6d38569629c2338bd19bff6e1c412dc9b91654df6574b9a40c6078186b0bd3fdff0546566338c596ea934820b1593006998a8ef0f49aec2bff30edf5cb3b390f43bfa8a6c65dd34e66965e8464b4ab3abf663127fa428a72e194497066592ef0be6e36060a9d59966c8e03b8ff9e283b2bbc72a6bccc36d3e8ad16ba1b534aca9fe5d8f7794123826d18897c2354116daa64b7aec5da867cf785cbbe79bb261ddbaf4c371893b742a8a211707ddfa2cf6276a94832f2748c60a2604605105da5088d00e3f085b0fd4b6282a6614e84130c9d38b9969c63eb96330b340971842532877353d8bde4a7e15116964d340724595c073d77a3da698c2627a4b6bbb361eef88eeabec81c1040599152b308c2375e41102f9c347c9db38da153280f1bd5113ad1ef3cf38c8b0639ae82a2a12fae15033f32a9e3bcd5f04081a20abc7ad5168ee56e5b2b093efde2e4ee7bc07d505b3c1d8ea8b0023ff854a2da2ad91547a3f7bbb87e49ef3c092d7609cce6701813b0b1d039f7865c333815da88411345a384ad3049a02370f642822d0d915775800a469a525d53926b6d2f32d826912b3a9c53e16d1600685dde3052c4a6ede1846a0bc47e35fa81caf5317c8e2b2b9e8adb0c7348e86c8d52b28c71963266125bd664a2755ee7fb8ccf9875af502193b54efaaff48636b7a85b6192acea7e3fdd8831e6ec0f0112e3fed637826e0a74260c8f59b74e4a4c4e81406714e670d63bc8959e42689bb0d8aadfc7bae0e2b14c7c643504555883aa25c7236727e7dc1b895a096c1cedaaa03319c72793a47b267c30dc2f1f44c7f7a9103e2303e53195aa739627917a1dd3e5c6154a8c2dea89b1d34750db3bd4dbf7c2bf1c58a3ce5df8d7212d38eefc9c8146e114a0e46f1e59061509ff8d70f07b58c733b847add03274a1cb36cc23a1e3374d6946a19b3428b00cf825acba29caf194e7836150916cc34d23f888e2fca74e97abf297ab4fbb701662d7cc670fcdad311bb667575afc81c8407fbb553a696ca7c5e1fc06f833cedee399e15514154bbcc9c1bdcbf86dfdc08a7b032e3c741adb4dd2075aef2ac04979a451aab4f46e5416243d6deacf54c14b2cdbabeeafc74577718b78643bac8624f365e7125a5041153ef4ef4f8535fbd16741eeb7b659d195ec4d19638fdc32c751c3cffcb6ca66fb2fb7fdd82eb9a87f0988d0ed1e4ec7fad664d4292494315f44a1bb7764377a1e0dc38c2b9ae0707bcc79ef627c4bebce372db5092ee71414bac4f4364a03e982444ef9735e8bb0f8c5d47eb1721e6283ae8e5d3bb5a0d0cdd474c90685d2b30ee697fcd852b659bcfb64a50ecca51c6efdca04484d2442971334920f72b01b7d1c0baa5c018ca90de834ff9f25a835722efc0bdb072dcb6963efb297bc9779381d567c103ece203c372b4dc2444823e25becf8684b4e6ad68be3600c6dc6de813ab48cc4faee3e7f74251b9fe571fc8042c2c848f6439caab8ba2e5d7b205d77de84e64fc9dd21e50beff2b6abd0009236d2a93e4a342a81071fea4a184805bb142c2aa29475c942c963a6cdd2ed4cd406a3de0a678771f6ca56d7512e8562ad6aada09dbfc2d799faf47965562cf15b01be10088fcfe4c6d450231429a0b312b613483e64385431026464284f122b7c26bf7575a33abbd03d8dcc28c2b0416569df2308ae4cc76147f247aecc9b1d3f3cd120adac990635f8cf409dd18bc17411cc28fc206f527a850fd0145653c5bb618b2904621695a89b59257bf7eddbeeb9dbcc3d4fa8f90135879195cf0a01c0dab98ba5c14bc645e8f15518b4d830a743ac7e642b9872635f6ddf075b0572d118e60448351150164bdb35e94d168cb2e7991dc5cabf831b660df497ca22e63f74e47c191da8c1bac660030801689ac14f02ca173b0abea684355c5e64f495d7c36e1b5462deef6e9373179b3b26047111748dad5f29d39ed27545861973fdd338e311db4945e6cbffe207d4b69741304ff10e953e8aa04c08c207d96dfb35a05fcf76d81b9700a6f4d1601bf2b50d5a342497a32f4cb9c5580d7bea7689aa18ca3e08479de0ab0b020269ace647ba2a03c8fcbb8e1c15d3aee732bce8bc5af8a2c7d657e435840c3e7a451b183fd6090a5afe8790130f5b7d1a0b97995970897d171782de1f76cd76ff8d16688219e757d691dd5b1a07c2aa8dff21bdd1462e7248f4cb896d308597f27d52b876838edcc34305d4df1f394b4a7b5b918389bbaff27424f39528e70b18a5b12f445b0395f0f4bbe83de4f8e614234751254af5ae486a1666a5e14989e541ca254376d08c4f331643a15d6393af13fd0c37a64634d9bd84f1fbd48b5800d3c0a777ebdb571f32dbb96a2af2baf198b3a4b6297802f92f58c9690ca76bf20c1f2273b649cc8a720b4de5d9c9099b9e33083f8914fd122eff2aa143841b305fa970d93715c56bdbc80a757aa6007c68bfd9d7a2bbe913d18c8a73e2e923d1fb5c5d9bce100beb063a8f38668670a2a2942d43bcfdc87fd0a2c24be34ce84942cd48dabfda69a01fc6cea581bdbfbead5ab285c255b978843d776250ff92ea2ad0ad7e4658fa9a45153bdbe8b5956706d3a67d32e41906c7a51c6988bb9370c572486d7243977b30c4cdec975d6f9cae74bc300435bc2095b606ae83cde93c2cd81f81cd8ea12cad96afd90841b669ed9dcf97148fb79098682794b8a93fc998601498ea8ee0519f874374173a984d989ee28db660c0d43850837b25f153bdfa991b3e78797bcc106a63870f91ddc8517114b84b7ab8e7dfd5e93d536c3d2136da5a0db09b888bc08d28fd3f15fa60b7781d6dac70f8d747240df040798807501e571b07f2adf8a810172bbfeaac2aab6957923b2ee082c321d18fdf5b57d0be95493b9df021602200ee7b103c5a6334b957f3f28a1872e8bca67ab183bf296b93a26cb0c51eb533125a8d36fee7c4a7138c0776e81fd0f2294abfe7272fda831e137c863c3f188e57b92cc405d59e085fccb9f7ef5aaefe0ee443b90e5dfcb316f7d5185c0c4dfef1d10d712d5be95ee9aa66af40d696f83604df5fa03333bba5135226f152fa966c4847cd03f3ba242ae39d5499815575921d6b5c23533efec7e23e904c50b58f208e67740c0576044bbf653427c2e6e3771044d198771f9276b48b89d7caecfe227647a0e71c501f42120054e575460fb189fc889815cd205eef0849048f2bb2008f37e2fa6b21bbf5d581930aebdc50717924d32bddb94acedc0edc08b8528d1007aa59e8f6f603c6d4d3509a0350604da232002c6cb90da4928f08b8f5f43af2312021b20028e9446b44289ad8f042bd853c765ad0e32004ae5b1882d3250a8162b14557cad26eb162cf794fbc10ba50a39c78ad4f176b51398c9360907975cdb4660079cd0a57659cba2bd1d4908b7554210d031886ba0b67f0beaadb1bab3312ed95f4083a076123463740f81aa0b3d5d0026074b92c6c9755e0eb15b11a427eb4c9cbbf01b2bbf8e7744d6ce66b95cf11355e48314f24cc8cf3d5546f7c92501986870164bc610ec91a4167625526b72ef0e0b0b4b133dbfd8f343614cd5226a13721e5ad6c03eca6680ad8c87c357cb52835b765bbd6344efb0fd7fc47b4f989b5b0f32e2a5f86278895f09827774e5b17960a2dd15dd4846ed825c3de884ae247fa8c24322a123fff018f3c1947e3719aaab95146405f7337d592800059e9452723857c4c7897ea8af8049647dc11410c9d288867b8ecffc09bb0df11a9ccb4d8d21184d1c3442c16acd279351b4765eac0a2389ef9d14c7f498707a3e6038a20f5c7bf994713ded8de7bcd44f6f3f914c4ce8b591adda9837658877259df9ad6d7ff7d19f9268e453a9a13bffe8638c227c87218aa901143809b6bd83ca3413f9047a61bf98b7ccdca6b4ca680"}, {0x110, 0x6, 0xf64a642, "ce9d6d8531e49ad4de95d12f97108aaca6eabe82c48a5fe4754f427df2b9bf67e90a9df0c12eacbcb07a3b6875bdf5ba7358f8ca212dcf85a4dfea0ffe5381eeba9ebeee4233e72970e45e286ae31f35756885d37a5dc8ad8222335c438e2c423da87fc66b06cb75461cc2f37d23b2e3f27a7dbc7004dccf4a298674f2424b92a74f866b2a03942c4f3b8b3c9ac4ec102cb3dbcce0458c1e2864524de40ca00d6b663c6917eae88b7d0a3efae65839c9c5292279e5f1d8e8c348a32b60ac03864ea7a73851df973d3cbbea57f93f8713d715f6584826ef6bce5285baeed5b40fe0736486b18f311fd8b464bbe3181126e12c5db144571602b182e94926a8"}, {0x10, 0x19a, 0x3}, {0xb0, 0x10b, 0x8, "6e36b6ca5fa02bfdb91cd34e0a5ffce17d072f3ec92d714cc4717f5223918ce7b3a9055066b5d61472cdaecff3e8985d4ce1ee5da0f7ec879b0abcf4600b34b06fc89c661c56a978b95ea8fc236b864b7a6abd03551ffa97eb03336c6332072fd1500f09e3db7309f5aa9e013430658a24c0fa15c088ca99779523c76c69be493ba3514e7449b9554fd8d613d13b2fccdd7e75d079d93a23ae6e4a9d6a6d25"}, {0x40, 0xa, 0x0, "baabf3aa1f98bca4c9cf2b5aaac02e137f9c66c14ee92b28d94e4754c8d018aa01e4056b20b40ce4b7"}], 0x12f8}, 0x20000044) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = socket$kcm(0x29, 0x7, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000100)={r5, r1}) close(r7) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) 20.777251325s ago: executing program 1 (id=1970): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x10080, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x180, 0xc8, 0x400000, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x20b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xfdef) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c230000) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x110c230000) close(r5) 20.238017745s ago: executing program 3 (id=1971): bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000001200000024000000080000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='cachefiles_read\x00', r0, 0x0, 0x1}, 0x18) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x40000000001, 0xffffffffffffffff, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) socketpair(0x29, 0x5, 0x8, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x12, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2a2b}, {}, {}, [@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff9}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32, @ANYRES32], 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x1c0) write$cgroup_subtree(r6, 0x0, 0x9a) ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000780)={'bond_slave_1\x00', 0x200}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x100) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0xfffc, 0x4, @dev, 0xf5}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000100100000100007200f90000"], 0x18}, 0xfc00) sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000200)}], 0x1, 0x0, 0x0, 0x4000000}, 0x8000) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='devlink_hwerr\x00', r0}, 0x11) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b001ba2b5690800000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e00)={0x6, 0x10, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xe}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@ldst={0x2, 0x2, 0x3, 0x9, 0x0, 0xfffffffffffffff4, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 20.186519321s ago: executing program 2 (id=1972): bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[], 0x50) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) (fail_nth: 18) 19.828708197s ago: executing program 3 (id=1973): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, &(0x7f0000000000), 0x4) close(r0) (async, rerun: 32) sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x8004) (async, rerun: 32) close(r1) (async) r2 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="13030000760091"], 0xfe33) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x9, 0x4, 0x9, 0x9}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001dc0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37) (async) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000080)=r4, 0x4) 19.766881895s ago: executing program 2 (id=1974): r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x8, &(0x7f0000000100), 0x4) 19.679682156s ago: executing program 2 (id=1975): r0 = perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x18, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xb) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='(())') r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x4, 0x4, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff858500000073000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) r4 = socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000200)=""/166}, 0xfffffffffffffd45) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, @perf_config_ext={0x5}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="0000186df4b1768c36153d42", @ANYRES32, @ANYBLOB="0a3f000000a3f500950004000000010045"], 0x0}, 0x94) socketpair(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f2, &(0x7f0000000080)) sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="1c000000200081044e81f782db44b90402200000e8fe55a118001500060014", 0x1f}], 0x1}, 0x0) 15.485098496s ago: executing program 3 (id=1976): ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000040)={0x0, 0x80, 0x4, 0xb8, 0x9, 0x3, 0x0, 0x4, 0x80, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xa, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x24, 0x9, 0x2, 0x7, 0x8, 0xf017, 0x5e, 0x0, 0x5, 0x0, 0x2}) 15.3838307s ago: executing program 0 (id=1977): perf_event_open$cgroup(&(0x7f0000000080)={0x5, 0x80, 0x3, 0x10, 0xd, 0x1, 0x0, 0x9, 0x40000, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x100000001}, 0x6608, 0x10, 0x9, 0x4, 0x7, 0x5f, 0x6, 0x0, 0x7, 0x0, 0x1}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x1) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00'}, 0x94) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) r3 = socket$kcm(0x29, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48) r5 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r5, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r5, r4}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r2, r1}) close(r3) 15.38035573s ago: executing program 3 (id=1978): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r3}, 0x18) (fail_nth: 2) 15.355784973s ago: executing program 2 (id=1979): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b400a1010000000069106a000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x2d, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10) write$cgroup_type(r2, &(0x7f0000000880), 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r5}, 0x18) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0900000004001000ff0f00000500000000000000", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000ff00000000000001000000"], 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000700)={r6, 0x58, &(0x7f0000000800)}, 0x10) r7 = socket$kcm(0xa, 0x3, 0x73) ioctl$sock_kcm_SIOCKCMATTACH(r7, 0x89e0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x5000000000000, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1000000000040}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0a00000005000000010000000700000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]'], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r8}, 0x38) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000003000000000000000040000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000700000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r9}, 0x10) r10 = bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000500)={0xd14, 0x0}, 0x8) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e00130010000000028000001294", 0x2e}], 0x1}, 0x0) r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x7, 0x0, r6, 0x0, '\x00', 0x0, r10, 0x2, 0x2, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x7, 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000300000000000000ff030025000000000000000018270000", @ANYRES64=r10, @ANYBLOB="00000000060000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x5, 0xec, &(0x7f0000000340)=""/236, 0x41100, 0x20, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x5, 0xb, 0x4, 0xfffffff8}, 0x10, r11, r10, 0x3, &(0x7f00000005c0)=[r13, r6], &(0x7f00000009c0)=[{0x5, 0x9, 0x7, 0x4}, {0x4, 0x1, 0xe, 0x9}, {0x4, 0x5, 0x3, 0xa}], 0x10, 0xffffffff}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=r11, 0x4) 15.30658243s ago: executing program 1 (id=1980): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0xc, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0xffffffd6}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, &(0x7f0000000080)="e08e54", &(0x7f00000000c0)=""/209}, 0x20) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r0, &(0x7f0000000200)="753bb590d45e85046a1c8ce2ca56242b67726dad99d3a4c0e444d3068c8d9c540ae0560a2a441171a833c763178d31c72caeeb086e448a1e2bf99e011c701931e9ce1105b8fcda4456f7c34219d07392e932a85c1f9c57d52c02eabebd110df1c4c218c8d10f0f71a23ee7629a14835d2ecf85d79c573343f8d420db2fa9f4f638b719cb1c082b9caa726e5cc1b08e34bcfbeadc9c8e8d19a7831f8db9ed4cc18a8a7b81379ed734", &(0x7f00000002c0)=""/200}, 0x20) (async) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000400), 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000440)={0x0, r1}, 0x8) (async) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000480), 0x2, 0x0) (async) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000004c0)=r0, 0x4) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000500)=@raw=[@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @jmp={0x5, 0x0, 0x0, 0x9, 0x7, 0x10, 0xffffffffffffffff}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}], &(0x7f0000000580)='GPL\x00', 0x75a, 0x15, &(0x7f00000005c0)=""/21, 0x100, 0x40, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2df10, 0xffffffffffffffff, 0x2, &(0x7f0000000600)=[r0, r0, r0, r0], &(0x7f0000000640)=[{0x1, 0x4, 0x1}, {0x4, 0x1, 0x5}], 0x10, 0x7}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@fallback=0xffffffffffffffff, 0x26, 0x0, 0x200, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000780)=[0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0], 0x0}, 0x40) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000940)={r0, 0x58, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000980)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@ifindex=r5, 0xffffffffffffffff, 0xe, 0x200a, r2, @value=r6, @void, @void, @void, r4}, 0x20) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000009c0)=r0, 0x4) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000a00)={0xb}, 0x8) openat$cgroup_pressure(r3, &(0x7f0000000a40)='memory.pressure\x00', 0x2, 0x0) r7 = gettid() r8 = perf_event_open(&(0x7f0000000a80)={0x4, 0x80, 0x5, 0x6, 0x4, 0x7, 0x0, 0x6d6b, 0x1000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2000000, 0x0, @perf_config_ext={0x7ff, 0xd}, 0x10, 0x7fff, 0x4, 0x5, 0x5, 0x0, 0x5, 0x0, 0x200}, r7, 0xd, r3, 0x3) syz_open_procfs$namespace(0x0, &(0x7f0000000b00)='ns/pid\x00') (async) openat$cgroup_pressure(r3, &(0x7f0000000b40)='cpu.pressure\x00', 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r3, 0x0, 0x29, 0x3c, &(0x7f0000000b80)="c15d32de757ce95bba57e8c789642ee4628ddfcb4aefd3408ddd71dad1ff50257efd4e6fcf484aeb90", &(0x7f0000000bc0)=""/60, 0x6, 0x0, 0xb7, 0x95, &(0x7f0000000c00)="a9324572e4c256331f7d108b432032b6823dd23c32cb5f4fdd1181f3ebc111ff502722014ce9372c68a8361841880b449eafdf77fd8808ce8d67a894546dbe71f8124b93dabea519a98e050ba58c6ad8de265d0b50c7829b179629d5e3290b6e2a26efd0002aff146f1b7c751d993cd85499d5f0f3a9d1ddcf62bd904fdf428a7169fa35b3140f902508893c677051e7338d2b42d38a34a10d47a92a012963d61ff80dcc59f19aabc39213fc2c9ea95580add3158aa543", &(0x7f0000000cc0)="ab876b8539c91f7e6c39f047a71c64469c0b56f257857d13f376948c3f8cc47d9e94d7002865b298832e341393c34e4ff9931e3704989c13e12f282c197724421be7e56b4d7f8b63107a4f3967ca417e006c5661629a2e35a17b8f42932123d814f6ff203d39823d50cd589ed98b89d5a01cbb643c88f1e84b96d6f38e68a144253d69800684199f5da564f445d72645a17fd437c9", 0x1, 0x0, 0x913}, 0x50) (async) r9 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000e80)=@generic={&(0x7f0000000e40)='./file0\x00', 0x0, 0x20}, 0x18) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000e00)={@map=r0, r2, 0x1f, 0x2, r3, @void, @value=r9, @void, @void, r4}, 0x20) ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, 0xffffffffffffffff) (async) recvmsg$kcm(r3, &(0x7f0000001140)={&(0x7f0000000ec0)=@isdn, 0x80, &(0x7f0000001080)=[{&(0x7f0000000f40)=""/54, 0x36}, {&(0x7f0000000f80)=""/224, 0xe0}], 0x2, &(0x7f00000010c0)=""/70, 0x46}, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001180)) (async) r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001200), 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001280)={{r3}, &(0x7f00000011c0), &(0x7f0000001240)=r10}, 0x20) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000001380)={r0, &(0x7f00000012c0)="69c9da95ee4330d052fd5d1d9aa3a49c1ac7ab42a11bbe57eaed9b2c7a560c60108c75f2c297e3daf0c71398dd4f953ad4143e3c52cf8a5563356497e0c3574bab06888d09f66f23dc79520f0fd5040908bb096bced4fc4028bd506357", &(0x7f0000001340)=""/48, 0x4}, 0x20) (async) r11 = bpf$ITER_CREATE(0x21, &(0x7f00000013c0)={r6}, 0x8) ioctl$TUNSETFILTEREBPF(r11, 0x800454e1, &(0x7f0000001400)=r10) 15.012461917s ago: executing program 0 (id=1981): bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000001200000024000000080000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='cachefiles_read\x00', r0, 0x0, 0x1}, 0x18) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x40000000001, 0xffffffffffffffff, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) socketpair(0x29, 0x5, 0x8, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x12, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2a2b}, {}, {}, [@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff9}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32, @ANYRES32], 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x1c0) write$cgroup_subtree(r6, 0x0, 0x9a) ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f0000000780)={'bond_slave_1\x00', 0x200}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x100) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0xfffc, 