last executing test programs: 1m2.69445541s ago: executing program 4 (id=709): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/117, 0x75}, {&(0x7f00000047c0)=""/4057, 0xfd9}, {&(0x7f00000037c0)=""/4069, 0xfe5}, {&(0x7f0000000700)=""/238, 0xee}, {&(0x7f0000000200)=""/37, 0x25}, {&(0x7f0000000500)=""/203, 0xcb}, {&(0x7f00000001c0)=""/42, 0x2a}], 0x7}, 0x40000100) sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000640), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x20000000) recvmsg$kcm(r0, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002) 1m1.519794745s ago: executing program 4 (id=718): socket$kcm(0xa, 0x2, 0x73) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="02"], 0x10) socket$kcm(0xa, 0x2, 0x73) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x5452, &(0x7f0000000b80)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|C\b\x00\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdd\x85\xaac{\x8c\x8ffp`-\xcd\xf6jh\xbf\x9c\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\x8b\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca^\xf9\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x96\x86\xdb\xa9\xd3\x01\xb2\xc7\xf8G\x069\x90,\xda\xf6\xc5\xcd\xec\xa3B\xc3\"4\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\x7f\xec\xb2\xc5E\x00\xdd\xf2e\xa8\xf1<\xb2\xc82\xbf=o\x00`\xc1A\'\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x92\xbb\xe3Y\x97\xc2') perf_event_open(0x0, 0x0, 0xffffffffffffffff, r0, 0x9) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2, r3}, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x800, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x0) perf_event_open(0x0, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x511042, 0x0) ioctl$TUNSETPERSIST(r5, 0x400454cb, 0x0) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4}, 0x0, 0x7ffe, 0xffffffffffffffff, 0x0) syz_clone(0x200c8000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600000004000000080000000c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001140)={r6, &(0x7f00000011c0)="8ea14eb5596614", 0x0}, 0x20) r7 = syz_clone(0x80000, &(0x7f0000000100)="68981c7966a99d723a4ede732fcaf005b69b7017a25f1c1de8bdcdb28d58e28334d71de63da1d2adf9597378d1555b2e2c67a527036b97ea87fe8f1796a4479882aa08eb8b91fc6970ffa257a75b6cae8b13ba7990008ddacfdae098e17507a85a3b6b5bb10749ff6add08d238c3cd80236eee1d82a2cc48fd6bd6675fa7b3f7c054684338decd352af31620ce68524f07d88b10f8fb7a5d83e73063306c7b81ee37014b06b6246b5a35792a1b6e0a52837ac668416fc6d72a32dddba81d7bc7d5f2daa2437ca03c26a9cd6652b2e30d7eff7da8d1d059756b2d8f1746719099350c9f3caa743e", 0xe7, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="19330a36543f65554b80152601c7768b19fa9a87e7188ebb75c990776c441751e9576dddc1b4d0d099c2f0ec6b4f7a51e75a029ce26f380a9d26e45ce49fb31fc974742bdceaaa27d87c82720bd6ba1182239eab80f21a23251cb0ba9197d896ff8384e4552206314d7d431284989a1d169a798b5c1ee0d28002b27fdabb78fc114ca5c2f62838c5a95c1d479500506431fd2f897b88e01c6a382a3ee5c8c99fa9fb8223b267411516e1b59b95bcedde2b4e8f79f8a7e7fc1610efc35522d1ae44a42dce90824405cf4abb8804fd2442364eeb70363b09a5fa38e607da02cb5e813b72f96bdee599fef9e4ceacddb90fce1cbceacb573c64244856ffb96782d54de43ffd16c01ad12f0becbe3652e2afafd8e67bf10fe0ff4bee75aff628df337078bc2bc4df88928d055afd7fdc76cabf3e589108d111adcfb65e8417db243960c5c6a38e2804020a89f46df17ec89648f08ec269ae3f4253025d4507406a5b8f2c8e0c133d8495392dcac2a3b5aa3d0aa061490c3d8a9f4dc6e3edaff6d2e9fb8aca437c61d57b4397a4129bf7a435c9c3dafea47a5c10e29099be1943f9aad7a9ce84e4a9b548c2913b96d5d050c82fc092266a4ae9eb1d016d4697ff2ced8082f5eae5a733fab790a0f05130f2ac8fdd85a3d539dc7f712bfcc2d20368014a0887ae3eb65e789417ba88d422ff3734e99b19ac629f3a014132c39be107ac25efea243c1b5e15ef3440527a16eb6a05b114ab7897af52d27b12a3e2a2ad1729daf4548644925ac6b430e576cd5212114c21daa78bb47b6d2f49d69dbc03209826910a741650112b77872fdd8c4651c9770c3733275d10a2473369abf4ede1c95327e202ce048ac269295f0d7dcb845529b47625a1f8fa5fcaa43606bb069495777e23fedc0e24613eb24e3c2a47ba43fe26adb3b46c72a227f488b14f176da93eefb6e84fa1358c6503a594d4547ccd75554e76ffcdda65724bcc2eae674f4cb3a5e849717c36686114f1df321c4288fa0e5209c67ab3fd6a0f7babc92c04f8349f7ccb0dfe86dc8e7292c2236799fe7a9202371fd3c9b0be56a0519ec2a933b70c4d80ed78b51bb6dcc77f89bf33fbb468e3cc23177525def896754cc5300e327fa52ebd9c7f9c8d0416a007e4e465154b2a908fea8c93acbb0ae7422cd44d83458cb88d25b27551fef5b457cbd23c54105c62b07a755a817740965f629335087522f74df88d1c8e0569bc8ea49dbab0cf19f1e3ce507937181f88ecb13cfd12557955ad3486ffb9c824137d86c6d2ee0886f40f8adddac0c2c9296164a8800aa1b4d5b7b776fb9794e6077ae55f5e370059652891f438e9ab0ae5ff2fe3a95b82688cfb9506082f35ef81d8ec71f0aefcb125d310c9fc4c4ec4e7b11c18cc523d8bb4de41bd4ba17cab7350fef6c8d23344f6271ee117764c8cd5bcce3f43cdfe76acec67965beb552c71a167f26ac5de779869d996b788fd74c7ac7740b6f19f4e8a001ecf06c6ce49c767f8540d94d654de0a3d0daa9950d71a09082fededc48ae1ef087ea44d34902de67960bde89df2ef58c826f3a7159ad6bc03f0c227794d77c1c569a99ad4f25782c967454ab4edb9a7a0cb092e31e80b69a6ce77ae05555d833e9404a91d8feddbffc2881eecfd050a29a2b6489065e0169e1eec64f87c9d4421b55562efa0566fb32d1f8c41d5dc32c859be2e0040daf55cafb3861903276ab2545e6149b887b184850d5ed1a70a84f5f4d0ad663cab886c81e86ed1fa8e34f87208af9a8bee2f6c6016f300f13f2050e4e5402a2efb8abea734b7891b94975caa471a1be1612a389bb4981c757579c6cc08a7b883dbd8f1b4a50fad27e815a042f7cb7adca7e3efff3ac443a81405b31b3915417a12f36bf088ad10a162dd91199b1c2b13fb82a307a97ff0fba9b4b8b83dfaee852ef090ac18c9361de0670ee3ddd06f952496efffa52b0b46718f36eb48a2314a3f1cb2d89ac4efe3aa56263d580d45d2eff04e0ce3c2d895e54710d140c0b404d119af4c46ceaba48b2abc9ef4b43e45bdabe9db73fdc15b2d17ba7b37cda386ffb903e83694af3923d4bfe5e8c498bccf7e931660829f0be6f5ba2b8b7781d1a538ee829763d727553f0bf5ae98d179ba314f3f6ff1f5c60a1811d332ca79c3ed53d7ec6ab8a8d5a8f7964b7b7a2632a9e1ea1ddf3511ee43258c9493f22401e0910ee2f73601a8710a80cffb3e963a5cc74ae162a2c0d3fbf9de9d8e468f618ec4fbbb52784ff78656c2ffbdb6c1b4cb11ea33c3bcf207c880bfa890e8a901cfc9c1e6d5a8f69ce7114a13a492265f2795e2fa71f641cf87b9fdc56cdb4436419bd7a5f0447996468f5f3cb217ebf8b13770bf6c7018ceeee863d0d6a9e560dcf81f3cf9a74cb984edc6b41f7450e2eb4a7a6c35e3c09afd5350b045094f1501c09cab02ed4a391cf38163160bbffb08c9204833eb8269e0c39fc8131aaca426754c0ac465d8fd8f2489bfd5a9066eaca4fb77a18361dc317ee1c13e3ffeb29059503ca4686d920b2cce6635226ad033a080f679ab8e84077051557a7cbb012805909da3f9393858f679eaf6ddabacb365171c40c9de0b2d67ff517c627b42c3c8493250349d4f07f36be74c29d27e91fa2412af52698f18d63aa83fe8e5bc3f89b81eeb4cd8869f252a06c2abc90b2b0865767ff21d6c16aede53bb5c1502381849870a1f1d29e427fcf591e6b8ec19309a116a34ec8e9bfaab9852f491feec1d28f96d7d127bab7f01ffed02bce0e37f00c8bbe9a3f66e3da603af0dfa7ed27bf692366c01a0020b372e80b49e73abf1bf41d60e33bbc952dfc9064855fe17baa1bb0d22ce2dbf0600f8d659ed9c94748130cd9cfbbd449ff6c97f89add7885bf142454c28ec06ed1dd5767c84bb5d7934c43965c49baac5a80533d9a86a893689b78b28e5b159c755391913388a7fbb1bf11f42041f2e1322056178ae50e4a1e7ae8018f0334a395daeea4edb36741208b92446fba86819c79eb1c5ecbfd168e78fcb58271287af22b622661b8e9d29a79754fd3a1bac2bbabef8e7aca99d39ea5cad809a8f76967eda92529771c982faac2acbf31822c3c48b3c204846b015eced8aba2b72e55ef9694f14a85d0fd651ebb55f84dbfb6b2791e897038caaa565d670b2868a07b9514a95d66d2114b5766889773b885a00d0a409c5eadf0e8397