last executing test programs: 2.602407396s ago: executing program 2 (id=2081): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x6, &(0x7f0000000100)=[{&(0x7f0000000380)="5c00000012006bab9a3fe3d86e17aa0a076b876c1d0048007ea60864160af36504001a0038001d00e517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb000011d600a0680d4bbd6df1db6f1078bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async) recvmsg$kcm(r1, &(0x7f0000000340)={&(0x7f00000001c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f0000000800)=[{0x0}, {&(0x7f0000001040)=""/4096, 0x1000}], 0x2}, 0x40012100) (async) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, &(0x7f0000000500)=[{&(0x7f00000006c0)="27031c00160014000000002f1eafacf706e105400000894f00050004ee0b80558ddbba9b37242d37a518fc9c5be50eaf07c3650596", 0xfdac}], 0x1}, 0x4) 2.258064987s ago: executing program 4 (id=2085): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) r1 = socket$kcm(0x29, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000c00)={&(0x7f0000000840)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x2, 0x1, 0x2, {0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00', 0x4}}}, 0x80, 0x0}, 0xc801) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x4000, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90) r3 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) close(r3) recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000000)=r6, 0x10) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@generic={&(0x7f0000000140)='./file0\x00', r2}, 0x18) r7 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r9) recvmsg$unix(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r7, 0x84, 0x64, &(0x7f0000000000)=r10, 0x10) 2.051679843s ago: executing program 4 (id=2089): perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x34000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @perf_bp={0x0}, 0x10000, 0xc8, 0x0, 0x8, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22041800f3fe8000000000000000000000000000aafe8000000000000227bfa7b09303960e2f80"], 0xfdef) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0xfdef) 1.961419406s ago: executing program 3 (id=2091): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x8}, 0x102200, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) write$cgroup_subtree(r0, 0x0, 0xfe33) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x19}], {0x95, 0x0, 0x4001}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 1.85755015s ago: executing program 4 (id=2093): unlink(0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x1}, 0x1000, 0x3, 0xffffff7e, 0x8, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x1000000000000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9041c5d0800fe007c05e8fe55a1080001000002030000000000080005007a010401a80016002060034004020000035c0461c9d6694f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653765eaa48185e2a380d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace813d0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x80d0) socketpair(0x1, 0x2, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syz_tun\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8946, &(0x7f0000000080)) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c34, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x300c, 0x0, 0x0, 0x9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.795392292s ago: executing program 3 (id=2095): perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0, 0x5}, 0x880, 0x800, 0x0, 0x8, 0x0, 0x7, 0xffff, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x800000000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000002100)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, r0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x2, 0x4, 0x8, 0x201}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001940)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000, r2}, 0x38) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@struct={0x4, 0x0, 0x0, 0x4, 0x1, 0xfffffffd}]}, {0x0, [0x61, 0x0, 0x30, 0x2e, 0x5f]}}, 0x0, 0x2b}, 0x28) close(0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) openat$cgroup_freezer_state(r1, &(0x7f0000001940), 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208001e8000000401a8000800080010ffff534004080000055c0461c1d67f6f94007134cf6efb800001aea007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe144ecc447c65e206d254f9ea7b4084121d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbeeffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300", 0xd8}], 0x1}, 0x0) syz_clone(0x0, &(0x7f0000001980)="987124a815f6d238a35dbda703c8565087819afbad7af22f3e71d02613e4ad1878efa333484a3652b197079c3c824750415ee2098bdb6636dc0f9e366a2f1c44745627011b79979e72cfabbff6183ba1db7d0a599c5eb1907502861c78af28079c3560f8df617166c4725cb8dac2cfafcc7a8641118957669bcb3af180e347a5420370c3a503e13ada4d5b8371daf6bf6d019fcd101a04793564523837c444bdfccd683e90ad1afcabcde60978a52e226c098b5aa44049b9b07e77f9428699f16c45ab6a05", 0xc5, &(0x7f0000001a80), &(0x7f0000001ac0), &(0x7f0000001b00)="6d69f1dbcc8ebb800c2443a662517fc99df046209876517e0aa3f23cd0acc134bc98e09f8568378656926cb8203fd59dddf4bed86e98d1c230856f4437f4811c583dee9a0851b9917d4410e378c853ce3e857e2932a71e192fc5a9cd5d814b22d1dfa53352fbce61209bd755e959371ed98c046a18c2c9aba7d66b28023c23f9aac55b8036fbc95f2f074aa9b5") 1.669927646s ago: executing program 2 (id=2098): perf_event_open(&(0x7f0000000000)={0x1, 0x3f, 0xc5, 0x4, 0x3, 0x7, 0x0, 0x80000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x201, 0x1, @perf_bp={0x0, 0x13}, 0x10424, 0x6, 0x9, 0x9, 0x3, 0x5, 0x9, 0x0, 0x7e, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESDEC], 0x50) socketpair(0x1, 0x5, 0x0, 0x0) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xfffffffffffffffd}, 0x2008, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd75}, 0x0, 0x0, 0xffffffffffffffff, 0x8) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000080)}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89a0, 0x0) socket$kcm(0x11, 0x3, 0x0) socket$kcm(0x11, 0xa, 0x300) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0) recvmsg$kcm(r3, &(0x7f0000001040)={0x0, 0x0, 0x0}, 0x40000040) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) r5 = syz_clone(0x10000000, &(0x7f0000000240)="45dcfdbac200b160136fb70efc2809f277b56d80aa0eacc611e6a041025cbebb230e0d0dfc9c5e61fd3f36e268596a6f5705eed7bc41c63c44895bb1435f1086864d144247d3c37222717ace54c28e8e0d", 0x51, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)="1dcf31408ee997f05ce24e14799969cbca4adf90b40f8bfcbe976b916fd8127b7291beb0569c3e716ceb0d7681e06cd932c7fe5c588e2139a761553263aaff08bd474bd311801a97b7f5c8773408a65c77b2f4d50a0da1b86ccfbb49ae9d9491e46186f3c6e1b919d1e73f708ed2e4063baadab9c5f7eff8f8") perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x3, 0xa, 0x1, 0x98, 0x0, 0xfffffffffffff42c, 0x8000, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xb41c, 0x1, @perf_config_ext={0x12, 0x80000001}, 0x0, 0x6, 0x9, 0x5, 0xffffffffffffffc0, 0x400, 0x0, 0x0, 0x401, 0x0, 0x1}, r5, 0xc, r2, 0x6) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b11d25a806c8c6f94f90424fc601000407a0a000600053582c137153e37000c11802f2ff4070300", 0x33fe0}], 0x1, 0x0, 0x0, 0x35}, 0x3f00) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x67}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70) sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d80000001e0081054e81f782db4cb9040a1d080006007c095dd2086518000a800000000003600e1208000f0000000406a80016c0080009", 0x37}], 0x1}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe0000180091c8b14a0778a8123d181d"], 0xfe33) 1.668187346s ago: executing program 1 (id=2099): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e281ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00014006040400090404009bbc7a46e3988285dcdf12f213e6f768fec601955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r1, 0xffffffffffffffff}, 0x2) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000500)={0x1, 0x58, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x7, '\x00', r3, r4, 0x1, 0x2, 0x5}, 0x50) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000006c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb8, 0xb8, 0x3, [@decl_tag={0x6, 0x0, 0x0, 0x11, 0x1, 0x3}, @typedef={0x2, 0x0, 0x0, 0x8, 0x3}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x3, 0x3}]}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x6b, 0x0, 0x0, 0x5}, @var={0x1, 0x0, 0x0, 0xe, 0x4, 0x1}, @restrict={0x8, 0x0, 0x0, 0xb, 0x4}, @volatile={0x8, 0x0, 0x0, 0x9, 0x1}, @int={0xd, 0x0, 0x0, 0x1, 0x0, 0x7c, 0x0, 0x11, 0x1}, @int={0x1, 0x0, 0x0, 0x1, 0x0, 0x43, 0x0, 0x9, 0x4}, @enum64={0x8, 0x3, 0x0, 0x13, 0x1, 0xe, [{0xd, 0xfffff001, 0x9}, {0xe, 0xd, 0x5}, {0x7, 0x3, 0x3}]}]}, {0x0, [0x0]}}, &(0x7f0000000640)=""/104, 0xd3, 0x68, 0x1, 0xfffffffd}, 0x28) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={0xffffffffffffffff, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xb1, &(0x7f0000000840)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0xb, 0x8, 0x8, &(0x7f0000000900)}}, 0x10) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000000240)=""/252, 0xfc}, {&(0x7f0000001a80)=""/76, 0x4c}, {&(0x7f0000000140)=""/249, 0xf9}, {&(0x7f0000001e00)=""/185, 0xb9}, {&(0x7f0000001ec0)=""/194, 0xc2}, {&(0x7f00000003c0)=""/109, 0x6d}], 0x7}, 0x40000000) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000b00)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000a80), &(0x7f0000000ac0)='%ps \x00'}, 0x20) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000b40)={0x1, 0xffffffffffffffff}, 0x4) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000070000000800000005"], 0x50) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r11}, &(0x7f00000004c0), &(0x7f0000000500)='%pS \x00'}, 0x20) r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)={0x1b, 0x0, 0x0, 0x8001, 0x0, 0x1, 0x202, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) recvmsg$unix(r14, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000019c0)={{r2, 0xffffffffffffffff}, &(0x7f0000001940), &(0x7f0000001980)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001a00)={r16}, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000fc0)=@bpf_tracing={0x1a, 0x13, &(0x7f0000000d40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x3fc}, {{0x18, 0x1, 0x1, 0x0, r15}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r15}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000e00)='syzkaller\x00', 0x5, 0x3f, &(0x7f0000000e40)=""/63, 0x41100, 0x35, '\x00', 0x0, 0x18, r4, 0x8, &(0x7f0000000e80)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000ec0)={0x0, 0x5, 0x7, 0x1ff}, 0x10, 0x2095f, r12, 0x5, &(0x7f0000000f00)=[r1], &(0x7f0000000f40)=[{0x1, 0x5, 0x7, 0x6}, {0x3, 0x4, 0xb, 0x8}, {0x4, 0x1, 0x8, 0x4}, {0x2, 0x1, 0xd, 0x9}, {0x2, 0x4, 0x1, 0x3}], 0x10, 0x5}, 0x94) write$cgroup_subtree(r15, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb790700117df37538e486dd6317ce220000"], 0xfdef) write$cgroup_subtree(r15, &(0x7f0000000000), 0xfdef) bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x13, 0x22, &(0x7f0000000280)=@raw=[@generic={0x0, 0xd, 0x5, 0x1c4, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc44}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @call={0x85, 0x0, 0x0, 0x4b}, @cb_func={0x18, 0x3, 0x4, 0x0, 0xfffffffffffffffa}, @alu={0x7, 0x1, 0x7, 0x5, 0x0, 0xffffffffffffffe0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, @alu={0x7, 0x1, 0x8, 0x8, 0x9, 0xfffffffffffffff8, 0x10}], &(0x7f00000003c0)='GPL\x00', 0x6, 0x42, &(0x7f0000000400)=""/66, 0x41000, 0xc, '\x00', r3, @fallback=0x5, r5, 0x8, &(0x7f0000000700)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x3, 0xa, 0xffffba03, 0x5}, 0x10, r6, 0xffffffffffffffff, 0x3, &(0x7f0000000c00)=[r8, r9, r10, r11, r13, r15], &(0x7f0000000c40)=[{0x0, 0x4, 0x1, 0x4}, {0x5, 0x4, 0x9, 0x6}, {0x0, 0x2, 0x2, 0x3}], 0x10, 0x3ff}, 0x94) 1.201909821s ago: executing program 4 (id=2101): r0 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$kcm(0x10, 0x2, 0x2) perf_event_open(&(0x7f0000000840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x10040, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x2, 0x20000}, 0x102065, 0x0, 0x0, 0x3, 0x7, 0x1, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) r1 = socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0xfffffffffffffedb, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000900fec0ffff00000e1208000f0100810401a80016ea1f0001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b336218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a509e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)={[{0x2b, 'net_cls'}, {0x0, 'cpuacct'}, {0x2d, 'perf_event'}, {0x0, 'rdma'}, {0x2b, 'cpuacct'}, {0x2d, 'blkio'}]}, 0x34) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0x100, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d504"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000500)="b9ff03076804268cb89e14f088a847e0ffff20600000003a0000ac141416e000000129a13011", 0x0, 0x2800, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001180)={&(0x7f00000011c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0xa, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x7, 0x2}]}, @ptr]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x79]}}, 0x0, 0x42}, 0x20) recvmsg$kcm(r3, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r5 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x0) syz_clone(0x22023500, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @mcast2, 0x2}, 0x80, 0x0}, 0x20000001) 1.162955292s ago: executing program 3 (id=2102): perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2000, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1000000000000008, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f0000000200)=@raw=[@jmp={0x4, 0x0, 0xd, 0x1, 0x0, 0x0, 0x10}, @initr0, @exit], &(0x7f00000000c0)='GPL\x00', 0x5, 0x9c, &(0x7f0000000000)=""/156, 0x0, 0x6}, 0x80) 946.506499ms ago: executing program 3 (id=2105): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e281ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00014006040400090404009bbc7a46e3988285dcdf12f213e6f768fec601955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 874.067872ms ago: executing program 0 (id=2106): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e281ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00014006040400090404009bbc7a46e3988285dcdf12f213e6f768fec601955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) (fail_nth: 1) 853.636422ms ago: executing program 3 (id=2107): bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$kcm(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001ec0)={{r0}, &(0x7f0000001e40)=0xa00, &(0x7f0000001e80)}, 0x20) openat$tun(0xffffffffffffff9c, 0x0, 0x292583, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x1, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0xffffffffffffffff}, 0x400, 0x0, 0x2, 0x9, 0x0, 0xa, 0x5, 0x0, 0x200}, 0x0, 0xa, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff}) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x1}, 0x1000, 0x2, 0xffffff7e, 0x8, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x541b, &(0x7f0000000340)={'syzkaller1\x00', @remote}) 595.444121ms ago: executing program 3 (id=2108): bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000440)=""/183}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200}) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x4, 0xfd, 0x0, 0x0, 0x98629, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2fa249f7, 0x1, @perf_config_ext={0x9, 0x80000000000}, 0x8004, 0x8001, 0x20, 0x0, 0x0, 0x0, 0x5f2, 0x0, 0x2ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000380)=0x7) socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x2d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x3, 0x0, 0x80000000, 0xc}, {0x1000000a, 0x84}], 0x10, 0x4}, 0x94) close(0x3) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) socket$kcm(0x2, 0x3, 0x2) socket$kcm(0x2, 0x3, 0x2) recvmsg(0xffffffffffffffff, 0x0, 0x40000000) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r4 = socket$kcm(0x10, 0x400000002, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1224, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x4, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, [@generic={0x73, 0x1, 0x1, 0x32}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)=@generic={0x0, r3}, 0x18) bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32], 0x50) write$cgroup_subtree(r4, 0x0, 0xfe33) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000200)="390000001400f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb37367a98ebf5f7d63416353e49110", 0x39}], 0x1}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000032000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) 530.406272ms ago: executing program 1 (id=2109): r0 = socket$kcm(0x10, 0x3, 0x4) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x500, &(0x7f0000000240)=[{&(0x7f0000000380)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000001400004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020015b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) 474.475614ms ago: executing program 0 (id=2110): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x3, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4044}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/mnt\x00') 444.303455ms ago: executing program 2 (id=2111): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0208000004"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x23, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0xfffffffd}, {0x2, 0x0, 0xffffeffc, 0x8}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000)=r3, 0xc) 443.205035ms ago: executing program 4 (id=2112): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8df00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0xc}, 0x94) 316.413249ms ago: executing program 1 (id=2113): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0208000004"], 0x48) sendmsg$inet(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x20008050) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x23, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0xfffffffd}, {0x2, 0x0, 0xffffeffc, 0x8}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000)=r3, 0xc) 316.112549ms ago: executing program 2 (id=2114): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x7, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r1, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 