0x4, @dev, 0xf5}}, 0x80, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000100100000100007200f90000"], 0x18}, 0xfc00) sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000200)}], 0x1, 0x0, 0x0, 0x4000000}, 0x8000) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='devlink_hwerr\x00', r0}, 0x11) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r8}, 0x8) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b001ba2b5690800000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e00)={0x6, 0x10, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xe}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@ldst={0x2, 0x2, 0x3, 0x9, 0x0, 0xfffffffffffffff4, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) 0s ago: executing program 32 (id=1980): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0xc, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0xffffffd6}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, &(0x7f0000000080)="e08e54", &(0x7f00000000c0)=""/209}, 0x20) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r0, &(0x7f0000000200)="753bb590d45e85046a1c8ce2ca56242b67726dad99d3a4c0e444d3068c8d9c540ae0560a2a441171a833c763178d31c72caeeb086e448a1e2bf99e011c701931e9ce1105b8fcda4456f7c34219d07392e932a85c1f9c57d52c02eabebd110df1c4c218c8d10f0f71a23ee7629a14835d2ecf85d79c573343f8d420db2fa9f4f638b719cb1c082b9caa726e5cc1b08e34bcfbeadc9c8e8d19a7831f8db9ed4cc18a8a7b81379ed734", &(0x7f00000002c0)=""/200}, 0x20) (async) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000400), 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000440)={0x0, r1}, 0x8) (async) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000480), 0x2, 0x0) (async) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000004c0)=r0, 0x4) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_tracing={0x1a, 0xe, &(0x7f0000000500)=@raw=[@printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @jmp={0x5, 0x0, 0x0, 0x9, 0x7, 0x10, 0xffffffffffffffff}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}], &(0x7f0000000580)='GPL\x00', 0x75a, 0x15, &(0x7f00000005c0)=""/21, 0x100, 0x40, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2df10, 0xffffffffffffffff, 0x2, &(0x7f0000000600)=[r0, r0, r0, r0], &(0x7f0000000640)=[{0x1, 0x4, 0x1}, {0x4, 0x1, 0x5}], 0x10, 0x7}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@fallback=0xffffffffffffffff, 0x26, 0x0, 0x200, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000780)=[0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0], 0x0}, 0x40) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000940)={r0, 0x58, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) (async) r6 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000980)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000880)={@ifindex=r5, 0xffffffffffffffff, 0xe, 0x200a, r2, @value=r6, @void, @void, @void, r4}, 0x20) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000009c0)=r0, 0x4) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000a00)={0xb}, 0x8) openat$cgroup_pressure(r3, &(0x7f0000000a40)='memory.pressure\x00', 0x2, 0x0) r7 = gettid() r8 = perf_event_open(&(0x7f0000000a80)={0x4, 0x80, 0x5, 0x6, 0x4, 0x7, 0x0, 0x6d6b, 0x1000, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2000000, 0x0, @perf_config_ext={0x7ff, 0xd}, 0x10, 0x7fff, 0x4, 0x5, 0x5, 0x0, 0x5, 0x0, 0x200}, r7, 0xd, r3, 0x3) syz_open_procfs$namespace(0x0, &(0x7f0000000b00)='ns/pid\x00') (async) openat$cgroup_pressure(r3, &(0x7f0000000b40)='cpu.pressure\x00', 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r3, 0x0, 0x29, 0x3c, &(0x7f0000000b80)="c15d32de757ce95bba57e8c789642ee4628ddfcb4aefd3408ddd71dad1ff50257efd4e6fcf484aeb90", &(0x7f0000000bc0)=""/60, 0x6, 0x0, 0xb7, 0x95, &(0x7f0000000c00)="a9324572e4c256331f7d108b432032b6823dd23c32cb5f4fdd1181f3ebc111ff502722014ce9372c68a8361841880b449eafdf77fd8808ce8d67a894546dbe71f8124b93dabea519a98e050ba58c6ad8de265d0b50c7829b179629d5e3290b6e2a26efd0002aff146f1b7c751d993cd85499d5f0f3a9d1ddcf62bd904fdf428a7169fa35b3140f902508893c677051e7338d2b42d38a34a10d47a92a012963d61ff80dcc59f19aabc39213fc2c9ea95580add3158aa543", &(0x7f0000000cc0)="ab876b8539c91f7e6c39f047a71c64469c0b56f257857d13f376948c3f8cc47d9e94d7002865b298832e341393c34e4ff9931e3704989c13e12f282c197724421be7e56b4d7f8b63107a4f3967ca417e006c5661629a2e35a17b8f42932123d814f6ff203d39823d50cd589ed98b89d5a01cbb643c88f1e84b96d6f38e68a144253d69800684199f5da564f445d72645a17fd437c9", 0x1, 0x0, 0x913}, 0x50) (async) r9 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000e80)=@generic={&(0x7f0000000e40)='./file0\x00', 0x0, 0x20}, 0x18) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000e00)={@map=r0, r2, 0x1f, 0x2, r3, @void, @value=r9, @void, @void, r4}, 0x20) ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, 0xffffffffffffffff) (async) recvmsg$kcm(r3, &(0x7f0000001140)={&(0x7f0000000ec0)=@isdn, 0x80, &(0x7f0000001080)=[{&(0x7f0000000f40)=""/54, 0x36}, {&(0x7f0000000f80)=""/224, 0xe0}], 0x2, &(0x7f00000010c0)=""/70, 0x46}, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001180)) (async) r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001200), 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001280)={{r3}, &(0x7f00000011c0), &(0x7f0000001240)=r10}, 0x20) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000001380)={r0, &(0x7f00000012c0)="69c9da95ee4330d052fd5d1d9aa3a49c1ac7ab42a11bbe57eaed9b2c7a560c60108c75f2c297e3daf0c71398dd4f953ad4143e3c52cf8a5563356497e0c3574bab06888d09f66f23dc79520f0fd5040908bb096bced4fc4028bd506357", &(0x7f0000001340)=""/48, 0x4}, 0x20) (async) r11 = bpf$ITER_CREATE(0x21, &(0x7f00000013c0)={r6}, 0x8) ioctl$TUNSETFILTEREBPF(r11, 0x800454e1, &(0x7f0000001400)=r10) kernel console output (not intermixed with test programs): f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 538.782214][ T8982] RSP: 002b:00007fbcaaff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 538.790673][ T8982] RAX: ffffffffffffffda RBX: 00007fbcad015fa0 RCX: 00007fbcacd9acb9 [ 538.798682][ T8982] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000007 [ 538.806682][ T8982] RBP: 00007fbcaaff6090 R08: 0000000000000000 R09: 0000000000000000 [ 538.814683][ T8982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 538.822680][ T8982] R13: 00007fbcad016038 R14: 00007fbcad015fa0 R15: 00007ffc2c44dd58 [ 538.830700][ T8982] [ 538.836476][ T8982] tipc: Failed to clone mcast rcv buffer [ 539.618306][ T9007] netlink: 'syz.3.962': attribute type 1 has an invalid length. [ 539.636793][ T9007] netlink: 'syz.3.962': attribute type 2 has an invalid length. [ 539.692443][ T9007] netlink: 'syz.3.962': attribute type 2 has an invalid length. [ 539.723794][ T9007] netlink: 'syz.3.962': attribute type 3 has an invalid length. [ 539.748441][ T9007] netlink: 'syz.3.962': attribute type 4 has an invalid length. [ 539.760031][ T9007] netlink: 'syz.3.962': attribute type 5 has an invalid length. [ 539.768234][ T9007] netlink: 'syz.3.962': attribute type 6 has an invalid length. [ 539.776634][ T9007] netlink: 'syz.3.962': attribute type 7 has an invalid length. [ 539.784611][ T9007] netlink: 126304 bytes leftover after parsing attributes in process `syz.3.962'. [ 540.388963][ T9021] FAULT_INJECTION: forcing a failure. [ 540.388963][ T9021] name failslab, interval 1, probability 0, space 0, times 0 [ 540.468038][ T9021] CPU: 0 PID: 9021 Comm: syz.3.967 Not tainted syzkaller #0 [ 540.475413][ T9021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 540.486045][ T9021] Call Trace: [ 540.489381][ T9021] [ 540.492361][ T9021] dump_stack_lvl+0x18c/0x250 [ 540.497104][ T9021] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 540.503322][ T9021] ? show_regs_print_info+0x20/0x20 [ 540.508587][ T9021] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 540.514827][ T9021] should_fail_ex+0x39d/0x4d0 [ 540.519665][ T9021] should_failslab+0x9/0x20 [ 540.524237][ T9021] slab_pre_alloc_hook+0x59/0x310 [ 540.529327][ T9021] ? kernfs_fop_write_iter+0x159/0x520 [ 540.534856][ T9021] ? kernfs_fop_write_iter+0x159/0x520 [ 540.540416][ T9021] __kmem_cache_alloc_node+0x53/0x250 [ 540.545848][ T9021] ? kernfs_fop_write_iter+0x159/0x520 [ 540.551372][ T9021] __kmalloc+0xa4/0x230 [ 540.555591][ T9021] kernfs_fop_write_iter+0x159/0x520 [ 540.560947][ T9021] vfs_write+0x46c/0x990 [ 540.565342][ T9021] ? file_end_write+0x250/0x250 [ 540.570265][ T9021] ? __fget_files+0x43d/0x4b0 [ 540.575011][ T9021] ? __fdget_pos+0x2a3/0x330 [ 540.579663][ T9021] ? ksys_write+0x75/0x260 [ 540.584157][ T9021] ksys_write+0x150/0x260 [ 540.588547][ T9021] ? __ia32_sys_read+0x90/0x90 [ 540.593373][ T9021] ? lockdep_hardirqs_on+0x98/0x150 [ 540.598638][ T9021] do_syscall_64+0x55/0xa0 [ 540.603104][ T9021] ? clear_bhb_loop+0x40/0x90 [ 540.607838][ T9021] ? clear_bhb_loop+0x40/0x90 [ 540.612580][ T9021] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 540.618535][ T9021] RIP: 0033:0x7fc95ed9acb9 [ 540.622999][ T9021] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 540.642785][ T9021] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 540.651352][ T9021] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 540.659380][ T9021] RDX: 0000000000000012 RSI: 00002000000000c0 RDI: 0000000000000008 [ 540.667402][ T9021] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 540.675422][ T9021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 540.683445][ T9021] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 540.691498][ T9021] [ 541.114676][ T9047] FAULT_INJECTION: forcing a failure. [ 541.114676][ T9047] name failslab, interval 1, probability 0, space 0, times 0 [ 541.141054][ T9047] CPU: 0 PID: 9047 Comm: syz.0.974 Not tainted syzkaller #0 [ 541.148428][ T9047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 541.158591][ T9047] Call Trace: [ 541.161923][ T9047] [ 541.164903][ T9047] dump_stack_lvl+0x18c/0x250 [ 541.169818][ T9047] ? show_regs_print_info+0x20/0x20 [ 541.175149][ T9047] ? load_image+0x400/0x400 [ 541.179722][ T9047] ? __might_sleep+0xe0/0xe0 [ 541.184375][ T9047] ? __lock_acquire+0x7d40/0x7d40 [ 541.189476][ T9047] should_fail_ex+0x39d/0x4d0 [ 541.194219][ T9047] should_failslab+0x9/0x20 [ 541.198784][ T9047] slab_pre_alloc_hook+0x59/0x310 [ 541.203873][ T9047] ? __lock_acquire+0x7d40/0x7d40 [ 541.208939][ T9047] kmem_cache_alloc_node+0x60/0x320 [ 541.214210][ T9047] ? __alloc_skb+0x103/0x2c0 [ 541.218856][ T9047] __alloc_skb+0x103/0x2c0 [ 541.223310][ T9047] netlink_sendmsg+0x66a/0xbf0 [ 541.228110][ T9047] ? netlink_getsockopt+0x590/0x590 [ 541.233346][ T9047] ? aa_sock_msg_perm+0x94/0x150 [ 541.238313][ T9047] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 541.243802][ T9047] ? security_socket_sendmsg+0x80/0xa0 [ 541.249298][ T9047] ? netlink_getsockopt+0x590/0x590 [ 541.254531][ T9047] ____sys_sendmsg+0x5ba/0x960 [ 541.259333][ T9047] ? __asan_memset+0x22/0x40 [ 541.263951][ T9047] ? __sys_sendmsg_sock+0x30/0x30 [ 541.269000][ T9047] ? __import_iovec+0x5f2/0x850 [ 541.273897][ T9047] ? import_iovec+0x73/0xa0 [ 541.278436][ T9047] ___sys_sendmsg+0x2a6/0x360 [ 541.283140][ T9047] ? get_pid_task+0x20/0x1e0 [ 541.287763][ T9047] ? __sys_sendmsg+0x2a0/0x2a0 [ 541.292587][ T9047] ? __lock_acquire+0x7d40/0x7d40 [ 541.297673][ T9047] __se_sys_sendmsg+0x1c2/0x2b0 [ 541.302573][ T9047] ? __x64_sys_sendmsg+0x80/0x80 [ 541.307581][ T9047] ? lockdep_hardirqs_on+0x98/0x150 [ 541.312844][ T9047] do_syscall_64+0x55/0xa0 [ 541.317284][ T9047] ? clear_bhb_loop+0x40/0x90 [ 541.322003][ T9047] ? clear_bhb_loop+0x40/0x90 [ 541.326720][ T9047] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 541.332645][ T9047] RIP: 0033:0x7f7fdc19acb9 [ 541.337092][ T9047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 541.356744][ T9047] RSP: 002b:00007f7fdcfb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 541.365193][ T9047] RAX: ffffffffffffffda RBX: 00007f7fdc415fa0 RCX: 00007f7fdc19acb9 [ 541.373230][ T9047] RDX: 0000000004000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 541.381326][ T9047] RBP: 00007f7fdcfb3090 R08: 0000000000000000 R09: 0000000000000000 [ 541.389326][ T9047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.397320][ T9047] R13: 00007f7fdc416038 R14: 00007f7fdc415fa0 R15: 00007ffddb25e298 [ 541.405331][ T9047] [ 541.845996][ T9073] validate_nla: 4 callbacks suppressed [ 541.846014][ T9073] netlink: 'syz.3.983': attribute type 64 has an invalid length. [ 542.600293][ T9097] netlink: 'syz.1.990': attribute type 21 has an invalid length. [ 542.878269][ T9113] FAULT_INJECTION: forcing a failure. [ 542.878269][ T9113] name failslab, interval 1, probability 0, space 0, times 0 [ 542.895901][ T9113] CPU: 1 PID: 9113 Comm: syz.1.997 Not tainted syzkaller #0 [ 542.903269][ T9113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 542.913388][ T9113] Call Trace: [ 542.916893][ T9113] [ 542.919866][ T9113] dump_stack_lvl+0x18c/0x250 [ 542.924609][ T9113] ? show_regs_print_info+0x20/0x20 [ 542.929860][ T9113] ? load_image+0x400/0x400 [ 542.934425][ T9113] ? __might_sleep+0xe0/0xe0 [ 542.939097][ T9113] ? __lock_acquire+0x7d40/0x7d40 [ 542.944178][ T9113] should_fail_ex+0x39d/0x4d0 [ 542.948927][ T9113] should_failslab+0x9/0x20 [ 542.953480][ T9113] slab_pre_alloc_hook+0x59/0x310 [ 542.958663][ T9113] ? kvmalloc_node+0x70/0x180 [ 542.963397][ T9113] ? kvmalloc_node+0x70/0x180 [ 542.968131][ T9113] __kmem_cache_alloc_node+0x53/0x250 [ 542.973574][ T9113] ? kvmalloc_node+0x70/0x180 [ 542.978371][ T9113] __kmalloc_node+0xa4/0x230 [ 542.983024][ T9113] kvmalloc_node+0x70/0x180 [ 542.987582][ T9113] page_pool_create+0x1eb/0x5c0 [ 542.992499][ T9113] bpf_test_run_xdp_live+0x203/0x1b20 [ 542.997985][ T9113] ? 0xffffffffa0004740 [ 543.002189][ T9113] ? 0xffffffffa0004740 [ 543.006404][ T9113] ? bpf_dispatcher_change_prog+0xcbf/0xf10 [ 543.012450][ T9113] ? 0xffffffffa0004740 [ 543.016657][ T9113] ? xdp_convert_md_to_buff+0x330/0x330 [ 543.022304][ T9113] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 543.028619][ T9113] ? _copy_from_user+0xa5/0xe0 [ 543.033468][ T9113] ? bpf_test_init+0x119/0x140 [ 543.038288][ T9113] ? xdp_convert_md_to_buff+0x5b/0x330 [ 543.043810][ T9113] bpf_prog_test_run_xdp+0x7ca/0x10e0 [ 543.049269][ T9113] ? dev_put+0x80/0x80 [ 543.053398][ T9113] ? dev_put+0x80/0x80 [ 543.057513][ T9113] bpf_prog_test_run+0x321/0x390 [ 543.062491][ T9113] __sys_bpf+0x49d/0x890 [ 543.066780][ T9113] ? bpf_link_show_fdinfo+0x390/0x390 [ 543.072287][ T9113] ? lock_chain_count+0x20/0x20 [ 543.077185][ T9113] __x64_sys_bpf+0x7c/0x90 [ 543.081725][ T9113] do_syscall_64+0x55/0xa0 [ 543.086172][ T9113] ? clear_bhb_loop+0x40/0x90 [ 543.090888][ T9113] ? clear_bhb_loop+0x40/0x90 [ 543.095596][ T9113] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 543.101522][ T9113] RIP: 0033:0x7f9ff5f9acb9 [ 543.105965][ T9113] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 543.125617][ T9113] RSP: 002b:00007f9ff6ef5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 543.134068][ T9113] RAX: ffffffffffffffda RBX: 00007f9ff6215fa0 RCX: 00007f9ff5f9acb9 [ 543.142075][ T9113] RDX: 0000000000000050 RSI: 0000200000000b80 RDI: 000000000000000a [ 543.150118][ T9113] RBP: 00007f9ff6ef5090 R08: 0000000000000000 R09: 0000000000000000 [ 543.158117][ T9113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 543.166128][ T9113] R13: 00007f9ff6216038 R14: 00007f9ff6215fa0 R15: 00007ffc591eeea8 [ 543.174202][ T9113] [ 543.179430][ T9113] page_pool_create() gave up with errno -12 [ 543.250732][ T9109] syzkaller0: entered promiscuous mode [ 543.284629][ T9109] syzkaller0: entered allmulticast mode [ 544.621694][ T9147] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1009'. [ 544.696561][ T9147] netlink: 'syz.0.1009': attribute type 29 has an invalid length. [ 546.061721][ T9147] netlink: 'syz.0.1009': attribute type 29 has an invalid length. [ 547.181176][ T9200] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1026'. [ 547.825975][ T9225] netlink: 'syz.1.1037': attribute type 29 has an invalid length. [ 547.854901][ T9225] netlink: 'syz.1.1037': attribute type 29 has an invalid length. [ 547.888341][ T9229] netlink: 'syz.1.1037': attribute type 29 has an invalid length. [ 547.912143][ T9225] netlink: 'syz.1.1037': attribute type 29 has an invalid length. [ 547.950399][ T9225] netlink: 'syz.1.1037': attribute type 29 has an invalid length. [ 548.244507][ T9237] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1040'. [ 548.257504][ T9237] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1040'. [ 548.275825][ T9235] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1040'. [ 548.434297][ T9246] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1040'. [ 549.542657][ T9262] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1048'. [ 549.553905][ T9264] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.1049'. [ 549.715057][ T9272] FAULT_INJECTION: forcing a failure. [ 549.715057][ T9272] name failslab, interval 1, probability 0, space 0, times 0 [ 549.729264][ T9272] CPU: 0 PID: 9272 Comm: syz.0.1053 Not tainted syzkaller #0 [ 549.736715][ T9272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 549.746805][ T9272] Call Trace: [ 549.750102][ T9272] [ 549.753056][ T9272] dump_stack_lvl+0x18c/0x250 [ 549.757860][ T9272] ? show_regs_print_info+0x20/0x20 [ 549.763114][ T9272] ? load_image+0x400/0x400 [ 549.767693][ T9272] ? __might_sleep+0xe0/0xe0 [ 549.772347][ T9272] ? __lock_acquire+0x7d40/0x7d40 [ 549.777538][ T9272] should_fail_ex+0x39d/0x4d0 [ 549.782285][ T9272] should_failslab+0x9/0x20 [ 549.786843][ T9272] slab_pre_alloc_hook+0x59/0x310 [ 549.791937][ T9272] ? sk_prot_alloc+0xe7/0x210 [ 549.796669][ T9272] ? sk_prot_alloc+0xe7/0x210 [ 549.801396][ T9272] __kmem_cache_alloc_node+0x53/0x250 [ 549.806829][ T9272] ? sk_prot_alloc+0xe7/0x210 [ 549.811647][ T9272] __kmalloc+0xa4/0x230 [ 549.815859][ T9272] sk_prot_alloc+0xe7/0x210 [ 549.820420][ T9272] ? sk_alloc+0x24/0x360 [ 549.824751][ T9272] sk_alloc+0x3a/0x360 [ 549.828880][ T9272] ? bpf_ctx_init+0x163/0x1a0 [ 549.833614][ T9272] ? bpf_prog_test_run_skb+0x273/0x12b0 [ 549.839230][ T9272] bpf_prog_test_run_skb+0x3a5/0x12b0 [ 549.844658][ T9272] ? __fget_files+0x28/0x4b0 [ 549.849299][ T9272] ? __fget_files+0x28/0x4b0 [ 549.853949][ T9272] ? __fget_files+0x43d/0x4b0 [ 549.858688][ T9272] ? cpu_online+0x60/0x60 [ 549.863071][ T9272] bpf_prog_test_run+0x321/0x390 [ 549.868059][ T9272] __sys_bpf+0x49d/0x890 [ 549.872359][ T9272] ? bpf_link_show_fdinfo+0x390/0x390 [ 549.877805][ T9272] ? lock_chain_count+0x20/0x20 [ 549.882758][ T9272] __x64_sys_bpf+0x7c/0x90 [ 549.887232][ T9272] do_syscall_64+0x55/0xa0 [ 549.891697][ T9272] ? clear_bhb_loop+0x40/0x90 [ 549.896431][ T9272] ? clear_bhb_loop+0x40/0x90 [ 549.901165][ T9272] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 549.907133][ T9272] RIP: 0033:0x7f7fdc19acb9 [ 549.911607][ T9272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.931340][ T9272] RSP: 002b:00007f7fdcfb3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 549.939879][ T9272] RAX: ffffffffffffffda RBX: 00007f7fdc415fa0 RCX: 00007f7fdc19acb9 [ 549.947959][ T9272] RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 000000000000000a [ 549.955972][ T9272] RBP: 00007f7fdcfb3090 R08: 0000000000000000 R09: 0000000000000000 [ 549.964174][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.972201][ T9272] R13: 00007f7fdc416038 R14: 00007f7fdc415fa0 R15: 00007ffddb25e298 [ 549.980227][ T9272] [ 550.285680][ T9280] netlink: 'syz.2.1055': attribute type 10 has an invalid length. [ 550.382959][ T9285] netlink: 539 bytes leftover after parsing attributes in process `syz.0.1057'. [ 550.980029][ T9280] team0: Device ipvlan1 failed to register rx_handler [ 551.072705][ T9284] netlink: 'syz.2.1055': attribute type 10 has an invalid length. [ 551.083943][ T9280] syz.2.1055 (9280) used greatest stack