b08550a47a4b288f91e0f240073688790e2c26f1bc1523d7d7a2bcbac995b4b07bd71a5680ab0a53153ecf6b992102c8262506e72540579e63dec592867cfa2436b1849fe08e2b29be11f3d4b033aa7fbca20d91c575f9906953c5b75f00ccc6df57f73f9344b8d2f7ae67e75af5e0188832e1f421b22cfa9bede9006b8fc44eac2291d806d43680fdc01b951f5f525f603b59dc2f82d8049d32de6743942ec64a918d3593122515b09ba393600eb4562b258b8cc8f676e8fa3c0e945a3a13b54ae0c81afa0c8eaa11b40e9ed941d5279c3ff44a44491f06395235d0e8e6c8f53d388de523002671ea3db1a22e950f1be5c88e1e9c39e50d0ca7abd8a6395d3d8088a6a120b057f6618ac1b10410a99501e472de3f75f7c1e28572f02c255f81e68b3ea19c3b1723c4d95e9d9d48957d6c647a11c4bd520e0323394e3e151895ff9226a6e93177851e187d383d773c3cfb45e53f68336df52f0667f2ec6ad5658cdf703b51cc75f267c340624cd382fc947c52b584323b8251815c3e6fb6e6225ed45acefb0fd001711872a45ee5c4888712e62c82cb7d3cb4d669861f56e809eb89200a36f7d8111db06b68e6ffaf1fe58d95ad64a6342b772949f47801f663d64316bfd7015324d2491745086c43cdd990db708214d32d5cd7a1ce70422864f3f46706d1f36cd6299f6dc36e118d60493a73a9914fbae46ad1e95b3f68806cc965631d9533b7bf9f5e3f1da2293409674b7bbfc3e475e33282d3086219fd961fbb10e5c39d6e6010f62ecf0003774b374610199c0863a90b5cdceb4742ae6bed1feb05187d0e9ca3d9915a62f38b811e77ceaf01e9011b8ee3035d47c10eecc24be9608b90c3ffd621476f2974e4e392b3d02c5074a44c94237d0af70184fdd4aed3d2608f8650c121edf560717e0d4865bb800e52ad33e036aaf8215909fb3a0bb1c7bbaef53c4ea7aa19b9c9d6a4abf91ae57f30884265e368ca69b3c58f76ddcd29f21c792bdade10a4e9581a7e95b738377103fcef11bb4a83d5cdbbf0ef6b69e245b994d0ed786dc12dc2a2899f4cd19689a9f70a090706b1579dd8d8f1d77006bbb7656b800e644a6af4beab9254f12b140b1bb2fbaef39958b5de7eea2f6676cb528f86974121ad49374199d51306542fe3a3a8b245c716b6c8f8b583c52b341ac2794ee6bcfe0b80575e93347c3d873ffe8b1b444fb13794c0300c09c418ef6059e063a65095076df05610d0342a28d58251a5844812749588f6cb6fd1546d6868976926f3c01a528d7ef1624fbf9790b39d8a74fa702b0a78067e9f6f0ba5b185d7cc4c5e6fe86f5d9504401f4b19fb29a32443b69a97838e2f63831c346bb2f522ef05a645b59eebaf590cc992515c2d9fcaad361d7f5acf7b7953f085334742056d088460a96899554202d698ecaec2f548a756fe8c1816cc8d12bf57078e61bb15bb746fedb007bdbd668785d5adf0e3dc94c902dc4b605794efa814c92c6730eefc13f3fb069b83b80fc69fe88a9f7feb5d380f91f0729b348d3c1ad7479cbacc4720093528442942f0f66ebc83d5a7e320d0173e7300c327f9979ad3bbf7be2a7a836d5460c8ca98588584dcd3d53c12e67958f7216a8675cce019eec543e2629bb21812770dd32d117febf175cc11a2c502de085d01f96c104d55d8159f5041630555d21f96fa25f56e1f0d8fb3a066b04fbbb6a97e4a5750297fd6aabe2879468a25c30b6872c116544985e05642b71383b03db622e98408df9cf3e1e27e60ec9a2c7df1d9ddc4de0f719485f475e6a3b27c810271948f4eb49e539aa3fe44ef5270b755eebb78862da5d73816a420f8233ed9a07597349b33b077f2261bbdbaa56eec3566deec4c27e086cc295742a94696c8c8c18b732479a8e5a21e706d63cbfa3d5492fc3a815ed3a3803fa6c3d44ed161d3001d1a1961fd2a74e84127f2851a813332ab557cebc2aeded7a9bad96d1dc5093f47b4c7befb502e625bd3530727a22e63045b89d23549d169ec95a762c9cfdb6fc257f33cb305b4ee1af75fc40d5e5fbb952de84ed594d7a0bb9491153ce9934fa203ea0d5e7f666f1747b7455728a6ff8e1a8b7a515459fb63acc258febb4c0133e1936ac1b1ed77bf68aad39e03ca34144cd3c8772da67e6df25a5cc637f6f7577c33eab422195dc0c144139becdf9776d4af9ace997c3dc841fa8ae9f44685523f94bb9958cc5a06a9c63ed8dcc450cfa4fd2e840ca591f1c9f4d824c9bcb1e032dcd25a27c8d1965fc609effe621e048e49bc6556a7976717c46157125321200ff9d86662053b546137433c816990be83a19e36aa1a57c4d6f1f56166e18ac79afe90b4ef160fc5a5cdcc6823618df7577b67a786efae4eb90c63991715c9989198a3a97ce58c3634b5b198f11304b1b34e62f937da5bd23bc87603815e22e28ec48221918b95cb3518fe699db25de7fb896ee93254a281fec1103d79932d755afba56817983c5dfe5fdb6a76c8202f45607e5c367eff1a856b88dcfb04c3a0249929a18dccf6c0d0f8af2fe5cdf01d4ceb52f844d6bac47011ffc9446a29eec6fd") perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xa, 0x0, 0x1, 0x8a, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd, 0x4}, 0x100200}, r7, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = socket$kcm(0x10, 0x3, 0x10) syz_clone(0xbcbdbdb318280f1f, 0x0, 0x4c, 0x0, 0x0, 0x0) sendmsg$kcm(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="1400000035000b63717a3c4a01d8985b0808aa78", 0x14}], 0x1}, 0x0) 1m0.158420438s ago: executing program 4 (id=729): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x114301, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000d00)={0xffffffffffffffff, 0xe0, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7, &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xd3, &(0x7f0000000b00)=[{}], 0x8, 0x10, &(0x7f0000000b40), &(0x7f0000000b80), 0x8, 0x40, 0x8, 0x8, &(0x7f0000000bc0)}}, 0x10) r3 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000d80)=@generic={&(0x7f0000000d40)='./file0\x00', 0x0, 0x10}, 0x18) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', r2, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x10) r6 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext={0x2, 0x9}, 0x104101, 0x0, 0x0, 0x1, 0x0, 0x20000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, 0x0}, 0x94) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) close(r8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'veth1_vlan\x00', @broadcast}) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r9}, &(0x7f0000000240), &(0x7f0000000380)=r10}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r10, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff6c, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f90235fc60040011000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) recvmsg$unix(r0, &(0x7f0000000900)={&(0x7f0000000200)=@abs, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000280)=""/110, 0x6e}, {&(0x7f0000000300)=""/143, 0x8f}, {&(0x7f00000003c0)=""/87, 0x57}, {&(0x7f0000000440)=""/33, 0x21}, {&(0x7f0000000480)=""/136, 0x88}, {&(0x7f0000000540)=""/232, 0xe8}, {&(0x7f0000000640)=""/202, 0xca}], 0x7, &(0x7f00000007c0)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x140}, 0x2000) write$cgroup_subtree(r11, &(0x7f00000009c0)=ANY=[@ANYBLOB="2b667265657a6572202d63707561636374202d6e6574202b64657669636573207d1021eaeed196c69d11472f1690696e942f05609df0698a8534da22a6b245795747ccd13653789992be15c124b17fb890bad3eda17a637f2cfbbbe0b6c1dbaa102b0f11f5bba8d19e1ece25d0f3206d9cfc434bfcb2e4bb895fd43d31f8a54cb20187eed658c1260e6da59c5eb3a47d60f55da56b2be4d8f6"], 0x20) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r12) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x4, 0x90168, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) 57.641927694s ago: executing program 4 (id=749): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_config_ext={0x9, 0x2}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x11, 0x80003, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0408cab87ffb514d3865a6db4571d18d0ebe3f07d89a8583a39b22019def6c195ef9cd42708cd6a8d59dde8ca50fbef5c04ba6", @ANYRES32, @ANYBLOB="0000008942bac37157a9a0c69dea650000000000000000000000000000000000b648c42211bc7ffb7c22a7eb6151f9ded5f58715680be70a91dcd03f9c0d671d78a5a0022e590a1d7baae56cf9e3d30dec332026b80087255958f62992e902d77be78115b9da011b487f15bce01252e22f458ad5f1d29399a64a7afb6b731ad478ec241bd4c4550f5e3979504e9c6cfd56956bee84276db37b06e9741cee2b163629cdef7c55d780", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000008000000000000000000000000000eaff"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r3, 