315.953019ms ago: executing program 4 (id=2115): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) recvmsg$unix(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000002380)=[{&(0x7f00000008c0)=""/195, 0xc3}], 0x1}, 0x0) sendmsg$inet(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="ff", 0x1}], 0x1}, 0xc001) 315.486069ms ago: executing program 0 (id=2116): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0208000004"], 0x48) setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000), 0xc) 186.961803ms ago: executing program 0 (id=2117): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000dc0)='>', 0x1}], 0x1}, 0x0) write$cgroup_subtree(r2, 0x0, 0x0) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)=""/210, 0xd2}], 0x1}, 0x0) 165.198484ms ago: executing program 1 (id=2118): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@union={0x1, 0x0, 0x0, 0x5, 0x0, 0x8}]}, {0x0, [0x5f]}}, 0x0, 0x27, 0x0, 0x1, 0xffffffff}, 0x28) 156.417785ms ago: executing program 2 (id=2119): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000680)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="17000000", @ANYRES32], 0x20) 55.037878ms ago: executing program 0 (id=2120): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000080), &(0x7f00000002c0)=r0}, 0x20) close(0x3) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000140)={r1, 0x58, &(0x7f00000000c0)}, 0x10) 54.684167ms ago: executing program 1 (id=2121): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000028000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 54.406787ms ago: executing program 2 (id=2122): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x5, 0x5, 0x9fd, 0x85, 0x41}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000040), &(0x7f00000005c0)}, 0x20) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 12.616649ms ago: executing program 1 (id=2123): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20000000}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 0 (id=2124): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000500000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000440)={r0}, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1a82, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x301142, 0x0) ioctl$TUNSETLINK(r1, 0x400454cd, 0x118) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="1bd4000c"], 0xffdd) kernel console output (not intermixed with test programs): 0763][ T4771] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 80.563278][ T4792] validate_nla: 33 callbacks suppressed [ 80.563307][ T4792] netlink: 'syz.1.189': attribute type 27 has an invalid length. [ 80.675800][ T4792] netlink: 'syz.1.189': attribute type 3 has an invalid length. [ 80.742054][ T4792] netlink: 132 bytes leftover after parsing attributes in process `syz.1.189'. [ 80.928821][ T4803] netlink: 'syz.1.193': attribute type 10 has an invalid length. [ 80.959094][ T4803] device netdevsim0 entered promiscuous mode [ 81.132098][ T4817] FAULT_INJECTION: forcing a failure. [ 81.132098][ T4817] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 81.170484][ T4818] FAULT_INJECTION: forcing a failure. [ 81.170484][ T4818] name failslab, interval 1, probability 0, space 0, times 1 [ 81.214115][ T4818] CPU: 0 PID: 4818 Comm: syz.3.201 Not tainted syzkaller #0 [ 81.221431][ T4818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 81.231494][ T4818] Call Trace: [ 81.234765][ T4818] [ 81.237681][ T4818] dump_stack_lvl+0x188/0x250 [ 81.242353][ T4818] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 81.248494][ T4818] ? show_regs_print_info+0x20/0x20 [ 81.253678][ T4818] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 81.259839][ T4818] should_fail+0x38c/0x4c0 [ 81.264252][ T4818] should_failslab+0x5/0x20 [ 81.268738][ T4818] slab_pre_alloc_hook+0x51/0xc0 [ 81.273755][ T4818] __kmalloc+0x6b/0x330 [ 81.277896][ T4818] ? bpf_test_init+0xf8/0x1b0 [ 81.282819][ T4818] ? __lock_acquire+0x7d10/0x7d10 [ 81.287837][ T4818] bpf_test_init+0xf8/0x1b0 [ 81.292330][ T4818] bpf_prog_test_run_skb+0x181/0x10b0 [ 81.297700][ T4818] ? __fget_files+0x40f/0x480 [ 81.302373][ T4818] ? cpu_online+0x60/0x60 [ 81.306687][ T4818] bpf_prog_test_run+0x31e/0x390 [ 81.311616][ T4818] __sys_bpf+0x5a5/0x6f0 [ 81.315950][ T4818] ? bpf_link_show_fdinfo+0x380/0x380 [ 81.321318][ T4818] ? vtime_user_exit+0x2c8/0x3e0 [ 81.326251][ T4818] __x64_sys_bpf+0x78/0x90 [ 81.330655][ T4818] do_syscall_64+0x4c/0xa0 [ 81.335061][ T4818] ? clear_bhb_loop+0x30/0x80 [ 81.339723][ T4818] ? clear_bhb_loop+0x30/0x80 [ 81.344400][ T4818] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.350327][ T4818] RIP: 0033:0x7f7819516e59 [ 81.354732][ T4818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 81.374323][ T4818] RSP: 002b:00007f7817770028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 81.382724][ T4818] RAX: ffffffffffffffda RBX: 00007f781978ffa0 RCX: 00007f7819516e59 [ 81.390682][ T4818] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 81.398638][ T4818] RBP: 00007f7817770090 R08: 0000000000000000 R09: 0000000000000000 [ 81.406598][ T4818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.414560][ T4818] R13: 00007f7819790038 R14: 00007f781978ffa0 R15: 00007fff4af673b8 [ 81.422541][ T4818] [ 81.430557][ T4817] CPU: 0 PID: 4817 Comm: syz.0.199 Not tainted syzkaller #0 [ 81.437875][ T4817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 81.447934][ T4817] Call Trace: [ 81.451302][ T4817] [ 81.454236][ T4817] dump_stack_lvl+0x188/0x250 [ 81.458927][ T4817] ? show_regs_print_info+0x20/0x20 [ 81.464136][ T4817] ? load_image+0x400/0x400 [ 81.468650][ T4817] ? __lock_acquire+0x7d10/0x7d10 [ 81.473706][ T4817] should_fail+0x38c/0x4c0 [ 81.478145][ T4817] _copy_from_iter+0x22e/0x1170 [ 81.483009][ T4817] ? __lock_acquire+0x7d10/0x7d10 [ 81.486006][ T4822] netlink: 'syz.1.202': attribute type 21 has an invalid length. [ 81.488048][ T4817] ? copy_mc_pipe_to_iter+0x7d0/0x7d0 [ 81.488080][ T4817] ? __virt_addr_valid+0x3c6/0x470 [ 81.506235][ T4817] ? __phys_addr_symbol+0x2b/0x70 [ 81.511272][ T4817] ? __check_object_size+0x30c/0x410 [ 81.516568][ T4817] netlink_sendmsg+0x758/0xbe0 [ 81.521348][ T4817] ? netlink_getsockopt+0x570/0x570 [ 81.526557][ T4817] ? aa_sock_msg_perm+0x94/0x150 [ 81.531506][ T4817] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 81.536807][ T4817] ? security_socket_sendmsg+0x7c/0xa0 [ 81.542280][ T4817] ? netlink_getsockopt+0x570/0x570 [ 81.547489][ T4817] ____sys_sendmsg+0x5b7/0x8f0 [ 81.552283][ T4817] ? __sys_sendmsg_sock+0x30/0x30 [ 81.557335][ T4817] ? import_iovec+0x6f/0xa0 [ 81.561864][ T4817] ___sys_sendmsg+0x236/0x2e0 [ 81.566563][ T4817] ? __sys_sendmsg+0x2a0/0x2a0 [ 81.571357][ T4817] ? vfs_write+0x8b2/0xd60 [ 81.575818][ T4817] __se_sys_sendmsg+0x1af/0x290 [ 81.580690][ T4817] ? __x64_sys_sendmsg+0x80/0x80 [ 81.585637][ T4817] ? lockdep_hardirqs_on+0x94/0x140 [ 81.590873][ T4817] do_syscall_64+0x4c/0xa0 [ 81.595299][ T4817] ? clear_bhb_loop+0x30/0x80 [ 81.599984][ T4817] ? clear_bhb_loop+0x30/0x80 [ 81.604672][ T4817] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.610572][ T4817] RIP: 0033:0x7fa907b6ae59 [ 81.614996][ T4817] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 81.634612][ T4817] RSP: 002b:00007fa905dc4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.643043][ T4817] RAX: ffffffffffffffda RBX: 00007fa907de3fa0 RCX: 00007fa907b6ae59 [ 81.651026][ T4817] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 81.659285][ T4817] RBP: 00007fa905dc4090 R08: 0000000000000000 R09: 0000000000000000 [ 81.667269][ T4817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.675250][ T4817] R13: 00007fa907de4038 R14: 00007fa907de3fa0 R15: 00007fff6cad2c28 [ 81.683255][ T4817] [ 81.978399][ T4834] netlink: 'syz.0.206': attribute type 21 has an invalid length. [ 82.017619][ T4834] netlink: 'syz.0.206': attribute type 6 has an invalid length. [ 82.796294][ T4860] netlink: 'syz.0.216': attribute type 1 has an invalid length. [ 83.113087][ T4874] netlink: 'syz.1.223': attribute type 27 has an invalid length. [ 83.136942][ T4874] netlink: 'syz.1.223': attribute type 3 has an invalid length. [ 83.170004][ T4874] __nla_validate_parse: 1 callbacks suppressed [ 83.170021][ T4874] netlink: 132 bytes leftover after parsing attributes in process `syz.1.223'. [ 83.354115][ T4881] netlink: 152 bytes leftover after parsing attributes in process `syz.2.226'. [ 83.626812][ T4896] Zero length message leads to an empty skb [ 83.767734][ T4903] netlink: 'syz.2.233': attribute type 21 has an invalid length. [ 83.803986][ T4903] netlink: 120 bytes leftover after parsing attributes in process `syz.2.233'. [ 83.876891][ T4903] netlink: 9 bytes leftover after parsing attributes in process `syz.2.233'. [ 84.141265][ T4907] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.236'. [ 84.325517][ T4915] delete_channel: no stack [ 86.603655][ T4904] netlink: 'syz.1.236': attribute type 2 has an invalid length. [ 86.620112][ T4918] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 86.627605][ T4918] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 86.641138][ T4918] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 86.648587][ T4918] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 86.698015][ T4926] netlink: 32 bytes leftover after parsing attributes in process `syz.0.244'. [ 87.028639][ T4937] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.248'. [ 87.038777][ T4937] openvswitch: netlink: Tunnel attr 0 has unexpected len 60 expected 8 [ 87.525611][ T4956] netlink: 144 bytes leftover after parsing attributes in process `syz.2.257'. [ 87.591405][ T4956] netlink: 'syz.2.257': attribute type 39 has an invalid length. [ 88.017870][ T4979] netlink: 14 bytes leftover after parsing attributes in process `syz.0.267'. [ 88.092780][ T4979] device hsr_slave_0 left promiscuous mode [ 88.616787][ T5002] netlink: 152 bytes leftover after parsing attributes in process `syz.0.274'. [ 88.666762][ T5011] netlink: 'syz.2.279': attribute type 6 has an invalid length. [ 88.695286][ T5011] netlink: 164 bytes leftover after parsing attributes in process `syz.2.279'. [ 88.799022][ T5014] netlink: 'syz.4.276': attribute type 10 has an invalid length. [ 88.844157][ T5014] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.885607][ T5014] device bridge_slave_1 left promiscuous mode [ 88.911115][ T5014] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.957689][ T5013] netlink: 152 bytes leftover after parsing attributes in process `syz.3.280'. [ 88.986226][ T5025] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.284'. [ 89.386549][ T5046] netlink: 152 bytes leftover after parsing attributes in process `syz.4.291'. [ 89.524322][ T5048] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.294'. [ 89.695866][ T5058] FAULT_INJECTION: forcing a failure. [ 89.695866][ T5058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.749954][ T5058] CPU: 0 PID: 5058 Comm: syz.3.296 Not tainted syzkaller #0 [ 89.757277][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 89.767336][ T5058] Call Trace: [ 89.770621][ T5058] [ 89.773554][ T5058] dump_stack_lvl+0x188/0x250 [ 89.778239][ T5058] ? show_regs_print_info+0x20/0x20 [ 89.783439][ T5058] ? load_image+0x400/0x400 [ 89.787947][ T5058] ? __lock_acquire+0x7d10/0x7d10 [ 89.792977][ T5058] should_fail+0x38c/0x4c0 [ 89.797403][ T5058] _copy_from_iter+0x22e/0x1170 [ 89.802267][ T5058] ? copy_mc_pipe_to_iter+0x7d0/0x7d0 [ 89.807655][ T5058] packet_sendmsg+0x322c/0x5060 [ 89.812521][ T5058] ? __lock_acquire+0x12e8/0x7d10 [ 89.817543][ T5058] ? verify_lock_unused+0x140/0x140 [ 89.822736][ T5058] ? __might_sleep+0xf0/0xf0 [ 89.827329][ T5058] ? aa_sk_perm+0x7dc/0x910 [ 89.831832][ T5058] ? packet_getsockopt+0x9a0/0x9a0 [ 89.836956][ T5058] ? aa_sock_msg_perm+0x94/0x150 [ 89.841890][ T5058] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 89.847168][ T5058] ? security_socket_sendmsg+0x7c/0xa0 [ 89.852618][ T5058] ? packet_getsockopt+0x9a0/0x9a0 [ 89.857721][ T5058] ____sys_sendmsg+0x5b7/0x8f0 [ 89.862487][ T5058] ? __sys_sendmsg_sock+0x30/0x30 [ 89.867516][ T5058] ? import_iovec+0x6f/0xa0 [ 89.872017][ T5058] ___sys_sendmsg+0x236/0x2e0 [ 89.876692][ T5058] ? __sys_sendmsg+0x2a0/0x2a0 [ 89.881457][ T5058] ? vfs_write+0x8b2/0xd60 [ 89.885886][ T5058] __se_sys_sendmsg+0x1af/0x290 [ 89.890731][ T5058] ? __x64_sys_sendmsg+0x80/0x80 [ 89.895663][ T5058] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 89.901648][ T5058] ? lockdep_hardirqs_on+0x94/0x140 [ 89.906847][ T5058] do_syscall_64+0x4c/0xa0 [ 89.911254][ T5058] ? clear_bhb_loop+0x30/0x80 [ 89.915926][ T5058] ? clear_bhb_loop+0x30/0x80 [ 89.920596][ T5058] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 89.926479][ T5058] RIP: 0033:0x7f7819516e59 [ 89.930888][ T5058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.950486][ T5058] RSP: 002b:00007f7817770028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.958896][ T5058] RAX: ffffffffffffffda RBX: 00007f781978ffa0 RCX: 00007f7819516e59 [ 89.966863][ T5058] RDX: 0000000000008045 RSI: 0000200000000040 RDI: 0000000000000003 [ 89.974830][ T5058] RBP: 00007f7817770090 R08: 0000000000000000 R09: 0000000000000000 [ 89.982793][ T5058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.990760][ T5058] R13: 00007f7819790038 R14: 00007f781978ffa0 R15: 00007fff4af673b8 [ 89.998738][ T5058] [ 90.013027][ T5062] netlink: 152 bytes leftover after parsing attributes in process `syz.4.299'. [ 90.372858][ T5076] netlink: 152 bytes leftover after parsing attributes in process `syz.4.305'. [ 90.423517][ T5082] netlink: 'syz.0.308': attribute type 2 has an invalid length. [ 90.450353][ T5082] netlink: 'syz.0.308': attribute type 8 has an invalid length. [ 90.479813][ T5082] netlink: 132 bytes leftover after parsing attributes in process `syz.0.308'. [ 90.538266][ T5078] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.306'. [ 91.178363][ T5102] device syzkaller0 entered promiscuous mode [ 91.203020][ T5103] netlink: 'syz.4.314': attribute type 21 has an invalid length. [ 91.707433][ T5124] netlink: 'syz.2.322': attribute type 1 has an invalid length. [ 91.932900][ T5136] netlink: 'syz.0.326': attribute type 14 has an invalid length. [ 92.309468][ T5155] netlink: 'syz.3.336': attribute type 10 has an invalid length. [ 92.399680][ T5152] netlink: 'syz.1.335': attribute type 10 has an invalid length. [ 92.407979][ T5152] team0: Device bridge0 is up. Set it down before adding it as a team port [ 92.737259][ T5177] netlink: 'syz.1.344': attribute type 29 has an invalid length. [ 92.770080][ T5177] netlink: 'syz.1.344': attribute type 3 has an invalid length. [ 92.880660][ T5182] netlink: 'syz.2.347': attribute type 2 has an invalid length. [ 93.081452][ T5184] device syzkaller0 entered promiscuous mode [ 93.140261][ T5191] device hsr_slave_0 left promiscuous mode [ 93.188031][ T5191] device hsr_slave_1 left promiscuous mode [ 93.256853][ T5194] netlink: 'syz.3.351': attribute type 21 has an invalid length. [ 93.287932][ T5196] device lo entered promiscuous mode [ 93.563242][ T5209] team0: Port device team_slave_0 removed [ 93.604268][ T5209] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 93.703433][ T5203] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 93.742774][ T5214] __nla_validate_parse: 13 callbacks suppressed [ 93.742793][ T5214] netlink: 152 bytes leftover after parsing attributes in process `syz.1.358'. [ 94.037279][ T5226] netlink: 'syz.1.361': attribute type 10 has an invalid length. [ 94.448305][ T5255] netlink: 152 bytes leftover after parsing attributes in process `syz.3.372'. [ 95.366722][ T5296] netlink: 152 bytes leftover after parsing attributes in process `syz.0.388'. [ 95.735857][ T5309] netlink: 'syz.4.391': attribute type 2 has an invalid length. [ 95.759902][ T5309] netlink: 132 bytes leftover after parsing attributes in process `syz.4.391'. [ 96.856913][ T5335] validate_nla: 1 callbacks suppressed [ 96.856950][ T5335] netlink: 'syz.3.402': attribute type 6 has an invalid length. [ 96.910065][ T5335] netlink: 164 bytes leftover after parsing attributes in process `syz.3.402'. [ 97.008952][ T5339] netlink: 152 bytes leftover after parsing attributes in process `syz.4.403'. [ 97.851215][ T5376] netlink: 152 bytes leftover after parsing attributes in process `syz.3.418'. [ 98.740425][ T5415] netlink: 'syz.0.432': attribute type 10 has an invalid length. [ 98.748204][ T5415] team0: Device macvlan0 is up. Set it down before adding it as a team port [ 98.864341][ T5421] netlink: 152 bytes leftover after parsing attributes in process `syz.4.434'. [ 99.121271][ T5428] netlink: 'syz.1.436': attribute type 7 has an invalid length. [ 99.187535][ T5432] sock: sock_set_timeout: `syz.3.438' (pid 5432) tries to set negative timeout [ 99.321937][ T5428] netlink: 128 bytes leftover after parsing attributes in process `syz.1.436'. [ 99.382318][ T5428] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 99.578893][ T5440] netlink: 14 bytes leftover after parsing attributes in process `syz.4.439'. [ 100.265742][ T5440] device geneve0 entered promiscuous mode [ 100.373156][ T5449] netlink: 'syz.0.442': attribute type 10 has an invalid length. [ 100.419890][ T5449] netlink: 40 bytes leftover after parsing attributes in process `syz.0.442'. [ 100.477328][ T5449] batman_adv: batadv0: Adding interface: virt_wifi0 [ 100.504174][ T5449] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.595755][ T5449] batman_adv: batadv0: Interface activated: virt_wifi0 [ 100.990668][ T5464] syz.1.447 uses obsolete (PF_INET,SOCK_PACKET) [ 101.470639][ T5472] netlink: 152 bytes leftover after parsing attributes in process `syz.1.450'. [ 103.017228][ T5508] netlink: 152 bytes leftover after parsing attributes in process `syz.1.466'. [ 103.195297][ T5510] netlink: 'syz.2.463': attribute type 10 has an invalid length. [ 103.267005][ T5510] team0: Device wlan1 is up. Set it down before adding it as a team port [ 103.404625][ T5517] netlink: 128 bytes leftover after parsing attributes in process `syz.1.468'. [ 103.433632][ T5517] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 103.479499][ T5517] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 103.677834][ T5524] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.468'. [ 103.775826][ T5524] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 104.409485][ T5546] netlink: 152 bytes leftover after parsing attributes in process `syz.0.479'. [ 104.859137][ T5552] device syzkaller0 entered promiscuous mode [ 105.281118][ T5574] netlink: 'syz.1.491': attribute type 10 has an invalid length. [ 105.372285][ T5574] team0: Port device hsr_slave_0 added [ 105.967578][ T5583] netlink: 152 bytes leftover after parsing attributes in process `syz.4.493'. [ 106.246050][ T5599] netlink: 144308 bytes leftover after parsing attributes in process `syz.1.502'. [ 106.251959][ T5600] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.500'. [ 106.775513][ T5614] netlink: 'syz.1.507': attribute type 10 has an invalid length. [ 107.089108][ T5623] netlink: 152 bytes leftover after parsing attributes in process `syz.3.512'. [ 107.119151][ T5628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.511'. [ 107.398890][ T5644] netlink: 'syz.1.520': attribute type 10 has an invalid length. [ 108.095935][ T5665] netlink: 152 bytes leftover after parsing attributes in process `syz.2.527'. [ 108.256711][ T5672] netlink: 'syz.4.528': attribute type 10 has an invalid length. [ 108.281622][ T5672] device netdevsim0 entered promiscuous mode [ 108.385687][ T5678] FAULT_INJECTION: forcing a failure. [ 108.385687][ T5678] name failslab, interval 1, probability 0, space 0, times 0 [ 108.444832][ T5678] CPU: 1 PID: 5678 Comm: syz.0.532 Not tainted syzkaller #0 [ 108.447207][ T5675] netlink: 'syz.3.531': attribute type 3 has an invalid length. [ 108.452154][ T5678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 108.452176][ T5678] Call Trace: [ 108.452184][ T5678] [ 108.452192][ T5678] dump_stack_lvl+0x188/0x250 [ 108.452213][ T5678] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 108.452237][ T5678] ? show_regs_print_info+0x20/0x20 [ 108.452253][ T5678] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 108.452279][ T5678] ? dump_stack+0x5/0x20 [ 108.452302][ T5678] should_fail+0x38c/0x4c0 [ 108.484943][ T5675] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.531'. [ 108.487068][ T5678] should_failslab+0x5/0x20 [ 108.487109][ T5678] slab_pre_alloc_hook+0x51/0xc0 [ 108.487129][ T5678] ? skb_clone+0x1bd/0x350 [ 108.487150][ T5678] kmem_cache_alloc+0x3d/0x290 [ 108.487173][ T5678] skb_clone+0x1bd/0x350 [ 108.487196][ T5678] __netlink_deliver_tap+0x3cd/0x7c0 [ 108.487232][ T5678] netlink_deliver_tap+0x16c/0x180 [ 108.487251][ T5678] netlink_unicast+0x74f/0x920 [ 108.495812][ T5681] netlink: 'syz.2.535': attribute type 15 has an invalid length. [ 108.498580][ T5678] netlink_sendmsg+0x8ba/0xbe0 [ 108.498614][ T5678] ? netlink_getsockopt+0x570/0x570 [ 108.508901][ T5681] netlink: 'syz.2.535': attribute type 7 has an invalid length. [ 108.516397][ T5678] ? aa_sock_msg_perm+0x94/0x150 [ 108.516424][ T5678] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 108.516444][ T5678] ? security_socket_sendmsg+0x7c/0xa0 [ 108.516464][ T5678] ? netlink_getsockopt+0x570/0x570 [ 108.516481][ T5678] ____sys_sendmsg+0x5b7/0x8f0 [ 108.605491][ T5678] ? __sys_sendmsg_sock+0x30/0x30 [ 108.610525][ T5678] ? import_iovec+0x6f/0xa0 [ 108.615030][ T5678] ___sys_sendmsg+0x236/0x2e0 [ 108.619714][ T5678] ? __sys_sendmsg+0x2a0/0x2a0 [ 108.624483][ T5678] ? perf_trace_run_bpf_submit+0xf3/0x1c0 [ 108.630221][ T5678] __se_sys_sendmsg+0x1af/0x290 [ 108.635070][ T5678] ? __x64_sys_sendmsg+0x80/0x80 [ 108.640015][ T5678] ? syscall_enter_from_user_mode+0x2a/0x70 [ 108.645908][ T5678] do_syscall_64+0x4c/0xa0 [ 108.650322][ T5678] ? clear_bhb_loop+0x30/0x80 [ 108.654994][ T5678] ? clear_bhb_loop+0x30/0x80 [ 108.659666][ T5678] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 108.665552][ T5678] RIP: 0033:0x7fa907b6ae59 [ 108.669962][ T5678] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.689561][ T5678] RSP: 002b:00007fa905dc4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 108.697973][ T5678] RAX: ffffffffffffffda RBX: 00007fa907de3fa0 RCX: 00007fa907b6ae59 [ 108.705940][ T5678] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 108.713906][ T5678] RBP: 00007fa905dc4090 R08: 0000000000000000 R09: 0000000000000000 [ 108.721871][ T5678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.729835][ T5678] R13: 00007fa907de4038 R14: 00007fa907de3fa0 R15: 00007fff6cad2c28 [ 108.737822][ T5678] [ 108.744932][ T5687] FAULT_INJECTION: forcing a failure. [ 108.744932][ T5687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.747806][ T5681] netlink: 52 bytes leftover after parsing attributes in process `syz.2.535'. [ 108.759206][ T5687] CPU: 0 PID: 5687 Comm: syz.4.534 Not tainted syzkaller #0 [ 108.774427][ T5687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 108.784482][ T5687] Call Trace: [ 108.787764][ T5687] [ 108.790702][ T5687] dump_stack_lvl+0x188/0x250 [ 108.795389][ T5687] ? show_regs_print_info+0x20/0x20 [ 108.800597][ T5687] ? load_image+0x400/0x400 [ 108.805116][ T5687] ? __lock_acquire+0x7d10/0x7d10 [ 108.810153][ T5687] ? perf_trace_lock_acquire+0xed/0x3e0 [ 108.815720][ T5687] should_fail+0x38c/0x4c0 [ 108.820159][ T5687] _copy_from_user+0x2e/0x170 [ 108.824850][ T5687] kstrtouint_from_user+0xd3/0x220 [ 108.829973][ T5687] ? kstrtol_from_user+0x2a0/0x2a0 [ 108.835113][ T5687] proc_fail_nth_write+0x8b/0x200 [ 108.840142][ T5687] ? proc_fail_nth_read+0x220/0x220 [ 108.845345][ T5687] ? common_file_perm+0x171/0x1c0 [ 108.850386][ T5687] ? proc_fail_nth_read+0x220/0x220 [ 108.855593][ T5687] vfs_write+0x30b/0xd60 [ 108.859937][ T5687] ? file_end_write+0x250/0x250 [ 108.864809][ T5687] ? __fget_files+0x40f/0x480 [ 108.869499][ T5687] ? mutex_lock_nested+0x17/0x20 [ 108.874442][ T5687] ? __fdget_pos+0x2bf/0x370 [ 108.879034][ T5687] ? ksys_write+0x71/0x260 [ 108.883459][ T5687] ksys_write+0x152/0x260 [ 108.887800][ T5687] ? __ia32_sys_read+0x80/0x80 [ 108.892576][ T5687] ? lockdep_hardirqs_on+0x94/0x140 [ 108.897789][ T5687] do_syscall_64+0x4c/0xa0 [ 108.902217][ T5687] ? clear_bhb_loop+0x30/0x80 [ 108.906902][ T5687] ? clear_bhb_loop+0x30/0x80 [ 108.911589][ T5687] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 108.917488][ T5687] RIP: 0033:0x7f7cdf95d68e [ 108.921908][ T5687] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 108.941520][ T5687] RSP: 002b:00007f7cddbd4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.949950][ T5687] RAX: ffffffffffffffda RBX: 00007f7cddbd56c0 RCX: 00007f7cdf95d68e [ 108.957930][ T5687] RDX: 0000000000000001 RSI: 00007f7cddbd50a0 RDI: 0000000000000008 [ 108.965916][ T5687] RBP: 00007f7cddbd5090 R08: 0000000000000000 R09: 0000000000000000 [ 108.973896][ T5687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.981880][ T5687] R13: 00007f7cdfc16128 R14: 00007f7cdfc16090 R15: 00007ffe8435c628 [ 108.989885][ T5687] [ 108.995742][ T5678] netlink: 'syz.0.532': attribute type 27 has an invalid length. [ 109.020954][ T5678] netlink: 'syz.0.532': attribute type 3 has an invalid length. [ 109.038913][ T5678] netlink: 132 bytes leftover after parsing attributes in process `syz.0.532'. [ 109.946499][ T5719] netlink: 'syz.0.547': attribute type 10 has an invalid length. [ 110.837511][ T5719] team0: Device veth1_macvtap failed to register rx_handler [ 111.050200][ T5730] __nla_validate_parse: 1 callbacks suppressed [ 111.050218][ T5730] netlink: 152 bytes leftover after parsing attributes in process `syz.1.552'. [ 111.239941][ T5733] netlink: 'syz.2.553': attribute type 25 has an invalid length. [ 111.292317][ T5745] netlink: 'syz.0.557': attribute type 27 has an invalid length. [ 111.328822][ T5745] netlink: 'syz.0.557': attribute type 3 has an invalid length. [ 111.337439][ T5745] netlink: 132 bytes leftover after parsing attributes in process `syz.0.557'. [ 111.998168][ T5780] netlink: 60 bytes leftover after parsing attributes in process `syz.0.570'. [ 112.153634][ T5784] netlink: 152 bytes leftover after parsing attributes in process `syz.3.571'. [ 112.337413][ T5787] delete_channel: no stack [ 112.562198][ T5796] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.578'. [ 112.604614][ T5796] openvswitch: netlink: Tunnel attr 0 has unexpected len 60 expected 8 [ 112.635124][ T5794] netlink: 28 bytes leftover after parsing attributes in process `syz.1.577'. [ 112.962593][ T5806] netlink: 152 bytes leftover after parsing attributes in process `syz.3.584'. [ 113.173172][ T5816] netlink: 144 bytes leftover after parsing attributes in process `syz.4.589'. [ 113.273175][ T5823] netlink: 'syz.4.589': attribute type 39 has an invalid length. [ 113.779231][ T5835] netlink: 152 bytes leftover after parsing attributes in process `syz.0.596'. [ 113.843430][ T5838] netlink: 'syz.4.597': attribute type 21 has an invalid length. [ 113.863703][ T5838] netlink: 144 bytes leftover after parsing attributes in process `syz.4.597'. [ 114.561260][ T5862] netlink: 'syz.1.607': attribute type 27 has an invalid length. [ 114.600121][ T5862] netlink: 'syz.1.607': attribute type 25 has an invalid length. [ 114.614491][ T5866] netlink: 'syz.0.608': attribute type 6 has an invalid length. [ 114.877067][ T5876] netlink: 'syz.4.613': attribute type 10 has an invalid length. [ 115.624296][ T5905] FAULT_INJECTION: forcing a failure. [ 115.624296][ T5905] name failslab, interval 1, probability 0, space 0, times 0 [ 115.720024][ T5905] CPU: 1 PID: 5905 Comm: syz.1.626 Not tainted syzkaller #0 [ 115.727355][ T5905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 115.737422][ T5905] Call Trace: [ 115.740699][ T5905] [ 115.743635][ T5905] dump_stack_lvl+0x188/0x250 [ 115.748344][ T5905] ? show_regs_print_info+0x20/0x20 [ 115.753560][ T5905] ? load_image+0x400/0x400 [ 115.758079][ T5905] ? __might_sleep+0xf0/0xf0 [ 115.762679][ T5905] ? __lock_acquire+0x7d10/0x7d10 [ 115.767718][ T5905] ? ima_match_policy+0x1992/0x1a20 [ 115.772930][ T5905] should_fail+0x38c/0x4c0 [ 115.777354][ T5905] should_failslab+0x5/0x20 [ 115.781854][ T5905] slab_pre_alloc_hook+0x51/0xc0 [ 115.786790][ T5905] kmem_cache_alloc_node+0x47/0x2d0 [ 115.791986][ T5905] ? __alloc_skb+0xf4/0x750 [ 115.796495][ T5905] __alloc_skb+0xf4/0x750 [ 115.800841][ T5905] alloc_skb_with_frags+0xa7/0x730 [ 115.805951][ T5905] ? __lock_acquire+0x7d10/0x7d10 [ 115.810984][ T5905] sock_alloc_send_pskb+0x87f/0x9a0 [ 115.816181][ T5905] ? __might_fault+0xb3/0x110 [ 115.820876][ T5905] ? sock_kzfree_s+0x50/0x50 [ 115.825480][ T5905] packet_sendmsg+0x343c/0x5060 [ 115.830355][ T5905] ? __lock_acquire+0x12e8/0x7d10 [ 115.835379][ T5905] ? verify_lock_unused+0x140/0x140 [ 115.840575][ T5905] ? __might_sleep+0xf0/0xf0 [ 115.845182][ T5905] ? aa_sk_perm+0x7dc/0x910 [ 115.849694][ T5905] ? packet_getsockopt+0x9a0/0x9a0 [ 115.854824][ T5905] ? aa_sock_msg_perm+0x94/0x150 [ 115.859772][ T5905] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 115.865057][ T5905] ? security_socket_sendmsg+0x7c/0xa0 [ 115.870521][ T5905] ? packet_getsockopt+0x9a0/0x9a0 [ 115.875644][ T5905] ____sys_sendmsg+0x5b7/0x8f0 [ 115.880430][ T5905] ? __sys_sendmsg_sock+0x30/0x30 [ 115.885476][ T5905] ? import_iovec+0x6f/0xa0 [ 115.889995][ T5905] ___sys_sendmsg+0x236/0x2e0 [ 115.894692][ T5905] ? __sys_sendmsg+0x2a0/0x2a0 [ 115.899484][ T5905] ? vfs_write+0x8b2/0xd60 [ 115.903925][ T5905] __se_sys_sendmsg+0x1af/0x290 [ 115.908789][ T5905] ? __x64_sys_sendmsg+0x80/0x80 [ 115.913731][ T5905] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 115.919737][ T5905] ? lockdep_hardirqs_on+0x94/0x140 [ 115.924954][ T5905] do_syscall_64+0x4c/0xa0 [ 115.929387][ T5905] ? clear_bhb_loop+0x30/0x80 [ 115.934152][ T5905] ? clear_bhb_loop+0x30/0x80 [ 115.938828][ T5905] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 115.944724][ T5905] RIP: 0033:0x7fa8fc97ae59 [ 115.949137][ T5905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.968743][ T5905] RSP: 002b:00007fa8fabd4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 115.977182][ T5905] RAX: ffffffffffffffda RBX: 00007fa8fcbf3fa0 RCX: 00007fa8fc97ae59 [ 115.985161][ T5905] RDX: 0000000000008045 RSI: 0000200000000040 RDI: 0000000000000003 [ 115.993129][ T5905] RBP: 00007fa8fabd4090 R08: 0000000000000000 R09: 0000000000000000 [ 116.001096][ T5905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.009061][ T5905] R13: 00007fa8fcbf4038 R14: 00007fa8fcbf3fa0 R15: 00007ffc450fd218 [ 116.017045][ T5905] [ 116.500294][ T5932] __nla_validate_parse: 7 callbacks suppressed [ 116.500312][ T5932] netlink: 152 bytes leftover after parsing attributes in process `syz.3.635'. [ 116.565962][ T5935] netlink: 'syz.1.637': attribute type 2 has an invalid length. [ 116.601921][ T5935] netlink: 'syz.1.637': attribute type 8 has an invalid length. [ 116.666893][ T5935] netlink: 132 bytes leftover after parsing attributes in process `syz.1.637'. [ 116.730984][ T5937] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.638'. [ 116.879469][ T5947] device syzkaller0 entered promiscuous mode [ 116.915598][ T5945] netlink: 'syz.1.637': attribute type 2 has an invalid length. [ 116.943312][ T5945] netlink: 'syz.1.637': attribute type 8 has an invalid length. [ 116.973471][ T5945] netlink: 132 bytes leftover after parsing attributes in process `syz.1.637'. [ 117.153662][ T5937] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 117.190451][ T5937] CPU: 1 PID: 5937 Comm: syz.2.638 Not tainted syzkaller #0 [ 117.197781][ T5937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 117.208104][ T5937] Call Trace: [ 117.211396][ T5937] [ 117.214330][ T5937] dump_stack_lvl+0x188/0x250 [ 117.219019][ T5937] ? show_regs_print_info+0x20/0x20 [ 117.224224][ T5937] ? load_image+0x400/0x400 [ 117.228745][ T5937] sysfs_warn_dup+0x8a/0xa0 [ 117.233257][ T5937] sysfs_do_create_link_sd+0xc0/0x110 [ 117.238641][ T5937] device_add+0x7f6/0x1000 [ 117.243076][ T5937] wiphy_register+0x1e81/0x2c30 [ 117.247959][ T5937] ? cfg80211_event_work+0x40/0x40 [ 117.253083][ T5937] ? minstrel_ht_alloc+0x808/0x980 [ 117.258217][ T5937] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 117.264298][ T5937] ieee80211_register_hw+0x2aa1/0x3af0 [ 117.269791][ T5937] ? ieee80211_tasklet_handler+0x20/0x20 [ 117.275442][ T5937] ? rcu_is_watching+0x11/0xa0 [ 117.280219][ T5937] ? memset+0x1e/0x40 [ 117.284203][ T5937] ? hrtimer_init+0x10c/0x220 [ 117.288894][ T5937] mac80211_hwsim_new_radio+0x20d3/0x4080 [ 117.294650][ T5937] hwsim_new_radio_nl+0xa6f/0xc40 [ 117.299715][ T5937] genl_rcv_msg+0xcea/0xf90 [ 117.304227][ T5937] ? lock_chain_count+0x20/0x20 [ 117.309109][ T5937] ? genl_bind+0x380/0x380 [ 117.313548][ T5937] ? verify_lock_unused+0x140/0x140 [ 117.318761][ T5937] ? rcu_preempt_deferred_qs_irqrestore+0x868/0xc30 [ 117.325372][ T5937] ? perf_trace_lock+0xe4/0x390 [ 117.330238][ T5937] ? hwsim_tx_info_frame_received_nl+0x1020/0x1020 [ 117.336776][ T5937] netlink_rcv_skb+0x1f5/0x440 [ 117.341554][ T5937] ? genl_bind+0x380/0x380 [ 117.345991][ T5937] ? netlink_ack+0xb50/0xb50 [ 117.350596][ T5937] ? __lock_acquire+0x7d10/0x7d10 [ 117.355641][ T5937] ? down_read+0x1aa/0x2e0 [ 117.360083][ T5937] genl_rcv+0x24/0x40 [ 117.364072][ T5937] netlink_unicast+0x774/0x920 [ 117.368948][ T5937] netlink_sendmsg+0x8ba/0xbe0 [ 117.373731][ T5937] ? netlink_getsockopt+0x570/0x570 [ 117.378943][ T5937] ? aa_sock_msg_perm+0x94/0x150 [ 117.383892][ T5937] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 117.389187][ T5937] ? security_socket_sendmsg+0x7c/0xa0 [ 117.394657][ T5937] ? netlink_getsockopt+0x570/0x570 [ 117.399870][ T5937] ____sys_sendmsg+0x5b7/0x8f0 [ 117.404666][ T5937] ? __sys_sendmsg_sock+0x30/0x30 [ 117.409714][ T5937] ? import_iovec+0x6f/0xa0 [ 117.414233][ T5937] ___sys_sendmsg+0x236/0x2e0 [ 117.418935][ T5937] ? __sys_sendmsg+0x2a0/0x2a0 [ 117.423763][ T5937] __se_sys_sendmsg+0x1af/0x290 [ 117.428634][ T5937] ? __x64_sys_sendmsg+0x80/0x80 [ 117.433591][ T5937] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 117.439600][ T5937] ? lockdep_hardirqs_on+0x94/0x140 [ 117.444821][ T5937] do_syscall_64+0x4c/0xa0 [ 117.449247][ T5937] ? clear_bhb_loop+0x30/0x80 [ 117.453940][ T5937] ? clear_bhb_loop+0x30/0x80 [ 117.458731][ T5937] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 117.464636][ T5937] RIP: 0033:0x7f107d762e59 [ 117.469072][ T5937] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 117.488691][ T5937] RSP: 002b:00007f107b9bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.497138][ T5937] RAX: ffffffffffffffda RBX: 00007f107d9dbfa0 RCX: 00007f107d762e59 [ 117.505132][ T5937] RDX: 0000000000000600 RSI: 0000200000000000 RDI: 000000000000000b [ 117.513115][ T5937] RBP: 00007f107d7f8d6f R08: 0000000000000000 R09: 0000000000000000 [ 117.521099][ T5937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.529082][ T5937] R13: 00007f107d9dc038 R14: 00007f107d9dbfa0 R15: 00007ffc17e49df8 [ 117.537086][ T5937] [ 117.858985][ T5968] netlink: 180 bytes leftover after parsing attributes in process `syz.1.648'. [ 117.954929][ T5977] netlink: 12226 bytes leftover after parsing attributes in process `syz.2.653'. [ 117.993248][ T5980] netlink: 152 bytes leftover after parsing attributes in process `syz.4.652'. [ 118.186652][ T5986] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.656'. [ 118.407590][ T6002] validate_nla: 10 callbacks suppressed [ 118.407636][ T6002] netlink: 'syz.1.661': attribute type 10 has an invalid length. [ 118.502767][ T6004] netlink: 'syz.0.660': attribute type 4 has an invalid length. [ 118.526532][ T6004] netlink: 152 bytes leftover after parsing attributes in process `syz.0.660'. [ 118.682746][ T6001] netlink: 'syz.3.663': attribute type 10 has an invalid length. [ 118.698235][ T6001] team0: Device bridge0 is up. Set it down before adding it as a team port [ 118.891842][ T6020] netlink: 152 bytes leftover after parsing attributes in process `syz.3.668'. [ 119.308675][ T6029] netlink: 'syz.1.673': attribute type 21 has an invalid length. [ 119.369298][ T6034] device lo entered promiscuous mode [ 119.408547][ T6034] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 119.472441][ T6036] netlink: 'syz.3.671': attribute type 10 has an invalid length. [ 120.315961][ T6062] team0: Port device team_slave_0 removed [ 120.327173][ T6062] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 120.378193][ T6064] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 120.495027][ T6075] netlink: 'syz.4.687': attribute type 10 has an invalid length. [ 120.537476][ T6075] device hsr0 entered promiscuous mode [ 120.574811][ T6075] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 120.605464][ T6075] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 120.623275][ T6075] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 120.638819][ T6075] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 121.590120][ T6120] __nla_validate_parse: 6 callbacks suppressed [ 121.590137][ T6120] netlink: 152 bytes leftover after parsing attributes in process `syz.1.706'. [ 122.622568][ T6158] netlink: 152 bytes leftover after parsing attributes in process `syz.0.722'. [ 123.048377][ T6177] netlink: 188 bytes leftover after parsing attributes in process `syz.4.730'. [ 123.438005][ T6187] netlink: 180 bytes leftover after parsing attributes in process `syz.2.735'. [ 123.644174][ T6193] netlink: 152 bytes leftover after parsing attributes in process `syz.0.737'. [ 124.140613][ T6209] netlink: 'syz.0.743': attribute type 29 has an invalid length. [ 124.209339][ T6209] netlink: 'syz.0.743': attribute type 29 has an invalid length. [ 124.824427][ T6227] netlink: 'syz.1.752': attribute type 29 has an invalid length. [ 124.860894][ T6230] netlink: 152 bytes leftover after parsing attributes in process `syz.2.753'. [ 124.906764][ T6227] netlink: 'syz.1.752': attribute type 29 has an invalid length. [ 124.936256][ T6234] netlink: 'syz.1.752': attribute type 29 has an invalid length. [ 124.990142][ T6227] netlink: 'syz.1.752': attribute type 29 has an invalid length. [ 125.008927][ T6227] netlink: 'syz.1.752': attribute type 29 has an invalid length. [ 125.055688][ T6237] netlink: 40 bytes leftover after parsing attributes in process `syz.2.756'. [ 125.104098][ T6237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.756'. [ 125.593858][ T6253] netlink: 'syz.2.762': attribute type 10 has an invalid length. [ 125.615613][ T6253] team0: Device macvlan0 is up. Set it down before adding it as a team port [ 125.874193][ T6264] netlink: 152 bytes leftover after parsing attributes in process `syz.4.767'. [ 126.475951][ T6277] netlink: 'syz.0.771': attribute type 7 has an invalid length. [ 126.598815][ T6277] netlink: 128 bytes leftover after parsing attributes in process `syz.0.771'. [ 126.652877][ T6277] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 127.026314][ T6283] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.773'. [ 127.077807][ T6289] netlink: 14 bytes leftover after parsing attributes in process `syz.1.774'. [ 127.184200][ T6289] device geneve0 entered promiscuous mode [ 127.542884][ T6299] netlink: 'syz.2.776': attribute type 21 has an invalid length. [ 127.633530][ T6299] netlink: 128 bytes leftover after parsing attributes in process `syz.2.776'. [ 127.707615][ T6299] netlink: 3 bytes leftover after parsing attributes in process `syz.2.776'. [ 127.725375][ T6298] netlink: 40 bytes leftover after parsing attributes in process `syz.4.778'. [ 127.771391][ T6298] batman_adv: batadv0: Adding interface: virt_wifi0 [ 127.826811][ T6298] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.944797][ T6298] batman_adv: batadv0: Interface activated: virt_wifi0 [ 127.985332][ T6305] netlink: 152 bytes leftover after parsing attributes in process `syz.2.781'. [ 129.682334][ T6338] netlink: 152 bytes leftover after parsing attributes in process `syz.1.794'. [ 130.212884][ T6356] validate_nla: 3 callbacks suppressed [ 130.212906][ T6356] netlink: 'syz.1.801': attribute type 10 has an invalid length. [ 130.356241][ T6356] team0: Port device wlan1 added [ 130.402483][ T6358] netlink: 'syz.0.802': attribute type 46 has an invalid length. [ 130.419992][ T6358] netlink: 2 bytes leftover after parsing attributes in process `syz.0.802'. [ 130.816337][ T6370] netlink: 128 bytes leftover after parsing attributes in process `syz.3.807'. [ 130.860536][ T6370] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 130.896437][ T6370] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 130.987634][ T6374] netlink: 152 bytes leftover after parsing attributes in process `syz.4.809'. [ 131.024941][ T6375] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 131.459575][ T6396] netlink: 'syz.0.817': attribute type 15 has an invalid length. [ 131.484190][ T6396] netlink: 'syz.0.817': attribute type 7 has an invalid length. [ 131.947771][ T6422] netlink: 'syz.1.828': attribute type 10 has an invalid length. [ 132.172465][ T6430] __nla_validate_parse: 6 callbacks suppressed [ 132.172481][ T6430] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.832'. [ 132.212802][ T6430] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:0) [ 132.252708][ T6430] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:1) [ 132.491176][ T6441] netlink: 152 bytes leftover after parsing attributes in process `syz.3.836'. [ 132.670723][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.677080][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.007590][ T6448] device syzkaller1 entered promiscuous mode [ 133.371206][ T6463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.845'. [ 133.552455][ T6473] netlink: 152 bytes leftover after parsing attributes in process `syz.1.848'. [ 133.572812][ T6472] netlink: 'syz.2.846': attribute type 10 has an invalid length. [ 133.657012][ T6478] pim6reg: tun_chr_ioctl cmd 1074025677 [ 133.719186][ T6478] pim6reg: linktype set to 0 [ 134.849212][ T6518] netlink: 152 bytes leftover after parsing attributes in process `syz.2.863'. [ 134.894843][ T6520] netlink: 'syz.3.865': attribute type 10 has an invalid length. [ 134.927708][ T6520] device netdevsim0 entered promiscuous mode [ 135.059086][ T6524] netlink: 'syz.2.866': attribute type 27 has an invalid length. [ 135.094710][ T6524] netlink: 'syz.2.866': attribute type 3 has an invalid length. [ 135.143004][ T6524] netlink: 132 bytes leftover after parsing attributes in process `syz.2.866'. [ 135.220381][ T6524] FAULT_INJECTION: forcing a failure. [ 135.220381][ T6524] name failslab, interval 1, probability 0, space 0, times 0 [ 135.234945][ T6524] CPU: 1 PID: 6524 Comm: syz.2.866 Not tainted syzkaller #0 [ 135.242268][ T6524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 135.252335][ T6524] Call Trace: [ 135.255621][ T6524] [ 135.258558][ T6524] dump_stack_lvl+0x188/0x250 [ 135.263250][ T6524] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 135.269421][ T6524] ? show_regs_print_info+0x20/0x20 [ 135.274635][ T6524] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 135.280821][ T6524] should_fail+0x38c/0x4c0 [ 135.285261][ T6524] should_failslab+0x5/0x20 [ 135.289780][ T6524] slab_pre_alloc_hook+0x51/0xc0 [ 135.294735][ T6524] kmem_cache_alloc_node+0x47/0x2d0 [ 135.299950][ T6524] ? __alloc_skb+0xf4/0x750 [ 135.304467][ T6524] __alloc_skb+0xf4/0x750 [ 135.308803][ T6524] inet_rtm_getroute+0x824/0x27d0 [ 135.313858][ T6524] ? ip_rt_multicast_event+0x80/0x80 [ 135.319153][ T6524] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 135.325203][ T6524] ? __lock_acquire+0x7d10/0x7d10 [ 135.330255][ T6524] ? ip_rt_multicast_event+0x80/0x80 [ 135.335555][ T6524] ? ip_rt_multicast_event+0x80/0x80 [ 135.340852][ T6524] rtnetlink_rcv_msg+0x893/0xf30 [ 135.345811][ T6524] ? rtnetlink_bind+0x80/0x80 [ 135.350498][ T6524] ? __local_bh_enable_ip+0x136/0x1c0 [ 135.355886][ T6524] ? lockdep_hardirqs_on+0x94/0x140 [ 135.361103][ T6524] ? __local_bh_enable_ip+0x136/0x1c0 [ 135.366479][ T6524] ? _local_bh_enable+0xa0/0xa0 [ 135.371341][ T6524] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 135.376556][ T6524] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 135.382554][ T6524] ? lock_chain_count+0x20/0x20 [ 135.387424][ T6524] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 135.393588][ T6524] ? lockdep_hardirqs_on+0x94/0x140 [ 135.398802][ T6524] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 135.405028][ T6524] netlink_rcv_skb+0x1f5/0x440 [ 135.409895][ T6524] ? rtnetlink_bind+0x80/0x80 [ 135.414595][ T6524] ? netlink_ack+0xb50/0xb50 [ 135.419211][ T6524] netlink_unicast+0x774/0x920 [ 135.424080][ T6524] netlink_sendmsg+0x8ba/0xbe0 [ 135.428861][ T6524] ? netlink_getsockopt+0x570/0x570 [ 135.434073][ T6524] ? aa_sock_msg_perm+0x94/0x150 [ 135.439022][ T6524] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 135.444316][ T6524] ? security_socket_sendmsg+0x7c/0xa0 [ 135.449784][ T6524] ? netlink_getsockopt+0x570/0x570 [ 135.454988][ T6524] ____sys_sendmsg+0x5b7/0x8f0 [ 135.459770][ T6524] ? __sys_sendmsg_sock+0x30/0x30 [ 135.464813][ T6524] ? import_iovec+0x6f/0xa0 [ 135.469331][ T6524] ___sys_sendmsg+0x236/0x2e0 [ 135.474111][ T6524] ? __sys_sendmsg+0x2a0/0x2a0 [ 135.478926][ T6524] __se_sys_sendmsg+0x1af/0x290 [ 135.483788][ T6524] ? __x64_sys_sendmsg+0x80/0x80 [ 135.488749][ T6524] ? syscall_enter_from_user_mode+0x2a/0x70 [ 135.494650][ T6524] do_syscall_64+0x4c/0xa0 [ 135.499073][ T6524] ? clear_bhb_loop+0x30/0x80 [ 135.503759][ T6524] ? clear_bhb_loop+0x30/0x80 [ 135.508441][ T6524] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 135.514430][ T6524] RIP: 0033:0x7f107d762e59 [ 135.518850][ T6524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 135.538460][ T6524] RSP: 002b:00007f107b9bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.546899][ T6524] RAX: ffffffffffffffda RBX: 00007f107d9dbfa0 RCX: 00007f107d762e59 [ 135.554888][ T6524] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 135.562867][ T6524] RBP: 00007f107b9bc090 R08: 0000000000000000 R09: 0000000000000000 [ 135.570844][ T6524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.578827][ T6524] R13: 00007f107d9dc038 R14: 00007f107d9dbfa0 R15: 00007ffc17e49df8 [ 135.586824][ T6524] [ 136.067378][ T6557] netlink: 'syz.4.879': attribute type 10 has an invalid length. [ 136.090503][ T6557] device macvlan0 entered promiscuous mode [ 136.110136][ T6557] team0: Device macvlan0 is up. Set it down before adding it as a team port [ 136.407456][ T6569] netlink: 'syz.3.885': attribute type 27 has an invalid length. [ 136.466583][ T6569] netlink: 'syz.3.885': attribute type 3 has an invalid length. [ 136.522169][ T6569] netlink: 132 bytes leftover after parsing attributes in process `syz.3.885'. [ 136.646027][ T6573] netlink: 'syz.2.886': attribute type 21 has an invalid length. [ 136.702899][ T6573] netlink: 'syz.2.886': attribute type 6 has an invalid length. [ 137.347847][ T6609] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.901'. [ 137.389910][ T6609] openvswitch: netlink: Tunnel attr 0 has unexpected len 60 expected 8 [ 137.438653][ T6615] netlink: 'syz.4.904': attribute type 10 has an invalid length. [ 137.461032][ T6615] netlink: 40 bytes leftover after parsing attributes in process `syz.4.904'. [ 138.386548][ T6642] netlink: 144 bytes leftover after parsing attributes in process `syz.1.915'. [ 138.463600][ T6649] netlink: 14 bytes leftover after parsing attributes in process `syz.1.915'. [ 138.882993][ T6665] netlink: 'syz.0.925': attribute type 10 has an invalid length. [ 139.333100][ T6679] netlink: 'syz.3.930': attribute type 6 has an invalid length. [ 139.379837][ T6679] netlink: 164 bytes leftover after parsing attributes in process `syz.3.930'. [ 139.939869][ T6694] netlink: 'syz.2.935': attribute type 10 has an invalid length. [ 140.000803][ T6694] team0: Device veth1_vlan failed to register rx_handler [ 140.049001][ T6700] netlink: 'syz.0.937': attribute type 27 has an invalid length. [ 141.625628][ T6710] validate_nla: 1 callbacks suppressed [ 141.625646][ T6710] netlink: 'syz.2.941': attribute type 10 has an invalid length. [ 141.667189][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.698284][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.850703][ T6729] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.948'. [ 141.901546][ T6731] netlink: 'syz.2.949': attribute type 10 has an invalid length. [ 142.007499][ T6731] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.068867][ T6731] bond0: (slave team0): Enslaving as an active interface with an up link [ 142.111818][ T6743] netlink: 152 bytes leftover after parsing attributes in process `syz.4.953'. [ 142.421382][ T6761] FAULT_INJECTION: forcing a failure. [ 142.421382][ T6761] name failslab, interval 1, probability 0, space 0, times 0 [ 142.459412][ T6761] CPU: 0 PID: 6761 Comm: syz.1.959 Not tainted syzkaller #0 [ 142.466739][ T6761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 142.476798][ T6761] Call Trace: [ 142.480079][ T6761] [ 142.483009][ T6761] dump_stack_lvl+0x188/0x250 [ 142.487693][ T6761] ? show_regs_print_info+0x20/0x20 [ 142.492895][ T6761] ? load_image+0x400/0x400 [ 142.497402][ T6761] ? __might_sleep+0xf0/0xf0 [ 142.501988][ T6761] ? __lock_acquire+0x7d10/0x7d10 [ 142.507016][ T6761] should_fail+0x38c/0x4c0 [ 142.511438][ T6761] should_failslab+0x5/0x20 [ 142.515939][ T6761] slab_pre_alloc_hook+0x51/0xc0 [ 142.520887][ T6761] __kmalloc_node_track_caller+0x68/0x3a0 [ 142.526614][ T6761] ? alloc_skb_with_frags+0xa7/0x730 [ 142.531901][ T6761] ? kmem_cache_alloc_node+0x162/0x2d0 [ 142.537360][ T6761] ? __alloc_skb+0xf4/0x750 [ 142.541864][ T6761] ? alloc_skb_with_frags+0xa7/0x730 [ 142.547153][ T6761] __alloc_skb+0x22c/0x750 [ 142.551578][ T6761] alloc_skb_with_frags+0xa7/0x730 [ 142.556692][ T6761] ? __lock_acquire+0x7d10/0x7d10 [ 142.561724][ T6761] sock_alloc_send_pskb+0x87f/0x9a0 [ 142.566922][ T6761] ? __might_fault+0xb3/0x110 [ 142.571612][ T6761] ? sock_kzfree_s+0x50/0x50 [ 142.576214][ T6761] packet_sendmsg+0x343c/0x5060 [ 142.581088][ T6761] ? __lock_acquire+0x12e8/0x7d10 [ 142.586118][ T6761] ? verify_lock_unused+0x140/0x140 [ 142.591326][ T6761] ? __might_sleep+0xf0/0xf0 [ 142.595938][ T6761] ? aa_sk_perm+0x7dc/0x910 [ 142.600450][ T6761] ? packet_getsockopt+0x9a0/0x9a0 [ 142.605570][ T6761] ? aa_sock_msg_perm+0x94/0x150 [ 142.610510][ T6761] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 142.615799][ T6761] ? security_socket_sendmsg+0x7c/0xa0 [ 142.621286][ T6761] ? packet_getsockopt+0x9a0/0x9a0 [ 142.626404][ T6761] ____sys_sendmsg+0x5b7/0x8f0 [ 142.631178][ T6761] ? __sys_sendmsg_sock+0x30/0x30 [ 142.636213][ T6761] ? import_iovec+0x6f/0xa0 [ 142.640732][ T6761] ___sys_sendmsg+0x236/0x2e0 [ 142.645415][ T6761] ? __sys_sendmsg+0x2a0/0x2a0 [ 142.650187][ T6761] ? vfs_write+0x8b2/0xd60 [ 142.654627][ T6761] __se_sys_sendmsg+0x1af/0x290 [ 142.659479][ T6761] ? __x64_sys_sendmsg+0x80/0x80 [ 142.664413][ T6761] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 142.670407][ T6761] ? lockdep_hardirqs_on+0x94/0x140 [ 142.675617][ T6761] do_syscall_64+0x4c/0xa0 [ 142.680038][ T6761] ? clear_bhb_loop+0x30/0x80 [ 142.684719][ T6761] ? clear_bhb_loop+0x30/0x80 [ 142.689403][ T6761] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 142.695296][ T6761] RIP: 0033:0x7fa8fc97ae59 [ 142.699717][ T6761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.719327][ T6761] RSP: 002b:00007fa8fabd4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.727747][ T6761] RAX: ffffffffffffffda RBX: 00007fa8fcbf3fa0 RCX: 00007fa8fc97ae59 [ 142.735723][ T6761] RDX: 0000000000008045 RSI: 0000200000000040 RDI: 0000000000000003 [ 142.743697][ T6761] RBP: 00007fa8fabd4090 R08: 0000000000000000 R09: 0000000000000000 [ 142.751673][ T6761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.759639][ T6761] R13: 00007fa8fcbf4038 R14: 00007fa8fcbf3fa0 R15: 00007ffc450fd218 [ 142.767623][ T6761] [ 143.135309][ T6786] netlink: 'syz.0.970': attribute type 2 has an invalid length. [ 143.158255][ T6786] netlink: 'syz.0.970': attribute type 8 has an invalid length. [ 143.183019][ T6786] netlink: 132 bytes leftover after parsing attributes in process `syz.0.970'. [ 143.200712][ T6787] netlink: 'syz.0.970': attribute type 2 has an invalid length. [ 143.210125][ T6787] netlink: 'syz.0.970': attribute type 8 has an invalid length. [ 143.252768][ T6787] netlink: 132 bytes leftover after parsing attributes in process `syz.0.970'. [ 143.438552][ T6797] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.973'. [ 143.453516][ T6794] device syzkaller0 entered promiscuous mode [ 143.677836][ T6797] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 143.769309][ T6804] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.976'. [ 143.840120][ T6806] netlink: 14 bytes leftover after parsing attributes in process `syz.1.976'. [ 143.956994][ T6815] netlink: 180 bytes leftover after parsing attributes in process `syz.0.979'. [ 144.076914][ T6821] netlink: 132 bytes leftover after parsing attributes in process `syz.1.982'. [ 144.175526][ T6824] sctp: [Deprecated]: syz.4.983 (pid 6824) Use of int in max_burst socket option deprecated. [ 144.175526][ T6824] Use struct sctp_assoc_value instead [ 144.302462][ T6833] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.988'. [ 144.599204][ T6844] netlink: 'syz.2.992': attribute type 21 has an invalid length. [ 144.819276][ T6847] netlink: 'syz.3.993': attribute type 10 has an invalid length. [ 144.828876][ T6847] team0: Device bridge0 is up. Set it down before adding it as a team port [ 145.155663][ T6862] netlink: 'syz.4.998': attribute type 10 has an invalid length. [ 145.733674][ T6872] netlink: 'syz.1.1002': attribute type 21 has an invalid length. [ 145.922542][ T6887] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1006'. [ 146.294021][ T6887] device hsr_slave_0 left promiscuous mode [ 146.393893][ T6890] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1004'. [ 146.765935][ T6901] team0: Port device team_slave_0 removed [ 146.784486][ T6901] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 146.891590][ T6897] device syzkaller0 entered promiscuous mode [ 146.918356][ T6899] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 147.151828][ T6918] netlink: 'syz.3.1016': attribute type 10 has an invalid length. [ 147.176431][ T6918] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 147.360576][ T6921] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 147.368620][ T6921] CPU: 1 PID: 6921 Comm: syz.1.1017 Not tainted syzkaller #0 [ 147.376002][ T6921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 147.386064][ T6921] Call Trace: [ 147.389351][ T6921] [ 147.392287][ T6921] dump_stack_lvl+0x188/0x250 [ 147.396986][ T6921] ? show_regs_print_info+0x20/0x20 [ 147.402196][ T6921] ? load_image+0x400/0x400 [ 147.406722][ T6921] sysfs_warn_dup+0x8a/0xa0 [ 147.411235][ T6921] sysfs_do_create_link_sd+0xc0/0x110 [ 147.416622][ T6921] device_add+0x7f6/0x1000 [ 147.421049][ T6921] wiphy_register+0x1e81/0x2c30 [ 147.425923][ T6921] ? cfg80211_event_work+0x40/0x40 [ 147.431047][ T6921] ? minstrel_ht_alloc+0x808/0x980 [ 147.436162][ T6921] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 147.442228][ T6921] ieee80211_register_hw+0x2aa1/0x3af0 [ 147.447699][ T6921] ? ieee80211_tasklet_handler+0x20/0x20 [ 147.453330][ T6921] ? __sanitizer_cov_trace_pc+0x3e/0x60 [ 147.458887][ T6921] ? memset+0x1e/0x40 [ 147.462854][ T6921] ? hrtimer_init+0x10c/0x220 [ 147.467526][ T6921] mac80211_hwsim_new_radio+0x20d3/0x4080 [ 147.473252][ T6921] hwsim_new_radio_nl+0xa6f/0xc40 [ 147.478276][ T6921] genl_rcv_msg+0xcea/0xf90 [ 147.482771][ T6921] ? lock_chain_count+0x20/0x20 [ 147.487619][ T6921] ? genl_bind+0x380/0x380 [ 147.492033][ T6921] ? verify_lock_unused+0x140/0x140 [ 147.497223][ T6921] ? rcu_preempt_deferred_qs_irqrestore+0x868/0xc30 [ 147.503819][ T6921] ? hwsim_tx_info_frame_received_nl+0x1020/0x1020 [ 147.510327][ T6921] netlink_rcv_skb+0x1f5/0x440 [ 147.515080][ T6921] ? genl_bind+0x380/0x380 [ 147.519489][ T6921] ? netlink_ack+0xb50/0xb50 [ 147.524071][ T6921] ? __lock_acquire+0x7d10/0x7d10 [ 147.529097][ T6921] ? down_read+0x1aa/0x2e0 [ 147.533509][ T6921] genl_rcv+0x24/0x40 [ 147.537480][ T6921] netlink_unicast+0x774/0x920 [ 147.542235][ T6921] netlink_sendmsg+0x8ba/0xbe0 [ 147.546993][ T6921] ? netlink_getsockopt+0x570/0x570 [ 147.552181][ T6921] ? aa_sock_msg_perm+0x94/0x150 [ 147.557119][ T6921] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 147.562392][ T6921] ? security_socket_sendmsg+0x7c/0xa0 [ 147.567837][ T6921] ? netlink_getsockopt+0x570/0x570 [ 147.573022][ T6921] ____sys_sendmsg+0x5b7/0x8f0 [ 147.577784][ T6921] ? __sys_sendmsg_sock+0x30/0x30 [ 147.582804][ T6921] ? import_iovec+0x6f/0xa0 [ 147.587299][ T6921] ___sys_sendmsg+0x236/0x2e0 [ 147.591973][ T6921] ? __sys_sendmsg+0x2a0/0x2a0 [ 147.596755][ T6921] __se_sys_sendmsg+0x1af/0x290 [ 147.601596][ T6921] ? __x64_sys_sendmsg+0x80/0x80 [ 147.606519][ T6921] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 147.612583][ T6921] ? lockdep_hardirqs_on+0x94/0x140 [ 147.617775][ T6921] do_syscall_64+0x4c/0xa0 [ 147.622175][ T6921] ? clear_bhb_loop+0x30/0x80 [ 147.626839][ T6921] ? clear_bhb_loop+0x30/0x80 [ 147.631506][ T6921] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 147.637387][ T6921] RIP: 0033:0x7fa8fc97ae59 [ 147.641791][ T6921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.661386][ T6921] RSP: 002b:00007fa8fabd4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.669790][ T6921] RAX: ffffffffffffffda RBX: 00007fa8fcbf3fa0 RCX: 00007fa8fc97ae59 [ 147.677754][ T6921] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 147.685710][ T6921] RBP: 00007fa8fca10d6f R08: 0000000000000000 R09: 0000000000000000 [ 147.693666][ T6921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.701626][ T6921] R13: 00007fa8fcbf4038 R14: 00007fa8fcbf3fa0 R15: 00007ffc450fd218 [ 147.709598][ T6921] [ 148.200070][ T6935] __nla_validate_parse: 4 callbacks suppressed [ 148.200088][ T6935] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.1018'. [ 149.610695][ T6986] netlink: 'syz.3.1041': attribute type 21 has an invalid length. [ 149.631342][ T6986] netlink: 'syz.3.1041': attribute type 39 has an invalid length. [ 150.237148][ T7010] netlink: 'syz.4.1051': attribute type 29 has an invalid length. [ 150.331847][ T7013] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1052'. [ 150.385980][ T7010] netlink: 'syz.4.1051': attribute type 29 has an invalid length. [ 151.668790][ T7066] netlink: 'syz.4.1069': attribute type 29 has an invalid length. [ 151.705955][ T7066] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1069'. [ 151.761185][ T7066] netlink: 'syz.4.1069': attribute type 29 has an invalid length. [ 151.769045][ T7066] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1069'. [ 151.984644][ T7077] netlink: 'syz.3.1073': attribute type 21 has an invalid length. [ 152.035729][ T7077] netlink: 'syz.3.1073': attribute type 6 has an invalid length. [ 152.627265][ T7104] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1082'. [ 152.694077][ T7104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1082'. [ 153.773987][ T7121] pim6reg: tun_chr_ioctl cmd 1074025677 [ 153.799441][ T7121] pim6reg: linktype set to 0 [ 155.784879][ T7135] netlink: 'syz.2.1095': attribute type 10 has an invalid length. [ 155.872982][ T7135] team0: Port device wlan1 added [ 155.895496][ T7141] netlink: 'syz.4.1096': attribute type 21 has an invalid length. [ 155.933764][ T7141] netlink: 'syz.4.1096': attribute type 6 has an invalid length. [ 155.944843][ T7136] netlink: 'syz.1.1094': attribute type 10 has an invalid length. [ 155.956443][ T7136] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1094'. [ 155.991212][ T7136] batman_adv: batadv0: Adding interface: virt_wifi0 [ 156.008854][ T7136] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.065166][ T7136] batman_adv: batadv0: Interface activated: virt_wifi0 [ 156.470167][ T7173] netlink: 'syz.2.1105': attribute type 27 has an invalid length. [ 156.494389][ T7173] netlink: 'syz.2.1105': attribute type 3 has an invalid length. [ 156.497160][ T7176] netlink: 'syz.0.1108': attribute type 3 has an invalid length. [ 156.505560][ T7173] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1105'. [ 156.540185][ T7176] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.1108'. [ 156.897914][ T7187] netlink: 'syz.2.1114': attribute type 10 has an invalid length. [ 156.913662][ T7187] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1114'. [ 156.959624][ T7187] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 157.276882][ T7205] netlink: 'syz.2.1120': attribute type 10 has an invalid length. [ 157.310061][ T7205] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1120'. [ 157.345594][ T7205] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 157.558068][ T7218] netlink: 'syz.3.1125': attribute type 27 has an invalid length. [ 157.570640][ T7218] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1125'. [ 157.643276][ T7220] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1124'. [ 157.677724][ T7225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 157.699884][ T7225] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 157.710804][ T7225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 157.732939][ T7225] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 157.808762][ T7225] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 157.849880][ T7225] batman_adv: batadv0: Removing interface: virt_wifi0 [ 158.935311][ T7228] team0: Port device wlan1 added [ 159.146413][ T7246] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 159.194542][ T7246] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 159.228616][ T7246] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 159.267227][ T7246] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 159.313126][ T7246] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 159.325229][ T7246] batman_adv: batadv0: Removing interface: virt_wifi0 [ 159.717110][ T7257] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1133'. [ 159.775230][ T7257] batman_adv: batadv0: Adding interface: virt_wifi0 [ 159.810030][ T7257] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.885038][ T7257] batman_adv: batadv0: Interface activated: virt_wifi0 [ 160.227852][ T7277] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1140'. [ 161.080726][ T7290] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1148'. [ 161.232168][ T7290] team0: Port device team_slave_0 removed [ 161.253148][ T7290] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 161.626241][ T7299] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1146'. [ 162.172513][ T7297] validate_nla: 6 callbacks suppressed [ 162.172527][ T7297] netlink: 'syz.4.1146': attribute type 2 has an invalid length. [ 162.186382][ T7296] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1149'. [ 162.195711][ T7296] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 164.665220][ T7360] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1168'. [ 164.677124][ T7360] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 164.845758][ T7379] netlink: 'syz.2.1174': attribute type 7 has an invalid length. [ 164.929932][ T7379] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1174'. [ 164.945106][ T7379] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 165.144683][ T7390] netlink: 'syz.2.1177': attribute type 21 has an invalid length. [ 165.157267][ T7390] netlink: 'syz.2.1177': attribute type 39 has an invalid length. [ 165.385127][ T7401] device geneve0 entered promiscuous mode [ 165.454132][ T7403] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1183'. [ 165.486198][ T7403] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 166.217641][ T7432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.231154][ T7432] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.242406][ T7432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.251278][ T7432] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.271378][ T7432] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 166.349841][ T7432] batman_adv: batadv0: Removing interface: virt_wifi0 [ 166.771950][ T7457] netlink: 'syz.0.1199': attribute type 10 has an invalid length. [ 166.792240][ T7457] team0: Device wlan1 is up. Set it down before adding it as a team port [ 166.928703][ T7466] netlink: 'syz.0.1204': attribute type 21 has an invalid length. [ 167.632965][ T7484] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.648342][ T7484] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.658764][ T7484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.669225][ T7484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.682967][ T7484] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 167.691073][ T7484] batman_adv: batadv0: Removing interface: virt_wifi0 [ 168.020376][ T7506] netlink: 'syz.2.1220': attribute type 10 has an invalid length. [ 168.069242][ T7506] team0: Device hsr_slave_0 failed to register rx_handler [ 168.252778][ T7516] netlink: 'syz.2.1224': attribute type 21 has an invalid length. [ 168.351564][ T7520] netlink: 'syz.4.1226': attribute type 10 has an invalid length. [ 168.384716][ T7520] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1226'. [ 168.782677][ T7538] netlink: 'syz.4.1234': attribute type 10 has an invalid length. [ 168.936874][ T7547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1238'. [ 169.076482][ T7552] netlink: 'syz.4.1240': attribute type 4 has an invalid length. [ 169.284568][ T7566] netlink: 'syz.1.1245': attribute type 10 has an invalid length. [ 169.807070][ T7587] netlink: 'syz.3.1254': attribute type 10 has an invalid length. [ 170.391824][ T7614] netlink: 'syz.1.1265': attribute type 27 has an invalid length. [ 170.405769][ T7614] netlink: 'syz.1.1265': attribute type 3 has an invalid length. [ 170.417161][ T7614] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1265'. [ 170.429094][ T7614] FAULT_INJECTION: forcing a failure. [ 170.429094][ T7614] name failslab, interval 1, probability 0, space 0, times 0 [ 170.443758][ T7614] CPU: 1 PID: 7614 Comm: syz.1.1265 Not tainted syzkaller #0 [ 170.451153][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 170.461220][ T7614] Call Trace: [ 170.464503][ T7614] [ 170.467435][ T7614] dump_stack_lvl+0x188/0x250 [ 170.472119][ T7614] ? show_regs_print_info+0x20/0x20 [ 170.477328][ T7614] ? load_image+0x400/0x400 [ 170.481857][ T7614] should_fail+0x38c/0x4c0 [ 170.486301][ T7614] should_failslab+0x5/0x20 [ 170.490821][ T7614] slab_pre_alloc_hook+0x51/0xc0 [ 170.495769][ T7614] kmem_cache_alloc_node+0x47/0x2d0 [ 170.500980][ T7614] ? __alloc_skb+0xf4/0x750 [ 170.505500][ T7614] __alloc_skb+0xf4/0x750 [ 170.509838][ T7614] inet_rtm_getroute+0x824/0x27d0 [ 170.514890][ T7614] ? kasan_set_track+0x62/0x70 [ 170.519690][ T7614] ? ip_rt_multicast_event+0x80/0x80 [ 170.524976][ T7614] ? slab_free_freelist_hook+0xea/0x170 [ 170.530546][ T7614] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 170.536547][ T7614] ? rcu_is_watching+0x11/0xa0 [ 170.541328][ T7614] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 170.547495][ T7614] ? ip_rt_multicast_event+0x80/0x80 [ 170.552797][ T7614] ? rtnetlink_rcv_msg+0x882/0xf30 [ 170.557929][ T7614] ? ip_rt_multicast_event+0x80/0x80 [ 170.563224][ T7614] rtnetlink_rcv_msg+0x893/0xf30 [ 170.568178][ T7614] ? rtnetlink_bind+0x80/0x80 [ 170.572868][ T7614] ? __local_bh_enable_ip+0x136/0x1c0 [ 170.578248][ T7614] ? lockdep_hardirqs_on+0x94/0x140 [ 170.583457][ T7614] ? __local_bh_enable_ip+0x136/0x1c0 [ 170.588838][ T7614] ? _local_bh_enable+0xa0/0xa0 [ 170.593713][ T7614] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 170.598924][ T7614] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 170.605103][ T7614] ? __copy_skb_header+0xa3/0x4f0 [ 170.610146][ T7614] ? dev_queue_xmit+0x20/0x20 [ 170.614829][ T7614] ? memcpy+0x3c/0x60 [ 170.618823][ T7614] ? __copy_skb_header+0x3ba/0x4f0 [ 170.623950][ T7614] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 170.629949][ T7614] netlink_rcv_skb+0x1f5/0x440 [ 170.634725][ T7614] ? rtnetlink_bind+0x80/0x80 [ 170.639408][ T7614] ? netlink_ack+0xb50/0xb50 [ 170.644021][ T7614] netlink_unicast+0x774/0x920 [ 170.648801][ T7614] netlink_sendmsg+0x8ba/0xbe0 [ 170.653585][ T7614] ? netlink_getsockopt+0x570/0x570 [ 170.658801][ T7614] ? aa_sock_msg_perm+0x94/0x150 [ 170.663750][ T7614] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 170.669043][ T7614] ? security_socket_sendmsg+0x7c/0xa0 [ 170.674512][ T7614] ? netlink_getsockopt+0x570/0x570 [ 170.679729][ T7614] ____sys_sendmsg+0x5b7/0x8f0 [ 170.684513][ T7614] ? __sys_sendmsg_sock+0x30/0x30 [ 170.689555][ T7614] ? import_iovec+0x6f/0xa0 [ 170.694069][ T7614] ___sys_sendmsg+0x236/0x2e0 [ 170.698763][ T7614] ? __sys_sendmsg+0x2a0/0x2a0 [ 170.703543][ T7614] ? __fget_files+0x384/0x480 [ 170.708250][ T7614] __se_sys_sendmsg+0x1af/0x290 [ 170.713117][ T7614] ? __x64_sys_sendmsg+0x80/0x80 [ 170.718077][ T7614] ? syscall_enter_from_user_mode+0x2a/0x70 [ 170.723981][ T7614] do_syscall_64+0x4c/0xa0 [ 170.728402][ T7614] ? clear_bhb_loop+0x30/0x80 [ 170.733085][ T7614] ? clear_bhb_loop+0x30/0x80 [ 170.737777][ T7614] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 170.743670][ T7614] RIP: 0033:0x7fa8fc97ae59 [ 170.748092][ T7614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 170.767708][ T7614] RSP: 002b:00007fa8fabd4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.776133][ T7614] RAX: ffffffffffffffda RBX: 00007fa8fcbf3fa0 RCX: 00007fa8fc97ae59 [ 170.784116][ T7614] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 170.792098][ T7614] RBP: 00007fa8fabd4090 R08: 0000000000000000 R09: 0000000000000000 [ 170.800078][ T7614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.808055][ T7614] R13: 00007fa8fcbf4038 R14: 00007fa8fcbf3fa0 R15: 00007ffc450fd218 [ 170.816058][ T7614] [ 170.850983][ T4190] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 171.048748][ T7629] netlink: 'syz.0.1271': attribute type 21 has an invalid length. [ 171.743184][ T7666] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1285'. [ 172.051815][ T7690] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1294'. [ 172.105618][ T7683] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1294'. [ 173.041055][ T7736] validate_nla: 8 callbacks suppressed [ 173.041099][ T7736] netlink: 'syz.1.1313': attribute type 21 has an invalid length. [ 173.104974][ T7737] netlink: 'syz.1.1313': attribute type 39 has an invalid length. [ 173.242367][ T7748] device syzkaller0 entered promiscuous mode [ 173.290690][ T7753] netlink: 'syz.4.1321': attribute type 6 has an invalid length. [ 173.316167][ T7753] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1321'. [ 174.183505][ T7796] netlink: 'syz.1.1334': attribute type 27 has an invalid length. [ 174.220198][ T7796] netlink: 'syz.1.1334': attribute type 25 has an invalid length. [ 174.353935][ T7803] netlink: 'syz.2.1339': attribute type 10 has an invalid length. [ 174.410043][ T7811] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.1342'. [ 174.497660][ T7807] netlink: 'syz.0.1337': attribute type 21 has an invalid length. [ 174.526169][ T7818] netlink: 'syz.0.1337': attribute type 39 has an invalid length. [ 174.640323][ T7814] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1343'. [ 175.302670][ T7851] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.1357'. [ 175.475131][ T7853] netlink: 'syz.3.1357': attribute type 19 has an invalid length. [ 175.560167][ T7853] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1357'. [ 175.639838][ T21] Bluetooth: hci0: command 0x0406 tx timeout [ 175.646182][ T7861] netlink: 'syz.1.1361': attribute type 2 has an invalid length. [ 175.652922][ T21] Bluetooth: hci2: command 0x0406 tx timeout [ 175.654156][ T4228] Bluetooth: hci1: command 0x0406 tx timeout [ 175.676687][ T21] Bluetooth: hci3: command 0x0406 tx timeout [ 175.686557][ T7861] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1361'. [ 175.703219][ T21] Bluetooth: hci4: command 0x0406 tx timeout [ 175.726437][ T7862] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1361'. [ 176.318239][ T7884] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1368'. [ 176.362459][ T7879] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1368'. [ 176.553802][ T7888] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1373'. [ 176.575213][ T7895] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1375'. [ 176.746374][ T7888] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 177.705662][ T7930] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 178.762743][ T7974] validate_nla: 8 callbacks suppressed [ 178.762785][ T7974] netlink: 'syz.3.1399': attribute type 10 has an invalid length. [ 178.795216][ T7976] netlink: 'syz.2.1400': attribute type 2 has an invalid length. [ 178.896239][ T7978] netlink: 'syz.1.1397': attribute type 21 has an invalid length. [ 178.944006][ T7978] netlink: 'syz.1.1397': attribute type 39 has an invalid length. [ 179.261768][ T7998] netlink: 'syz.2.1407': attribute type 21 has an invalid length. [ 179.291595][ T8003] device lo entered promiscuous mode [ 179.302841][ T8003] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 180.035432][ T8068] device syzkaller0 entered promiscuous mode [ 180.053945][ T8069] netlink: 'syz.4.1417': attribute type 21 has an invalid length. [ 180.077073][ T8079] netlink: 'syz.4.1417': attribute type 39 has an invalid length. [ 