depth: 17960 bytes left [ 551.111193][ T9284] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1055'. [ 551.139546][ T9284] team0: entered promiscuous mode [ 551.144769][ T9284] team_slave_0: entered promiscuous mode [ 551.157043][ T9284] team_slave_1: entered promiscuous mode [ 551.163129][ T9284] team0: entered allmulticast mode [ 551.168402][ T9298] FAULT_INJECTION: forcing a failure. [ 551.168402][ T9298] name failslab, interval 1, probability 0, space 0, times 0 [ 551.168448][ T9298] CPU: 0 PID: 9298 Comm: syz.1.1061 Not tainted syzkaller #0 [ 551.168469][ T9298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 551.168481][ T9298] Call Trace: [ 551.168489][ T9298] [ 551.168497][ T9298] dump_stack_lvl+0x18c/0x250 [ 551.168523][ T9298] ? __lock_acquire+0x7d40/0x7d40 [ 551.168548][ T9298] ? show_regs_print_info+0x20/0x20 [ 551.168570][ T9298] ? load_image+0x400/0x400 [ 551.168597][ T9298] ? read_tsc+0x9/0x20 [ 551.168637][ T9298] should_fail_ex+0x39d/0x4d0 [ 551.168673][ T9298] should_failslab+0x9/0x20 [ 551.168701][ T9298] slab_pre_alloc_hook+0x59/0x310 [ 551.168737][ T9298] kmem_cache_alloc_bulk+0x52/0x5a0 [ 551.248192][ T9298] ? page_pool_alloc_pages+0xba/0x160 [ 551.253612][ T9298] bpf_test_run_xdp_live+0x1699/0x1b20 [ 551.259139][ T9298] ? bpf_test_run_xdp_live+0x4d6/0x1b20 [ 551.264728][ T9298] ? xdp_convert_md_to_buff+0x330/0x330 [ 551.270347][ T9298] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 551.276634][ T9298] ? _copy_from_user+0xa5/0xe0 [ 551.281435][ T9298] ? bpf_test_init+0x119/0x140 [ 551.286234][ T9298] ? xdp_convert_md_to_buff+0x5b/0x330 [ 551.291738][ T9298] bpf_prog_test_run_xdp+0x7ca/0x10e0 [ 551.297221][ T9298] ? dev_put+0x80/0x80 [ 551.301332][ T9298] ? dev_put+0x80/0x80 [ 551.305434][ T9298] bpf_prog_test_run+0x321/0x390 [ 551.310411][ T9298] __sys_bpf+0x49d/0x890 [ 551.314686][ T9298] ? bpf_link_show_fdinfo+0x390/0x390 [ 551.320113][ T9298] ? lock_chain_count+0x20/0x20 [ 551.325003][ T9298] __x64_sys_bpf+0x7c/0x90 [ 551.329453][ T9298] do_syscall_64+0x55/0xa0 [ 551.333894][ T9298] ? clear_bhb_loop+0x40/0x90 [ 551.338601][ T9298] ? clear_bhb_loop+0x40/0x90 [ 551.343310][ T9298] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 551.349233][ T9298] RIP: 0033:0x7f9ff5f9acb9 [ 551.353681][ T9298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 551.373324][ T9298] RSP: 002b:00007f9ff6ef5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 551.381781][ T9298] RAX: ffffffffffffffda RBX: 00007f9ff6215fa0 RCX: 00007f9ff5f9acb9 [ 551.389781][ T9298] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 551.397775][ T9298] RBP: 00007f9ff6ef5090 R08: 0000000000000000 R09: 0000000000000000 [ 551.405773][ T9298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 551.413771][ T9298] R13: 00007f9ff6216038 R14: 00007f9ff6215fa0 R15: 00007ffc591eeea8 [ 551.421786][ T9298] [ 551.429624][ T9284] team_slave_0: entered allmulticast mode [ 551.435446][ T9284] team_slave_1: entered allmulticast mode [ 551.443688][ T9284] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 551.799797][ T9308] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1066'. [ 552.374847][ T9330] FAULT_INJECTION: forcing a failure. [ 552.374847][ T9330] name failslab, interval 1, probability 0, space 0, times 0 [ 552.405983][ T9330] CPU: 1 PID: 9330 Comm: syz.3.1073 Not tainted syzkaller #0 [ 552.413641][ T9330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 552.423861][ T9330] Call Trace: [ 552.427205][ T9330] [ 552.430226][ T9330] dump_stack_lvl+0x18c/0x250 [ 552.434987][ T9330] ? show_regs_print_info+0x20/0x20 [ 552.440256][ T9330] ? load_image+0x400/0x400 [ 552.444838][ T9330] ? __might_sleep+0xe0/0xe0 [ 552.449493][ T9330] ? __lock_acquire+0x7d40/0x7d40 [ 552.454601][ T9330] should_fail_ex+0x39d/0x4d0 [ 552.459363][ T9330] should_failslab+0x9/0x20 [ 552.463954][ T9330] slab_pre_alloc_hook+0x59/0x310 [ 552.469059][ T9330] ? tomoyo_encode+0x28b/0x540 [ 552.473966][ T9330] ? tomoyo_encode+0x28b/0x540 [ 552.478791][ T9330] __kmem_cache_alloc_node+0x53/0x250 [ 552.484232][ T9330] ? tomoyo_encode+0x28b/0x540 [ 552.489059][ T9330] __kmalloc+0xa4/0x230 [ 552.493269][ T9330] tomoyo_encode+0x28b/0x540 [ 552.497907][ T9330] tomoyo_realpath_from_path+0x592/0x5d0 [ 552.503595][ T9330] tomoyo_path_number_perm+0x248/0x620 [ 552.509102][ T9330] ? tomoyo_path_number_perm+0x217/0x620 [ 552.514802][ T9330] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 552.520312][ T9330] ? ksys_write+0x1c4/0x260 [ 552.524919][ T9330] ? __fget_files+0x28/0x4b0 [ 552.529546][ T9330] ? __fget_files+0x28/0x4b0 [ 552.534197][ T9330] security_file_ioctl+0x70/0xa0 [ 552.539189][ T9330] __se_sys_ioctl+0x48/0x170 [ 552.543917][ T9330] do_syscall_64+0x55/0xa0 [ 552.548373][ T9330] ? clear_bhb_loop+0x40/0x90 [ 552.553132][ T9330] ? clear_bhb_loop+0x40/0x90 [ 552.557883][ T9330] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 552.563820][ T9330] RIP: 0033:0x7fc95ed9acb9 [ 552.568285][ T9330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 552.588128][ T9330] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 552.596592][ T9330] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 552.604683][ T9330] RDX: 0000200000000080 RSI: 00000000000089f0 RDI: 0000000000000005 [ 552.612685][ T9330] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 552.620780][ T9330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.628791][ T9330] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 552.637170][ T9330] [ 552.647117][ T9330] ERROR: Out of memory at tomoyo_realpath_from_path. [ 553.204090][ T9346] pimreg1: tun_chr_ioctl cmd 1074025677 [ 553.217479][ T9346] pimreg1: linktype set to 769 [ 554.427865][ T9379] netlink: 'syz.2.1090': attribute type 2 has an invalid length. [ 554.441945][ T9379] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.1090'. [ 554.535769][ T9381] netlink: 'syz.0.1091': attribute type 29 has an invalid length. [ 554.587528][ T9381] netlink: 'syz.0.1091': attribute type 29 has an invalid length. [ 554.689256][ T9388] FAULT_INJECTION: forcing a failure. [ 554.689256][ T9388] name failslab, interval 1, probability 0, space 0, times 0 [ 554.751636][ T9388] CPU: 0 PID: 9388 Comm: syz.3.1094 Not tainted syzkaller #0 [ 554.759180][ T9388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 554.769297][ T9388] Call Trace: [ 554.772632][ T9388] [ 554.775609][ T9388] dump_stack_lvl+0x18c/0x250 [ 554.780441][ T9388] ? show_regs_print_info+0x20/0x20 [ 554.785709][ T9388] ? load_image+0x400/0x400 [ 554.790283][ T9388] ? verify_lock_unused+0x140/0x140 [ 554.795622][ T9388] ? perf_trace_lock+0xfc/0x3b0 [ 554.800546][ T9388] should_fail_ex+0x39d/0x4d0 [ 554.805293][ T9388] should_failslab+0x9/0x20 [ 554.809952][ T9388] slab_pre_alloc_hook+0x59/0x310 [ 554.815052][ T9388] kmem_cache_alloc+0x5a/0x2d0 [ 554.819883][ T9388] ? skb_clone+0x1eb/0x370 [ 554.824367][ T9388] skb_clone+0x1eb/0x370 [ 554.828672][ T9388] __netlink_deliver_tap+0x41c/0x830 [ 554.834031][ T9388] ? netlink_deliver_tap+0x2e/0x1b0 [ 554.839293][ T9388] netlink_deliver_tap+0x19c/0x1b0 [ 554.844552][ T9388] netlink_sendskb+0x68/0x130 [ 554.849302][ T9388] netlink_ack+0xce1/0x1180 [ 554.853850][ T9388] ? __dev_queue_xmit+0x26b/0x36b0 [ 554.859057][ T9388] ? netlink_dump+0xe50/0xe50 [ 554.863800][ T9388] ? perf_trace_lock+0xfc/0x3b0 [ 554.868777][ T9388] netlink_rcv_skb+0x2c5/0x4d0 [ 554.873588][ T9388] ? rtnetlink_bind+0x80/0x80 [ 554.878305][ T9388] ? netlink_ack+0x1180/0x1180 [ 554.883201][ T9388] ? __lock_acquire+0x7d40/0x7d40 [ 554.888294][ T9388] ? netlink_deliver_tap+0x2e/0x1b0 [ 554.893528][ T9388] netlink_unicast+0x751/0x8d0 [ 554.898339][ T9388] netlink_sendmsg+0x8d0/0xbf0 [ 554.903149][ T9388] ? netlink_getsockopt+0x590/0x590 [ 554.908381][ T9388] ? aa_sock_msg_perm+0x94/0x150 [ 554.913363][ T9388] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 554.918689][ T9388] ? security_socket_sendmsg+0x80/0xa0 [ 554.924204][ T9388] ? netlink_getsockopt+0x590/0x590 [ 554.929440][ T9388] ____sys_sendmsg+0x5ba/0x960 [ 554.934241][ T9388] ? __asan_memset+0x22/0x40 [ 554.938861][ T9388] ? __sys_sendmsg_sock+0x30/0x30 [ 554.943939][ T9388] ? __import_iovec+0x5f2/0x850 [ 554.948862][ T9388] ? import_iovec+0x73/0xa0 [ 554.953418][ T9388] ___sys_sendmsg+0x2a6/0x360 [ 554.958145][ T9388] ? __sys_sendmsg+0x2a0/0x2a0 [ 554.962971][ T9388] ? __lock_acquire+0x7d40/0x7d40 [ 554.968057][ T9388] __se_sys_sendmsg+0x1c2/0x2b0 [ 554.972949][ T9388] ? __x64_sys_sendmsg+0x80/0x80 [ 554.977941][ T9388] ? lockdep_hardirqs_on+0x98/0x150 [ 554.983209][ T9388] do_syscall_64+0x55/0xa0 [ 554.987653][ T9388] ? clear_bhb_loop+0x40/0x90 [ 554.992363][ T9388] ? clear_bhb_loop+0x40/0x90 [ 554.997074][ T9388] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 555.002999][ T9388] RIP: 0033:0x7fc95ed9acb9 [ 555.007445][ T9388] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 555.027081][ T9388] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 555.035526][ T9388] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 555.043527][ T9388] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 555.051525][ T9388] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 555.059520][ T9388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 555.067518][ T9388] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 555.075619][ T9388] [ 556.004761][ T9421] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 556.901074][ T9429] FAULT_INJECTION: forcing a failure. [ 556.901074][ T9429] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 556.932730][ T9429] CPU: 0 PID: 9429 Comm: syz.2.1106 Not tainted syzkaller #0 [ 556.940208][ T9429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 556.950666][ T9429] Call Trace: [ 556.953990][ T9429] [ 556.956974][ T9429] dump_stack_lvl+0x18c/0x250 [ 556.961708][ T9429] ? show_regs_print_info+0x20/0x20 [ 556.966960][ T9429] ? load_image+0x400/0x400 [ 556.971516][ T9429] ? __lock_acquire+0x7d40/0x7d40 [ 556.976591][ T9429] ? snprintf+0xe9/0x140 [ 556.981019][ T9429] should_fail_ex+0x39d/0x4d0 [ 556.985756][ T9429] _copy_to_user+0x2f/0xa0 [ 556.990242][ T9429] simple_read_from_buffer+0xe7/0x150 [ 556.995686][ T9429] proc_fail_nth_read+0x1e8/0x260 [ 557.000779][ T9429] ? proc_fault_inject_write+0x360/0x360 [ 557.006479][ T9429] ? fsnotify_perm+0x271/0x5e0 [ 557.011305][ T9429] ? proc_fault_inject_write+0x360/0x360 [ 557.017019][ T9429] vfs_read+0x28b/0x970 [ 557.021245][ T9429] ? kernel_read+0x1e0/0x1e0 [ 557.025888][ T9429] ? __fget_files+0x28/0x4b0 [ 557.030537][ T9429] ? __fget_files+0x28/0x4b0 [ 557.035184][ T9429] ? __fget_files+0x43d/0x4b0 [ 557.039928][ T9429] ? __fdget_pos+0x2a3/0x330 [ 557.044551][ T9429] ? ksys_read+0x75/0x260 [ 557.048920][ T9429] ksys_read+0x150/0x260 [ 557.053289][ T9429] ? vfs_write+0x990/0x990 [ 557.057748][ T9429] ? lockdep_hardirqs_on+0x98/0x150 [ 557.062989][ T9429] do_syscall_64+0x55/0xa0 [ 557.067459][ T9429] ? clear_bhb_loop+0x40/0x90 [ 557.072172][ T9429] ? clear_bhb_loop+0x40/0x90 [ 557.076922][ T9429] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 557.082894][ T9429] RIP: 0033:0x7fbcacd5b58e [ 557.087389][ T9429] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 557.107045][ T9429] RSP: 002b:00007fbcaaff5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 557.115583][ T9429] RAX: ffffffffffffffda RBX: 00007fbcaaff66c0 RCX: 00007fbcacd5b58e [ 557.123605][ T9429] RDX: 000000000000000f RSI: 00007fbcaaff60a0 RDI: 0000000000000005 [ 557.131611][ T9429] RBP: 00007fbcaaff6090 R08: 0000000000000000 R09: 0000000000000000 [ 557.139619][ T9429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 557.147622][ T9429] R13: 00007fbcad016038 R14: 00007fbcad015fa0 R15: 00007ffc2c44dd58 [ 557.155672][ T9429] [ 560.190783][ T9460] FAULT_INJECTION: forcing a failure. [ 560.190783][ T9460] name failslab, interval 1, probability 0, space 0, times 0 [ 560.204910][ T9460] CPU: 0 PID: 9460 Comm: syz.1.1116 Not tainted syzkaller #0 [ 560.212372][ T9460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 560.222498][ T9460] Call Trace: [ 560.225943][ T9460] [ 560.228941][ T9460] dump_stack_lvl+0x18c/0x250 [ 560.233693][ T9460] ? show_regs_print_info+0x20/0x20 [ 560.238967][ T9460] ? load_image+0x400/0x400 [ 560.243552][ T9460] ? __might_sleep+0xe0/0xe0 [ 560.248194][ T9460] ? __lock_acquire+0x7d40/0x7d40 [ 560.253281][ T9460] ? verify_lock_unused+0x140/0x140 [ 560.258523][ T9460] should_fail_ex+0x39d/0x4d0 [ 560.263250][ T9460] should_failslab+0x9/0x20 [ 560.267782][ T9460] slab_pre_alloc_hook+0x59/0x310 [ 560.272853][ T9460] kmem_cache_alloc_node+0x60/0x320 [ 560.278104][ T9460] ? __alloc_skb+0x103/0x2c0 [ 560.282756][ T9460] __alloc_skb+0x103/0x2c0 [ 560.287668][ T9460] alloc_skb_with_frags+0xca/0x7b0 [ 560.293006][ T9460] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 560.299031][ T9460] ? lock_chain_count+0x20/0x20 [ 560.303931][ T9460] sock_alloc_send_pskb+0x883/0x9a0 [ 560.309188][ T9460] ? sock_kzfree_s+0x50/0x50 [ 560.313834][ T9460] __ip_append_data+0x2ac1/0x3d40 [ 560.318918][ T9460] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 560.323800][ T9460] ? mark_lock+0x94/0x320 [ 560.328178][ T9460] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 560.334280][ T9460] ? ip_setup_cork+0x860/0x860 [ 560.339082][ T9460] ? ip_setup_cork+0x530/0x860 [ 560.343880][ T9460] ip_append_data+0x10d/0x180 [ 560.348593][ T9460] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 560.353477][ T9460] udp_sendmsg+0x438/0x23b0 [ 560.358033][ T9460] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 560.362920][ T9460] ? udp_cmsg_send+0x350/0x350 [ 560.367734][ T9460] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 560.373748][ T9460] ? lock_chain_count+0x20/0x20 [ 560.378629][ T9460] ? inet_sendmsg+0x14b/0x2f0 [ 560.383352][ T9460] ? __local_bh_enable_ip+0x13a/0x1c0 [ 560.388762][ T9460] ? _local_bh_enable+0xa0/0xa0 [ 560.393643][ T9460] ? do_raw_spin_unlock+0x121/0x230 [ 560.398905][ T9460] ? inet_sendmsg+0x14b/0x2f0 [ 560.403617][ T9460] ? inet_sendmsg+0x14b/0x2f0 [ 560.408330][ T9460] ? inet_send_prepare+0x260/0x260 [ 560.413475][ T9460] ____sys_sendmsg+0x5ba/0x960 [ 560.418279][ T9460] ? __lock_acquire+0x7d40/0x7d40 [ 560.423384][ T9460] ? __sys_sendmsg_sock+0x30/0x30 [ 560.428482][ T9460] ? __import_iovec+0x3fa/0x850 [ 560.433388][ T9460] ? import_iovec+0x73/0xa0 [ 560.437925][ T9460] ___sys_sendmsg+0x2a6/0x360 [ 560.442639][ T9460] ? __sys_sendmsg+0x2a0/0x2a0 [ 560.447453][ T9460] ? __lock_acquire+0x7d40/0x7d40 [ 560.452531][ T9460] __se_sys_sendmsg+0x1c2/0x2b0 [ 560.457415][ T9460] ? __x64_sys_sendmsg+0x80/0x80 [ 560.462396][ T9460] ? lockdep_hardirqs_on+0x98/0x150 [ 560.467633][ T9460] do_syscall_64+0x55/0xa0 [ 560.472085][ T9460] ? clear_bhb_loop+0x40/0x90 [ 560.476803][ T9460] ? clear_bhb_loop+0x40/0x90 [ 560.481533][ T9460] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 560.487463][ T9460] RIP: 0033:0x7f9ff5f9acb9 [ 560.491910][ T9460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 560.511555][ T9460] RSP: 002b:00007f9ff6ef5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 560.520117][ T9460] RAX: ffffffffffffffda RBX: 00007f9ff6215fa0 RCX: 00007f9ff5f9acb9 [ 560.528125][ T9460] RDX: 000000000000e900 RSI: 0000200000000b40 RDI: 0000000000000003 [ 560.536124][ T9460] RBP: 00007f9ff6ef5090 R08: 0000000000000000 R09: 0000000000000000 [ 560.544144][ T9460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 560.552237][ T9460] R13: 00007f9ff6216038 R14: 00007f9ff6215fa0 R15: 00007ffc591eeea8 [ 560.560245][ T9460] [ 561.344756][ T9476] netlink: 'syz.3.1124': attribute type 29 has an invalid length. [ 561.359432][ T9476] netlink: 'syz.3.1124': attribute type 29 has an invalid length. [ 561.381369][ T9476] netlink: 'syz.3.1124': attribute type 29 has an invalid length. [ 561.440554][ T9476] netlink: 'syz.3.1124': attribute type 29 has an invalid length. [ 562.844546][ T9507] FAULT_INJECTION: forcing a failure. [ 562.844546][ T9507] name failslab, interval 1, probability 0, space 0, times 0 [ 562.863896][ T9507] CPU: 1 PID: 9507 Comm: syz.3.1134 Not tainted syzkaller #0 [ 562.871385][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 562.881499][ T9507] Call Trace: [ 562.884821][ T9507] [ 562.887801][ T9507] dump_stack_lvl+0x18c/0x250 [ 562.892557][ T9507] ? show_regs_print_info+0x20/0x20 [ 562.897811][ T9507] ? load_image+0x400/0x400 [ 562.902441][ T9507] ? __might_sleep+0xe0/0xe0 [ 562.907090][ T9507] ? __lock_acquire+0x7d40/0x7d40 [ 562.912267][ T9507] should_fail_ex+0x39d/0x4d0 [ 562.917014][ T9507] should_failslab+0x9/0x20 [ 562.921573][ T9507] slab_pre_alloc_hook+0x59/0x310 [ 562.926674][ T9507] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 562.932460][ T9507] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 562.938229][ T9507] __kmem_cache_alloc_node+0x53/0x250 [ 562.943857][ T9507] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 562.949669][ T9507] __kmalloc+0xa4/0x230 [ 562.953896][ T9507] tomoyo_realpath_from_path+0xe3/0x5d0 [ 562.959555][ T9507] tomoyo_path_number_perm+0x248/0x620 [ 562.965094][ T9507] ? tomoyo_path_number_perm+0x217/0x620 [ 562.970796][ T9507] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 562.976336][ T9507] ? trace_call_bpf+0x5e9/0x6c0 [ 562.981335][ T9507] ? __fget_files+0x28/0x4b0 [ 562.985987][ T9507] ? __fget_files+0x28/0x4b0 [ 562.990657][ T9507] security_file_ioctl+0x70/0xa0 [ 562.995671][ T9507] __se_sys_ioctl+0x48/0x170 [ 563.000412][ T9507] do_syscall_64+0x55/0xa0 [ 563.004915][ T9507] ? clear_bhb_loop+0x40/0x90 [ 563.009687][ T9507] ? clear_bhb_loop+0x40/0x90 [ 563.014432][ T9507] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 563.020452][ T9507] RIP: 0033:0x7fc95ed9acb9 [ 563.024919][ T9507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 563.044678][ T9507] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 563.053159][ T9507] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 563.061192][ T9507] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000006 [ 563.069234][ T9507] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 563.077453][ T9507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.085482][ T9507] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 563.093627][ T9507] [ 563.102458][ T9507] ERROR: Out of memory at tomoyo_realpath_from_path. [ 563.256054][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.264965][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.788009][ T9526] netlink: 'syz.2.1139': attribute type 29 has an invalid length. [ 564.031023][ T9534] netlink: 'syz.1.1140': attribute type 4 has an invalid length. [ 564.039847][ T9534] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1140'. [ 564.217223][ T9526] netlink: 'syz.2.1139': attribute type 29 has an invalid length. [ 564.349416][ T9528] netlink: 'syz.2.1139': attribute type 29 has an invalid length. [ 564.443218][ T9530] netlink: 'syz.2.1139': attribute type 29 has an invalid length. [ 566.398504][ T9572] netlink: 'syz.0.1154': attribute type 29 has an invalid length. [ 566.412403][ T9572] netlink: 'syz.0.1154': attribute type 29 has an invalid length. [ 566.431905][ T9572] netlink: 'syz.0.1154': attribute type 29 has an invalid length. [ 566.459268][ T9572] netlink: 'syz.0.1154': attribute type 29 has an invalid length. [ 568.714639][ T9622] netlink: 'syz.3.1172': attribute type 29 has an invalid length. [ 568.738117][ T9622] netlink: 'syz.3.1172': attribute type 29 has an invalid length. [ 568.763808][ T9622] netlink: 'syz.3.1172': attribute type 29 has an invalid length. [ 568.792018][ T9622] netlink: 'syz.3.1172': attribute type 29 has an invalid length. [ 568.808684][ T9624] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1173'. [ 568.828336][ T9626] delete_channel: no stack [ 568.833547][ T9626] delete_channel: no stack [ 568.844660][ T9627] delete_channel: no