0x0, &(0x7f00000002c0)=""/228}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x37, 0x18, 0x2, 0x7f, 0x0, 0x10000, 0x1, 0xc, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}, 0xa527179ab10937b1, 0xffff, 0x9, 0x6, 0xa, 0x5, 0xbf, 0x0, 0x5, 0x0, 0x16}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x1) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x4c2, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0x2, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, r5, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="0b000000050000000100010009000000010000004c938582ead32f278214db1233474d8928588ee7efc2f6193b400dee73eebc2d99bc1c8b00de295efc0f210907dc1a1a8e2c99d86c8e98c3a1ccb6b2f970f497081b4cb17e855a4bcd83b52275acdd83b5debf85f436b661b4c160e19a", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{}, &(0x7f0000000780)=0x40000000, &(0x7f00000007c0)='%pS \x00', 0x2}, 0x20) recvmsg$unix(0xffffffffffffffff, 0x0, 0x40010040) r6 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000001001000001000000dc000000000000005c60653b725db68d5f97e1d7872bf2daea5f20470b5db4105f895f4f23048e26dfe56915e7212a6d226e5ed5923098244d75cbbb02749f444768df45ea1eed54189c385937ae51fecf14b60d78a2e2f8338d14040cd0b56910d95dd2526900e4e200224ff9bea61b9867cd253840f9e990b16c802e51f62f13990b1031097ad64a647969678511f653e080462a1a96ddd4bef50e187278db519da263c42281538c904ed18d9c0dcee403104cebf276088561d7e0996a694ccb244aec22822687e867d5c4060764fc2b4091d7d3692880c3eed226b767195613645e2a868344150ab257b34fc573febaa48fdd4bfc05056919a1afbe54fd4c77677d4c4560ee1e03bca5d78a1197c88c5c8738425153df6e753184c9dc0a928f5f7947167290cd49b3e376a0f5a85ad6106579cf"], 0x18}, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x8, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x408003, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x1, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407ffb, 0xaea}, 0x114145, 0x30, 0xfffffbff, 0x9, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="0e00000004000000080000000100000004000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000050d6e8ddd8f914352ba57c792a811cf5953831665a2ac614db884f8c616a578252d01636f8f9a16cb285f4280aa86dd1d71b55ef8cdbf4bb350af4c7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r7}, &(0x7f0000000280), &(0x7f00000002c0)=r9}, 0x20) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xe, 0x1e, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f00000005c0)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff?\x11\xc8\xdd\x15\xcc\xd2\xf1\xff\'%\xa0\x00\x00\x00,'}, 0x30) 47.686189673s ago: executing program 4 (id=749): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_config_ext={0x9, 0x2}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x11, 0x80003, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0408cab87ffb514d3865a6db4571d18d0ebe3f07d89a8583a39b22019def6c195ef9cd42708cd6a8d59dde8ca50fbef5c04ba6", @ANYRES32, @ANYBLOB="0000008942bac37157a9a0c69dea650000000000000000000000000000000000b648c42211bc7ffb7c22a7eb6151f9ded5f58715680be70a91dcd03f9c0d671d78a5a0022e590a1d7baae56cf9e3d30dec332026b80087255958f62992e902d77be78115b9da011b487f15bce01252e22f458ad5f1d29399a64a7afb6b731ad478ec241bd4c4550f5e3979504e9c6cfd56956bee84276db37b06e9741cee2b163629cdef7c55d780", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000008000000000000000000000000000eaff"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r3, 0x0, &(0x7f00000002c0)=""/228}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x37, 0x18, 0x2, 0x7f, 0x0, 0x10000, 0x1, 0xc, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}, 0xa527179ab10937b1, 0xffff, 0x9, 0x6, 0xa, 0x5, 0xbf, 0x0, 0x5, 0x0, 0x16}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x1) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x4c2, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0x2, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, r5, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="0b000000050000000100010009000000010000004c938582ead32f278214db1233474d8928588ee7efc2f6193b400dee73eebc2d99bc1c8b00de295efc0f210907dc1a1a8e2c99d86c8e98c3a1ccb6b2f970f497081b4cb17e855a4bcd83b52275acdd83b5debf85f436b661b4c160e19a", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{}, &(0x7f0000000780)=0x40000000, &(0x7f00000007c0)='%pS \x00', 0x2}, 0x20) recvmsg$unix(0xffffffffffffffff, 0x0, 0x40010040) r6 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000001001000001000000dc000000000000005c60653b725db68d5f97e1d7872bf2daea5f20470b5db4105f895f4f23048e26dfe56915e7212a6d226e5ed5923098244d75cbbb02749f444768df45ea1eed54189c385937ae51fecf14b60d78a2e2f8338d14040cd0b56910d95dd2526900e4e200224ff9bea61b9867cd253840f9e990b16c802e51f62f13990b1031097ad64a647969678511f653e080462a1a96ddd4bef50e187278db519da263c42281538c904ed18d9c0dcee403104cebf276088561d7e0996a694ccb244aec22822687e867d5c4060764fc2b4091d7d3692880c3eed226b767195613645e2a868344150ab257b34fc573febaa48fdd4bfc05056919a1afbe54fd4c77677d4c4560ee1e03bca5d78a1197c88c5c8738425153df6e753184c9dc0a928f5f7947167290cd49b3e376a0f5a85ad6106579cf"], 0x18}, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x8, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x408003, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x1, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407ffb, 0xaea}, 0x114145, 0x30, 0xfffffbff, 0x9, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="0e00000004000000080000000100000004000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000050d6e8ddd8f914352ba57c792a811cf5953831665a2ac614db884f8c616a578252d01636f8f9a16cb285f4280aa86dd1d71b55ef8cdbf4bb350af4c7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r7}, &(0x7f0000000280), &(0x7f00000002c0)=r9}, 0x20) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xe, 0x1e, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f00000005c0)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff?\x11\xc8\xdd\x15\xcc\xd2\xf1\xff\'%\xa0\x00\x00\x00,'}, 0x30) 20.023502274s ago: executing program 4 (id=749): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_config_ext={0x9, 0x2}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x11, 0x80003, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0408cab87ffb514d3865a6db4571d18d0ebe3f07d89a8583a39b22019def6c195ef9cd42708cd6a8d59dde8ca50fbef5c04ba6", @ANYRES32, @ANYBLOB="0000008942bac37157a9a0c69dea650000000000000000000000000000000000b648c42211bc7ffb7c22a7eb6151f9ded5f58715680be70a91dcd03f9c0d671d78a5a0022e590a1d7baae56cf9e3d30dec332026b80087255958f62992e902d77be78115b9da011b487f15bce01252e22f458ad5f1d29399a64a7afb6b731ad478ec241bd4c4550f5e3979504e9c6cfd56956bee84276db37b06e9741cee2b163629cdef7c55d780", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000008000000000000000000000000000eaff"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r3, 0x0, &(0x7f00000002c0)=""/228}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x37, 0x18, 0x2, 0x7f, 0x0, 0x10000, 0x1, 0xc, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}, 0xa527179ab10937b1, 0xffff, 0x9, 0x6, 0xa, 0x5, 0xbf, 0x0, 0x5, 0x0, 