180.102793][ T8081] netlink: 'syz.3.1420': attribute type 10 has an invalid length. [ 180.115586][ T8085] netlink: 'syz.0.1422': attribute type 4 has an invalid length. [ 180.132710][ T8085] netlink: 'syz.0.1422': attribute type 5 has an invalid length. [ 180.141708][ T8085] __nla_validate_parse: 2 callbacks suppressed [ 180.141723][ T8085] netlink: 198172 bytes leftover after parsing attributes in process `syz.0.1422'. [ 180.150646][ T8081] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 180.170329][ T8081] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 180.182645][ T8081] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 180.195530][ T8081] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 180.307524][ T8093] netlink: 105 bytes leftover after parsing attributes in process `syz.0.1425'. [ 180.348156][ T8093] netlink: 105 bytes leftover after parsing attributes in process `syz.0.1425'. [ 180.728224][ T8122] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1434'. [ 180.751305][ T8122] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1434'. [ 180.774257][ T8124] netlink: 209592 bytes leftover after parsing attributes in process `syz.0.1436'. [ 181.490064][ T8160] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1453'. [ 181.682492][ T8163] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 181.760225][ T8163] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 182.559057][ T8211] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1473'. [ 182.867577][ T8230] FAULT_INJECTION: forcing a failure. [ 182.867577][ T8230] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.943166][ T8230] CPU: 1 PID: 8230 Comm: syz.0.1481 Not tainted syzkaller #0 [ 182.950582][ T8230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 182.960654][ T8230] Call Trace: [ 182.963934][ T8230] [ 182.966862][ T8230] dump_stack_lvl+0x188/0x250 [ 182.971544][ T8230] ? show_regs_print_info+0x20/0x20 [ 182.976747][ T8230] ? load_image+0x400/0x400 [ 182.981255][ T8230] ? __lock_acquire+0x7d10/0x7d10 [ 182.986287][ T8230] should_fail+0x38c/0x4c0 [ 182.990716][ T8230] _copy_to_user+0x2e/0x130 [ 182.995230][ T8230] simple_read_from_buffer+0xe3/0x150 [ 183.000621][ T8230] proc_fail_nth_read+0x1a6/0x220 [ 183.005661][ T8230] ? proc_fault_inject_write+0x310/0x310 [ 183.011302][ T8230] ? fsnotify_perm+0x254/0x560 [ 183.016070][ T8230] ? proc_fault_inject_write+0x310/0x310 [ 183.021705][ T8230] vfs_read+0x301/0xd60 [ 183.025881][ T8230] ? kernel_read+0x1e0/0x1e0 [ 183.030488][ T8230] ? __fget_files+0x40f/0x480 [ 183.035180][ T8230] ? mutex_lock_nested+0x17/0x20 [ 183.040124][ T8230] ? __fdget_pos+0x2bf/0x370 [ 183.044717][ T8230] ? ksys_read+0x71/0x260 [ 183.049053][ T8230] ksys_read+0x152/0x260 [ 183.053311][ T8230] ? vfs_write+0xd60/0xd60 [ 183.057747][ T8230] ? lockdep_hardirqs_on+0x94/0x140 [ 183.062960][ T8230] do_syscall_64+0x4c/0xa0 [ 183.067383][ T8230] ? clear_bhb_loop+0x30/0x80 [ 183.072060][ T8230] ? clear_bhb_loop+0x30/0x80 [ 183.076746][ T8230] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 183.082649][ T8230] RIP: 0033:0x7fa907b2b68e [ 183.087076][ T8230] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 183.106697][ T8230] RSP: 002b:00007fa905dc3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 183.115133][ T8230] RAX: ffffffffffffffda RBX: 00007fa905dc46c0 RCX: 00007fa907b2b68e [ 183.123121][ T8230] RDX: 000000000000000f RSI: 00007fa905dc40a0 RDI: 0000000000000004 [ 183.131106][ T8230] RBP: 00007fa905dc4090 R08: 0000000000000000 R09: 0000000000000000 [ 183.139086][ T8230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.147173][ T8230] R13: 00007fa907de4038 R14: 00007fa907de3fa0 R15: 00007fff6cad2c28 [ 183.155180][ T8230] [ 183.176144][ T8229] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1480'. [ 183.228316][ T8229] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1480'. [ 183.549295][ T8252] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 183.598172][ T8252] CPU: 1 PID: 8252 Comm: syz.4.1488 Not tainted syzkaller #0 [ 183.605594][ T8252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 183.615666][ T8252] Call Trace: [ 183.618977][ T8252] [ 183.621913][ T8252] dump_stack_lvl+0x188/0x250 [ 183.626602][ T8252] ? show_regs_print_info+0x20/0x20 [ 183.631818][ T8252] ? load_image+0x400/0x400 [ 183.636352][ T8252] sysfs_warn_dup+0x8a/0xa0 [ 183.640869][ T8252] sysfs_do_create_link_sd+0xc0/0x110 [ 183.646251][ T8252] device_add+0x7f6/0x1000 [ 183.650706][ T8252] wiphy_register+0x1e81/0x2c30 [ 183.655597][ T8252] ? cfg80211_event_work+0x40/0x40 [ 183.660730][ T8252] ? minstrel_ht_alloc+0x808/0x980 [ 183.665859][ T8252] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 183.671948][ T8252] ieee80211_register_hw+0x2aa1/0x3af0 [ 183.677454][ T8252] ? ieee80211_tasklet_handler+0x20/0x20 [ 183.683113][ T8252] ? rcu_is_watching+0x11/0xa0 [ 183.687896][ T8252] ? memset+0x1e/0x40 [ 183.691891][ T8252] ? hrtimer_init+0x10c/0x220 [ 183.696589][ T8252] mac80211_hwsim_new_radio+0x20d3/0x4080 [ 183.702358][ T8252] hwsim_new_radio_nl+0xa6f/0xc40 [ 183.707420][ T8252] genl_rcv_msg+0xcea/0xf90 [ 183.711957][ T8252] ? genl_bind+0x380/0x380 [ 183.716397][ T8252] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 183.721615][ T8252] ? verify_lock_unused+0x140/0x140 [ 183.726848][ T8252] ? dev_queue_xmit+0x20/0x20 [ 183.731543][ T8252] ? hwsim_tx_info_frame_received_nl+0x1020/0x1020 [ 183.738089][ T8252] netlink_rcv_skb+0x1f5/0x440 [ 183.742872][ T8252] ? genl_bind+0x380/0x380 [ 183.747309][ T8252] ? netlink_ack+0xb50/0xb50 [ 183.751919][ T8252] ? __lock_acquire+0x7d10/0x7d10 [ 183.756969][ T8252] ? down_read+0x1aa/0x2e0 [ 183.761410][ T8252] genl_rcv+0x24/0x40 [ 183.765412][ T8252] netlink_unicast+0x774/0x920 [ 183.770203][ T8252] netlink_sendmsg+0x8ba/0xbe0 [ 183.774993][ T8252] ? netlink_getsockopt+0x570/0x570 [ 183.780210][ T8252] ? aa_sock_msg_perm+0x94/0x150 [ 183.785169][ T8252] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 183.790473][ T8252] ? security_socket_sendmsg+0x7c/0xa0 [ 183.795953][ T8252] ? netlink_getsockopt+0x570/0x570 [ 183.801170][ T8252] ____sys_sendmsg+0x5b7/0x8f0 [ 183.805957][ T8252] ? __sys_sendmsg_sock+0x30/0x30 [ 183.811009][ T8252] ? import_iovec+0x6f/0xa0 [ 183.815538][ T8252] ___sys_sendmsg+0x236/0x2e0 [ 183.820245][ T8252] ? __sys_sendmsg+0x2a0/0x2a0 [ 183.825064][ T8252] __se_sys_sendmsg+0x1af/0x290 [ 183.829924][ T8252] ? __x64_sys_sendmsg+0x80/0x80 [ 183.834874][ T8252] ? syscall_enter_from_user_mode+0x2a/0x70 [ 183.840765][ T8252] do_syscall_64+0x4c/0xa0 [ 183.845175][ T8252] ? clear_bhb_loop+0x30/0x80 [ 183.849845][ T8252] ? clear_bhb_loop+0x30/0x80 [ 183.854520][ T8252] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 183.860408][ T8252] RIP: 0033:0x7f7cdf99ce59 [ 183.864814][ T8252] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 183.884505][ T8252] RSP: 002b:00007f7cddbf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 183.892913][ T8252] RAX: ffffffffffffffda RBX: 00007f7cdfc15fa0 RCX: 00007f7cdf99ce59 [ 183.900875][ T8252] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 183.908924][ T8252] RBP: 00007f7cdfa32d6f R08: 0000000000000000 R09: 0000000000000000 [ 183.916890][ T8252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.924847][ T8252] R13: 00007f7cdfc16038 R14: 00007f7cdfc15fa0 R15: 00007ffe8435c628 [ 183.932821][ T8252] [ 184.190050][ T8268] validate_nla: 10 callbacks suppressed [ 184.190094][ T8268] netlink: 'syz.2.1495': attribute type 21 has an invalid length. [ 184.542110][ T8287] netlink: 'syz.1.1499': attribute type 7 has an invalid length. [ 185.135240][ T8298] netlink: 'syz.1.1504': attribute type 10 has an invalid length. [ 185.148895][ T8298] device virt_wifi0 entered promiscuous mode [ 185.180466][ T8304] __nla_validate_parse: 4 callbacks suppressed [ 185.180503][ T8304] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1508'. [ 185.201753][ T8298] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 185.263400][ T8304] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 185.276486][ T8304] CPU: 1 PID: 8304 Comm: syz.3.1508 Not tainted syzkaller #0 [ 185.283912][ T8304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 185.293987][ T8304] Call Trace: [ 185.297299][ T8304] [ 185.300766][ T8304] dump_stack_lvl+0x188/0x250 [ 185.305470][ T8304] ? show_regs_print_info+0x20/0x20 [ 185.310691][ T8304] ? load_image+0x400/0x400 [ 185.315228][ T8304] sysfs_warn_dup+0x8a/0xa0 [ 185.319752][ T8304] sysfs_do_create_link_sd+0xc0/0x110 [ 185.325148][ T8304] device_add+0x7f6/0x1000 [ 185.329598][ T8304] wiphy_register+0x1e81/0x2c30 [ 185.334493][ T8304] ? cfg80211_event_work+0x40/0x40 [ 185.339626][ T8304] ? minstrel_ht_alloc+0x808/0x980 [ 185.344761][ T8304] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 185.350847][ T8304] ieee80211_register_hw+0x2aa1/0x3af0 [ 185.356344][ T8304] ? ieee80211_tasklet_handler+0x20/0x20 [ 185.361999][ T8304] ? rcu_is_watching+0x11/0xa0 [ 185.366779][ T8304] ? memset+0x1e/0x40 [ 185.370771][ T8304] ? hrtimer_init+0x10c/0x220 [ 185.375466][ T8304] mac80211_hwsim_new_radio+0x20d3/0x4080 [ 185.381226][ T8304] hwsim_new_radio_nl+0xa6f/0xc40 [ 185.386286][ T8304] genl_rcv_msg+0xcea/0xf90 [ 185.390814][ T8304] ? lock_chain_count+0x20/0x20 [ 185.395698][ T8304] ? genl_bind+0x380/0x380 [ 185.400136][ T8304] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 185.406138][ T8304] ? lock_chain_count+0x20/0x20 [ 185.411102][ T8304] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 185.417282][ T8304] ? lockdep_hardirqs_on+0x94/0x140 [ 185.422527][ T8304] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 185.428702][ T8304] ? hwsim_tx_info_frame_received_nl+0x1020/0x1020 [ 185.435229][ T8304] ? lock_acquire+0x208/0x400 [ 185.439946][ T8304] netlink_rcv_skb+0x1f5/0x440 [ 185.444902][ T8304] ? genl_bind+0x380/0x380 [ 185.449340][ T8304] ? netlink_ack+0xb50/0xb50 [ 185.453945][ T8304] ? __lock_acquire+0x7d10/0x7d10 [ 185.458992][ T8304] ? down_read+0x1aa/0x2e0 [ 185.463425][ T8304] genl_rcv+0x24/0x40 [ 185.467421][ T8304] netlink_unicast+0x774/0x920 [ 185.472209][ T8304] netlink_sendmsg+0x8ba/0xbe0 [ 185.477005][ T8304] ? netlink_getsockopt+0x570/0x570 [ 185.482225][ T8304] ? aa_sock_msg_perm+0x94/0x150 [ 185.487192][ T8304] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 185.492494][ T8304] ? security_socket_sendmsg+0x7c/0xa0 [ 185.497969][ T8304] ? netlink_getsockopt+0x570/0x570 [ 185.503184][ T8304] ____sys_sendmsg+0x5b7/0x8f0 [ 185.508035][ T8304] ? __sys_sendmsg_sock+0x30/0x30 [ 185.513179][ T8304] ? import_iovec+0x6f/0xa0 [ 185.517707][ T8304] ___sys_sendmsg+0x236/0x2e0 [ 185.522494][ T8304] ? __sys_sendmsg+0x2a0/0x2a0 [ 185.527296][ T8304] ? ktime_get_real_ts64+0x440/0x440 [ 185.532624][ T8304] __se_sys_sendmsg+0x1af/0x290 [ 185.537496][ T8304] ? __x64_sys_sendmsg+0x80/0x80 [ 185.542465][ T8304] ? syscall_enter_from_user_mode+0x2a/0x70 [ 185.548388][ T8304] do_syscall_64+0x4c/0xa0 [ 185.552830][ T8304] ? clear_bhb_loop+0x30/0x80 [ 185.557523][ T8304] ? clear_bhb_loop+0x30/0x80 [ 185.562213][ T8304] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 185.568123][ T8304] RIP: 0033:0x7f7819516e59 [ 185.572548][ T8304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 185.592164][ T8304] RSP: 002b:00007f7817770028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.600585][ T8304] RAX: ffffffffffffffda RBX: 00007f781978ffa0 RCX: 00007f7819516e59 [ 185.608570][ T8304] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000b [ 185.616546][ T8304] RBP: 00007f78195acd6f R08: 0000000000000000 R09: 0000000000000000 [ 185.624511][ T8304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.632471][ T8304] R13: 00007f7819790038 R14: 00007f781978ffa0 R15: 00007fff4af673b8 [ 185.640447][ T8304] [ 185.789944][ T8314] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1510'. [ 185.877723][ T8323] netlink: 'syz.1.1513': attribute type 21 has an invalid length. [ 186.231537][ T8344] netlink: 'syz.4.1522': attribute type 10 has an invalid length. [ 186.274251][ T8344] team0: Device wlan1 is up. Set it down before adding it as a team port [ 186.351535][ T8350] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.1521'. [ 186.440524][ T8350] netlink: zone id is out of range [ 186.467898][ T8350] netlink: del zone limit has 8 unknown bytes [ 187.054723][ T8370] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1534'. [ 187.070771][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 187.088921][ T8370] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 187.122303][ T8374] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1534'. [ 187.132671][ T8374] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 187.174469][ T8375] netlink: 'syz.0.1530': attribute type 3 has an invalid length. [ 187.188424][ T8375] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.1530'. [ 187.416027][ T8392] netlink: 'syz.1.1541': attribute type 10 has an invalid length. [ 187.440315][ T8392] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1541'. [ 187.467182][ T8392] device team0 entered promiscuous mode [ 187.488802][ T8392] device team_slave_1 entered promiscuous mode [ 187.500329][ T8392] device hsr_slave_0 entered promiscuous mode [ 187.507548][ T8392] device wlan1 entered promiscuous mode [ 187.525375][ T8392] bridge0: port 3(team0) entered blocking state [ 187.532417][ T8392] bridge0: port 3(team0) entered disabled state [ 187.593354][ T8395] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.1543'. [ 187.650547][ T8395] netlink: zone id is out of range [ 187.685552][ T8395] netlink: del zone limit has 8 unknown bytes [ 187.950476][ T8422] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.1556'. [ 187.982081][ T8423] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.1554'. [ 188.327662][ T8440] netlink: 'syz.0.1563': attribute type 10 has an invalid length. [ 188.426788][ T8448] netlink: zone id is out of range [ 188.453842][ T8448] netlink: del zone limit has 8 unknown bytes [ 189.945333][ T8485] netlink: 'syz.4.1580': attribute type 10 has an invalid length. [ 189.989949][ T8485] device team0 entered promiscuous mode [ 190.024234][ T8485] device team_slave_0 entered promiscuous mode [ 190.040446][ T8485] device team_slave_1 entered promiscuous mode [ 190.055680][ T8485] bridge0: port 2(team0) entered blocking state [ 190.084180][ T8485] bridge0: port 2(team0) entered disabled state [ 190.118759][ T8501] netlink: zone id is out of range [ 190.132445][ T8485] bridge0: port 2(team0) entered blocking state [ 190.139042][ T8485] bridge0: port 2(team0) entered forwarding state [ 190.159444][ T8495] netlink: 'syz.3.1584': attribute type 21 has an invalid length. [ 190.159978][ T8501] netlink: del zone limit has 8 unknown bytes [ 190.230862][ T8506] netlink: 'syz.0.1588': attribute type 27 has an invalid length. [ 190.239066][ T8506] netlink: 'syz.0.1588': attribute type 3 has an invalid length. [ 190.248136][ T8506] __nla_validate_parse: 6 callbacks suppressed [ 190.248166][ T8506] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1588'. [ 190.264728][ T8506] FAULT_INJECTION: forcing a failure. [ 190.264728][ T8506] name failslab, interval 1, probability 0, space 0, times 0 [ 190.278045][ T8506] CPU: 1 PID: 8506 Comm: syz.0.1588 Not tainted syzkaller #0 [ 190.285440][ T8506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 190.295509][ T8506] Call Trace: [ 190.298797][ T8506] [ 190.301737][ T8506] dump_stack_lvl+0x188/0x250 [ 190.306441][ T8506] ? show_regs_print_info+0x20/0x20 [ 190.311655][ T8506] ? load_image+0x400/0x400 [ 190.316181][ T8506] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 190.322377][ T8506] should_fail+0x38c/0x4c0 [ 190.326822][ T8506] should_failslab+0x5/0x20 [ 190.331343][ T8506] slab_pre_alloc_hook+0x51/0xc0 [ 190.336306][ T8506] ? dst_alloc+0x101/0x160 [ 190.340731][ T8506] kmem_cache_alloc+0x3d/0x290 [ 190.345504][ T8506] dst_alloc+0x101/0x160 [ 190.349764][ T8506] ip_route_input_rcu+0x2094/0x31d0 [ 190.354990][ T8506] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 190.360984][ T8506] ? ip_route_input_noref+0x250/0x250 [ 190.366387][ T8506] ? lockdep_hardirqs_on+0x94/0x140 [ 190.371611][ T8506] ? dev_get_by_index_rcu+0x8b/0x110 [ 190.376910][ T8506] inet_rtm_getroute+0x100f/0x27d0 [ 190.382045][ T8506] ? ip_rt_multicast_event+0x80/0x80 [ 190.387368][ T8506] ? check_preemption_disabled+0x2e/0x110 [ 190.393130][ T8506] ? __lock_acquire+0x7d10/0x7d10 [ 190.398172][ T8506] ? ip_rt_multicast_event+0x80/0x80 [ 190.403471][ T8506] ? ip_rt_multicast_event+0x80/0x80 [ 190.408770][ T8506] rtnetlink_rcv_msg+0x893/0xf30 [ 190.413730][ T8506] ? rtnetlink_bind+0x80/0x80 [ 190.418414][ T8506] ? __local_bh_enable_ip+0x136/0x1c0 [ 190.423791][ T8506] ? lockdep_hardirqs_on+0x94/0x140 [ 190.429008][ T8506] ? __local_bh_enable_ip+0x136/0x1c0 [ 190.434401][ T8506] ? _local_bh_enable+0xa0/0xa0 [ 190.439272][ T8506] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 190.444478][ T8506] ? lock_chain_count+0x20/0x20 [ 190.449532][ T8506] ? perf_trace_lock+0xe4/0x390 [ 190.454397][ T8506] ? trace_event_raw_event_lock+0x270/0x270 [ 190.460302][ T8506] ? __skb_clone+0x480/0x790 [ 190.464919][ T8506] netlink_rcv_skb+0x1f5/0x440 [ 190.469701][ T8506] ? rtnetlink_bind+0x80/0x80 [ 190.474394][ T8506] ? netlink_ack+0xb50/0xb50 [ 190.479012][ T8506] netlink_unicast+0x774/0x920 [ 190.483798][ T8506] netlink_sendmsg+0x8ba/0xbe0 [ 190.488584][ T8506] ? netlink_getsockopt+0x570/0x570 [ 190.493794][ T8506] ? aa_sock_msg_perm+0x94/0x150 [ 190.498750][ T8506] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 190.504042][ T8506] ? security_socket_sendmsg+0x7c/0xa0 [ 190.509510][ T8506] ? netlink_getsockopt+0x570/0x570 [ 190.514807][ T8506] ____sys_sendmsg+0x5b7/0x8f0 [ 190.519593][ T8506] ? __sys_sendmsg_sock+0x30/0x30 [ 190.524635][ T8506] ? import_iovec+0x6f/0xa0 [ 190.529157][ T8506] ___sys_sendmsg+0x236/0x2e0 [ 190.533856][ T8506] ? __sys_sendmsg+0x2a0/0x2a0 [ 190.538677][ T8506] __se_sys_sendmsg+0x1af/0x290 [ 190.543538][ T8506] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 190.549708][ T8506] ? __x64_sys_sendmsg+0x80/0x80 [ 190.554672][ T8506] ? __x64_sys_sendmsg+0x4f/0x80 [ 190.559620][ T8506] do_syscall_64+0x4c/0xa0 [ 190.564039][ T8506] ? clear_bhb_loop+0x30/0x80 [ 190.568716][ T8506] ? clear_bhb_loop+0x30/0x80 [ 190.573401][ T8506] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 190.579297][ T8506] RIP: 0033:0x7fa907b6ae59 [ 190.583730][ T8506] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 190.603430][ T8506] RSP: 002b:00007fa905dc4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.611860][ T8506] RAX: ffffffffffffffda RBX: 00007fa907de3fa0 RCX: 00007fa907b6ae59 [ 190.619839][ T8506] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 190.627816][ T8506] RBP: 00007fa905dc4090 R08: 0000000000000000 R09: 0000000000000000 [ 190.635792][ T8506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.643770][ T8506] R13: 00007fa907de4038 R14: 00007fa907de3fa0 R15: 00007fff6cad2c28 [ 190.651775][ T8506] [ 190.968628][ T8518] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1592'. [ 191.524822][ T8541] netlink: 'syz.0.1602': attribute type 10 has an invalid length. [ 191.555170][ T8541] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1602'. [ 191.568149][ T8541] device team0 entered promiscuous mode [ 191.575794][ T8541] device team_slave_1 entered promiscuous mode [ 191.591038][ T8541] bridge0: port 3(team0) entered blocking state [ 191.597688][ T8541] bridge0: port 3(team0) entered disabled state [ 191.742724][ T8548] netlink: 'syz.3.1606': attribute type 21 has an invalid length. [ 192.134817][ T8577] netlink: 'syz.3.1617': attribute type 10 has an invalid length. [ 192.157691][ T8577] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1617'. [ 192.186835][ T8577] device team0 entered promiscuous mode [ 192.206126][ T8577] device team_slave_1 entered promiscuous mode [ 192.240155][ T8577] device wlan1 entered promiscuous mode [ 192.264198][ T8577] bridge0: port 3(team0) entered blocking state [ 192.279532][ T8577] bridge0: port 3(team0) entered disabled state [ 192.309482][ T8577] bridge0: port 3(team0) entered blocking state [ 192.316053][ T8577] bridge0: port 3(team0) entered forwarding state [ 193.110909][ T8615] netlink: 'syz.0.1631': attribute type 10 has an invalid length. [ 193.295104][ T8624] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.1634'. [ 193.987967][ T8652] netlink: 'syz.4.1644': attribute type 6 has an invalid length. [ 194.046291][ T8652] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1644'. [ 194.050880][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.062323][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.193010][ T8654] netlink: 'syz.3.1645': attribute type 10 has an invalid length. [ 194.223444][ T8654] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1645'. [ 195.177511][ T8699] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.1661'. [ 196.196547][ T8739] netlink: 'syz.0.1677': attribute type 10 has an invalid length. [ 196.241267][ T8739] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.277590][ T8739] device bridge_slave_1 left promiscuous mode [ 196.291284][ T8739] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.313687][ T8746] netlink: 'syz.3.1679': attribute type 10 has an invalid length. [ 196.329434][ T8746] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1679'. [ 196.359439][ T8749] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.1681'. [ 196.509639][ T8758] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.1685'. [ 196.554030][ T8762] netlink: 'syz.2.1684': attribute type 21 has an invalid length. [ 197.021245][ T8782] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.1693'. [ 199.575870][ T8873] netlink: 'syz.4.1724': attribute type 10 has an invalid length. [ 199.626348][ T8873] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1724'. [ 200.110152][ T8882] netlink: 'syz.2.1726': attribute type 21 has an invalid length. [ 200.639367][ T8916] netlink: 197276 bytes leftover after parsing attributes in process `syz.4.1736'. [ 201.071444][ T8933] netlink: 'syz.2.1742': attribute type 21 has an invalid length. [ 201.127903][ T8939] netlink: 'syz.0.1745': attribute type 10 has an invalid length. [ 201.165867][ T8939] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1745'. [ 201.995043][ T8954] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1750'. [ 202.035982][ T8962] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1752'. [ 202.061792][ T8964] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1753'. [ 202.104974][ T8964] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 202.120223][ T8964] CPU: 1 PID: 8964 Comm: syz.1.1753 Not tainted syzkaller #0 [ 202.127634][ T8964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 202.137706][ T8964] Call Trace: [ 202.140996][ T8964] [ 202.143948][ T8964] dump_stack_lvl+0x188/0x250 [ 202.148743][ T8964] ? show_regs_print_info+0x20/0x20 [ 202.153960][ T8964] ? load_image+0x400/0x400 [ 202.158489][ T8964] sysfs_warn_dup+0x8a/0xa0 [ 202.163012][ T8964] sysfs_do_create_link_sd+0xc0/0x110 [ 202.168407][ T8964] device_add+0x7f6/0x1000 [ 202.172844][ T8964] wiphy_register+0x1e81/0x2c30 [ 202.177716][ T8964] ? cfg80211_event_work+0x40/0x40 [ 202.182831][ T8964] ? minstrel_ht_alloc+0x808/0x980 [ 202.187951][ T8964] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 202.194129][ T8964] ieee80211_register_hw+0x2aa1/0x3af0 [ 202.199596][ T8964] ? ieee80211_tasklet_handler+0x20/0x20 [ 202.205222][ T8964] ? rcu_is_watching+0x11/0xa0 [ 202.209980][ T8964] ? memset+0x1e/0x40 [ 202.213953][ T8964] ? hrtimer_init+0x10c/0x220 [ 202.218623][ T8964] mac80211_hwsim_new_radio+0x20d3/0x4080 [ 202.224347][ T8964] hwsim_new_radio_nl+0xa6f/0xc40 [ 202.229385][ T8964] genl_rcv_msg+0xcea/0xf90 [ 202.233903][ T8964] ? genl_bind+0x380/0x380 [ 202.238413][ T8964] ? verify_lock_unused+0x140/0x140 [ 202.243611][ T8964] ? rcu_nmi_exit+0x6f/0xf0 [ 202.248110][ T8964] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 202.254087][ T8964] ? lock_chain_count+0x20/0x20 [ 202.258931][ T8964] ? hwsim_tx_info_frame_received_nl+0x1020/0x1020 [ 202.265444][ T8964] netlink_rcv_skb+0x1f5/0x440 [ 202.270200][ T8964] ? genl_bind+0x380/0x380 [ 202.274608][ T8964] ? netlink_ack+0xb50/0xb50 [ 202.279189][ T8964] ? __lock_acquire+0x7d10/0x7d10 [ 202.284208][ T8964] ? down_read+0x1aa/0x2e0 [ 202.288619][ T8964] genl_rcv+0x24/0x40 [ 202.292593][ T8964] netlink_unicast+0x774/0x920 [ 202.297354][ T8964] netlink_sendmsg+0x8ba/0xbe0 [ 202.302121][ T8964] ? netlink_getsockopt+0x570/0x570 [ 202.307309][ T8964] ? aa_sock_msg_perm+0x94/0x150 [ 202.312238][ T8964] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 202.317515][ T8964] ? security_socket_sendmsg+0x7c/0xa0 [ 202.322962][ T8964] ? netlink_getsockopt+0x570/0x570 [ 202.328146][ T8964] ____sys_sendmsg+0x5b7/0x8f0 [ 202.332918][ T8964] ? __sys_sendmsg_sock+0x30/0x30 [ 202.337943][ T8964] ? import_iovec+0x6f/0xa0 [ 202.342441][ T8964] ___sys_sendmsg+0x236/0x2e0 [ 202.347134][ T8964] ? __sys_sendmsg+0x2a0/0x2a0 [ 202.351899][ T8964] ? ktime_get_real_ts64+0x440/0x440 [ 202.357200][ T8964] __se_sys_sendmsg+0x1af/0x290 [ 202.362043][ T8964] ? __x64_sys_sendmsg+0x80/0x80 [ 202.366988][ T8964] ? syscall_enter_from_user_mode+0x2a/0x70 [ 202.372879][ T8964] do_syscall_64+0x4c/0xa0 [ 202.377290][ T8964] ? clear_bhb_loop+0x30/0x80 [ 202.381955][ T8964] ? clear_bhb_loop+0x30/0x80 [ 202.386621][ T8964] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 202.392506][ T8964] RIP: 0033:0x7fa8fc97ae59 [ 202.396915][ T8964] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 202.416507][ T8964] RSP: 002b:00007fa8fabd4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 202.424916][ T8964] RAX: ffffffffffffffda RBX: 00007fa8fcbf3fa0 RCX: 00007fa8fc97ae59 [ 202.432877][ T8964] RDX: 0000000000002000 RSI: 0000200000000000 RDI: 000000000000000b [ 202.440850][ T8964] RBP: 00007fa8fca10d6f R08: 0000000000000000 R09: 0000000000000000 [ 202.448808][ T8964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 202.456781][ T8964] R13: 00007fa8fcbf4038 R14: 00007fa8fcbf3fa0 R15: 00007ffc450fd218 [ 202.464783][ T8964] [ 202.650081][ T8981] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.1759'. [ 203.307830][ T9007] FAULT_INJECTION: forcing a failure. [ 203.307830][ T9007] name failslab, interval 1, probability 0, space 0, times 0 [ 203.369568][ T9007] CPU: 0 PID: 9007 Comm: syz.3.1767 Not tainted syzkaller #0 [ 203.376993][ T9007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 203.387072][ T9007] Call Trace: [ 203.390362][ T9007] [ 203.393297][ T9007] dump_stack_lvl+0x188/0x250 [ 203.397998][ T9007] ? show_regs_print_info+0x20/0x20 [ 203.403210][ T9007] ? load_image+0x400/0x400 [ 203.407739][ T9007] ? __lock_acquire+0x7d10/0x7d10 [ 203.412776][ T9007] ? __lock_acquire+0x7d10/0x7d10 [ 203.417815][ T9007] should_fail+0x38c/0x4c0 [ 203.422250][ T9007] should_failslab+0x5/0x20 [ 203.426763][ T9007] slab_pre_alloc_hook+0x51/0xc0 [ 203.431713][ T9007] __kmalloc_node+0x6e/0x3b0 [ 203.436313][ T9007] ? vmemdup_user+0x45/0x170 [ 203.440919][ T9007] vmemdup_user+0x45/0x170 [ 203.445346][ T9007] map_get_next_key+0x225/0x5f0 [ 203.450211][ T9007] ? bpf_lsm_bpf+0x5/0x10 [ 203.454555][ T9007] __sys_bpf+0x3e5/0x6f0 [ 203.458804][ T9007] ? perf_trace_preemptirq_template+0x2aa/0x360 [ 203.465060][ T9007] ? bpf_link_show_fdinfo+0x380/0x380 [ 203.470446][ T9007] ? rcu_nmi_exit+0x6f/0xf0 [ 203.474972][ T9007] ? vtime_user_exit+0x2c8/0x3e0 [ 203.479929][ T9007] __x64_sys_bpf+0x78/0x90 [ 203.484361][ T9007] do_syscall_64+0x4c/0xa0 [ 203.488789][ T9007] ? clear_bhb_loop+0x30/0x80 [ 203.493474][ T9007] ? clear_bhb_loop+0x30/0x80 [ 203.498181][ T9007] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 203.504088][ T9007] RIP: 0033:0x7f7819516e59 [ 203.508519][ T9007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 203.528136][ T9007] RSP: 002b:00007f7817770028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 203.536570][ T9007] RAX: ffffffffffffffda RBX: 00007f781978ffa0 RCX: 00007f7819516e59 [ 203.544556][ T9007] RDX: 0000000000000020 RSI: 0000200000002ec0 RDI: 0000000000000004 [ 203.552538][ T9007] RBP: 00007f7817770090 R08: 0000000000000000 R09: 0000000000000000 [ 203.560519][ T9007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.568500][ T9007] R13: 00007f7819790038 R14: 00007f781978ffa0 R15: 00007fff4af673b8 [ 203.576496][ T9007] [ 203.964667][ T9024] device syzkaller0 entered promiscuous mode [ 204.225134][ T9035] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.1777'. [ 204.613011][ T9043] netlink: 'syz.1.1780': attribute type 21 has an invalid length. [ 204.689422][ T9046] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.1781'. [ 205.055926][ T9065] netlink: 'syz.1.1787': attribute type 21 has an invalid length. [ 205.277907][ T9077] netlink: 'syz.0.1794': attribute type 21 has an invalid length. [ 205.528701][ T9095] netlink: 'syz.3.1799': attribute type 10 has an invalid length. [ 205.566217][ T9095] device hsr0 entered promiscuous mode [ 205.585566][ T9095] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 205.609902][ T9095] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 205.673166][ T9095] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 205.719260][ T9095] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 205.824515][ T9103] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.1802'. [ 206.009260][ T9115] netlink: 'syz.2.1808': attribute type 21 has an invalid length. [ 206.092952][ T9117] device syzkaller0 entered promiscuous mode [ 206.636950][ T9148] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.1821'. [ 206.726606][ T9151] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.1820'. [ 207.198048][ T9158] netlink: 'syz.3.1825': attribute type 21 has an invalid length. [ 207.503366][ T9169] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1828'. [ 207.573255][ T9169] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 207.610132][ T9170] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1829'. [ 207.869145][ T9188] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.1837'. [ 207.994320][ T9196] netlink: 'syz.0.1839': attribute type 21 has an invalid length. [ 208.143532][ T9208] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.1844'. [ 208.562988][ T9224] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1850'. [ 208.695077][ T9228] netlink: 22 bytes leftover after parsing attributes in process `syz.4.1852'. [ 208.983432][ T9237] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1855'. [ 209.053164][ T9241] netlink: 'syz.1.1857': attribute type 21 has an invalid length. [ 209.068384][ T9237] netlink: 'syz.2.1855': attribute type 3 has an invalid length. [ 209.114069][ T9237] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1855'. [ 209.142190][ T9246] netlink: 'syz.2.1855': attribute type 21 has an invalid length. [ 209.200728][ T9245] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1858'. [ 210.200039][ T9274] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.1869'. [ 210.453898][ T9297] validate_nla: 2 callbacks suppressed [ 210.453914][ T9297] netlink: 'syz.4.1879': attribute type 16 has an invalid length. [ 210.500854][ T9297] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 210.951728][ T9326] netlink: 'syz.3.1893': attribute type 10 has an invalid length. [ 211.920894][ T9371] netlink: 'syz.1.1909': attribute type 10 has an invalid length. [ 211.965830][ T9371] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 211.992523][ T9373] bond0: (slave team0): Error: Slave device does not support XDP [ 212.230938][ T9390] delete_channel: no stack [ 212.555693][ T9406] netlink: 'syz.1.1926': attribute type 21 has an invalid length. [ 212.913741][ T9423] netlink: 'syz.0.1932': attribute type 21 has an invalid length. [ 213.011968][ T9431] __nla_validate_parse: 9 callbacks suppressed [ 213.012008][ T9431] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.1935'. [ 213.032392][ T9423] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1932'. [ 213.221471][ T9423] netlink: 'syz.0.1932': attribute type 4 has an invalid length. [ 213.303407][ T9427] netlink: 'syz.2.1933': attribute type 10 has an invalid length. [ 213.817643][ T9452] netlink: 'syz.1.1940': attribute type 21 has an invalid length. [ 213.867452][ T9456] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1944'. [ 213.922969][ T9456] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 213.972603][ T9456] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 214.046499][ T9461] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.1944'. [ 214.103876][ T9461] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 214.907392][ T9498] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1960'. [ 214.983646][ T9510] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.1964'. [ 215.135586][ T9517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1967'. [ 215.341500][ T9530] netlink: 'syz.3.1974': attribute type 10 has an invalid length. [ 215.386339][ T9530] team0: Device hsr_slave_0 failed to register rx_handler [ 215.782179][ T9546] netlink: 'syz.3.1981': attribute type 10 has an invalid length. [ 215.929765][ T9548] netlink: 'syz.2.1982': attribute type 10 has an invalid length. [ 215.937618][ T9548] device netdevsim0 entered promiscuous mode [ 216.342095][ T9570] netlink: 'syz.3.1992': attribute type 9 has an invalid length. [ 216.377910][ T9570] netlink: 13655 bytes leftover after parsing attributes in process `syz.3.1992'. [ 216.516387][ T9581] netlink: 'syz.1.1996': attribute type 21 has an invalid length. [ 216.678529][ T9583] netlink: 'syz.3.1997': attribute type 27 has an invalid length. [ 216.724656][ T9583] netlink: 'syz.3.1997': attribute type 3 has an invalid length. [ 216.870401][ T9583] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1997'. [ 216.944594][ T9583] FAULT_INJECTION: forcing a failure. [ 216.944594][ T9583] name failslab, interval 1, probability 0, space 0, times 0 [ 217.030651][ T9583] CPU: 1 PID: 9583 Comm: syz.3.1997 Not tainted syzkaller #0 [ 217.038075][ T9583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 217.048135][ T9583] Call Trace: [ 217.051407][ T9583] [ 217.054328][ T9583] dump_stack_lvl+0x188/0x250 [ 217.059003][ T9583] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 217.065147][ T9583] ? show_regs_print_info+0x20/0x20 [ 217.070331][ T9583] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 217.076476][ T9583] ? dump_stack+0x5/0x20 [ 217.080705][ T9583] ? __sanitizer_cov_trace_pc+0x4/0x60 [ 217.086166][ T9583] should_fail+0x38c/0x4c0 [ 217.090569][ T9583] ? netlink_trim+0x180/0x220 [ 217.095230][ T9583] should_failslab+0x5/0x20 [ 217.099719][ T9583] slab_pre_alloc_hook+0x51/0xc0 [ 217.104649][ T9583] ? netlink_trim+0x180/0x220 [ 217.109312][ T9583] __kmalloc_node_track_caller+0x68/0x3a0 [ 217.115014][ T9583] ? netlink_trim+0x180/0x220 [ 217.119677][ T9583] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 217.125818][ T9583] ? netlink_trim+0x180/0x220 [ 217.130478][ T9583] pskb_expand_head+0x127/0x10f0 [ 217.135413][ T9583] netlink_trim+0x180/0x220 [ 217.139900][ T9583] netlink_unicast+0x62/0x920 [ 217.144568][ T9583] rtnl_unicast+0x4a/0x60 [ 217.148885][ T9583] inet_rtm_getroute+0x1c04/0x27d0 [ 217.153994][ T9583] ? ip_rt_multicast_event+0x80/0x80 [ 217.159261][ T9583] ? slab_free_freelist_hook+0xea/0x170 [ 217.164827][ T9583] ? asm_sysvec_x86_platform_ipi+0x1/0x20 [ 217.170541][ T9583] ? __lock_acquire+0x7d10/0x7d10 [ 217.175680][ T9583] ? ip_rt_multicast_event+0x80/0x80 [ 217.180976][ T9583] ? ip_rt_multicast_event+0x80/0x80 [ 217.186254][ T9583] rtnetlink_rcv_msg+0x893/0xf30 [ 217.191194][ T9583] ? rtnetlink_bind+0x80/0x80 [ 217.195863][ T9583] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 217.201750][ T9583] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 217.207629][ T9583] ? lockdep_hardirqs_on+0x94/0x140 [ 217.212822][ T9583] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 217.218701][ T9583] ? _raw_spin_unlock+0x40/0x40 [ 217.223542][ T9583] ? rcu_preempt_deferred_qs_irqrestore+0x868/0xc30 [ 217.230124][ T9583] ? perf_trace_lock+0xe4/0x390 [ 217.234968][ T9583] ? trace_event_raw_event_lock+0x270/0x270 [ 217.240849][ T9583] ? rcu_read_unlock_special+0xf0/0x4a0 [ 217.246387][ T9583] ? lockdep_hardirqs_off+0x70/0x100 [ 217.251663][ T9583] netlink_rcv_skb+0x1f5/0x440 [ 217.256417][ T9583] ? rtnetlink_bind+0x80/0x80 [ 217.261090][ T9583] ? netlink_ack+0xb50/0xb50 [ 217.265674][ T9583] netlink_unicast+0x774/0x920 [ 217.270429][ T9583] netlink_sendmsg+0x8ba/0xbe0 [ 217.275184][ T9583] ? netlink_getsockopt+0x570/0x570 [ 217.280368][ T9583] ? aa_sock_msg_perm+0x94/0x150 [ 217.285291][ T9583] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 217.290563][ T9583] ? security_socket_sendmsg+0x7c/0xa0 [ 217.296056][ T9583] ? netlink_getsockopt+0x570/0x570 [ 217.301253][ T9583] ____sys_sendmsg+0x5b7/0x8f0 [ 217.306038][ T9583] ? __sys_sendmsg_sock+0x30/0x30 [ 217.311068][ T9583] ? import_iovec+0x6f/0xa0 [ 217.315566][ T9583] ___sys_sendmsg+0x236/0x2e0 [ 217.320248][ T9583] ? __sys_sendmsg+0x2a0/0x2a0 [ 217.324996][ T9583] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 217.330970][ T9583] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 217.337121][ T9583] ? __fdget+0x1ad/0x210 [ 217.341353][ T9583] __se_sys_sendmsg+0x1af/0x290 [ 217.346195][ T9583] ? __x64_sys_sendmsg+0x80/0x80 [ 217.351130][ T9583] ? syscall_enter_from_user_mode+0x2a/0x70 [ 217.357012][ T9583] do_syscall_64+0x4c/0xa0 [ 217.361411][ T9583] ? clear_bhb_loop+0x30/0x80 [ 217.366074][ T9583] ? clear_bhb_loop+0x30/0x80 [ 217.370782][ T9583] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 217.376754][ T9583] RIP: 0033:0x7f7819516e59 [ 217.381159][ T9583] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 217.400752][ T9583] RSP: 002b:00007f7817770028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.409152][ T9583] RAX: ffffffffffffffda RBX: 00007f781978ffa0 RCX: 00007f7819516e59 [ 217.417177][ T9583] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 217.425139][ T9583] RBP: 00007f7817770090 R08: 0000000000000000 R09: 0000000000000000 [ 217.433091][ T9583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 217.441049][ T9583] R13: 00007f7819790038 R14: 00007f781978ffa0 R15: 00007fff4af673b8 [ 217.449018][ T9583] [ 217.646614][ T9597] netlink: 197276 bytes leftover after parsing attributes in process `syz.4.2004'. [ 218.005898][ T9622] netlink: 'syz.4.2014': attribute type 27 has an invalid length. [ 218.040915][ T9622] netlink: 'syz.4.2014': attribute type 3 has an invalid length. [ 218.079895][ T9622] __nla_validate_parse: 3 callbacks suppressed [ 218.079926][ T9622] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2014'. [ 218.216629][ T9635] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2018'. [ 218.258994][ T9637] netlink: 197276 bytes leftover after parsing attributes in process `syz.2.2020'. [ 218.479300][ T9654] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.2027'. [ 218.503352][ T9655] netlink: 'syz.2.2029': attribute type 10 has an invalid length. [ 218.609529][ T9655] device geneve0 entered promiscuous mode [ 218.645525][ T9664] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.2032'. [ 218.711422][ T9655] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 218.729931][ T9662] netlink: 'syz.0.2032': attribute type 10 has an invalid length. [ 218.762218][ T9663] team0: Port device wlan1 removed [ 218.783536][ T9663] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 218.829446][ T9673] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2036'. [ 218.898232][ T9675] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2037'. [ 218.989448][ T9683] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.2040'. [ 219.186557][ T9693] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.2046'. [ 219.419312][ T9703] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2049'. [ 219.491833][ T9712] openvswitch: netlink: Tunnel attr 0 has unexpected len 60 expected 8 [ 219.716228][ T9715] netlink: del zone limit has 8 unknown bytes [ 219.837887][ T9730] raw_sendmsg: syz.1.2060 forgot to set AF_INET. Fix it! [ 221.169546][ T9802] validate_nla: 15 callbacks suppressed [ 221.169579][ T9802] netlink: 'syz.1.2092': attribute type 27 has an invalid length. [ 221.189161][ T9802] netlink: 'syz.1.2092': attribute type 3 has an invalid length. [ 221.324391][ T9815] netlink: 'syz.3.2095': attribute type 21 has an invalid length. [ 221.442142][ T9822] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 221.457347][ T9822] CPU: 1 PID: 9822 Comm: syz.2.2098 Not tainted syzkaller #0 [ 221.465209][ T9822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 221.475274][ T9822] Call Trace: [ 221.478566][ T9822] [ 221.481501][ T9822] dump_stack_lvl+0x188/0x250 [ 221.486200][ T9822] ? show_regs_print_info+0x20/0x20 [ 221.491412][ T9822] ? load_image+0x400/0x400 [ 221.495922][ T9822] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 221.501978][ T9822] ? sysfs_warn_dup+0x61/0xa0 [ 221.506658][ T9822] sysfs_warn_dup+0x8a/0xa0 [ 221.511151][ T9822] sysfs_do_create_link_sd+0xc0/0x110 [ 221.516518][ T9822] device_add+0x7f6/0x1000 [ 221.520936][ T9822] wiphy_register+0x1e81/0x2c30 [ 221.525794][ T9822] ? cfg80211_event_work+0x40/0x40 [ 221.530895][ T9822] ? minstrel_ht_alloc+0x808/0x980 [ 221.536003][ T9822] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 221.542062][ T9822] ieee80211_register_hw+0x2aa1/0x3af0 [ 221.547530][ T9822] ? ieee80211_tasklet_handler+0x20/0x20 [ 221.553156][ T9822] ? rcu_is_watching+0x11/0xa0 [ 221.557920][ T9822] ? memset+0x1e/0x40 [ 221.561890][ T9822] ? hrtimer_init+0x10c/0x220 [ 221.566561][ T9822] mac80211_hwsim_new_radio+0x20d3/0x4080 [ 221.572282][ T9822] hwsim_new_radio_nl+0xa6f/0xc40 [ 221.577304][ T9822] genl_rcv_msg+0xcea/0xf90 [ 221.581795][ T9822] ? lock_chain_count+0x20/0x20 [ 221.586659][ T9822] ? genl_bind+0x380/0x380 [ 221.591096][ T9822] ? verify_lock_unused+0x140/0x140 [ 221.596314][ T9822] ? rcu_preempt_deferred_qs_irqrestore+0x868/0xc30 [ 221.602919][ T9822] ? hwsim_tx_info_frame_received_nl+0x1020/0x1020 [ 221.609431][ T9822] netlink_rcv_skb+0x1f5/0x440 [ 221.614193][ T9822] ? genl_bind+0x380/0x380 [ 221.618606][ T9822] ? netlink_ack+0xb50/0xb50 [ 221.623186][ T9822] ? __lock_acquire+0x7d10/0x7d10 [ 221.628208][ T9822] ? down_read+0x1aa/0x2e0 [ 221.632627][ T9822] genl_rcv+0x24/0x40 [ 221.636690][ T9822] netlink_unicast+0x774/0x920 [ 221.641449][ T9822] netlink_sendmsg+0x8ba/0xbe0 [ 221.646293][ T9822] ? netlink_getsockopt+0x570/0x570 [ 221.651481][ T9822] ? aa_sock_msg_perm+0x94/0x150 [ 221.656408][ T9822] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 221.661681][ T9822] ? security_socket_sendmsg+0x7c/0xa0 [ 221.667128][ T9822] ? netlink_getsockopt+0x570/0x570 [ 221.672311][ T9822] ____sys_sendmsg+0x5b7/0x8f0 [ 221.677075][ T9822] ? __sys_sendmsg_sock+0x30/0x30 [ 221.682098][ T9822] ? import_iovec+0x6f/0xa0 [ 221.686595][ T9822] ___sys_sendmsg+0x236/0x2e0 [ 221.691272][ T9822] ? __sys_sendmsg+0x2a0/0x2a0 [ 221.696033][ T9822] ? ktime_get_real_ts64+0x440/0x440 [ 221.701331][ T9822] __se_sys_sendmsg+0x1af/0x290 [ 221.706173][ T9822] ? __x64_sys_sendmsg+0x80/0x80 [ 221.711100][ T9822] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 221.717082][ T9822] ? lockdep_hardirqs_on+0x94/0x140 [ 221.722273][ T9822] do_syscall_64+0x4c/0xa0 [ 221.726677][ T9822] ? clear_bhb_loop+0x30/0x80 [ 221.731342][ T9822] ? clear_bhb_loop+0x30/0x80 [ 221.736010][ T9822] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 221.741892][ T9822] RIP: 0033:0x7f107d762e59 [ 221.746297][ T9822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.765895][ T9822] RSP: 002b:00007f107b9bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 221.774301][ T9822] RAX: ffffffffffffffda RBX: 00007f107d9dbfa0 RCX: 00007f107d762e59 [ 221.782262][ T9822] RDX: 0000000000003f00 RSI: 0000200000000000 RDI: 000000000000000b [ 221.790221][ T9822] RBP: 00007f107d7f8d6f R08: 0000000000000000 R09: 0000000000000000 [ 221.798179][ T9822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.806133][ T9822] R13: 00007f107d9dc038 R14: 00007f107d9dbfa0 R15: 00007ffc17e49df8 [ 221.814105][ T9822] [ 222.183336][ T9845] FAULT_INJECTION: forcing a failure. [ 222.183336][ T9845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.216013][ T9845] CPU: 1 PID: 9845 Comm: syz.0.2106 Not tainted syzkaller #0 [ 222.223430][ T9845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 222.233502][ T9845] Call Trace: [ 222.236796][ T9845] [ 222.239743][ T9845] dump_stack_lvl+0x188/0x250 [ 222.244432][ T9845] ? show_regs_print_info+0x20/0x20 [ 222.249657][ T9845] ? load_image+0x400/0x400 [ 222.254180][ T9845] ? __lock_acquire+0x7d10/0x7d10 [ 222.259221][ T9845] should_fail+0x38c/0x4c0 [ 222.263656][ T9845] _copy_from_user+0x2e/0x170 [ 222.268358][ T9845] __copy_msghdr_from_user+0xc9/0x630 [ 222.273748][ T9845] ? verify_lock_unused+0x140/0x140 [ 222.278965][ T9845] ? __ia32_sys_shutdown+0x1d0/0x1d0 [ 222.284275][ T9845] ___sys_sendmsg+0x19a/0x2e0 [ 222.288973][ T9845] ? __sys_sendmsg+0x2a0/0x2a0 [ 222.294042][ T9845] ? vfs_write+0x8b2/0xd60 [ 222.298497][ T9845] __se_sys_sendmsg+0x1af/0x290 [ 222.303363][ T9845] ? __x64_sys_sendmsg+0x80/0x80 [ 222.308314][ T9845] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 222.314317][ T9845] ? lockdep_hardirqs_on+0x94/0x140 [ 222.319542][ T9845] do_syscall_64+0x4c/0xa0 [ 222.323971][ T9845] ? clear_bhb_loop+0x30/0x80 [ 222.328661][ T9845] ? clear_bhb_loop+0x30/0x80 [ 222.333348][ T9845] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 222.339255][ T9845] RIP: 0033:0x7fa907b6ae59 [ 222.343683][ T9845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.363293][ T9845] RSP: 002b:00007fa905dc4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 222.371728][ T9845] RAX: ffffffffffffffda RBX: 00007fa907de3fa0 RCX: 00007fa907b6ae59 [ 222.379712][ T9845] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 222.387702][ T9845] RBP: 00007fa905dc4090 R08: 0000000000000000 R09: 0000000000000000 [ 222.395684][ T9845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.403664][ T9845] R13: 00007fa907de4038 R14: 00007fa907de3fa0 R15: 00007fff6cad2c28 [ 222.411661][ T9845] [ 223.003258][ T9880] ------------[ cut here ]------------ [ 223.008765][ T9880] trace type BPF program uses run-time allocation [ 223.061874][ T9880] WARNING: CPU: 1 PID: 9880 at kernel/bpf/verifier.c:11759 check_map_prog_compatibility+0x6cf/0x870 [ 223.073243][ T9880] Modules linked in: [ 223.074002][ T9884] device syzkaller0 entered promiscuous mode [ 223.077281][ T9880] CPU: 1 PID: 9880 Comm: syz.2.2122 Not tainted syzkaller #0 [ 223.102734][ T9884] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 65487 [ 223.123733][ T9880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 223.136016][ T9880] RIP: 0010:check_map_prog_compatibility+0x6cf/0x870 [ 223.143253][ T9880] Code: ff e8 05 b6 ef ff 48 c7 c6 80 4c 31 8a e9 0d fd ff ff e8 f4 b5 ef ff c6 05 91 ca ec 0b 01 48 c7 c7 e0 48 31 8a e8 51 f6 28 08 <0f> 0b e9 9f fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a5 f9 [ 223.163287][ T9880] RSP: 0018:ffffc9000320f450 EFLAGS: 00010246 [ 223.169538][ T9880] RAX: dc409c2ab6ad3700 RBX: 0000000000000001 RCX: 0000000000080000 [ 223.177840][ T9880] RDX: ffffc90004e99000 RSI: 0000000000004377 RDI: 0000000000004378 [ 223.192703][ T9880] RBP: ffff888062798000 R08: ffff8880b9133d7f R09: 1ffff110172267af [ 223.227588][ T9880] R10: dffffc0000000000 R11: ffffed10172267b0 R12: ffffc9000119a038 [ 223.235810][ T9880] R13: 0000000000000011 R14: dffffc0000000000 R15: 1ffff92000233407 [ 223.260184][ T9880] FS: 00007f107b9bc6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 223.269174][ T9880] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 223.281518][ T9880] CR2: 000055e8567b7168 CR3: 0000000060823000 CR4: 00000000003506e0 [ 223.289541][ T9880] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 [ 223.298087][ T9880] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 223.306199][ T9880] Call Trace: [ 223.309490][ T9880] [ 223.312498][ T9880] resolve_pseudo_ldimm64+0x681/0x1040 [ 223.317989][ T9880] ? check_attach_btf_id+0xe70/0xe70 [ 223.325581][ T9880] ? __mark_reg_known+0x1a0/0x1a0 [ 223.334136][ T9880] bpf_check+0x4e00/0xf270 [ 223.338591][ T9880] ? mark_lock+0x94/0x320 [ 223.343341][ T9880] ? __lock_acquire+0x13bc/0x7d10 [ 223.348501][ T9880] ? bpf_get_btf_vmlinux+0x10/0x10 [ 223.353842][ T9880] ? mark_lock+0x94/0x320 [ 223.358301][ T9880] ? perf_trace_lock+0xe4/0x390 [ 223.370869][ T9880] ? verify_lock_unused+0x140/0x140 [ 223.381731][ T9880] ? perf_trace_lock+0xe4/0x390 [ 223.386718][ T9880] ? trace_event_raw_event_lock+0x270/0x270 [ 223.392841][ T9880] ? rcu_lock_release+0x5/0x20 [ 223.397740][ T9880] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 223.404111][ T9880] ? lock_chain_count+0x20/0x20 [ 223.409082][ T9880] ? seqcount_lockdep_reader_access+0x127/0x1d0 [ 223.415480][ T9880] ? lockdep_hardirqs_on+0x94/0x140 [ 223.420945][ T9880] ? ktime_get_with_offset+0xff/0x320 [ 223.426515][ T9880] ? seqcount_lockdep_reader_access+0x18d/0x1d0 [ 223.434791][ T9880] ? ktime_get_real_ts64+0x440/0x440 [ 223.440349][ T9880] ? pcpu_alloc+0x1121/0x1770 [ 223.445148][ T9880] ? __might_fault+0xb3/0x110 [ 223.449977][ T9880] ? memset+0x1e/0x40 [ 223.454073][ T9880] ? bpf_obj_name_cpy+0x190/0x1d0 [ 223.459238][ T9880] bpf_prog_load+0xfec/0x1510 [ 223.464090][ T9880] ? map_freeze+0x350/0x350 [ 223.468743][ T9880] ? __might_fault+0xb7/0x110 [ 223.473580][ T9880] ? __might_fault+0xb3/0x110 [ 223.478368][ T9880] ? bpf_lsm_bpf+0x5/0x10 [ 223.482846][ T9880] ? security_bpf+0x7a/0xa0 [ 223.487453][ T9880] __sys_bpf+0x532/0x6f0 [ 223.491848][ T9880] ? bpf_link_show_fdinfo+0x380/0x380 [ 223.497351][ T9880] ? vtime_user_exit+0x2c8/0x3e0 [ 223.502439][ T9880] __x64_sys_bpf+0x78/0x90 [ 223.506964][ T9880] do_syscall_64+0x4c/0xa0 [ 223.511526][ T9880] ? clear_bhb_loop+0x30/0x80 [ 223.516314][ T9880] ? clear_bhb_loop+0x30/0x80 [ 223.521136][ T9880] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 223.527214][ T9880] RIP: 0033:0x7f107d762e59 [ 223.531755][ T9880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 223.553426][ T9880] RSP: 002b:00007f107b9bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 223.562068][ T9880] RAX: ffffffffffffffda RBX: 00007f107d9dbfa0 RCX: 00007f107d762e59 [ 223.580116][ T9880] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 223.590019][ T9880] RBP: 00007f107d7f8d6f R08: 0000000000000000 R09: 0000000000000000 [ 223.612873][ T9880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.621305][ T9880] R13: 00007f107d9dc038 R14: 00007f107d9dbfa0 R15: 00007ffc17e49df8 [ 223.629449][ T9880] [ 223.632622][ T9880] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 223.639903][ T9880] CPU: 1 PID: 9880 Comm: syz.2.2122 Not tainted syzkaller #0 [ 223.647275][ T9880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 223.657332][ T9880] Call Trace: [ 223.660613][ T9880] [ 223.663543][ T9880] dump_stack_lvl+0x188/0x250 [ 223.668236][ T9880] ? show_regs_print_info+0x20/0x20 [ 223.673436][ T9880] ? load_image+0x400/0x400 [ 223.677953][ T9880] panic+0x2e5/0x810 [ 223.681855][ T9880] ? bpf_jit_dump+0xd0/0xd0 [ 223.686372][ T9880] ? check_map_prog_compatibility+0x6cf/0x870 [ 223.692442][ T9880] __warn+0x248/0x2b0 [ 223.696434][ T9880] ? check_map_prog_compatibility+0x6cf/0x870 [ 223.702512][ T9880] report_bug+0x1b7/0x2e0 [ 223.706845][ T9880] handle_bug+0x3a/0x70 [ 223.711003][ T9880] exc_invalid_op+0x16/0x40 [ 223.715508][ T9880] asm_exc_invalid_op+0x16/0x20 [ 223.720357][ T9880] RIP: 0010:check_map_prog_compatibility+0x6cf/0x870 [ 223.727035][ T9880] Code: ff e8 05 b6 ef ff 48 c7 c6 80 4c 31 8a e9 0d fd ff ff e8 f4 b5 ef ff c6 05 91 ca ec 0b 01 48 c7 c7 e0 48 31 8a e8 51 f6 28 08 <0f> 0b e9 9f fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a5 f9 [ 223.746645][ T9880] RSP: 0018:ffffc9000320f450 EFLAGS: 00010246 [ 223.752718][ T9880] RAX: dc409c2ab6ad3700 RBX: 0000000000000001 RCX: 0000000000080000 [ 223.760691][ T9880] RDX: ffffc90004e99000 RSI: 0000000000004377 RDI: 0000000000004378 [ 223.768663][ T9880] RBP: ffff888062798000 R08: ffff8880b9133d7f R09: 1ffff110172267af [ 223.776640][ T9880] R10: dffffc0000000000 R11: ffffed10172267b0 R12: ffffc9000119a038 [ 223.784626][ T9880] R13: 0000000000000011 R14: dffffc0000000000 R15: 1ffff92000233407 [ 223.792621][ T9880] resolve_pseudo_ldimm64+0x681/0x1040 [ 223.798104][ T9880] ? check_attach_btf_id+0xe70/0xe70 [ 223.803394][ T9880] ? __mark_reg_known+0x1a0/0x1a0 [ 223.808429][ T9880] bpf_check+0x4e00/0xf270 [ 223.812867][ T9880] ? mark_lock+0x94/0x320 [ 223.817197][ T9880] ? __lock_acquire+0x13bc/0x7d10 [ 223.822236][ T9880] ? bpf_get_btf_vmlinux+0x10/0x10 [ 223.827351][ T9880] ? mark_lock+0x94/0x320 [ 223.831687][ T9880] ? perf_trace_lock+0xe4/0x390 [ 223.836548][ T9880] ? verify_lock_unused+0x140/0x140 [ 223.841760][ T9880] ? perf_trace_lock+0xe4/0x390 [ 223.846628][ T9880] ? trace_event_raw_event_lock+0x270/0x270 [ 223.852527][ T9880] ? rcu_lock_release+0x5/0x20 [ 223.857308][ T9880] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 223.863299][ T9880] ? lock_chain_count+0x20/0x20 [ 223.868160][ T9880] ? seqcount_lockdep_reader_access+0x127/0x1d0 [ 223.874408][ T9880] ? lockdep_hardirqs_on+0x94/0x140 [ 223.879612][ T9880] ? ktime_get_with_offset+0xff/0x320 [ 223.884988][ T9880] ? seqcount_lockdep_reader_access+0x18d/0x1d0 [ 223.891233][ T9880] ? ktime_get_real_ts64+0x440/0x440 [ 223.896536][ T9880] ? pcpu_alloc+0x1121/0x1770 [ 223.901227][ T9880] ? __might_fault+0xb3/0x110 [ 223.905910][ T9880] ? memset+0x1e/0x40 [ 223.909894][ T9880] ? bpf_obj_name_cpy+0x190/0x1d0 [ 223.914925][ T9880] bpf_prog_load+0xfec/0x1510 [ 223.919621][ T9880] ? map_freeze+0x350/0x350 [ 223.924128][ T9880] ? __might_fault+0xb7/0x110 [ 223.928820][ T9880] ? __might_fault+0xb3/0x110 [ 223.933497][ T9880] ? bpf_lsm_bpf+0x5/0x10 [ 223.937829][ T9880] ? security_bpf+0x7a/0xa0 [ 223.942338][ T9880] __sys_bpf+0x532/0x6f0 [ 223.946594][ T9880] ? bpf_link_show_fdinfo+0x380/0x380 [ 223.951980][ T9880] ? vtime_user_exit+0x2c8/0x3e0 [ 223.956929][ T9880] __x64_sys_bpf+0x78/0x90 [ 223.961350][ T9880] do_syscall_64+0x4c/0xa0 [ 223.965768][ T9880] ? clear_bhb_loop+0x30/0x80 [ 223.970454][ T9880] ? clear_bhb_loop+0x30/0x80 [ 223.975143][ T9880] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 223.981039][ T9880] RIP: 0033:0x7f107d762e59 [ 223.985452][ T9880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 224.005068][ T9880] RSP: 002b:00007f107b9bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 224.013491][ T9880] RAX: ffffffffffffffda RBX: 00007f107d9dbfa0 RCX: 00007f107d762e59 [ 224.021467][ T9880] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 224.029440][ T9880] RBP: 00007f107d7f8d6f R08: 0000000000000000 R09: 0000000000000000 [ 224.037410][ T9880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.045380][ T9880] R13: 00007f107d9dc038 R14: 00007f107d9dbfa0 R15: 00007ffc17e49df8 [ 224.053385][ T9880] [ 224.056623][ T9880] Kernel Offset: disabled [ 224.060943][ T9880] Rebooting in 86400 seconds..