stack [ 568.859837][ T9627] delete_channel: no stack [ 569.009527][ T9624] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1173'. [ 569.052579][ T9624] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1173'. [ 569.086801][ T9632] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1173'. [ 570.402846][ T9664] netlink: 'syz.0.1185': attribute type 6 has an invalid length. [ 570.419080][ T9664] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1185'. [ 570.793824][ T9669] FAULT_INJECTION: forcing a failure. [ 570.793824][ T9669] name failslab, interval 1, probability 0, space 0, times 0 [ 570.819096][ T9669] CPU: 1 PID: 9669 Comm: syz.3.1186 Not tainted syzkaller #0 [ 570.826567][ T9669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 570.836692][ T9669] Call Trace: [ 570.840076][ T9669] [ 570.843064][ T9669] dump_stack_lvl+0x18c/0x250 [ 570.847831][ T9669] ? show_regs_print_info+0x20/0x20 [ 570.853137][ T9669] ? load_image+0x400/0x400 [ 570.857725][ T9669] ? verify_lock_unused+0x140/0x140 [ 570.862993][ T9669] ? perf_trace_lock+0x304/0x3b0 [ 570.868028][ T9669] should_fail_ex+0x39d/0x4d0 [ 570.872798][ T9669] should_failslab+0x9/0x20 [ 570.877376][ T9669] slab_pre_alloc_hook+0x59/0x310 [ 570.882482][ T9669] kmem_cache_alloc+0x5a/0x2d0 [ 570.887314][ T9669] ? skb_clone+0x1eb/0x370 [ 570.891821][ T9669] skb_clone+0x1eb/0x370 [ 570.896143][ T9669] __netlink_deliver_tap+0x41c/0x830 [ 570.901523][ T9669] ? netlink_deliver_tap+0x2e/0x1b0 [ 570.906785][ T9669] netlink_deliver_tap+0x19c/0x1b0 [ 570.911956][ T9669] netlink_unicast+0x72c/0x8d0 [ 570.916810][ T9669] netlink_sendmsg+0x8d0/0xbf0 [ 570.921636][ T9669] ? perf_trace_lock+0x304/0x3b0 [ 570.926666][ T9669] ? netlink_getsockopt+0x590/0x590 [ 570.931931][ T9669] ? aa_sock_msg_perm+0x94/0x150 [ 570.937041][ T9669] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 570.942400][ T9669] ? security_socket_sendmsg+0x80/0xa0 [ 570.947950][ T9669] ? netlink_getsockopt+0x590/0x590 [ 570.953232][ T9669] ____sys_sendmsg+0x5ba/0x960 [ 570.958170][ T9669] ? __asan_memset+0x22/0x40 [ 570.962826][ T9669] ? __sys_sendmsg_sock+0x30/0x30 [ 570.967953][ T9669] ? __import_iovec+0x5f2/0x850 [ 570.972903][ T9669] ? import_iovec+0x73/0xa0 [ 570.977569][ T9669] ___sys_sendmsg+0x2a6/0x360 [ 570.982320][ T9669] ? __sys_sendmsg+0x2a0/0x2a0 [ 570.987187][ T9669] ? trace_call_bpf+0xc3/0x6c0 [ 570.992099][ T9669] __se_sys_sendmsg+0x1c2/0x2b0 [ 570.997030][ T9669] ? __x64_sys_sendmsg+0x80/0x80 [ 571.002091][ T9669] ? lockdep_hardirqs_on+0x98/0x150 [ 571.007559][ T9669] do_syscall_64+0x55/0xa0 [ 571.012047][ T9669] ? clear_bhb_loop+0x40/0x90 [ 571.016883][ T9669] ? clear_bhb_loop+0x40/0x90 [ 571.021649][ T9669] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 571.027608][ T9669] RIP: 0033:0x7fc95ed9acb9 [ 571.032098][ T9669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.051782][ T9669] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 571.060281][ T9669] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 571.068373][ T9669] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006 [ 571.076412][ T9669] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 571.084458][ T9669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 571.092496][ T9669] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 571.100585][ T9669] [ 571.145593][ T9674] netlink: 'syz.2.1188': attribute type 29 has an invalid length. [ 571.171808][ T9669] bond0: (slave batadv0): Releasing backup interface [ 571.187257][ T9669] team0: Device batadv0 is already an upper device of the team interface [ 572.391605][ T9691] FAULT_INJECTION: forcing a failure. [ 572.391605][ T9691] name failslab, interval 1, probability 0, space 0, times 0 [ 572.411772][ T9691] CPU: 0 PID: 9691 Comm: syz.3.1193 Not tainted syzkaller #0 [ 572.419222][ T9691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 572.429330][ T9691] Call Trace: [ 572.432652][ T9691] [ 572.435623][ T9691] dump_stack_lvl+0x18c/0x250 [ 572.440347][ T9691] ? sctp_sendmsg+0x1575/0x28c0 [ 572.445259][ T9691] ? ___sys_sendmsg+0x2a6/0x360 [ 572.450166][ T9691] ? show_regs_print_info+0x20/0x20 [ 572.455420][ T9691] ? load_image+0x400/0x400 [ 572.459998][ T9691] should_fail_ex+0x39d/0x4d0 [ 572.464754][ T9691] should_failslab+0x9/0x20 [ 572.469313][ T9691] slab_pre_alloc_hook+0x59/0x310 [ 572.474394][ T9691] ? sctp_add_bind_addr+0x8c/0x360 [ 572.479564][ T9691] __kmem_cache_alloc_node+0x53/0x250 [ 572.485004][ T9691] ? sctp_add_bind_addr+0x8c/0x360 [ 572.490174][ T9691] kmalloc_trace+0x2a/0xe0 [ 572.494657][ T9691] sctp_add_bind_addr+0x8c/0x360 [ 572.499664][ T9691] sctp_copy_local_addr_list+0x315/0x4f0 [ 572.505364][ T9691] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 572.511157][ T9691] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 572.517286][ T9691] ? sctp_v6_is_any+0x64/0x70 [ 572.522031][ T9691] ? sctp_copy_one_addr+0x8c/0x350 [ 572.527215][ T9691] sctp_bind_addr_copy+0xb3/0x3c0 [ 572.532297][ T9691] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 572.538695][ T9691] sctp_connect_new_asoc+0x2f9/0x6a0 [ 572.544146][ T9691] ? __sctp_connect+0xd80/0xd80 [ 572.545752][ T9694] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1195'. [ 572.549039][ T9691] ? __local_bh_enable_ip+0x13a/0x1c0 [ 572.563582][ T9691] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 572.569197][ T9691] ? security_sctp_bind_connect+0x89/0xb0 [ 572.574987][ T9691] sctp_sendmsg+0x1575/0x28c0 [ 572.578815][ T9694] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 572.579728][ T9691] ? sctp_getsockopt+0xb60/0xb60 [ 572.600203][ T9691] ? aa_sk_perm+0x83c/0x970 [ 572.604788][ T9691] ? aa_af_perm+0x330/0x330 [ 572.609357][ T9691] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 572.615839][ T9691] ? sock_rps_record_flow+0x19/0x3f0 [ 572.621199][ T9691] ? inet_sendmsg+0xe9/0x2f0 [ 572.625858][ T9691] ? inet_send_prepare+0x260/0x260 [ 572.631177][ T9691] ____sys_sendmsg+0x5ba/0x960 [ 572.636005][ T9691] ? __lock_acquire+0x7d40/0x7d40 [ 572.641092][ T9691] ? __asan_memset+0x22/0x40 [ 572.645738][ T9691] ? __sys_sendmsg_sock+0x30/0x30 [ 572.650868][ T9691] ? __import_iovec+0x5f2/0x850 [ 572.655869][ T9691] ? import_iovec+0x73/0xa0 [ 572.660445][ T9691] ___sys_sendmsg+0x2a6/0x360 [ 572.665186][ T9691] ? __sys_sendmsg+0x2a0/0x2a0 [ 572.670033][ T9691] ? trace_call_bpf+0xc3/0x6c0 [ 572.674889][ T9691] __se_sys_sendmsg+0x1c2/0x2b0 [ 572.679814][ T9691] ? __x64_sys_sendmsg+0x80/0x80 [ 572.684839][ T9691] ? lockdep_hardirqs_on+0x98/0x150 [ 572.690119][ T9691] do_syscall_64+0x55/0xa0 [ 572.694588][ T9691] ? clear_bhb_loop+0x40/0x90 [ 572.699324][ T9691] ? clear_bhb_loop+0x40/0x90 [ 572.704078][ T9691] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 572.710030][ T9691] RIP: 0033:0x7fc95ed9acb9 [ 572.714497][ T9691] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 572.734169][ T9691] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 572.742645][ T9691] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 572.750676][ T9691] RDX: 00000000040080c0 RSI: 00002000000003c0 RDI: 0000000000000003 [ 572.758706][ T9691] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 572.766763][ T9691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 572.774848][ T9691] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 572.782900][ T9691] [ 573.046043][ T9702] validate_nla: 4 callbacks suppressed [ 573.046063][ T9702] netlink: 'syz.3.1197': attribute type 10 has an invalid length. [ 573.085694][ T9702] team0: Device batadv0 is already an upper device of the team interface [ 574.258581][ T9721] netlink: 'syz.1.1203': attribute type 29 has an invalid length. [ 574.346904][ T9721] netlink: 'syz.1.1203': attribute type 29 has an invalid length. [ 574.425081][ T9723] netlink: 'syz.1.1203': attribute type 29 has an invalid length. [ 574.464908][ T9724] netlink: 'syz.1.1203': attribute type 29 has an invalid length. [ 577.762493][ T9764] netlink: 'syz.3.1218': attribute type 29 has an invalid length. [ 577.802589][ T9764] netlink: 'syz.3.1218': attribute type 29 has an invalid length. [ 577.856694][ T9767] netlink: 'syz.3.1218': attribute type 29 has an invalid length. [ 577.881251][ T9764] netlink: 'syz.3.1218': attribute type 29 has an invalid length. [ 579.176648][ T9787] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1224'. [ 579.197751][ T9787] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1224'. [ 579.284089][ T9787] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1224'. [ 579.312416][ T9787] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1224'. [ 579.445576][ T9795] netlink: 'syz.3.1226': attribute type 10 has an invalid length. [ 579.554172][ T9792] netlink: 'syz.3.1226': attribute type 9 has an invalid length. [ 579.579760][ T9795] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1226'. [ 579.594562][ T9792] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1226'. [ 579.893071][ T9804] netlink: 'syz.1.1231': attribute type 29 has an invalid length. [ 579.901451][ T9804] netlink: 'syz.1.1231': attribute type 29 has an invalid length. [ 579.920106][ T9804] netlink: 'syz.1.1231': attribute type 29 has an invalid length. [ 579.934816][ T9804] netlink: 'syz.1.1231': attribute type 29 has an invalid length. [ 581.763055][ T9853] netlink: 'syz.1.1246': attribute type 5 has an invalid length. [ 581.908333][ T9857] netlink: 'syz.0.1249': attribute type 29 has an invalid length. [ 581.924717][ T9857] netlink: 'syz.0.1249': attribute type 29 has an invalid length. [ 581.944686][ T9857] netlink: 'syz.0.1249': attribute type 29 has an invalid length. [ 582.539298][ T9868] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1252'. [ 582.644920][ T9867] delete_channel: no stack [ 584.193360][ T9899] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1262'. [ 584.203348][ T9899] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1262'. [ 584.214802][ T9899] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1262'. [ 586.036726][ T9927] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1271'. [ 586.117107][ T9927] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1271'. [ 586.144355][ T9939] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1271'. [ 586.534384][ T9941] bond0: entered promiscuous mode [ 586.542453][ T9941] bond_slave_0: entered promiscuous mode [ 586.579344][ T9941] bond_slave_1: entered promiscuous mode [ 586.606962][ T9941] dummy0: entered promiscuous mode [ 586.842094][ T9946] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.1277'. [ 587.138217][ T9951] validate_nla: 8 callbacks suppressed [ 587.138240][ T9951] netlink: 'syz.3.1279': attribute type 29 has an invalid length. [ 587.171651][ T9951] netlink: 'syz.3.1279': attribute type 29 has an invalid length. [ 587.182008][ T9951] netlink: 'syz.3.1279': attribute type 29 has an invalid length. [ 587.191125][ T9951] netlink: 'syz.3.1279': attribute type 29 has an invalid length. [ 588.455478][ T9977] netlink: 'syz.3.1285': attribute type 21 has an invalid length. [ 588.673277][ T9982] netlink: 'syz.0.1288': attribute type 4 has an invalid length. [ 589.280466][ T9990] netlink: 6376 bytes leftover after parsing attributes in process `syz.0.1291'. [ 589.550483][ T9997] netlink: 'syz.2.1294': attribute type 29 has an invalid length. [ 589.568395][ T9997] netlink: 'syz.2.1294': attribute type 29 has an invalid length. [ 589.582524][ T9997] netlink: 'syz.2.1294': attribute type 29 has an invalid length. [ 589.603992][ T9997] netlink: 'syz.2.1294': attribute type 29 has an invalid length. [ 590.590781][T10017] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1301'. [ 590.680301][T10021] delete_channel: no stack [ 590.690294][T10021] delete_channel: no stack [ 590.705516][T10021] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1302'. [ 590.839866][T10028] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1303'. [ 590.889265][T10028] bridge0: port 2(veth0_vlan) entered blocking state [ 590.922454][T10028] bridge0: port 2(veth0_vlan) entered disabled state [ 590.950460][T10028] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 591.783078][T10047] FAULT_INJECTION: forcing a failure. [ 591.783078][T10047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 591.824209][T10047] CPU: 0 PID: 10047 Comm: syz.3.1310 Not tainted syzkaller #0 [ 591.831767][T10047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 591.841885][T10047] Call Trace: [ 591.845214][T10047] [ 591.848195][T10047] dump_stack_lvl+0x18c/0x250 [ 591.852940][T10047] ? show_regs_print_info+0x20/0x20 [ 591.858199][T10047] ? load_image+0x400/0x400 [ 591.862773][T10047] ? __lock_acquire+0x7d40/0x7d40 [ 591.867854][T10047] ? snprintf+0xe9/0x140 [ 591.872170][T10047] should_fail_ex+0x39d/0x4d0 [ 591.876926][T10047] _copy_to_user+0x2f/0xa0 [ 591.881403][T10047] simple_read_from_buffer+0xe7/0x150 [ 591.886844][T10047] proc_fail_nth_read+0x1e8/0x260 [ 591.891932][T10047] ? proc_fault_inject_write+0x360/0x360 [ 591.897624][T10047] ? fsnotify_perm+0x271/0x5e0 [ 591.902447][T10047] ? proc_fault_inject_write+0x360/0x360 [ 591.908136][T10047] vfs_read+0x28b/0x970 [ 591.912363][T10047] ? kernel_read+0x1e0/0x1e0 [ 591.917014][T10047] ? __fget_files+0x28/0x4b0 [ 591.921662][T10047] ? __fget_files+0x28/0x4b0 [ 591.926318][T10047] ? __fget_files+0x43d/0x4b0 [ 591.931061][T10047] ? __fdget_pos+0x2a3/0x330 [ 591.935698][T10047] ? ksys_read+0x75/0x260 [ 591.940075][T10047] ksys_read+0x150/0x260 [ 591.944364][T10047] ? vfs_write+0x990/0x990 [ 591.948906][T10047] ? trace_sys_enter+0x1f/0x80 [ 591.953718][T10047] do_syscall_64+0x55/0xa0 [ 591.958175][T10047] ? clear_bhb_loop+0x40/0x90 [ 591.962893][T10047] ? clear_bhb_loop+0x40/0x90 [ 591.967614][T10047] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 591.973558][T10047] RIP: 0033:0x7fc95ed5b58e [ 591.978022][T10047] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 591.997682][T10047] RSP: 002b:00007fc95fc3cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 592.006150][T10047] RAX: ffffffffffffffda RBX: 00007fc95fc3d6c0 RCX: 00007fc95ed5b58e [ 592.014160][T10047] RDX: 000000000000000f RSI: 00007fc95fc3d0a0 RDI: 0000000000000005 [ 592.022165][T10047] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 592.030174][T10047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 592.038175][T10047] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 592.046199][T10047] [ 594.246438][T10096] validate_nla: 8 callbacks suppressed [ 594.246460][T10096] netlink: 'syz.0.1327': attribute type 29 has an invalid length. [ 596.884617][T10096] netlink: 'syz.0.1327': attribute type 29 has an invalid length. [ 596.907570][T10116] netlink: 'syz.3.1331': attribute type 10 has an invalid length. [ 596.916370][T10116] netlink: 'syz.3.1331': attribute type 19 has an invalid length. [ 596.924406][T10116] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1331'. [ 597.550504][T10147] netlink: 'syz.1.1340': attribute type 10 has an invalid length. [ 597.565306][T10147] bond0: (slave wlan1): Opening slave failed [ 597.680535][T10149] FAULT_INJECTION: forcing a failure. [ 597.680535][T10149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 597.711891][T10149] CPU: 0 PID: 10149 Comm: syz.2.1341 Not tainted syzkaller #0 [ 597.719513][T10149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 597.729606][T10149] Call Trace: [ 597.732925][T10149] [ 597.735891][T10149] dump_stack_lvl+0x18c/0x250 [ 597.740646][T10149] ? show_regs_print_info+0x20/0x20 [ 597.745875][T10149] ? load_image+0x400/0x400 [ 597.750418][T10149] ? __might_fault+0xaa/0x120 [ 597.755120][T10149] ? __lock_acquire+0x7d40/0x7d40 [ 597.760179][T10149] should_fail_ex+0x39d/0x4d0 [ 597.764894][T10149] _copy_from_iter+0x1d9/0x12e0 [ 597.769778][T10149] ? __might_fault+0xaa/0x120 [ 597.774491][T10149] ? _copy_from_iter+0x24e/0x12e0 [ 597.779549][T10149] ? __virt_addr_valid+0x18c/0x540 [ 597.784692][T10149] ? __lock_acquire+0x7d40/0x7d40 [ 597.789747][T10149] ? copyout_mc+0x70/0x70 [ 597.794112][T10149] ? copyout_mc+0x70/0x70 [ 597.798479][T10149] ? __virt_addr_valid+0x18c/0x540 [ 597.803632][T10149] ? page_copy_sane+0x16a/0x270 [ 597.808518][T10149] copy_page_from_iter+0x7b/0x100 [ 597.813681][T10149] skb_copy_datagram_from_iter+0x2e4/0x6e0 [ 597.819532][T10149] tun_get_user+0x15db/0x3ca0 [ 597.824278][T10149] ? aa_file_perm+0x11b/0xee0 [ 597.828993][T10149] ? rcu_read_unlock+0xa0/0xa0 [ 597.833969][T10149] ? tun_get+0x1c/0x2e0 [ 597.838250][T10149] ? __lock_acquire+0x7d40/0x7d40 [ 597.843308][T10149] ? tun_get+0x1c/0x2e0 [ 597.847506][T10149] tun_chr_write_iter+0x119/0x200 [ 597.852564][T10149] vfs_write+0x46c/0x990 [ 597.856842][T10149] ? file_end_write+0x250/0x250 [ 597.861750][T10149] ? __fget_files+0x43d/0x4b0 [ 597.866578][T10149] ? __fdget_pos+0x1d8/0x330 [ 597.871208][T10149] ? ksys_write+0x75/0x260 [ 597.875667][T10149] ksys_write+0x150/0x260 [ 597.880047][T10149] ? __ia32_sys_read+0x90/0x90 [ 597.884869][T10149] ? trace_sys_enter+0x1f/0x80 [ 597.889773][T10149] do_syscall_64+0x55/0xa0 [ 597.894343][T10149] ? clear_bhb_loop+0x40/0x90 [ 597.899060][T10149] ? clear_bhb_loop+0x40/0x90 [ 597.903771][T10149] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 597.909701][T10149] RIP: 0033:0x7fbcacd9acb9 [ 597.914235][T10149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 597.933895][T10149] RSP: 002b:00007fbcaaff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 597.942361][T10149] RAX: ffffffffffffffda RBX: 00007fbcad015fa0 RCX: 00007fbcacd9acb9 [ 597.950537][T10149] RDX: 000000000000fdef RSI: 00002000000004c0 RDI: 00000000000000c8 [ 597.958649][T10149] RBP: 00007fbcaaff6090 R08: 0000000000000000 R09: 0000000000000000 [ 597.966748][T10149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 597.974752][T10149] R13: 00007fbcad016038 R14: 00007fbcad015fa0 R15: 00007ffc2c44dd58 [ 597.982775][T10149] [ 598.015785][T10151] netlink: 'syz.1.1342': attribute type 29 has an invalid length. [ 598.028150][T10151] netlink: 'syz.1.1342': attribute type 29 has an invalid length. [ 598.043855][T10151] netlink: 'syz.1.1342': attribute type 29 has an invalid length. [ 598.400789][T10157] FAULT_INJECTION: forcing a failure. [ 598.400789][T10157] name failslab, interval 1, probability 0, space 0, times 0 [ 598.456642][T10157] CPU: 1 PID: 10157 Comm: syz.2.1344 Not tainted syzkaller #0 [ 598.464201][T10157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 598.474326][T10157] Call Trace: [ 598.477671][T10157] [ 598.480644][T10157] dump_stack_lvl+0x18c/0x250 [ 598.485374][T10157] ? show_regs_print_info+0x20/0x20 [ 598.490631][T10157] ? load_image+0x400/0x400 [ 598.495288][T10157] ? __lock_acquire+0x7d40/0x7d40 [ 598.500381][T10157] should_fail_ex+0x39d/0x4d0 [ 598.505125][T10157] should_failslab+0x9/0x20 [ 598.509693][T10157] slab_pre_alloc_hook+0x59/0x310 [ 598.514826][T10157] ? __lock_acquire+0x7d40/0x7d40 [ 598.519913][T10157] kmem_cache_alloc+0x5a/0x2d0 [ 598.524742][T10157] ? security_file_alloc+0x34/0x120 [ 598.530022][T10157] security_file_alloc+0x34/0x120 [ 598.535114][T10157] init_file+0x94/0x1f0 [ 598.539336][T10157] alloc_empty_file+0xb7/0x1d0 [ 598.544176][T10157] alloc_file+0x5c/0x600 [ 598.548490][T10157] alloc_file_pseudo+0x184/0x210 [ 598.553495][T10157] ? alloc_empty_backing_file+0xe0/0xe0 [ 598.559193][T10157] ? lockdep_hardirqs_on+0x98/0x150 [ 598.564471][T10157] anon_inode_getfile+0xc5/0x1a0 [ 598.569476][T10157] __se_sys_perf_event_open+0xee7/0x1c50 [ 598.575190][T10157] ? __x64_sys_perf_event_open+0xc0/0xc0 [ 598.580974][T10157] ? syscall_enter_from_user_mode+0x2e/0x80 [ 598.586930][T10157] ? __x64_sys_perf_event_open+0x20/0xc0 [ 598.592634][T10157] do_syscall_64+0x55/0xa0 [ 598.597110][T10157] ? clear_bhb_loop+0x40/0x90 [ 598.601855][T10157] ? clear_bhb_loop+0x40/0x90 [ 598.606603][T10157] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 598.612562][T10157] RIP: 