0x16}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x1) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x4c2, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0x2, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, r5, 0x9) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="0b000000050000000100010009000000010000004c938582ead32f278214db1233474d8928588ee7efc2f6193b400dee73eebc2d99bc1c8b00de295efc0f210907dc1a1a8e2c99d86c8e98c3a1ccb6b2f970f497081b4cb17e855a4bcd83b52275acdd83b5debf85f436b661b4c160e19a", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000800)={{}, &(0x7f0000000780)=0x40000000, &(0x7f00000007c0)='%pS \x00', 0x2}, 0x20) recvmsg$unix(0xffffffffffffffff, 0x0, 0x40010040) r6 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000001001000001000000dc000000000000005c60653b725db68d5f97e1d7872bf2daea5f20470b5db4105f895f4f23048e26dfe56915e7212a6d226e5ed5923098244d75cbbb02749f444768df45ea1eed54189c385937ae51fecf14b60d78a2e2f8338d14040cd0b56910d95dd2526900e4e200224ff9bea61b9867cd253840f9e990b16c802e51f62f13990b1031097ad64a647969678511f653e080462a1a96ddd4bef50e187278db519da263c42281538c904ed18d9c0dcee403104cebf276088561d7e0996a694ccb244aec22822687e867d5c4060764fc2b4091d7d3692880c3eed226b767195613645e2a868344150ab257b34fc573febaa48fdd4bfc05056919a1afbe54fd4c77677d4c4560ee1e03bca5d78a1197c88c5c8738425153df6e753184c9dc0a928f5f7947167290cd49b3e376a0f5a85ad6106579cf"], 0x18}, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x8, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x408003, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x1, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407ffb, 0xaea}, 0x114145, 0x30, 0xfffffbff, 0x9, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="0e00000004000000080000000100000004000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000050d6e8ddd8f914352ba57c792a811cf5953831665a2ac614db884f8c616a578252d01636f8f9a16cb285f4280aa86dd1d71b55ef8cdbf4bb350af4c7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r7}, &(0x7f0000000280), &(0x7f00000002c0)=r9}, 0x20) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x5, 0xe, 0x1e, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f00000005c0)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff?\x11\xc8\xdd\x15\xcc\xd2\xf1\xff\'%\xa0\x00\x00\x00,'}, 0x30) 3.644429349s ago: executing program 3 (id=1073): socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) socketpair$unix(0x1, 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0) socket$kcm(0x2c, 0x3, 0x0) socket$kcm(0x2c, 0x3, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)="5c00000014006b030231a6080c000af32c00000000f800250502000f00e5aa000017d34460bc24eab556bd05251e6182949a2756f475ce36c2d13b48df000000000000ecb8f6ec63c9f4d4938037e786a6d1bdd700e6657594f1817d", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 2.421732461s ago: executing program 3 (id=1082): perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80100, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x8}, 0x100904, 0x401, 0x25, 0x0, 0x1, 0x200, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="5c00000014006b", 0x7}, {&(0x7f00000017c0)="00000000ffffffff1f01a0c9a1171aa56a7f9138a6c073e99f8f2ffed6bd642c1238663e9e5189a46cb56c776afa8ec3d4d4d9c0648fc18bad3a6b5656235d60cb5af5c5a69e10ed9fd4ea", 0x4b}, {&(0x7f0000001840)="9a9245a259250adbc6e2", 0xa}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.972173237s ago: executing program 3 (id=1086): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pimreg\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x28, 0x98, 0x5, 0xfffff004}, {0x6, 0xaf, 0x5}]}) 1.663992406s ago: executing program 0 (id=1091): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000640)={r0, &(0x7f0000000280), 0x0}, 0x20) 1.601628111s ago: executing program 3 (id=1092): syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/time_for_children\x00') syz_open_procfs$namespace(0x0, &(0x7f0000000340)='ns/time\x00') perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x7, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000700)={&(0x7f0000000280)=@nfc_llcp, 0x80, &(0x7f00000000c0)}, 0x43) r2 = socket$kcm(0x11, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 1.523824805s ago: executing program 1 (id=1093): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_bp={&(0x7f0000000040)}, 0x1c145, 0x2e, 0xfffffbff, 0x3, 0x40, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x5}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000000c0), 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="d50a0000010000006311140000000000180000000000000000000000000000009500001600000000a4112a48ddb581cbcaab969b6e525ea60e6786a52f276307016a238660c1cf52d88698046757482b8e2ec38272933919bd95dce667af4faf9fd8f1357dd78bacba556bd0e29cd99c23c7e771677dcaaaa876b0dc9ba0c43fc6ecbee2c5adbc023ac2843e2a72244005bbe5fb2ee032f230375bcefef9a9da2eddebb65b55e540cda30476a98e"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) socket$kcm(0x10, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="180200000000000000000000000000008500000087000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x2, 0x80, 0xc2, 0xc}}) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000001a40)={r2}, 0x8) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), 0x0, 0xfffffffb}, 0x38) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) socket$kcm(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc851, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_config_ext={0x8, 0x7f}, 0x4001, 0x0, 0xea0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xc, 0xffffffffffffffff, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210}) recvmsg(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {0x0}], 0x2}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000008c0)={r3, 0x58, &(0x7f0000000b00)}, 0x10) r4 = socket$kcm(0x2, 0x3, 0x2) sendmsg$kcm(r4, 0x0, 0x8400) sendmsg$inet(r4, 0x0, 0x0) 1.464135352s ago: executing program 2 (id=1094): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000600)={0x5, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5, 0x80260, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') 1.447639221s ago: executing program 0 (id=1095): socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = gettid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x41}, 0x1) r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0xa, 0x0, 0x0, 0x4, 0x0, 0x9, 0xc200, 0xa, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8001, 0x2, @perf_bp={&(0x7f0000000000), 0x18}, 0x3080a2, 0x8000000000000000, 0xffffffff, 0x3, 0x0, 0x7, 0x9, 0x0, 0x43e1, 0x0, 0x3ff}, r0, 0x9, r1, 0x8) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x100242, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00'}, 0x94) r3 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r3, 0x84, 0x7d, &(0x7f0000000000), 0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x18000000000002a0, 0xd, 0x0, &(0x7f00000000c0)="b9ff03030018698cb89e40f086", 0x0, 0x100, 0x2000000, 0x0, 0x0, &(0x7f0000000440)}, 0x50) 1.228085214s ago: executing program 0 (id=1096): openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) socket$kcm(0x21, 0x2, 0xa) socket$kcm(0x21, 0x2, 0xa) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1.207434886s ago: executing