0033:0x7fbcacd9acb9 [ 598.617036][T10157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 598.636802][T10157] RSP: 002b:00007fbcaaff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 598.645296][T10157] RAX: ffffffffffffffda RBX: 00007fbcad015fa0 RCX: 00007fbcacd9acb9 [ 598.653349][T10157] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000640 [ 598.661392][T10157] RBP: 00007fbcaaff6090 R08: 0000000000000002 R09: 0000000000000000 [ 598.669426][T10157] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 598.677546][T10157] R13: 00007fbcad016038 R14: 00007fbcad015fa0 R15: 00007ffc2c44dd58 [ 598.685767][T10157] [ 599.514904][T10183] wg2: entered promiscuous mode [ 599.521891][T10183] wg2: entered allmulticast mode [ 599.849882][T10188] netlink: 'syz.0.1354': attribute type 5 has an invalid length. [ 599.935586][T10190] netlink: 144316 bytes leftover after parsing attributes in process `syz.0.1355'. [ 600.070383][T10192] netlink: 'syz.0.1356': attribute type 29 has an invalid length. [ 600.083726][T10192] netlink: 'syz.0.1356': attribute type 29 has an invalid length. [ 600.093915][T10192] netlink: 'syz.0.1356': attribute type 29 has an invalid length. [ 600.372564][T10195] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1357'. [ 600.583423][T10198] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1357'. [ 601.369858][T10224] veth0_vlan: entered allmulticast mode [ 601.614671][T10230] FAULT_INJECTION: forcing a failure. [ 601.614671][T10230] name failslab, interval 1, probability 0, space 0, times 0 [ 601.628876][T10230] CPU: 0 PID: 10230 Comm: syz.3.1368 Not tainted syzkaller #0 [ 601.636405][T10230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 601.646521][T10230] Call Trace: [ 601.649874][T10230] [ 601.652852][T10230] dump_stack_lvl+0x18c/0x250 [ 601.657600][T10230] ? show_regs_print_info+0x20/0x20 [ 601.662850][T10230] ? load_image+0x400/0x400 [ 601.667510][T10230] ? __might_sleep+0xe0/0xe0 [ 601.672157][T10230] ? __lock_acquire+0x7d40/0x7d40 [ 601.677246][T10230] should_fail_ex+0x39d/0x4d0 [ 601.682017][T10230] should_failslab+0x9/0x20 [ 601.686580][T10230] slab_pre_alloc_hook+0x59/0x310 [ 601.691676][T10230] ? tomoyo_encode+0x28b/0x540 [ 601.696488][T10230] ? tomoyo_encode+0x28b/0x540 [ 601.701305][T10230] __kmem_cache_alloc_node+0x53/0x250 [ 601.706754][T10230] ? tomoyo_encode+0x28b/0x540 [ 601.711574][T10230] __kmalloc+0xa4/0x230 [ 601.715791][T10230] tomoyo_encode+0x28b/0x540 [ 601.720443][T10230] tomoyo_realpath_from_path+0x592/0x5d0 [ 601.726190][T10230] tomoyo_path_number_perm+0x248/0x620 [ 601.731724][T10230] ? tomoyo_path_number_perm+0x217/0x620 [ 601.737444][T10230] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 601.742982][T10230] ? trace_call_bpf+0xc3/0x6c0 [ 601.747830][T10230] ? trace_call_bpf+0xc3/0x6c0 [ 601.752673][T10230] ? trace_call_bpf+0x5e9/0x6c0 [ 601.757635][T10230] ? __fget_files+0x28/0x4b0 [ 601.762286][T10230] ? __fget_files+0x28/0x4b0 [ 601.766960][T10230] security_file_ioctl+0x70/0xa0 [ 601.771978][T10230] __se_sys_ioctl+0x48/0x170 [ 601.776737][T10230] do_syscall_64+0x55/0xa0 [ 601.781216][T10230] ? clear_bhb_loop+0x40/0x90 [ 601.786061][T10230] ? clear_bhb_loop+0x40/0x90 [ 601.790822][T10230] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 601.796773][T10230] RIP: 0033:0x7fc95ed9acb9 [ 601.801261][T10230] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 601.821119][T10230] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 601.829598][T10230] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 601.837629][T10230] RDX: 00002000000002c0 RSI: 0000000000008992 RDI: 0000000000000003 [ 601.845651][T10230] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 601.853683][T10230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 601.861708][T10230] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 601.869853][T10230] [ 601.890108][T10230] ERROR: Out of memory at tomoyo_realpath_from_path. [ 602.173465][T10234] netlink: 'syz.3.1370': attribute type 10 has an invalid length. [ 602.243512][T10234] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.1370'. [ 602.320520][T10241] netlink: 'syz.2.1372': attribute type 29 has an invalid length. [ 602.332890][T10241] netlink: 'syz.2.1372': attribute type 29 has an invalid length. [ 602.352172][T10241] netlink: 'syz.2.1372': attribute type 29 has an invalid length. [ 603.047620][T10258] netlink: 'syz.3.1378': attribute type 9 has an invalid length. [ 603.083501][T10258] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1378'. [ 603.249902][T10261] netlink: 'syz.3.1378': attribute type 9 has an invalid length. [ 603.261096][T10261] netlink: 195420 bytes leftover after parsing attributes in process `syz.3.1378'. [ 603.299917][T10257] delete_channel: no stack [ 605.154082][T10300] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1392'. [ 605.207395][T10300] openvswitch: netlink: Flow actions attr not present in new flow. [ 605.254203][T10297] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1392'. [ 611.240976][T10415] validate_nla: 3 callbacks suppressed [ 611.241009][T10415] netlink: 'syz.1.1429': attribute type 4 has an invalid length. [ 611.328159][T10418] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1431'. [ 611.349861][T10418] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1431'. [ 611.364493][T10418] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1431'. [ 612.027613][T10439] netdevsim netdevsim1 ªªªªªª: renamed from netdevsim0 (while UP) [ 612.173418][T10442] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1440'. [ 612.198385][T10442] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1440'. [ 612.225284][T10442] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1440'. [ 614.272572][T10466] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1450'. [ 614.291998][T10466] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1450'. [ 614.318324][T10466] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1450'. [ 615.717339][T10481] netlink: 'syz.2.1454': attribute type 9 has an invalid length. [ 615.738630][T10481] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1454'. [ 615.778874][T10482] netlink: 'syz.2.1454': attribute type 10 has an invalid length. [ 615.968232][T10482] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode [ 616.007359][T10482] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 616.057058][T10482] team0: Port device wlan1 added [ 616.292000][ T5816] Bluetooth: hci2: ISO packet for unknown connection handle 2622 [ 616.389892][T10488] netlink: 'syz.3.1457': attribute type 10 has an invalid length. [ 616.452292][T10488] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1457'. [ 617.525309][T10501] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1460'. [ 617.535409][T10493] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1459'. [ 617.566800][T10501] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1460'. [ 617.610215][T10501] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1460'. [ 617.687991][T10502] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1460'. [ 620.589976][T10541] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1473'. [ 620.636679][T10541] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1473'. [ 620.659824][T10541] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1473'. [ 620.682533][T10541] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1473'. [ 623.319164][T10570] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1483'. [ 623.394176][T10570] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1483'. [ 623.493269][T10570] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1483'. [ 623.540472][T10570] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1483'. [ 624.276122][T10588] netlink: 'syz.2.1489': attribute type 29 has an invalid length. [ 624.285952][T10588] netlink: 'syz.2.1489': attribute type 29 has an invalid length. [ 624.319311][T10588] netlink: 'syz.2.1489': attribute type 29 has an invalid length. [ 624.337651][T10588] netlink: 'syz.2.1489': attribute type 29 has an invalid length. [ 624.681108][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.687690][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.684981][T10606] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1495'. [ 625.706840][T10606] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1495'. [ 625.759301][T10606] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1495'. [ 625.822912][T10609] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1495'. [ 626.817930][T10626] IPv6: Can't replace route, no match found [ 626.871058][T10626] : renamed from veth0_to_bond (while UP) [ 626.965138][T10631] netlink: 'syz.0.1504': attribute type 29 has an invalid length. [ 627.000292][T10631] netlink: 'syz.0.1504': attribute type 29 has an invalid length. [ 627.016025][T10631] netlink: 'syz.0.1504': attribute type 29 has an invalid length. [ 627.050349][T10631] netlink: 'syz.0.1504': attribute type 29 has an invalid length. [ 627.117519][T10635] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1506'. [ 627.492631][T10635] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1506'. [ 628.557701][T10664] FAULT_INJECTION: forcing a failure. [ 628.557701][T10664] name failslab, interval 1, probability 0, space 0, times 0 [ 628.626476][T10664] CPU: 1 PID: 10664 Comm: syz.0.1515 Not tainted syzkaller #0 [ 628.634029][T10664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 628.644145][T10664] Call Trace: [ 628.647493][T10664] [ 628.650483][T10664] dump_stack_lvl+0x18c/0x250 [ 628.655217][T10664] ? sctp_sendmsg+0x1575/0x28c0 [ 628.660123][T10664] ? ___sys_sendmsg+0x2a6/0x360 [ 628.665035][T10664] ? show_regs_print_info+0x20/0x20 [ 628.670295][T10664] ? load_image+0x400/0x400 [ 628.674895][T10664] should_fail_ex+0x39d/0x4d0 [ 628.679648][T10664] should_failslab+0x9/0x20 [ 628.684219][T10664] slab_pre_alloc_hook+0x59/0x310 [ 628.689366][T10664] ? sctp_add_bind_addr+0x8c/0x360 [ 628.694560][T10664] __kmem_cache_alloc_node+0x53/0x250 [ 628.700020][T10664] ? sctp_add_bind_addr+0x8c/0x360 [ 628.705203][T10664] kmalloc_trace+0x2a/0xe0 [ 628.709711][T10664] sctp_add_bind_addr+0x8c/0x360 [ 628.714717][T10664] sctp_copy_local_addr_list+0x315/0x4f0 [ 628.720421][T10664] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 628.726241][T10664] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 628.732381][T10664] ? sctp_v4_is_any+0x35/0x60 [ 628.737121][T10664] ? sctp_copy_one_addr+0x8c/0x350 [ 628.742308][T10664] sctp_bind_addr_copy+0xb3/0x3c0 [ 628.747393][T10664] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 628.753786][T10664] sctp_connect_new_asoc+0x2f9/0x6a0 [ 628.759141][T10664] ? __sctp_connect+0xd80/0xd80 [ 628.764061][T10664] ? __local_bh_enable_ip+0x13a/0x1c0 [ 628.769501][T10664] ? _local_bh_enable+0xa0/0xa0 [ 628.774420][T10664] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 628.780384][T10664] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 628.786280][T10664] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 628.791939][T10664] ? security_sctp_bind_connect+0x89/0xb0 [ 628.797741][T10664] sctp_sendmsg+0x1575/0x28c0 [ 628.802594][T10664] ? sctp_getsockopt+0xb60/0xb60 [ 628.807635][T10664] ? aa_sk_perm+0x83c/0x970 [ 628.812215][T10664] ? aa_af_perm+0x330/0x330 [ 628.816785][T10664] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 628.823266][T10664] ? sock_rps_record_flow+0x19/0x3f0 [ 628.828642][T10664] ? inet_sendmsg+0x7c/0x2f0 [ 628.833296][T10664] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 628.838725][T10664] ? security_socket_sendmsg+0x80/0xa0 [ 628.844243][T10664] ? inet_send_prepare+0x260/0x260 [ 628.849428][T10664] ____sys_sendmsg+0x5ba/0x960 [ 628.854249][T10664] ? __lock_acquire+0x7d40/0x7d40 [ 628.859350][T10664] ? __asan_memset+0x22/0x40 [ 628.864007][T10664] ? __sys_sendmsg_sock+0x30/0x30 [ 628.869090][T10664] ? __import_iovec+0x5f2/0x850 [ 628.874016][T10664] ? import_iovec+0x73/0xa0 [ 628.878592][T10664] ___sys_sendmsg+0x2a6/0x360 [ 628.883387][T10664] ? __sys_sendmsg+0x2a0/0x2a0 [ 628.888356][T10664] ? __lock_acquire+0x7d40/0x7d40 [ 628.893481][T10664] __se_sys_sendmsg+0x1c2/0x2b0 [ 628.898493][T10664] ? __x64_sys_sendmsg+0x80/0x80 [ 628.903513][T10664] ? lockdep_hardirqs_on+0x98/0x150 [ 628.908779][T10664] do_syscall_64+0x55/0xa0 [ 628.913338][T10664] ? clear_bhb_loop+0x40/0x90 [ 628.918078][T10664] ? clear_bhb_loop+0x40/0x90 [ 628.922824][T10664] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 628.928787][T10664] RIP: 0033:0x7f7fdc19acb9 [ 628.933249][T10664] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 628.952918][T10664] RSP: 002b:00007f7fdcfb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 628.961403][T10664] RAX: ffffffffffffffda RBX: 00007f7fdc415fa0 RCX: 00007f7fdc19acb9 [ 628.969436][T10664] RDX: 0000000000008054 RSI: 0000200000000300 RDI: 0000000000000005 [ 628.977557][T10664] RBP: 00007f7fdcfb3090 R08: 0000000000000000 R09: 0000000000000000 [ 628.985586][T10664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 628.993713][T10664] R13: 00007f7fdc416038 R14: 00007f7fdc415fa0 R15: 00007ffddb25e298 [ 629.001764][T10664] [ 629.254691][T10671] __nla_validate_parse: 2 callbacks suppressed [ 629.254710][T10671] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1517'. [ 629.275176][T10671] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1517'. [ 629.286155][T10671] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1517'. [ 629.302022][T10671] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1517'. [ 629.355201][T10673] netlink: 'syz.3.1518': attribute type 29 has an invalid length. [ 629.374048][T10673] netlink: 'syz.3.1518': attribute type 29 has an invalid length. [ 629.399502][T10673] netlink: 'syz.3.1518': attribute type 29 has an invalid length. [ 629.436813][T10673] netlink: 'syz.3.1518': attribute type 29 has an invalid length. [ 630.296368][T10693] netlink: 'syz.0.1524': attribute type 10 has an invalid length. [ 630.304276][T10693] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1524'. [ 630.354230][T10693] team0: entered promiscuous mode [ 630.366238][T10693] team_slave_0: entered promiscuous mode [ 630.376755][T10693] team_slave_1: entered promiscuous mode [ 630.429089][T10693] team0: entered allmulticast mode [ 630.434305][T10693] team_slave_0: entered allmulticast mode [ 630.516456][T10693] team_slave_1: entered allmulticast mode [ 630.523962][T10693] bridge0: port 2(team0) entered blocking state [ 630.576470][T10693] bridge0: port 2(team0) entered disabled state [ 630.587215][T10693] bridge0: port 2(team0) entered blocking state [ 630.593639][T10693] bridge0: port 2(team0) entered forwarding state [ 630.603366][T10699] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.1526'. [ 630.838702][T10705] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1528'. [ 630.868183][T10705] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1528'. [ 631.145986][T10705] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1528'. [ 631.178933][T10708] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1528'. [ 631.812982][T10731] netlink: 'syz.1.1535': attribute type 10 has an invalid length. [ 631.821221][T10731] batadv0: entered promiscuous mode [ 631.828293][T10731] batadv0: entered allmulticast mode [ 631.837678][T10731] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 632.702203][T10738] netlink: 'syz.2.1537': attribute type 2 has an invalid length. [ 633.454591][T10769] netlink: 'syz.1.1548': attribute type 10 has an invalid length. [ 633.488119][T10769] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 633.539032][T10769] netlink: 'syz.1.1548': attribute type 11 has an invalid length. [ 634.737950][T10792] netlink: 'syz.2.1555': attribute type 19 has an invalid length. [ 634.764229][T10792] __nla_validate_parse: 12 callbacks suppressed [ 634.764251][T10792] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1555'. [ 634.895249][T10798] netlink: 'syz.1.1558': attribute type 41 has an invalid length. [ 634.913383][T10798] netlink: 'syz.1.1558': attribute type 10 has an invalid length. [ 634.981661][T10798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.019888][T10798] team0: Port device bond0 added [ 635.096558][T10802] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1560'. [ 635.105792][T10802] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1560'. [ 635.148838][T10802] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1560'. [ 635.167014][T10802] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1560'. [ 635.221764][T10805] FAULT_INJECTION: forcing a failure. [ 635.221764][T10805] name failslab, interval 1, probability 0, space 0, times 0 [ 635.247401][T10805] CPU: 1 PID: 10805 Comm: syz.3.1561 Not tainted syzkaller #0 [ 635.255042][T10805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 635.265155][T10805] Call Trace: [ 635.268486][T10805] [ 635.271440][T10805] dump_stack_lvl+0x18c/0x250 [ 635.276131][T10805] ? show_regs_print_info+0x20/0x20 [ 635.281364][T10805] ? load_image+0x400/0x400 [ 635.285891][T10805] should_fail_ex+0x39d/0x4d0 [ 635.290599][T10805] should_failslab+0x9/0x20 [ 635.295124][T10805] slab_pre_alloc_hook+0x59/0x310 [ 635.300190][T10805] kmem_cache_alloc+0x5a/0x2d0 [ 635.305019][T10805] ? skb_clone+0x1eb/0x370 [ 635.309498][T10805] skb_clone+0x1eb/0x370 [ 635.313799][T10805] __netlink_deliver_tap+0x41c/0x830 [ 635.319150][T10805] ? netlink_deliver_tap+0x2e/0x1b0 [ 635.324408][T10805] netlink_deliver_tap+0x19c/0x1b0 [ 635.329595][T10805] netlink_dump+0x94b/0xe50 [ 635.334176][T10805] ? netlink_lookup+0x200/0x200 [ 635.339096][T10805] ? slab_free_freelist_hook+0x130/0x1a0 [ 635.344873][T10805] ? netlink_recvmsg+0x5e7/0xe60 [ 635.349871][T10805] ? kmem_cache_free+0xf8/0x270 [ 635.354791][T10805] netlink_recvmsg+0x693/0xe60 [ 635.359624][T10805] ? netlink_sendmsg+0xbf0/0xbf0 [ 635.364625][T10805] ? aa_af_perm+0x330/0x330 [ 635.369441][T10805] ? __lock_acquire+0x1273/0x7d40 [ 635.374522][T10805] ? verify_lock_unused+0x140/0x140 [ 635.379786][T10805] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 635.385203][T10805] ? security_socket_recvmsg+0x89/0xb0 [ 635.390716][T10805] ? netlink_sendmsg+0xbf0/0xbf0 [ 635.395709][T10805] ____sys_recvmsg+0x2ce/0x5e0 [ 635.400642][T10805] ? __sys_recvmsg_sock+0x50/0x50 [ 635.405733][T10805] ? import_iovec+0x73/0xa0 [ 635.410309][T10805] ___sys_recvmsg+0x216/0x590 [ 635.415141][T10805] ? __sys_recvmsg+0x2a0/0x2a0 [ 635.419979][T10805] ? ksys_write+0x1c4/0x260 [ 635.424557][T10805] ? __fget_files+0x43d/0x4b0 [ 635.429319][T10805] __x64_sys_recvmsg+0x20c/0x2e0 [ 635.434323][T10805] ? ___sys_recvmsg+0x590/0x590 [ 635.439259][T10805] ? lockdep_hardirqs_on+0x98/0x150 [ 635.444530][T10805] do_syscall_64+0x55/0xa0 [ 635.449005][T10805] ? clear_bhb_loop+0x40/0x90 [ 635.453735][T10805] ? clear_bhb_loop+0x40/0x90 [ 635.458468][T10805] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 635.464415][T10805] RIP: 0033:0x7fc95ed9acb9 [ 635.468878][T10805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 635.488533][T10805] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 635.497009][T10805] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 635.505029][T10805] RDX: 0000000000010020 RSI: 0000200000001ec0 RDI: 0000000000000005 [ 635.513051][T10805] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 635.521071][T10805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 635.529091][T10805] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 635.537134][T10805] [ 635.580406][T10805] netlink: 'syz.3.1561': attribute type 41 has an invalid length. [ 635.590215][T10805] netlink: 'syz.3.1561': attribute type 10 has an invalid length. [ 635.632002][T10805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.648014][T10805] team0: Port device bond0 added [ 636.862542][T10837] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1571'. [ 636.937128][T10837] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1571'. [ 636.972711][T10838] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1571'. [ 636.984078][T10839] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1571'. [ 637.530864][T10863] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1582'. [ 637.542758][T10861] netlink: 'syz.1.1579': attribute type 10 has an invalid length. [ 638.373696][T10885] netlink: 'syz.1.1588': attribute type 8 has an invalid length. [ 639.606078][T10913] netlink: 'syz.2.1600': attribute type 39 has an invalid length. [ 640.704716][T10928] netlink: 'syz.3.1603': attribute type 21 has an invalid length. [ 640.736521][T10928] __nla_validate_parse: 9 callbacks suppressed [ 640.756626][T10928] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1603'. [ 641.054128][T10941] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1607'. [ 641.096479][T10941] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1607'. [ 641.127953][T10944] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1607'. [ 641.165156][T10941] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1607'. [ 641.567725][T10962] netlink: 'syz.2.1615': attribute type 9 has an invalid length. [ 641.578081][T10962] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1615'. [ 642.051429][T10963] netlink: 'syz.2.1615': attribute type 9 has an invalid length. [ 642.106307][T10963] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1615'. [ 642.659007][T10983] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1620'. [ 642.668562][T10983] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1620'. [ 642.707464][T10983] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1620'. [ 644.683555][ T5816] Bluetooth: hci0: unexpected event 0x32 length: 15 > 9 [ 644.741198][T11036] netlink: 'syz.3.1637': attribute type 29 has an invalid length. [ 644.780583][T11036] netlink: 'syz.3.1637': attribute type 29 has an invalid length. [ 644.808206][T11039] netlink: 'syz.3.1637': attribute type 29 has an invalid length. [ 646.517326][T11077] __nla_validate_parse: 9 callbacks suppressed [ 646.517346][T11077] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1651'. [ 646.540681][T11077] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1651'. [ 646.555419][T11077] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1651'. [ 646.629840][T11082] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1651'. [ 646.838548][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.849248][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.859312][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.869332][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.879313][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.889045][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.899113][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.909380][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.919339][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 646.929124][T11087] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 648.608606][T11097] netlink: 'syz.1.1658': attribute type 33 has an invalid length. [ 648.935408][T11110] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1664'. [ 648.945163][T11110] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1664'. [ 648.957110][T11110] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1664'. [ 648.988801][T11110] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1664'. [ 650.130459][T11143] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1675'. [ 650.150085][T11143] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1675'. [ 650.471596][T11153] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 651.160043][T11161] FAULT_INJECTION: forcing a failure. [ 651.160043][T11161] name failslab, interval 1, probability 0, space 0, times 0 [ 651.196343][T11161] CPU: 0 PID: 11161 Comm: syz.1.1681 Not tainted syzkaller #0 [ 651.203889][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 651.214010][T11161] Call Trace: [ 651.217335][T11161] [ 651.220312][T11161] dump_stack_lvl+0x18c/0x250 [ 651.225047][T11161] ? show_regs_print_info+0x20/0x20 [ 651.230293][T11161] ? load_image+0x400/0x400 [ 651.234851][T11161] ? __might_sleep+0xe0/0xe0 [ 651.239576][T11161] ? __lock_acquire+0x7d40/0x7d40 [ 651.244659][T11161] ? lock_chain_count+0x20/0x20 [ 651.249628][T11161] should_fail_ex+0x39d/0x4d0 [ 651.254348][T11161] should_failslab+0x9/0x20 [ 651.258892][T11161] slab_pre_alloc_hook+0x59/0x310 [ 651.263950][T11161] ? _raw_spin_unlock+0x40/0x40 [ 651.268835][T11161] ? string+0x26d/0x2b0 [ 651.273113][T11161] ? __request_module+0x2d1/0x600 [ 651.278166][T11161] __kmem_cache_alloc_node+0x53/0x250 [ 651.283582][T11161] ? __request_module+0x2d1/0x600 [ 651.288657][T11161] kmalloc_trace+0x2a/0xe0 [ 651.293133][T11161] __request_module+0x2d1/0x600 [ 651.298568][T11161] ? module_enforce_rwx_sections+0x150/0x150 [ 651.304643][T11161] ? dev_load+0x21/0x1f0 [ 651.309040][T11161] ? bpf_lsm_capable+0x9/0x10 [ 651.313810][T11161] ? dev_load+0x21/0x1f0 [ 651.318095][T11161] dev_load+0x18b/0x1f0 [ 651.322293][T11161] dev_ioctl+0x59f/0x1140 [ 651.326662][T11161] sock_do_ioctl+0x239/0x310 [ 651.331465][T11161] ? sock_show_fdinfo+0xb0/0xb0 [ 651.336371][T11161] sock_ioctl+0x5ba/0x7e0 [ 651.340752][T11161] ? sock_poll+0x3e0/0x3e0 [ 651.345211][T11161] ? bpf_lsm_file_ioctl+0x9/0x10 [ 651.350179][T11161] ? security_file_ioctl+0x80/0xa0 [ 651.355325][T11161] ? sock_poll+0x3e0/0x3e0 [ 651.359787][T11161] __se_sys_ioctl+0xfd/0x170 [ 651.364504][T11161] do_syscall_64+0x55/0xa0 [ 651.368966][T11161] ? clear_bhb_loop+0x40/0x90 [ 651.373778][T11161] ? clear_bhb_loop+0x40/0x90 [ 651.378505][T11161] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 651.384432][T11161] RIP: 0033:0x7f9ff5f9acb9 [ 651.388873][T11161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 651.408545][T11161] RSP: 002b:00007f9ff6eb3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 651.416993][T11161] RAX: ffffffffffffffda RBX: 00007f9ff6216180 RCX: 00007f9ff5f9acb9 [ 651.424994][T11161] RDX: 0000200000000000 RSI: 0000000000008923 RDI: 000000000000000d [ 651.433002][T11161] RBP: 00007f9ff6eb3090 R08: 0000000000000000 R09: 0000000000000000 [ 651.441011][T11161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 651.449009][T11161] R13: 00007f9ff6216218 R14: 00007f9ff6216180 R15: 00007ffc591eeea8 [ 651.457039][T11161] [ 652.142980][T11168] netlink: 'syz.0.1683': attribute type 19 has an invalid length. [ 652.206733][T11180] __nla_validate_parse: 2 callbacks suppressed [ 652.206753][T11180] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1686'. [ 652.276549][T11180] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1686'. [ 652.285851][T11181] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1686'. [ 652.399652][T11180] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1686'. [ 653.193650][T11209] netlink: 'syz.0.1697': attribute type 13 has an invalid length. [ 653.218753][T11209] macvtap0: entered promiscuous mode [ 653.247618][T11209] macvtap0: refused to change device tx_queue_len [ 653.328855][T11215] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1699'. [ 653.350913][T11215] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1699'. [ 653.377767][T11215] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1699'. [ 653.418848][T11215] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1699'. [ 653.528344][T11217] net_ratelimit: 3319 callbacks suppressed [ 653.528361][T11217] bond_slave_1: mtu less than device minimum [ 654.607691][T11240] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.1708'. [ 654.647267][T11241] netlink: 'syz.0.1708': attribute type 8 has an invalid length. [ 654.669051][T11241] netlink: 'syz.0.1708': attribute type 9 has an invalid length. [ 654.707322][T11241] netlink: 'syz.0.1708': attribute type 10 has an invalid length. [ 654.745718][T11241] netlink: 'syz.0.1708': attribute type 11 has an invalid length. [ 654.782502][T11241] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1708'. [ 662.460655][T11298] __nla_validate_parse: 11 callbacks suppressed [ 662.460677][T11298] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1729'. [ 662.496386][T11298] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1729'. [ 662.512726][T11298] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1729'. [ 662.525698][T11298] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1729'. [ 664.807401][T11339] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1742'. [ 664.833838][T11339] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1742'. [ 664.849442][T11339] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1742'. [ 664.863045][T11339] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1742'. [ 665.010028][T11347] netlink: 'syz.0.1744': attribute type 10 has an invalid length. [ 665.020712][T11347] bridge0: port 2(team0) entered disabled state [ 665.027478][T11347] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.064421][T11347] bridge0: port 2(team0) entered blocking state [ 665.070848][T11347] bridge0: port 2(team0) entered forwarding state [ 665.077759][T11347] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.085105][T11347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 665.108939][T11347] bridge0: entered promiscuous mode [ 665.114673][T11347] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 665.795726][T11359] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1748'. [ 666.429637][T11375] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1752'. [ 668.945216][ T5815] cgroup: fork rejected by pids controller in /syz1 [ 668.989821][T11430] __nla_validate_parse: 7 callbacks suppressed [ 668.989842][T11430] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1772'. [ 669.039222][T11430] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1772'. [ 669.088065][T11430] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1772'. [ 669.113891][T11430] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1772'. [ 669.506010][T11436] veth0_vlan: entered allmulticast mode [ 670.152759][ T33] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.271183][ T33] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.416449][ T33] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.555785][ T33] netdevsim netdevsim1 ªªªªªª (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.728111][T11455] bond0: entered promiscuous mode [ 670.733406][T11455] bond_slave_0: entered promiscuous mode [ 670.752337][T11455] bond_slave_1: entered promiscuous mode [ 670.792184][ T5817] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 670.794511][T11455] dummy0: entered promiscuous mode [ 670.933856][ T5817] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 670.942841][ T5817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 670.954495][ T5817] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 670.968322][ T5817] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 670.976770][ T5817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 671.851003][T11460] chnl_net:caif_netlink_parms(): no params data found [ 672.418093][T11487] netlink: 'syz.3.1788': attribute type 6 has an invalid length. [ 672.449527][T11487] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1788'. [ 673.086737][ T5817] Bluetooth: hci2: command tx timeout [ 673.180226][T11515] veth0_vlan: left promiscuous mode [ 673.234179][T11515] veth0_vlan: entered promiscuous mode [ 673.514210][T11460] bridge0: port 1(bridge_slave_0) entered blocking state [ 673.526123][T11460] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.535000][T11460] bridge_slave_0: entered allmulticast mode [ 673.544559][T11460] bridge_slave_0: entered promiscuous mode [ 673.556033][T11460] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.565489][T11460] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.573202][T11460] bridge_slave_1: entered allmulticast mode [ 673.582452][T11460] bridge_slave_1: entered promiscuous mode [ 673.727807][T11460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.764480][T11460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 674.101344][T11531] bond0: entered promiscuous mode [ 674.114632][T11531] bond_slave_0: entered promiscuous mode [ 674.141572][T11531] bond_slave_1: entered promiscuous mode [ 674.296673][T11539] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1798'. [ 674.333679][T11460] team0: Port device team_slave_0 added [ 674.345681][T11460] team0: Port device team_slave_1 added [ 674.370206][T11539] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1798'. [ 674.457495][T11541] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1798'. [ 674.488053][T11539] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1798'. [ 674.555753][T11460] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 674.583466][T11460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.656362][T11460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 674.850293][T11460] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 674.874416][T11460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.915232][T11460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 674.958222][T11552] netlink: 'syz.2.1800': attribute type 6 has an invalid length. [ 674.966040][T11552] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1800'. [ 675.164336][T11460] hsr_slave_0: entered promiscuous mode [ 675.170733][ T5817] Bluetooth: hci2: command tx timeout [ 675.245599][T11460] hsr_slave_1: entered promiscuous mode [ 675.296859][T11460] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 675.304590][T11460] Cannot create hsr debugfs directory [ 676.385102][ T33] hsr_slave_0: left promiscuous mode [ 676.399956][ T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 676.411122][ T33] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 676.423938][ T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 676.434361][ T33] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 676.445335][T11581] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1808'. [ 676.478316][ T33] veth1_macvtap: left promiscuous mode [ 676.484418][ T33] veth0_macvtap: left promiscuous mode [ 676.498835][ T33] veth1_vlan: left promiscuous mode [ 676.504322][ T33] veth0_vlan: left promiscuous mode [ 677.204141][ T33] team0 (unregistering): Port device team_slave_1 removed [ 677.236580][ T5817] Bluetooth: hci2: command tx timeout [ 677.259104][ T33] team0 (unregistering): Port device C removed [ 677.308429][ T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 677.354151][ T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.652747][ T33] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 677.681192][ T33] team0 (unregistering): Port device bond0 removed [ 677.718139][ T33] bond0 (unregistering): Released all slaves [ 677.821219][T11581] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.1808'. [ 678.021032][T11588] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1809'. [ 678.031780][T11585] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1810'. [ 678.042235][T11588] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1809'. [ 678.548125][T11460] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 678.561805][T11460] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 678.591871][T11460] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 678.614908][T11460] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 678.873062][T11460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 678.959621][T11460] 8021q: adding VLAN 0 to HW filter on device team0 [ 679.004430][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 679.011724][ T5854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 679.073514][ T5884] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.080855][ T5884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 679.316794][ T5817] Bluetooth: hci2: command tx timeout [ 680.303624][T11460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 680.390208][T11460] veth0_vlan: entered promiscuous mode [ 680.404569][T11460] veth1_vlan: entered promiscuous mode [ 680.449398][T11460] veth0_macvtap: entered promiscuous mode [ 680.468245][T11460] veth1_macvtap: entered promiscuous mode [ 680.490573][T11460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 680.505921][T11460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.517292][T11460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 680.533002][T11460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.543190][T11460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 680.554186][T11460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.574004][T11460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 680.592905][T11460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 680.608825][T11460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.621744][T11460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 680.635852][T11460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.647330][T11460] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 680.661148][T11460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.674501][T11460] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 680.694279][T11460] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.703919][T11460] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.713479][T11460] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.724344][T11460] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.847243][T11460] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 680.859127][T11460] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.880872][ T5854] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.896716][ T5854] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.945598][ T5854] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.968850][ T5854] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 681.956564][T11682] __nla_validate_parse: 5 callbacks suppressed [ 681.956587][T11682] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1821'. [ 682.070002][T11682] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1821'. [ 682.102826][T11688] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1821'. [ 682.249411][T11682] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1821'. [ 683.475450][T11726] netlink: 'syz.1.1834': attribute type 3 has an invalid length. [ 683.483899][T11726] netlink: 'syz.1.1834': attribute type 16 has an invalid length. [ 683.492761][T11726] netlink: 'syz.1.1834': attribute type 18 has an invalid length. [ 683.501314][T11726] netlink: 'syz.1.1834': attribute type 20 has an invalid length. [ 683.509821][T11726] netlink: 'syz.1.1834': attribute type 25 has an invalid length. [ 683.525933][T11726] netlink: 703 bytes leftover after parsing attributes in process `syz.1.1834'. [ 684.138265][T11734] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1835'. [ 684.159197][T11734] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1835'. [ 684.188032][T11734] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1835'. [ 684.200638][T11734] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1835'. [ 684.513153][T11741] sock: sock_set_timeout: `syz.0.1838' (pid 11741) tries to set negative timeout [ 684.534381][T11741] FAULT_INJECTION: forcing a failure. [ 684.534381][T11741] name failslab, interval 1, probability 0, space 0, times 0 [ 684.547655][T11741] CPU: 0 PID: 11741 Comm: syz.0.1838 Not tainted syzkaller #0 [ 684.555194][T11741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 684.565307][T11741] Call Trace: [ 684.568648][T11741] [ 684.571626][T11741] dump_stack_lvl+0x18c/0x250 [ 684.576363][T11741] ? show_regs_print_info+0x20/0x20 [ 