program 2 (id=1097): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x180, 0xc8, 0x400000, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x20b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfdef) 1.192764062s ago: executing program 1 (id=1098): bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 922.84091ms ago: executing program 2 (id=1099): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x4b, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96') ioctl$TUNSETCARRIER(r2, 0x400454e2, &(0x7f0000000000)) close(r2) 689.880149ms ago: executing program 2 (id=1100): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073110203000000008510008002000000b7000000000000009500c200000000009500001200000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x70) 689.638366ms ago: executing program 1 (id=1101): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r0, &(0x7f00000003c0), 0x0}, 0x20) 632.803788ms ago: executing program 1 (id=1102): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000061182b00000000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 540.40512ms ago: executing program 0 (id=1103): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0) r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00"/12, @ANYRES32, @ANYBLOB="ac14142ae0000001000000e837000000000000000000"], 0x58}, 0x4000080) 473.521691ms ago: executing program 2 (id=1104): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48283, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xb) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f0000000140)) 472.240763ms ago: executing program 3 (id=1105): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073116800000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 388.149284ms ago: executing program 1 (id=1106): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xf1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xc40}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0xc05}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000071120800000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x80) 285.763652ms ago: executing program 0 (id=1107): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1a, 0x4, 0x118, 0x1, 0x0, 0xffffffffffffffff, 0x23, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x805e}, 0x50) 240.035466ms ago: executing program 3 (id=1108): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 158.168954ms ago: executing program 1 (id=1109): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x8, &(0x7f00000003c0)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 186.321µs ago: executing program 0 (id=1110): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 0s ago: executing program 2 (id=1111): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r0, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r1, 0x24, 0x0, 0xd8, &(0x7f0000000000)=[0x0, 0x0], 0x2, 0x0, 0x0, 0x0, 0x0}, 0x40) kernel console output (not intermixed with test programs): epages_size=2048kB [ 130.409502][ T6463] 73376 total pagecache pages [ 130.417943][ T6463] 0 pages in swap cache [ 130.429787][ T6463] Free swap = 124996kB [ 130.438416][ T6463] Total swap = 124996kB [ 130.447870][ T6463] 2097051 pages RAM [ 130.455186][ T6463] 0 pages HighMem/MovableOnly [ 130.464510][ T6463] 424704 pages reserved [ 130.488500][ T6463] 0 pages cma reserved [ 132.528889][ T6514] netlink: 'syz.0.178': attribute type 29 has an invalid length. [ 132.885756][ T6521] netlink: 60 bytes leftover after parsing attributes in process `syz.3.179'. [ 132.935613][ T6517] netlink: 60 bytes leftover after parsing attributes in process `syz.3.179'. [ 132.956916][ T6523] netlink: 60 bytes leftover after parsing attributes in process `syz.3.179'. [ 132.978641][ T6514] netlink: 'syz.0.178': attribute type 29 has an invalid length. [ 133.011123][ T6519] netlink: 'syz.0.178': attribute type 29 has an invalid length. [ 133.082877][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.092587][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.143428][ T6522] delete_channel: no stack [ 135.032191][ T6538] netlink: 'syz.0.183': attribute type 12 has an invalid length. [ 135.044021][ T6538] netlink: 132 bytes leftover after parsing attributes in process `syz.0.183'. [ 135.397520][ T6563] netlink: 60 bytes leftover after parsing attributes in process `syz.3.192'. [ 135.434433][ T6560] netlink: 60 bytes leftover after parsing attributes in process `syz.3.192'. [ 135.467017][ T6563] netlink: 60 bytes leftover after parsing attributes in process `syz.3.192'. [ 135.730675][ T6567] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 135.738577][ T6567] IPv6: NLM_F_CREATE should be set when creating new route [ 135.746563][ T6567] IPv6: NLM_F_CREATE should be set when creating new route [ 135.754293][ T6567] IPv6: NLM_F_CREATE should be set when creating new route [ 136.006503][ T5830] Bluetooth: hci0: ISO packet for unknown connection handle 255 [ 136.526365][ T6596] netlink: 60 bytes leftover after parsing attributes in process `syz.2.205'. [ 136.564484][ T6594] netlink: 60 bytes leftover after parsing attributes in process `syz.2.205'. [ 136.588184][ T6594] netlink: 60 bytes leftover after parsing attributes in process `syz.2.205'. [ 137.553928][ T5830] Bluetooth: hci0: ISO packet for unknown connection handle 255 [ 137.852279][ T6617] netlink: 'syz.0.212': attribute type 4 has an invalid length. [ 138.003524][ T6621] FAULT_INJECTION: forcing a failure. [ 138.003524][ T6621] name failslab, interval 1, probability 0, space 0, times 0 [ 138.105329][ T6621] CPU: 1 UID: 0 PID: 6621 Comm: syz.2.214 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 138.105363][ T6621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.105377][ T6621] Call Trace: [ 138.105386][ T6621] [ 138.105396][ T6621] dump_stack_lvl+0x189/0x250 [ 138.105439][ T6621] ? __pfx____ratelimit+0x10/0x10 [ 138.105462][ T6621] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.105497][ T6621] ? __pfx__printk+0x10/0x10 [ 138.105529][ T6621] ? __pfx___might_resched+0x10/0x10 [ 138.105570][ T6621] should_fail_ex+0x414/0x560 [ 138.105608][ T6621] should_failslab+0xa8/0x100 [ 138.105651][ T6621] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 138.105679][ T6621] ? __get_vm_area_node+0x13f/0x300 [ 138.105711][ T6621] __get_vm_area_node+0x13f/0x300 [ 138.105743][ T6621] __vmalloc_node_range_noprof+0x301/0x12f0 [ 138.105772][ T6621] ? copy_process+0x54b/0x3c00 [ 138.105805][ T6621] ? percpu_ref_get_many+0x19/0x140 [ 138.105835][ T6621] ? percpu_ref_get_many+0x19/0x140 [ 138.105881][ T6621] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 138.105913][ T6621] ? memcpy_and_pad+0x48/0x80 [ 138.105948][ T6621] __vmalloc_node_noprof+0xc2/0x110 [ 138.105976][ T6621] ? copy_process+0x54b/0x3c00 [ 138.105994][ T6621] ? copy_process+0x54b/0x3c00 [ 138.106018][ T6621] dup_task_struct+0x3e7/0x860 [ 138.106046][ T6621] copy_process+0x54b/0x3c00 [ 138.106092][ T6621] ? get_pid_task+0x20/0x1f0 [ 138.106123][ T6621] ? __pfx_copy_process+0x10/0x10 [ 138.106161][ T6621] kernel_clone+0x21e/0x870 [ 138.106182][ T6621] ? vfs_write+0x8d8/0xa90 [ 138.106210][ T6621] ? __pfx_kernel_clone+0x10/0x10 [ 138.106247][ T6621] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 138.106279][ T6621] __x64_sys_clone+0x18b/0x1e0 [ 138.106311][ T6621] ? __pfx___x64_sys_clone+0x10/0x10 [ 138.106352][ T6621] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 138.106384][ T6621] ? __pfx_ksys_write+0x10/0x10 [ 138.106404][ T6621] ? rcu_is_watching+0x15/0xb0 [ 138.106447][ T6621] ? do_syscall_64+0xbe/0x3b0 [ 138.106475][ T6621] do_syscall_64+0xfa/0x3b0 [ 138.106497][ T6621] ? lockdep_hardirqs_on+0x9c/0x150 [ 138.106518][ T6621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.106540][ T6621] ? clear_bhb_loop+0x60/0xb0 [ 138.106567][ T6621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.106589][ T6621] RIP: 0033:0x7f840d58e929 [ 138.106609][ T6621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.106635][ T6621] RSP: 002b:00007f840e332fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 138.106659][ T6621] RAX: ffffffffffffffda RBX: 00007f840d7b5fa0 RCX: 00007f840d58e929 [ 138.106675][ T6621] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000100000 [ 138.106690][ T6621] RBP: 00007f840e333090 R08: 0000000000000000 R09: 0000000000000000 [ 138.106704][ T6621] R10: 0000200000000140 R11: 0000000000000206 R12: 0000000000000001 [ 138.106718][ T6621] R13: 0000000000000001 R14: 00007f840d7b5fa0 R15: 00007ffec5a33f28 [ 138.106752][ T6621] [ 139.682341][ T6633] __nla_validate_parse: 6 callbacks suppressed [ 139.682366][ T6633] netlink: 60 bytes leftover after parsing attributes in process `syz.2.216'. [ 139.720364][ T6631] netlink: 60 bytes leftover after parsing attributes in process `syz.2.216'. [ 139.742349][ T6638] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 139.762075][ T6638] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 139.790721][ T6636] netlink: 60 bytes leftover after parsing attributes in process `syz.2.216'. [ 139.800809][ T6643] netlink: 60 bytes leftover after parsing attributes in process `syz.1.220'. [ 139.847427][ T6642] netlink: 60 bytes leftover after parsing attributes in process `syz.1.220'. [ 139.959040][ T6644] netlink: 60 bytes leftover after parsing attributes in process `syz.1.220'. [ 140.031357][ T6649] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.092626][ T6649] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.225355][ T6650] netlink: 'syz.2.223': attribute type 21 has an invalid length. [ 140.233373][ T6650] netlink: 'syz.2.223': attribute type 22 has an invalid length. [ 140.261577][ T6650] netlink: 14380 bytes leftover after parsing attributes in process `syz.2.223'. [ 140.276822][ T6649] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.362212][ T6649] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.749532][ T6671] netlink: 'syz.3.227': attribute type 3 has an invalid length. [ 140.757413][ T6671] netlink: 146628 bytes leftover after parsing attributes in process `syz.3.227'. [ 140.974057][ T6674] netlink: 60 bytes leftover after parsing attributes in process `syz.0.230'. [ 141.002128][ T6674] netlink: 60 bytes leftover after parsing attributes in process `syz.0.230'. [ 141.640571][ T6679] netlink: 'syz.2.232': attribute type 21 has an invalid length. [ 141.649464][ T6679] netlink: 'syz.2.232': attribute type 5 has an invalid length. [ 141.660731][ T6679] netlink: 'syz.2.232': attribute type 6 has an invalid length. [ 141.725029][ T5830] Bluetooth: hci1: ISO packet for unknown connection handle 255 [ 141.897439][ T6675] syz.1.229 (6675) used greatest stack depth: 17160 bytes left [ 141.986494][ T6685] netlink: 'syz.2.232': attribute type 6 has an invalid length. [ 142.116567][ T6689] IPv6: Can't replace route, no match found [ 142.918217][ T5830] Bluetooth: hci3: ISO packet for unknown connection handle 255 [ 143.309069][ T5830] Bluetooth: hci3: unexpected event 0x12 length: 15 > 8 [ 143.399382][ T6729] FAULT_INJECTION: forcing a failure. [ 143.399382][ T6729] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.459583][ T6729] CPU: 1 UID: 0 PID: 6729 Comm: syz.3.248 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 143.459616][ T6729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 143.459629][ T6729] Call Trace: [ 143.459638][ T6729] [ 143.459648][ T6729] dump_stack_lvl+0x189/0x250 [ 143.459688][ T6729] ? __pfx____ratelimit+0x10/0x10 [ 143.459711][ T6729] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.459746][ T6729] ? __pfx__printk+0x10/0x10 [ 143.459771][ T6729] ? __might_fault+0xb0/0x130 [ 143.459799][ T6729] ? __might_fault+0xb0/0x130 [ 143.459831][ T6729] should_fail_ex+0x414/0x560 [ 143.459875][ T6729] _copy_from_user+0x2d/0xb0 [ 143.459909][ T6729] csum_and_copy_from_iter_full+0x1e1/0x1eb0 [ 143.459971][ T6729] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 143.460021][ T6729] ? trace_kmalloc+0x1f/0xd0 [ 143.460048][ T6729] ip_generic_getfrag+0x12f/0x2b0 [ 143.460076][ T6729] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 143.460103][ T6729] ? skb_put+0x11b/0x210 [ 143.460137][ T6729] __ip_append_data+0x3240/0x40f0 [ 143.460187][ T6729] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 143.460238][ T6729] ? __pfx___ip_append_data+0x10/0x10 [ 143.460260][ T6729] ? __asan_memcpy+0x40/0x70 [ 143.460296][ T6729] ? ip_setup_cork+0x577/0x9a0 [ 143.460322][ T6729] ip_make_skb+0x1de/0x3f0 [ 143.460352][ T6729] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 143.460373][ T6729] ? __pfx_ip_make_skb+0x10/0x10 [ 143.460405][ T6729] ? ip_route_output_flow+0x1d/0x150 [ 143.460452][ T6729] udp_sendmsg+0x191e/0x2300 [ 143.460501][ T6729] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 143.460523][ T6729] ? __pfx_udp_sendmsg+0x10/0x10 [ 143.460554][ T6729] ? irqentry_exit+0x74/0x90 [ 143.460585][ T6729] ? inet_sendmsg+0x14f/0x370 [ 143.460636][ T6729] ? inet_sendmsg+0x14f/0x370 [ 143.460661][ T6729] ? inet_sendmsg+0x29c/0x370 [ 143.460690][ T6729] __sock_sendmsg+0x19c/0x270 [ 143.460717][ T6729] ____sys_sendmsg+0x505/0x830 [ 143.460756][ T6729] ? __pfx_____sys_sendmsg+0x10/0x10 [ 143.460800][ T6729] ? import_iovec+0x74/0xa0 [ 143.460830][ T6729] ___sys_sendmsg+0x21f/0x2a0 [ 143.460865][ T6729] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.460933][ T6729] ? __fget_files+0x2a/0x420 [ 143.460979][ T6729] ? __fget_files+0x2a/0x420 [ 143.461005][ T6729] ? __fget_files+0x3a0/0x420 [ 143.461047][ T6729] __x64_sys_sendmsg+0x19b/0x260 [ 143.461083][ T6729] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 143.461149][ T6729] do_syscall_64+0xfa/0x3b0 [ 143.461175][ T6729] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.461195][ T6729] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 143.461217][ T6729] ? clear_bhb_loop+0x60/0xb0 [ 143.461245][ T6729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.461266][ T6729] RIP: 0033:0x7f3c1318e929 [ 143.461287][ T6729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.461305][ T6729] RSP: 002b:00007f3c140ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.461328][ T6729] RAX: ffffffffffffffda RBX: 00007f3c133b6080 RCX: 00007f3c1318e929 [ 143.461343][ T6729] RDX: 0000000000000000 RSI: 0000200000007940 RDI: 0000000000000009 [ 143.461356][ T6729] RBP: 00007f3c140ad090 R08: 0000000000000000 R09: 0000000000000000 [ 