684.581617][T11741] ? load_image+0x400/0x400 [ 684.586190][T11741] should_fail_ex+0x39d/0x4d0 [ 684.590932][T11741] should_failslab+0x9/0x20 [ 684.595498][T11741] slab_pre_alloc_hook+0x59/0x310 [ 684.600585][T11741] ? inet_bind2_bucket_find+0x62/0x620 [ 684.606124][T11741] kmem_cache_alloc+0x5a/0x2d0 [ 684.610947][T11741] ? __inet_hash_connect+0xbe4/0x1870 [ 684.616415][T11741] __inet_hash_connect+0xbe4/0x1870 [ 684.621696][T11741] ? inet_bhash2_reset_saddr+0x80/0x80 [ 684.627229][T11741] tcp_v4_connect+0xcac/0x18e0 [ 684.632083][T11741] ? tcp_twsk_unique+0x990/0x990 [ 684.637098][T11741] mptcp_connect+0x449/0x640 [ 684.641754][T11741] __inet_stream_connect+0x254/0xdc0 [ 684.647104][T11741] ? inet_dgram_connect+0x360/0x360 [ 684.652377][T11741] tcp_sendmsg_fastopen+0x3a7/0x5d0 [ 684.657638][T11741] mptcp_sendmsg_fastopen+0x138/0x4d0 [ 684.663073][T11741] mptcp_sendmsg+0x14b2/0x16d0 [ 684.667891][T11741] ? __lock_acquire+0x1273/0x7d40 [ 684.672979][T11741] ? verify_lock_unused+0x140/0x140 [ 684.678238][T11741] ? aa_sk_perm+0x83c/0x970 [ 684.682809][T11741] ? aa_af_perm+0x330/0x330 [ 684.687373][T11741] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 684.693841][T11741] ? mptcp_shutdown+0x80/0x80 [ 684.698570][T11741] ? sock_rps_record_flow+0x19/0x3f0 [ 684.703951][T11741] ? inet_sendmsg+0xe9/0x2f0 [ 684.708591][T11741] ? inet_send_prepare+0x260/0x260 [ 684.713758][T11741] ____sys_sendmsg+0x5ba/0x960 [ 684.718575][T11741] ? __lock_acquire+0x7d40/0x7d40 [ 684.723643][T11741] ? __asan_memset+0x22/0x40 [ 684.728280][T11741] ? __sys_sendmsg_sock+0x30/0x30 [ 684.733368][T11741] ? __import_iovec+0x3fa/0x850 [ 684.738281][T11741] ? import_iovec+0x73/0xa0 [ 684.742848][T11741] ___sys_sendmsg+0x2a6/0x360 [ 684.747597][T11741] ? __sys_sendmsg+0x2a0/0x2a0 [ 684.752439][T11741] ? trace_call_bpf+0xc3/0x6c0 [ 684.757412][T11741] __se_sys_sendmsg+0x1c2/0x2b0 [ 684.762332][T11741] ? __x64_sys_sendmsg+0x80/0x80 [ 684.767347][T11741] ? lockdep_hardirqs_on+0x98/0x150 [ 684.772608][T11741] do_syscall_64+0x55/0xa0 [ 684.777071][T11741] ? clear_bhb_loop+0x40/0x90 [ 684.781802][T11741] ? clear_bhb_loop+0x40/0x90 [ 684.786531][T11741] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 684.792643][T11741] RIP: 0033:0x7f7fdc19acb9 [ 684.797099][T11741] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 684.816848][T11741] RSP: 002b:00007f7fdcfb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 684.825322][T11741] RAX: ffffffffffffffda RBX: 00007f7fdc415fa0 RCX: 00007f7fdc19acb9 [ 684.833356][T11741] RDX: 0000000020009090 RSI: 0000200000000800 RDI: 0000000000000003 [ 684.841407][T11741] RBP: 00007f7fdcfb3090 R08: 0000000000000000 R09: 0000000000000000 [ 684.849424][T11741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 684.857445][T11741] R13: 00007f7fdc416038 R14: 00007f7fdc415fa0 R15: 00007ffddb25e298 [ 684.865488][T11741] [ 685.446878][T11754] netlink: 'syz.3.1836': attribute type 2 has an invalid length. [ 685.567037][T11754] netlink: 16098 bytes leftover after parsing attributes in process `syz.3.1836'. [ 686.122491][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.133318][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.424990][T11795] netlink: 'syz.2.1849': attribute type 8 has an invalid length. [ 687.463172][T11795] netlink: 'syz.2.1849': attribute type 1 has an invalid length. [ 687.498125][T11795] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1849'. [ 687.829463][T11801] netlink: 'syz.2.1851': attribute type 3 has an invalid length. [ 687.846469][T11801] netlink: 'syz.2.1851': attribute type 16 has an invalid length. [ 687.903738][T11801] netlink: 703 bytes leftover after parsing attributes in process `syz.2.1851'. [ 688.388473][T11816] veth0_vlan: entered allmulticast mode [ 689.110672][T11832] veth0_vlan: left promiscuous mode [ 689.193542][T11832] veth0_vlan: entered promiscuous mode [ 689.389322][T11830] validate_nla: 3 callbacks suppressed [ 689.389378][T11830] netlink: 'syz.2.1858': attribute type 10 has an invalid length. [ 689.460236][T11830] team0: Device veth1_macvtap failed to register rx_handler [ 690.387509][T11846] netlink: 'syz.1.1861': attribute type 2 has an invalid length. [ 690.395423][T11846] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.1861'. [ 691.177593][T11862] veth0_vlan: left promiscuous mode [ 691.201025][T11862] veth0_vlan: entered promiscuous mode [ 692.029400][T11881] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1873'. [ 692.084888][T11884] netlink: 'syz.1.1873': attribute type 8 has an invalid length. [ 692.611782][T11894] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1877'. [ 692.799254][T11896] netlink: 'syz.1.1877': attribute type 10 has an invalid length. [ 692.914145][T11896] team0: Port device dummy0 added [ 693.118324][T11911] sock: sock_set_timeout: `syz.1.1882' (pid 11911) tries to set negative timeout [ 693.351836][T11909] veth0_vlan: left promiscuous mode [ 693.439063][T11909] veth0_vlan: entered promiscuous mode [ 693.698462][T11916] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.1883'. [ 693.793907][T11916] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1883'. [ 693.823443][T11916] openvswitch: netlink: Key type 29 is not supported [ 694.695237][T11940] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1887'. [ 694.720295][T11940] netlink: 'syz.3.1887': attribute type 8 has an invalid length. [ 694.793443][T11948] FAULT_INJECTION: forcing a failure. [ 694.793443][T11948] name failslab, interval 1, probability 0, space 0, times 0 [ 694.820205][T11948] CPU: 1 PID: 11948 Comm: syz.0.1892 Not tainted syzkaller #0 [ 694.827937][T11948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 694.838044][T11948] Call Trace: [ 694.841369][T11948] [ 694.844354][T11948] dump_stack_lvl+0x18c/0x250 [ 694.849092][T11948] ? sctp_sendmsg+0x1575/0x28c0 [ 694.854085][T11948] ? ___sys_sendmsg+0x2a6/0x360 [ 694.859009][T11948] ? show_regs_print_info+0x20/0x20 [ 694.864260][T11948] ? load_image+0x400/0x400 [ 694.868834][T11948] should_fail_ex+0x39d/0x4d0 [ 694.873586][T11948] should_failslab+0x9/0x20 [ 694.878139][T11948] slab_pre_alloc_hook+0x59/0x310 [ 694.883224][T11948] ? sctp_add_bind_addr+0x8c/0x360 [ 694.888396][T11948] __kmem_cache_alloc_node+0x53/0x250 [ 694.893836][T11948] ? sctp_add_bind_addr+0x8c/0x360 [ 694.899005][T11948] kmalloc_trace+0x2a/0xe0 [ 694.903478][T11948] sctp_add_bind_addr+0x8c/0x360 [ 694.908469][T11948] sctp_copy_local_addr_list+0x315/0x4f0 [ 694.914167][T11948] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 694.919951][T11948] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 694.926082][T11948] ? sctp_v4_is_any+0x35/0x60 [ 694.930813][T11948] ? sctp_copy_one_addr+0x8c/0x350 [ 694.935987][T11948] sctp_bind_addr_copy+0xb3/0x3c0 [ 694.941063][T11948] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 694.947452][T11948] sctp_connect_new_asoc+0x2f9/0x6a0 [ 694.952806][T11948] ? __sctp_connect+0xd80/0xd80 [ 694.957740][T11948] ? __local_bh_enable_ip+0x13a/0x1c0 [ 694.963190][T11948] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 694.968795][T11948] ? security_sctp_bind_connect+0x89/0xb0 [ 694.974570][T11948] sctp_sendmsg+0x1575/0x28c0 [ 694.979325][T11948] ? sctp_getsockopt+0xb60/0xb60 [ 694.984320][T11948] ? aa_sk_perm+0x83c/0x970 [ 694.988905][T11948] ? aa_af_perm+0x330/0x330 [ 694.993518][T11948] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 694.999996][T11948] ? sock_rps_record_flow+0x19/0x3f0 [ 695.005345][T11948] ? inet_sendmsg+0xe9/0x2f0 [ 695.009989][T11948] ? inet_send_prepare+0x260/0x260 [ 695.015240][T11948] ____sys_sendmsg+0x5ba/0x960 [ 695.020057][T11948] ? __lock_acquire+0x7d40/0x7d40 [ 695.025130][T11948] ? __asan_memset+0x22/0x40 [ 695.029765][T11948] ? __sys_sendmsg_sock+0x30/0x30 [ 695.034852][T11948] ? __import_iovec+0x5f2/0x850 [ 695.039783][T11948] ? import_iovec+0x73/0xa0 [ 695.044343][T11948] ___sys_sendmsg+0x2a6/0x360 [ 695.049076][T11948] ? __sys_sendmsg+0x2a0/0x2a0 [ 695.053907][T11948] ? __lock_acquire+0x7d40/0x7d40 [ 695.059015][T11948] __se_sys_sendmsg+0x1c2/0x2b0 [ 695.063909][T11948] ? __x64_sys_sendmsg+0x80/0x80 [ 695.068900][T11948] ? lockdep_hardirqs_on+0x98/0x150 [ 695.074138][T11948] do_syscall_64+0x55/0xa0 [ 695.078596][T11948] ? clear_bhb_loop+0x40/0x90 [ 695.083312][T11948] ? clear_bhb_loop+0x40/0x90 [ 695.088031][T11948] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 695.093958][T11948] RIP: 0033:0x7f7fdc19acb9 [ 695.098430][T11948] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 695.118069][T11948] RSP: 002b:00007f7fdcfb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 695.126532][T11948] RAX: ffffffffffffffda RBX: 00007f7fdc415fa0 RCX: 00007f7fdc19acb9 [ 695.134549][T11948] RDX: 0000000000000040 RSI: 00002000000003c0 RDI: 0000000000000003 [ 695.142551][T11948] RBP: 00007f7fdcfb3090 R08: 0000000000000000 R09: 0000000000000000 [ 695.150555][T11948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 695.158640][T11948] R13: 00007f7fdc416038 R14: 00007f7fdc415fa0 R15: 00007ffddb25e298 [ 695.166664][T11948] [ 696.421011][ T5817] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 696.562138][T11985] netlink: 'syz.0.1903': attribute type 8 has an invalid length. [ 696.593538][T11985] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1903'. [ 696.707107][T11989] netlink: 'syz.3.1905': attribute type 21 has an invalid length. [ 696.724636][T11989] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1905'. [ 697.664968][T12009] veth0_vlan: left promiscuous mode [ 697.755428][T12009] veth0_vlan: entered promiscuous mode [ 698.114659][T12015] FAULT_INJECTION: forcing a failure. [ 698.114659][T12015] name failslab, interval 1, probability 0, space 0, times 0 [ 698.137207][T12015] CPU: 0 PID: 12015 Comm: syz.0.1913 Not tainted syzkaller #0 [ 698.144750][T12015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 698.154854][T12015] Call Trace: [ 698.158180][T12015] [ 698.161143][T12015] dump_stack_lvl+0x18c/0x250 [ 698.165877][T12015] ? sctp_sendmsg+0x1575/0x28c0 [ 698.170787][T12015] ? ___sys_sendmsg+0x2a6/0x360 [ 698.175686][T12015] ? show_regs_print_info+0x20/0x20 [ 698.180928][T12015] ? load_image+0x400/0x400 [ 698.185513][T12015] should_fail_ex+0x39d/0x4d0 [ 698.190231][T12015] should_failslab+0x9/0x20 [ 698.194772][T12015] slab_pre_alloc_hook+0x59/0x310 [ 698.199842][T12015] ? sctp_add_bind_addr+0x8c/0x360 [ 698.204988][T12015] __kmem_cache_alloc_node+0x53/0x250 [ 698.210405][T12015] ? sctp_add_bind_addr+0x8c/0x360 [ 698.215566][T12015] kmalloc_trace+0x2a/0xe0 [ 698.220113][T12015] sctp_add_bind_addr+0x8c/0x360 [ 698.225170][T12015] sctp_copy_local_addr_list+0x315/0x4f0 [ 698.230831][T12015] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 698.236577][T12015] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 698.242766][T12015] ? sctp_v4_is_any+0x35/0x60 [ 698.247483][T12015] ? sctp_copy_one_addr+0x8c/0x350 [ 698.252625][T12015] sctp_bind_addr_copy+0xb3/0x3c0 [ 698.257679][T12015] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 698.264056][T12015] sctp_connect_new_asoc+0x2f9/0x6a0 [ 698.269380][T12015] ? __sctp_connect+0xd80/0xd80 [ 698.274295][T12015] ? __local_bh_enable_ip+0x13a/0x1c0 [ 698.279708][T12015] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 698.285284][T12015] ? security_sctp_bind_connect+0x89/0xb0 [ 698.291040][T12015] sctp_sendmsg+0x1575/0x28c0 [ 698.295759][T12015] ? sctp_getsockopt+0xb60/0xb60 [ 698.300726][T12015] ? aa_sk_perm+0x83c/0x970 [ 698.305269][T12015] ? aa_af_perm+0x330/0x330 [ 698.309976][T12015] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 698.316449][T12015] ? sock_rps_record_flow+0x19/0x3f0 [ 698.321765][T12015] ? inet_sendmsg+0xe9/0x2f0 [ 698.326388][T12015] ? inet_send_prepare+0x260/0x260 [ 698.331537][T12015] ____sys_sendmsg+0x5ba/0x960 [ 698.336336][T12015] ? __lock_acquire+0x7d40/0x7d40 [ 698.341393][T12015] ? __asan_memset+0x22/0x40 [ 698.346018][T12015] ? __sys_sendmsg_sock+0x30/0x30 [ 698.351064][T12015] ? __import_iovec+0x5f2/0x850 [ 698.355960][T12015] ? import_iovec+0x73/0xa0 [ 698.360504][T12015] ___sys_sendmsg+0x2a6/0x360 [ 698.365216][T12015] ? __sys_sendmsg+0x2a0/0x2a0 [ 698.370020][T12015] ? trace_call_bpf+0xc3/0x6c0 [ 698.374841][T12015] __se_sys_sendmsg+0x1c2/0x2b0 [ 698.379721][T12015] ? __x64_sys_sendmsg+0x80/0x80 [ 698.384700][T12015] ? lockdep_hardirqs_on+0x98/0x150 [ 698.389937][T12015] do_syscall_64+0x55/0xa0 [ 698.394379][T12015] ? clear_bhb_loop+0x40/0x90 [ 698.399099][T12015] ? clear_bhb_loop+0x40/0x90 [ 698.403809][T12015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 698.409731][T12015] RIP: 0033:0x7f7fdc19acb9 [ 698.414175][T12015] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 698.433804][T12015] RSP: 002b:00007f7fdcfb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 698.442259][T12015] RAX: ffffffffffffffda RBX: 00007f7fdc415fa0 RCX: 00007f7fdc19acb9 [ 698.450267][T12015] RDX: 0000000000000040 RSI: 00002000000003c0 RDI: 0000000000000003 [ 698.458270][T12015] RBP: 00007f7fdcfb3090 R08: 0000000000000000 R09: 0000000000000000 [ 698.466271][T12015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 698.474283][T12015] R13: 00007f7fdc416038 R14: 00007f7fdc415fa0 R15: 00007ffddb25e298 [ 698.482304][T12015] [ 698.558542][T12017] FAULT_INJECTION: forcing a failure. [ 698.558542][T12017] name failslab, interval 1, probability 0, space 0, times 0 [ 698.583202][T12017] CPU: 0 PID: 12017 Comm: syz.3.1914 Not tainted syzkaller #0 [ 698.590747][T12017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 698.600850][T12017] Call Trace: [ 698.604170][T12017] [ 698.607145][T12017] dump_stack_lvl+0x18c/0x250 [ 698.611884][T12017] ? show_regs_print_info+0x20/0x20 [ 698.617139][T12017] ? load_image+0x400/0x400 [ 698.621707][T12017] ? verify_lock_unused+0x140/0x140 [ 698.626970][T12017] should_fail_ex+0x39d/0x4d0 [ 698.631715][T12017] should_failslab+0x9/0x20 [ 698.636272][T12017] slab_pre_alloc_hook+0x59/0x310 [ 698.641358][T12017] kmem_cache_alloc+0x5a/0x2d0 [ 698.646264][T12017] ? skb_clone+0x1eb/0x370 [ 698.650739][T12017] skb_clone+0x1eb/0x370 [ 698.655044][T12017] __netlink_deliver_tap+0x41c/0x830 [ 698.660399][T12017] ? netlink_deliver_tap+0x2e/0x1b0 [ 698.665647][T12017] netlink_deliver_tap+0x19c/0x1b0 [ 698.670897][T12017] netlink_sendskb+0x68/0x130 [ 698.675734][T12017] netlink_ack+0xce1/0x1180 [ 698.680284][T12017] ? __dev_queue_xmit+0x26b/0x36b0 [ 698.685495][T12017] ? netlink_dump+0xe50/0xe50 [ 698.690219][T12017] ? ref_tracker_free+0x690/0x840 [ 698.695310][T12017] netlink_rcv_skb+0x2c5/0x4d0 [ 698.700124][T12017] ? rtnetlink_bind+0x80/0x80 [ 698.704853][T12017] ? netlink_ack+0x1180/0x1180 [ 698.709670][T12017] ? __lock_acquire+0x7d40/0x7d40 [ 698.714766][T12017] ? netlink_deliver_tap+0x2e/0x1b0 [ 698.720016][T12017] netlink_unicast+0x751/0x8d0 [ 698.724845][T12017] netlink_sendmsg+0x8d0/0xbf0 [ 698.729660][T12017] ? netlink_getsockopt+0x590/0x590 [ 698.734994][T12017] ? aa_sock_msg_perm+0x94/0x150 [ 698.739992][T12017] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 698.745325][T12017] ? security_socket_sendmsg+0x80/0xa0 [ 698.750842][T12017] ? netlink_getsockopt+0x590/0x590 [ 698.756092][T12017] ____sys_sendmsg+0x5ba/0x960 [ 698.760920][T12017] ? __asan_memset+0x22/0x40 [ 698.765566][T12017] ? __sys_sendmsg_sock+0x30/0x30 [ 698.770740][T12017] ? __import_iovec+0x5f2/0x850 [ 698.775659][T12017] ? import_iovec+0x73/0xa0 [ 698.780221][T12017] ___sys_sendmsg+0x2a6/0x360 [ 698.784957][T12017] ? __sys_sendmsg+0x2a0/0x2a0 [ 698.789795][T12017] ? trace_call_bpf+0xc3/0x6c0 [ 698.794647][T12017] __se_sys_sendmsg+0x1c2/0x2b0 [ 698.799556][T12017] ? __x64_sys_sendmsg+0x80/0x80 [ 698.804562][T12017] ? lockdep_hardirqs_on+0x98/0x150 [ 698.809828][T12017] do_syscall_64+0x55/0xa0 [ 698.814290][T12017] ? clear_bhb_loop+0x40/0x90 [ 698.819015][T12017] ? clear_bhb_loop+0x40/0x90 [ 698.823748][T12017] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 698.829700][T12017] RIP: 0033:0x7fc95ed9acb9 [ 698.834172][T12017] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 698.853932][T12017] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 698.862491][T12017] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 698.870514][T12017] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 698.878539][T12017] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 698.886655][T12017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 698.894674][T12017] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 698.902719][T12017] [ 699.383339][T12039] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1920'. [ 699.399972][T12039] netlink: 'syz.2.1920': attribute type 8 has an invalid length. [ 700.739657][T12049] veth0_vlan: left promiscuous mode [ 700.891788][T12049] veth0_vlan: entered promiscuous mode [ 702.054848][T12076] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1933'. [ 702.195541][T12074] netlink: 11254 bytes leftover after parsing attributes in process `syz.1.1932'. [ 702.230115][T12080] netlink: 'syz.2.1942': attribute type 46 has an invalid length. [ 702.248565][T12080] netlink: 'syz.2.1942': attribute type 3 has an invalid length. [ 702.276285][T12080] netlink: 'syz.2.1942': attribute type 4 has an invalid length. [ 702.293938][T12080] netlink: 9067 bytes leftover after parsing attributes in process `syz.2.1942'. [ 702.701217][T12090] netlink: 'syz.1.1936': attribute type 27 has an invalid length. [ 703.290387][T12093] veth0_vlan: left promiscuous mode [ 703.479360][T12093] veth0_vlan: entered promiscuous mode [ 704.071169][T12111] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1943'. [ 704.552996][T12108] veth0_vlan: left promiscuous mode [ 704.559924][T12108] veth0_vlan: entered promiscuous mode [ 706.601051][T12148] veth0_vlan: left promiscuous mode [ 706.752029][T12148] veth0_vlan: entered promiscuous mode [ 706.923400][T12154] IPv6: pim6reg1: Disabled Multicast RS [ 707.454368][T12176] netlink: 'syz.0.1962': attribute type 29 has an invalid length. [ 707.464443][T12176] netlink: 'syz.0.1962': attribute type 29 has an invalid length. [ 707.488845][T12176] netlink: 'syz.0.1962': attribute type 29 has an invalid length. [ 707.521907][T12174] netlink: 3939 bytes leftover after parsing attributes in process `syz.1.1961'. [ 707.634632][T12183] netlink: 'syz.0.1966': attribute type 27 has an invalid length. [ 707.645426][T12183] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1966'. [ 708.017867][T12192] veth0_vlan: left promiscuous mode [ 708.077381][T12192] veth0_vlan: entered promiscuous mode [ 708.424115][T12194] syzkaller0: mtu greater than device maximum [ 708.620206][T12215] FAULT_INJECTION: forcing a failure. [ 708.620206][T12215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 708.634111][T12215] CPU: 1 PID: 12215 Comm: syz.2.1972 Not tainted syzkaller #0 [ 708.641633][T12215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 708.651735][T12215] Call Trace: [ 708.655063][T12215] [ 708.658044][T12215] dump_stack_lvl+0x18c/0x250 [ 708.662785][T12215] ? show_regs_print_info+0x20/0x20 [ 708.668039][T12215] ? load_image+0x400/0x400 [ 708.672610][T12215] ? __lock_acquire+0x7d40/0x7d40 [ 708.677691][T12215] ? snprintf+0xe9/0x140 [ 708.681992][T12215] should_fail_ex+0x39d/0x4d0 [ 708.686749][T12215] _copy_to_user+0x2f/0xa0 [ 708.691213][T12215] simple_read_from_buffer+0xe7/0x150 [ 708.696645][T12215] proc_fail_nth_read+0x1e8/0x260 [ 708.701732][T12215] ? proc_fault_inject_write+0x360/0x360 [ 708.707420][T12215] ? fsnotify_perm+0x271/0x5e0 [ 708.712238][T12215] ? proc_fault_inject_write+0x360/0x360 [ 708.717925][T12215] vfs_read+0x28b/0x970 [ 708.722145][T12215] ? kernel_read+0x1e0/0x1e0 [ 708.726798][T12215] ? __fget_files+0x28/0x4b0 [ 708.731433][T12215] ? __fget_files+0x28/0x4b0 [ 708.736063][T12215] ? __fget_files+0x43d/0x4b0 [ 708.740810][T12215] ? __fdget_pos+0x2a3/0x330 [ 708.745446][T12215] ? ksys_read+0x75/0x260 [ 708.749825][T12215] ksys_read+0x150/0x260 [ 708.754187][T12215] ? vfs_write+0x990/0x990 [ 708.758633][T12215] ? lockdep_hardirqs_on+0x98/0x150 [ 708.763865][T12215] do_syscall_64+0x55/0xa0 [ 708.768315][T12215] ? clear_bhb_loop+0x40/0x90 [ 708.773033][T12215] ? clear_bhb_loop+0x40/0x90 [ 708.777741][T12215] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 708.783674][T12215] RIP: 0033:0x7fbcacd5b58e [ 708.788119][T12215] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 708.807774][T12215] RSP: 002b:00007fbcaaff5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 708.816236][T12215] RAX: ffffffffffffffda RBX: 00007fbcaaff66c0 RCX: 00007fbcacd5b58e [ 708.824243][T12215] RDX: 000000000000000f RSI: 00007fbcaaff60a0 RDI: 0000000000000003 [ 708.832246][T12215] RBP: 00007fbcaaff6090 R08: 0000000000000000 R09: 0000000000000000 [ 708.840250][T12215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 708.848256][T12215] R13: 00007fbcad016038 R14: 00007fbcad015fa0 R15: 00007ffc2c44dd58 [ 708.856273][T12215] [ 713.213683][T12217] netlink: 763 bytes leftover after parsing attributes in process `syz.3.1973'. [ 713.467214][T12232] FAULT_INJECTION: forcing a failure. [ 713.467214][T12232] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 713.527670][T12232] CPU: 1 PID: 12232 Comm: syz.3.1978 Not tainted syzkaller #0 [ 713.535269][T12232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 713.545410][T12232] Call Trace: [ 713.548860][T12232] [ 713.551867][T12232] dump_stack_lvl+0x18c/0x250 [ 713.556638][T12232] ? show_regs_print_info+0x20/0x20 [ 713.561915][T12232] ? load_image+0x400/0x400 [ 713.566505][T12232] ? __lock_acquire+0x7d40/0x7d40 [ 713.571621][T12232] should_fail_ex+0x39d/0x4d0 [ 713.576401][T12232] strncpy_from_user+0x36/0x2d0 [ 713.581419][T12232] bpf_raw_tp_link_attach+0x1f6/0x590 [ 713.586892][T12232] ? bpf_insn_prepare_dump+0x850/0x850 [ 713.592533][T12232] bpf_raw_tracepoint_open+0x197/0x210 [ 713.598061][T12232] __sys_bpf+0x3c5/0x890 [ 713.602380][T12232] ? bpf_link_show_fdinfo+0x390/0x390 [ 713.607851][T12232] ? lock_chain_count+0x20/0x20 [ 713.612783][T12232] __x64_sys_bpf+0x7c/0x90 [ 713.617270][T12232] do_syscall_64+0x55/0xa0 [ 713.621779][T12232] ? clear_bhb_loop+0x40/0x90 [ 713.626533][T12232] ? clear_bhb_loop+0x40/0x90 [ 713.631400][T12232] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 713.637391][T12232] RIP: 0033:0x7fc95ed9acb9 [ 713.641895][T12232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 713.661575][T12232] RSP: 002b:00007fc95fc3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 713.670063][T12232] RAX: ffffffffffffffda RBX: 00007fc95f015fa0 RCX: 00007fc95ed9acb9 [ 713.678123][T12232] RDX: 0000000000000018 RSI: 0000200000000080 RDI: 0000000000000011 [ 713.686178][T12232] RBP: 00007fc95fc3d090 R08: 0000000000000000 R09: 0000000000000000 [ 713.694223][T12232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 713.702252][T12232] R13: 00007fc95f016038 R14: 00007fc95f015fa0 R15: 00007ffd79553cb8 [ 713.710441][T12232] [ 713.837767][T12235] netlink: 'syz.2.1979': attribute type 19 has an invalid length. [ 747.561767][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.568247][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 795.716258][T12243] Bluetooth: hci2: command 0x0406 tx timeout [ 809.000867][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.007495][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.450060][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.456593][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.077074][ T29] INFO: task syz.3.1978:12232 blocked for more than 143 seconds. [ 871.084881][ T29] Not tainted syzkaller #0 [ 871.090052][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 871.098806][ T29] task:syz.3.1978 state:D stack:24904 pid:12232 ppid:5814 flags:0x00004000 [ 871.108131][ T29] Call Trace: [ 871.111452][ T29] [ 871.114425][ T29] __schedule+0x1553/0x45a0 [ 871.119068][ T29] ? trace_event_raw_event_lock+0x250/0x250 [ 871.125040][ T29] ? asan.module_dtor+0x20/0x20 [ 871.130164][ T29] ? mark_lock+0x94/0x320 [ 871.134551][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 871.140642][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 871.146288][ T29] schedule+0xbd/0x170 [ 871.150742][ T29] schedule_preempt_disabled+0x13/0x20 [ 871.156457][ T29] rwsem_down_write_slowpath+0xc05/0xff0 [ 871.162151][ T29] ? rwsem_down_write_slowpath+0x7d6/0xff0 [ 871.168618][ T29] ? rwsem_down_read_slowpath+0x880/0x880 [ 871.174419][ T29] ? read_lock_is_recursive+0x20/0x20 [ 871.180167][ T29] down_write+0x1b9/0x200 [ 871.184553][ T29] ? down_read_killable+0x340/0x340 [ 871.189996][ T29] exit_mmap+0x27d/0xb90 [ 871.194291][ T29] ? trace_event_raw_event_lock+0x250/0x250 [ 871.200283][ T29] ? vm_brk+0x30/0x30 [ 871.204319][ T29] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 871.210118][ T29] ? uprobe_clear_state+0x278/0x290 [ 871.215368][ T29] ? mm_update_next_owner+0x562/0x6c0 [ 871.220839][ T29] __mmput+0x118/0x3c0 [ 871.224970][ T29] exit_mm+0x1f2/0x2c0 [ 871.229201][ T29] ? do_exit+0x2460/0x2460 [ 871.233670][ T29] ? taskstats_exit+0x35e/0x9e0 [ 871.238617][ T29] do_exit+0x8dd/0x2460 [ 871.242833][ T29] ? get_signal+0x1068/0x13f0 [ 871.247908][ T29] ? put_task_struct+0xc0/0xc0 [ 871.253124][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 871.259212][ T29] ? get_signal+0x1068/0x13f0 [ 871.263954][ T29] ? lock_chain_count+0x20/0x20 [ 871.269019][ T29] do_group_exit+0x21b/0x2d0 [ 871.273682][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 871.281406][ T29] get_signal+0x12fc/0x13f0 [ 871.286018][ T29] arch_do_signal_or_restart+0xc2/0x800 [ 871.291759][ T29] ? __ia32_sys_get_robust_list+0x110/0x110 [ 871.301010][ T29] ? get_sigframe_size+0x20/0x20 [ 871.307402][ T29] ? exit_to_user_mode_loop+0x3b/0x110 [ 871.312943][ T29] exit_to_user_mode_loop+0x70/0x110 [ 871.331406][ T29] exit_to_user_mode_prepare+0xee/0x180 [ 871.337173][ T29] syscall_exit_to_user_mode+0x1a/0x50 [ 871.342789][ T29] do_syscall_64+0x61/0xa0 [ 871.347531][ T29] ? clear_bhb_loop+0x40/0x90 [ 871.352267][ T29] ? clear_bhb_loop+0x40/0x90 [ 871.358077][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 871.364039][ T29] RIP: 0033:0x7fc95ed9acb9 [ 871.368637][ T29] RSP: 002b:00007fc95fc3d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 871.377159][ T29] RAX: fffffffffffffe00 RBX: 00007fc95f015fa8 RCX: 00007fc95ed9acb9 [ 871.385273][ T29] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc95f015fa8 [ 871.393343][ T29] RBP: 00007fc95f015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 871.401574][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 871.409817][ T29] R13: 00007fc95f016038 R14: 00007ffd79553bd0 R15: 00007ffd79553cb8 [ 871.417896][ T29] [ 871.420975][ T29] INFO: task syz.2.1979:12234 blocked for more than 143 seconds. [ 871.446136][ T29] Not tainted syzkaller #0 [ 871.451230][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 871.476279][ T29] task:syz.2.1979 state:D stack:24424 pid:12234 ppid:5810 flags:0x00004000 [ 871.485660][ T29] Call Trace: [ 871.495432][ T29] [ 871.498473][ T29] __schedule+0x1553/0x45a0 [ 871.503160][ T29] ? asan.module_dtor+0x20/0x20 [ 871.512674][ T29] ? mark_lock+0x94/0x320 [ 871.518038][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 871.524193][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 871.533453][ T29] schedule+0xbd/0x170 [ 871.538864][ T29] schedule_preempt_disabled+0x13/0x20 [ 871.544378][ T29] rwsem_down_write_slowpath+0xc05/0xff0 [ 871.551304][ T29] ? rwsem_down_write_slowpath+0x7d6/0xff0 [ 871.557493][ T29] ? rwsem_down_read_slowpath+0x880/0x880 [ 871.564653][ T29] ? read_lock_is_recursive+0x20/0x20 [ 871.570281][ T29] down_write+0x1b9/0x200 [ 871.574663][ T29] ? down_read_killable+0x340/0x340 [ 871.581032][ T29] exit_mmap+0x27d/0xb90 [ 871.585439][ T29] ? exit_mm_release+0x1a/0x30 [ 871.590315][ T29] ? vm_brk+0x30/0x30 [ 871.594339][ T29] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 871.600133][ T29] ? uprobe_clear_state+0x278/0x290 [ 871.605560][ T29] ? mm_update_next_owner+0x562/0x6c0 [ 871.611085][ T29] __mmput+0x118/0x3c0 [ 871.615197][ T29] exit_mm+0x1f2/0x2c0 [ 871.620361][ T29] ? do_exit+0x2460/0x2460 [ 871.624926][ T29] ? taskstats_exit+0x35e/0x9e0 [ 871.629933][ T29] do_exit+0x8dd/0x2460 [ 871.634168][ T29] ? preempt_schedule+0xc0/0xd0 [ 871.639420][ T29] ? put_task_struct+0xc0/0xc0 [ 871.644334][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 871.654740][ T29] ? lock_chain_count+0x20/0x20 [ 871.659796][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 871.666037][ T29] do_group_exit+0x21b/0x2d0 [ 871.670958][ T29] __x64_sys_exit_group+0x3f/0x40 [ 871.676581][ T29] do_syscall_64+0x55/0xa0 [ 871.681046][ T29] ? clear_bhb_loop+0x40/0x90 [ 871.685785][ T29] ? clear_bhb_loop+0x40/0x90 [ 871.692153][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 871.698144][ T29] RIP: 0033:0x7fbcacd9acb9 [ 871.702597][ T29] RSP: 002b:00007ffc2c44e098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 871.711221][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbcacd9acb9 [ 871.722260][ T29] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 871.731415][ T29] RBP: 00007ffc2c44e0fc R08: 0000000000000000 R09: 000055555e95c9f0 [ 871.743859][ T29] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000000001d9 [ 871.752130][ T29] R13: 000055555e95c9f0 R14: 00000000000ad532 R15: 00007ffc2c44e150 [ 871.766027][ T29] [ 871.770473][ T29] INFO: task syz.1.1980:12236 blocked for more than 144 seconds. [ 871.778459][ T29] Not tainted syzkaller #0 [ 871.783429][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 871.792330][ T29] task:syz.1.1980 state:D stack:24616 pid:12236 ppid:11460 flags:0x00004004 [ 871.803950][ T29] Call Trace: [ 871.807343][ T29] [ 871.810315][ T29] __schedule+0x1553/0x45a0 [ 871.815047][ T29] ? asan.module_dtor+0x20/0x20 [ 871.824274][ T29] ? mark_lock+0x94/0x320 [ 871.828860][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 871.834900][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 871.842589][ T29] schedule+0xbd/0x170 [ 871.846799][ T29] schedule_preempt_disabled+0x13/0x20 [ 871.852430][ T29] rwsem_down_write_slowpath+0xc05/0xff0 [ 871.858242][ T29] ? rwsem_down_write_slowpath+0x7d6/0xff0 [ 871.864114][ T29] ? rwsem_down_read_slowpath+0x880/0x880 [ 871.870857][ T29] ? read_lock_is_recursive+0x20/0x20 [ 871.876793][ T29] down_write+0x1b9/0x200 [ 871.881187][ T29] ? down_read_killable+0x340/0x340 [ 871.886612][ T29] exit_mmap+0x27d/0xb90 [ 871.890946][ T29] ? exit_mm_release+0x1a/0x30 [ 871.895764][ T29] ? vm_brk+0x30/0x30 [ 871.899900][ T29] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 871.905624][ T29] ? uprobe_clear_state+0x278/0x290 [ 871.911079][ T29] ? mm_update_next_owner+0x562/0x6c0 [ 871.916565][ T29] __mmput+0x118/0x3c0 [ 871.920805][ T29] exit_mm+0x1f2/0x2c0 [ 871.924966][ T29] ? do_exit+0x2460/0x2460 [ 871.929546][ T29] ? taskstats_exit+0x35e/0x9e0 [ 871.934456][ T29] do_exit+0x8dd/0x2460 [ 871.938710][ T29] ? put_task_struct+0xc0/0xc0 [ 871.944782][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 871.951437][ T29] ? get_signal+0x1068/0x13f0 [ 871.956254][ T29] ? lock_chain_count+0x20/0x20 [ 871.962367][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 871.967592][ T29] do_group_exit+0x21b/0x2d0 [ 871.973276][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 871.978641][ T29] get_signal+0x12fc/0x13f0 [ 871.983321][ T29] arch_do_signal_or_restart+0xc2/0x800 [ 871.989000][ T29] ? down_write+0x200/0x200 [ 871.993692][ T29] ? get_sigframe_size+0x20/0x20 [ 871.998770][ T29] ? exit_to_user_mode_loop+0x3b/0x110 [ 872.004516][ T29] exit_to_user_mode_loop+0x70/0x110 [ 872.011614][ T29] exit_to_user_mode_prepare+0xee/0x180 [ 872.017399][ T29] syscall_exit_to_user_mode+0x1a/0x50 [ 872.022921][ T29] do_syscall_64+0x61/0xa0 [ 872.027587][ T29] ? clear_bhb_loop+0x40/0x90 [ 872.032535][ T29] ? clear_bhb_loop+0x40/0x90 [ 872.037329][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 872.043397][ T29] RIP: 0033:0x7fef85b9aa22 [ 872.047916][ T29] RSP: 002b:00007ffeb858ada8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 872.056624][ T29] RAX: fffffffffffffffc RBX: 0000000000000000 RCX: 00007fef85b9aa22 [ 872.064652][ T29] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 [ 872.073442][ T29] RBP: 0000000000020022 R08: 00000000ffffffff R09: 0000000000000000 [ 872.081641][ T29] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffeb858af10 [ 872.089715][ T29] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 872.098119][ T29] [ 872.101189][ T29] [ 872.101189][ T29] Showing all locks held in the system: [ 872.109020][ T29] 1 lock held by khungtaskd/29: [ 872.114168][ T29] #0: ffffffff8d12ffe0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 872.124293][ T29] 1 lock held by klogd/5126: [ 872.129219][ T29] #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 872.139428][ T29] 2 locks held by getty/5528: [ 872.144152][ T29] #0: ffff88802cccc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 872.154257][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 872.164522][ T29] 1 lock held by syz-executor/5797: [ 872.170001][ T29] #0: ffff888030bf6a20 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x166/0x3f0 [ 872.180600][ T29] 2 locks held by syz-executor/5809: [ 872.185953][ T29] #0: ffffffff8d1d2250 (dup_mmap_sem){++++}-{0:0}, at: copy_mm+0x2a5/0x1d50 [ 872.194924][ T29] #1: ffff888079d527a0 (&mm->mmap_lock){++++}-{3:3}, at: copy_mm+0x2c5/0x1d50 [ 872.204427][ T29] 4 locks held by kworker/1:5/5928: [ 872.209810][ T29] #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 872.220083][ T29] #1: ffff8880b8f289c0 (psi_seq){-.-.}-{0:0}, at: __schedule+0x2176/0x45a0 [ 872.228985][ T29] #2: ffffffff8d130040 (rcu_read_lock_bh){....}-{1:2}, at: wg_packet_tx_worker+0x24a/0x7c0 [ 872.239465][ T29] #3: ffffffff8d12ffe0 (rcu_read_lock){....}-{1:2}, at: ip6_input_finish+0xd9/0x2c0 [ 872.249141][ T29] 1 lock held by syz-executor/11460: [ 872.254556][ T29] #0: ffff888024770b20 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x27d/0xb90 [ 872.263740][ T29] 1 lock held by syz.3.1978/12232: [ 872.269136][ T29] #0: ffff888079d54420 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x27d/0xb90 [ 872.279972][ T29] 1 lock held by syz.2.1979/12234: [ 872.285289][ T29] #0: ffff888079d53aa0 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x27d/0xb90 [ 872.294571][ T29] 1 lock held by syz.1.1980/12236: [ 872.299893][ T29] #0: ffff888079d55720 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x27d/0xb90 [ 872.309163][ T29] [ 872.311520][ T29] ============================================= [ 872.311520][ T29] [ 872.320240][ T29] NMI backtrace for cpu 0 [ 872.324617][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 872.331824][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 872.342037][ T29] Call Trace: [ 872.345345][ T29] [ 872.348309][ T29] dump_stack_lvl+0x18c/0x250 [ 872.353119][ T29] ? show_regs_print_info+0x20/0x20 [ 872.358357][ T29] ? load_image+0x400/0x400 [ 872.362922][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 872.367912][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 872.374116][ T29] ? _printk+0xde/0x130 [ 872.378316][ T29] ? load_image+0x400/0x400 [ 872.382889][ T29] ? load_image+0x400/0x400 [ 872.387454][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 872.393585][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 872.399609][ T29] watchdog+0xf3d/0xf80 [ 872.403811][ T29] ? watchdog+0x1e1/0xf80 [ 872.408187][ T29] kthread+0x2fa/0x390 [ 872.412267][ T29] ? hungtask_pm_notify+0x90/0x90 [ 872.417319][ T29] ? kthread_blkcg+0xd0/0xd0 [ 872.421978][ T29] ret_from_fork+0x48/0x80 [ 872.426443][ T29] ? kthread_blkcg+0xd0/0xd0 [ 872.431063][ T29] ret_from_fork_asm+0x11/0x20 [ 872.435888][ T29] [ 872.439836][ T29] Sending NMI from CPU 0 to CPUs 1: [ 872.445131][ C1] NMI backtrace for cpu 1 [ 872.445142][ C1] CPU: 1 PID: 1138 Comm: kworker/u4:9 Not tainted syzkaller #0 [ 872.445158][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 872.445169][ C1] Workqueue: bat_events batadv_nc_worker [ 872.445197][ C1] RIP: 0010:kasan_check_range+0x14/0x290 [ 872.445220][ C1] Code: b8 ea ff ff ff c3 0f 0b b8 ea ff ff ff c3 cc cc cc cc cc cc cc cc 66 0f 1f 00 b0 01 48 85 f6 0f 84 b4 01 00 00 55 41 57 41 56 <41> 55 41 54 53 4c 8d 04 37 49 39 f8 0f 82 13 02 00 00 49 89 f9 49 [ 872.445234][ C1] RSP: 0018:ffffc9000490f7a0 EFLAGS: 00000002 [ 872.445248][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff8168110f [ 872.445259][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff911a45d8 [ 872.445269][ C1] RBP: ffffc9000490fa08 R08: dffffc0000000000 R09: 1ffffffff22348a0 [ 872.445283][ C1] R10: dffffc0000000000 R11: fffffbfff22348a1 R12: 0000000000000000 [ 872.445294][ C1] R13: ffff888023c72900 R14: 00000000000006e4 R15: ffff888023c72900 [ 872.445306][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 872.445320][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 872.445331][ C1] CR2: 0000556ea28ba168 CR3: 000000002f68f000 CR4: 00000000003506e0 [ 872.445346][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 872.445356][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 872.445366][ C1] Call Trace: [ 872.445371][ C1] [ 872.445378][ C1] __lock_acquire+0x95f/0x7d40 [ 872.445400][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 872.445429][ C1] ? rcu_preempt_deferred_qs_irqrestore+0x88e/0xce0 [ 872.445456][ C1] ? verify_lock_unused+0x140/0x140 [ 872.445480][ C1] ? rcu_read_unlock_special+0x470/0x470 [ 872.445509][ C1] lock_acquire+0x19e/0x420 [ 872.445526][ C1] ? batadv_nc_worker+0xd2/0x610 [ 872.445547][ C1] ? batadv_nc_worker+0xd2/0x610 [ 872.445565][ C1] ? read_lock_is_recursive+0x20/0x20 [ 872.445583][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 872.445603][ C1] ? batadv_nc_worker+0xd2/0x610 [ 872.445621][ C1] ? batadv_nc_worker+0xd2/0x610 [ 872.445638][ C1] batadv_nc_worker+0xef/0x610 [ 872.445654][ C1] ? batadv_nc_worker+0xd2/0x610 [ 872.445673][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 872.445694][ C1] process_scheduled_works+0xa5d/0x15d0 [ 872.445728][ C1] ? assign_work+0x430/0x430 [ 872.445750][ C1] ? assign_work+0x3d0/0x430 [ 872.445772][ C1] worker_thread+0xa55/0xfc0 [ 872.445803][ C1] kthread+0x2fa/0x390 [ 872.445817][ C1] ? pr_cont_work+0x560/0x560 [ 872.445837][ C1] ? kthread_blkcg+0xd0/0xd0 [ 872.445852][ C1] ret_from_fork+0x48/0x80 [ 872.445872][ C1] ? kthread_blkcg+0xd0/0xd0 [ 872.445887][ C1] ret_from_fork_asm+0x11/0x20 [ 872.445916][ C1] [ 872.448023][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 872.448055][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 872.448100][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 872.448132][ T29] Call Trace: [ 872.448153][ T29] [ 872.448173][ T29] dump_stack_lvl+0x18c/0x250 [ 872.448233][ T29] ? show_regs_print_info+0x20/0x20 [ 872.448288][ T29] ? load_image+0x400/0x400 [ 872.448392][ T29] panic+0x2dc/0x730 [ 872.448463][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 872.448526][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 872.448589][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 872.448660][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 872.448737][ T29] watchdog+0xf7c/0xf80 [ 872.448809][ T29] ? watchdog+0x1e1/0xf80 [ 872.448892][ T29] kthread+0x2fa/0x390 [ 872.448945][ T29] ? hungtask_pm_notify+0x90/0x90 [ 872.449031][ T29] ? kthread_blkcg+0xd0/0xd0 [ 872.449097][ T29] ret_from_fork+0x48/0x80 [ 872.449152][ T29] ? kthread_blkcg+0xd0/0xd0 [ 872.449200][ T29] ret_from_fork_asm+0x11/0x20 [ 872.449306][ T29] [ 872.451010][ T29] Kernel Offset: disabled [ 872.832403][ T29] Rebooting in 86400 seconds..