143.461370][ T6729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 143.461382][ T6729] R13: 0000000000000000 R14: 00007f3c133b6080 R15: 00007ffcbe62e868 [ 143.461420][ T6729] [ 144.700015][ T6748] __nla_validate_parse: 15 callbacks suppressed [ 144.700039][ T6748] netlink: 60 bytes leftover after parsing attributes in process `syz.2.257'. [ 145.284730][ T6769] netlink: 167 bytes leftover after parsing attributes in process `syz.1.261'. [ 145.474456][ T6773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.265'. [ 145.495241][ T6772] netlink: 60 bytes leftover after parsing attributes in process `syz.0.265'. [ 145.531919][ T6773] netlink: 60 bytes leftover after parsing attributes in process `syz.0.265'. [ 145.723040][ T6778] netlink: 60 bytes leftover after parsing attributes in process `syz.4.264'. [ 145.883327][ T6775] netlink: 60 bytes leftover after parsing attributes in process `syz.4.264'. [ 145.934917][ T6781] netlink: 60 bytes leftover after parsing attributes in process `syz.4.264'. [ 146.177022][ T6777] netlink: 'syz.0.266': attribute type 10 has an invalid length. [ 146.249636][ T6782] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.266'. [ 148.974157][ T6777] hsr_slave_0 (unregistering): left promiscuous mode [ 149.274076][ T6813] netlink: 60 bytes leftover after parsing attributes in process `syz.1.276'. [ 149.531815][ T6818] netlink: 'syz.3.278': attribute type 21 has an invalid length. [ 149.563962][ T6818] netlink: 'syz.3.278': attribute type 4 has an invalid length. [ 149.587907][ T6818] bridge_slave_1: left allmulticast mode [ 149.613957][ T6818] bridge_slave_1: left promiscuous mode [ 149.630666][ T6818] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.682581][ T6818] bridge_slave_0: left allmulticast mode [ 149.689173][ T6818] bridge_slave_0: left promiscuous mode [ 149.704187][ T6818] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.893144][ T6825] __nla_validate_parse: 3 callbacks suppressed [ 149.893165][ T6825] netlink: 60 bytes leftover after parsing attributes in process `syz.1.280'. [ 149.935032][ T6822] netlink: 60 bytes leftover after parsing attributes in process `syz.1.280'. [ 149.968978][ T6822] netlink: 60 bytes leftover after parsing attributes in process `syz.1.280'. [ 150.986268][ T6852] delete_channel: no stack [ 151.185410][ T6856] delete_channel: no stack [ 151.528103][ T6865] netlink: 60 bytes leftover after parsing attributes in process `syz.2.294'. [ 151.551439][ T6864] netlink: 60 bytes leftover after parsing attributes in process `syz.2.294'. [ 151.570471][ T6865] netlink: 60 bytes leftover after parsing attributes in process `syz.2.294'. [ 151.600450][ T6867] cgroup: fork rejected by pids controller in /syz0 [ 151.901103][ T5830] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 152.037975][ T6978] netlink: 'syz.3.301': attribute type 2 has an invalid length. [ 152.073226][ T6978] netlink: 'syz.3.301': attribute type 1 has an invalid length. [ 152.114033][ T6978] netlink: 132 bytes leftover after parsing attributes in process `syz.3.301'. [ 152.206814][ T6980] netlink: 'syz.3.301': attribute type 16 has an invalid length. [ 152.288722][ T6980] netlink: 48 bytes leftover after parsing attributes in process `syz.3.301'. [ 152.370017][ T6980] bridge_slave_0: entered allmulticast mode [ 152.580511][ T6988] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.302'. [ 152.604391][ T6983] delete_channel: no stack [ 153.708176][ T6996] netlink: 40227 bytes leftover after parsing attributes in process `syz.2.305'. [ 154.523531][ T7011] netlink: 'syz.2.309': attribute type 27 has an invalid length. [ 157.527675][ T5830] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 157.699571][ T7020] delete_channel: no stack [ 157.705945][ T7028] __nla_validate_parse: 3 callbacks suppressed [ 157.705965][ T7028] netlink: 60 bytes leftover after parsing attributes in process `syz.2.313'. [ 157.760869][ T7023] netlink: 60 bytes leftover after parsing attributes in process `syz.2.313'. [ 157.858481][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.899524][ T7031] netlink: 60 bytes leftover after parsing attributes in process `syz.2.313'. [ 157.913716][ T7032] netlink: 60 bytes leftover after parsing attributes in process `syz.3.316'. [ 157.971603][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.018387][ T7030] netlink: 60 bytes leftover after parsing attributes in process `syz.3.316'. [ 158.029583][ T7033] netlink: 60 bytes leftover after parsing attributes in process `syz.3.316'. [ 158.136735][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.219093][ T5830] Bluetooth: hci4: unexpected event 0x12 length: 15 > 8 [ 158.219549][ T7041] netlink: 60 bytes leftover after parsing attributes in process `syz.2.319'. [ 158.259117][ T7040] netlink: 60 bytes leftover after parsing attributes in process `syz.2.319'. [ 158.341420][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.398848][ T7045] netlink: 60 bytes leftover after parsing attributes in process `syz.2.319'. [ 158.658545][ T7050] netlink: 'syz.2.323': attribute type 2 has an invalid length. [ 158.686830][ T7050] netlink: 144 bytes leftover after parsing attributes in process `syz.2.323'. [ 158.895558][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 158.905190][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 158.913778][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 158.924471][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 158.932517][ T5841] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 159.322335][ T5841] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 159.762600][ T7069] netlink: 'syz.4.327': attribute type 29 has an invalid length. [ 159.809234][ T7069] netlink: 'syz.4.327': attribute type 29 has an invalid length. [ 159.961681][ T7051] chnl_net:caif_netlink_parms(): no params data found [ 159.982229][ T7069] warning: `syz.4.327' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 160.334101][ T7078] delete_channel: no stack [ 160.434267][ T49] bridge_slave_1: left allmulticast mode [ 160.453280][ T49] bridge_slave_1: left promiscuous mode [ 160.462514][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.539028][ T49] bridge_slave_0: left allmulticast mode [ 160.550984][ T49] bridge_slave_0: left promiscuous mode [ 160.560068][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.958614][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.971252][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.980459][ T5841] Bluetooth: hci0: command tx timeout [ 160.988824][ T49] bond0 (unregistering): Released all slaves [ 161.938789][ T7051] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.965181][ T7051] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.972707][ T7051] bridge_slave_0: entered allmulticast mode [ 162.019468][ T7051] bridge_slave_0: entered promiscuous mode [ 162.078719][ T7051] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.110923][ T7051] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.140523][ T7051] bridge_slave_1: entered allmulticast mode [ 162.205352][ T7051] bridge_slave_1: entered promiscuous mode [ 162.231257][ T7114] netlink: 'syz.1.338': attribute type 29 has an invalid length. [ 162.252620][ T7117] netlink: 'syz.1.338': attribute type 29 has an invalid length. [ 162.629105][ T7138] delete_channel: no stack [ 162.705582][ T7051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.751312][ T7051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.837196][ T7149] __nla_validate_parse: 15 callbacks suppressed [ 162.837220][ T7149] netlink: 60 bytes leftover after parsing attributes in process `syz.3.344'. [ 162.882539][ T7143] netlink: 60 bytes leftover after parsing attributes in process `syz.3.344'. [ 163.034441][ T49] hsr_slave_1: left promiscuous mode [ 163.058790][ T5841] Bluetooth: hci0: command tx timeout [ 163.097677][ T7161] netlink: 10 bytes leftover after parsing attributes in process `syz.4.346'. [ 163.277062][ T49] veth1_macvtap: left promiscuous mode [ 163.339820][ T49] veth0_macvtap: left promiscuous mode [ 163.397839][ T49] veth1_vlan: left promiscuous mode [ 163.417841][ T49] veth0_vlan: left promiscuous mode [ 163.979375][ T7171] netlink: 'syz.1.350': attribute type 11 has an invalid length. [ 163.989636][ T7171] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.350'. [ 164.001671][ T7171] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.129107][ T7176] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.349'. [ 164.170348][ T7176] netlink: 16211 bytes leftover after parsing attributes in process `syz.2.349'. [ 164.561173][ T49] team0 (unregistering): Port device team_slave_1 removed [ 164.607739][ T49] team0 (unregistering): Port device team_slave_0 removed [ 164.989101][ T7152] netlink: 60 bytes leftover after parsing attributes in process `syz.3.344'. [ 165.069303][ T7051] team0: Port device team_slave_0 added [ 165.116902][ T7169] netlink: 152 bytes leftover after parsing attributes in process `syz.2.349'. [ 165.134460][ T5841] Bluetooth: hci0: command tx timeout [ 165.143067][ T7180] netlink: 60 bytes leftover after parsing attributes in process `syz.1.352'. [ 165.182186][ T7183] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.190331][ T7183] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.277406][ T7183] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.300838][ T7183] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.345118][ T7184] delete_channel: no stack [ 165.491207][ T7051] team0: Port device team_slave_1 added [ 165.673559][ T7051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.692456][ T7051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.734377][ T7051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.761814][ T7051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.785633][ T7051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.819710][ T7051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.992425][ T7201] netlink: 60 bytes leftover after parsing attributes in process `syz.3.359'. [ 166.186196][ T7051] hsr_slave_0: entered promiscuous mode [ 166.212850][ T7051] hsr_slave_1: entered promiscuous mode [ 167.224113][ T5841] Bluetooth: hci0: command tx timeout [ 167.245466][ T7235] FAULT_INJECTION: forcing a failure. [ 167.245466][ T7235] name failslab, interval 1, probability 0, space 0, times 0 [ 167.259759][ T7235] CPU: 1 UID: 0 PID: 7235 Comm: syz.2.369 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 167.259788][ T7235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.259800][ T7235] Call Trace: [ 167.259809][ T7235] [ 167.259818][ T7235] dump_stack_lvl+0x189/0x250 [ 167.259863][ T7235] ? __pfx____ratelimit+0x10/0x10 [ 167.259886][ T7235] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.259919][ T7235] ? __pfx__printk+0x10/0x10 [ 167.259949][ T7235] ? __pfx___might_resched+0x10/0x10 [ 167.259981][ T7235] ? fs_reclaim_acquire+0x7d/0x100 [ 167.260014][ T7235] should_fail_ex+0x414/0x560 [ 167.260050][ T7235] should_failslab+0xa8/0x100 [ 167.260077][ T7235] __kmalloc_noprof+0xcb/0x4f0 [ 167.260099][ T7235] ? kernfs_fop_write_iter+0x158/0x4f0 [ 167.260126][ T7235] kernfs_fop_write_iter+0x158/0x4f0 [ 167.260155][ T7235] vfs_write+0x54b/0xa90 [ 167.260183][ T7235] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 167.260206][ T7235] ? __pfx_vfs_write+0x10/0x10 [ 167.260241][ T7235] ? __fget_files+0x2a/0x420 [ 167.260278][ T7235] ksys_write+0x145/0x250 [ 167.260304][ T7235] ? __pfx_ksys_write+0x10/0x10 [ 167.260322][ T7235] ? rcu_is_watching+0x15/0xb0 [ 167.260361][ T7235] ? do_syscall_64+0xbe/0x3b0 [ 167.260388][ T7235] do_syscall_64+0xfa/0x3b0 [ 167.260408][ T7235] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.260427][ T7235] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.260447][ T7235] ? clear_bhb_loop+0x60/0xb0 [ 167.260473][ T7235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.260493][ T7235] RIP: 0033:0x7f840d58e929 [ 167.260512][ T7235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.260529][ T7235] RSP: 002b:00007f840e333038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 167.260552][ T7235] RAX: ffffffffffffffda RBX: 00007f840d7b5fa0 RCX: 00007f840d58e929 [ 167.260566][ T7235] RDX: 0000000000000031 RSI: 0000200000000200 RDI: 0000000000000004 [ 167.260579][ T7235] RBP: 00007f840e333090 R08: 0000000000000000 R09: 0000000000000000 [ 167.260592][ T7235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.260604][ T7235] R13: 0000000000000000 R14: 00007f840d7b5fa0 R15: 00007ffec5a33f28 [ 167.260645][ T7235] [ 167.812697][ T7244] FAULT_INJECTION: forcing a failure. [ 167.812697][ T7244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.829522][ T7244] CPU: 0 UID: 0 PID: 7244 Comm: syz.1.371 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 167.829552][ T7244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.829564][ T7244] Call Trace: [ 167.829585][ T7244] [ 167.829596][ T7244] dump_stack_lvl+0x189/0x250 [ 167.829645][ T7244] ? __pfx____ratelimit+0x10/0x10 [ 167.829676][ T7244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.829719][ T7244] ? __pfx__printk+0x10/0x10 [ 167.829757][ T7244] ? __might_fault+0xb0/0x130 [ 167.829802][ T7244] ? __might_fault+0xb0/0x130 [ 167.829862][ T7244] should_fail_ex+0x414/0x560 [ 167.829929][ T7244] _copy_from_user+0x2d/0xb0 [ 167.829965][ T7244] vmemdup_user+0x59/0xd0 [ 167.830006][ T7244] map_get_next_key+0x1be/0x5f0 [ 167.830050][ T7244] ? bpf_lsm_bpf+0x9/0x20 [ 167.830069][ T7244] ? security_bpf+0x7e/0x300 [ 167.830119][ T7244] __sys_bpf+0x7bf/0x860 [ 167.830170][ T7244] ? __pfx___sys_bpf+0x10/0x10 [ 167.830288][ T7244] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 167.830329][ T7244] ? __pfx_ksys_write+0x10/0x10 [ 167.830349][ T7244] ? rcu_is_watching+0x15/0xb0 [ 167.830428][ T7244] __x64_sys_bpf+0x7c/0x90 [ 167.830469][ T7244] do_syscall_64+0xfa/0x3b0 [ 167.830494][ T7244] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.830520][ T7244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.830545][ T7244] ? clear_bhb_loop+0x60/0xb0 [ 167.830596][ T7244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.830618][ T7244] RIP: 0033:0x7f2f12f8e929 [ 167.830643][ T7244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.830661][ T7244] RSP: 002b:00007f2f13d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 167.830683][ T7244] RAX: ffffffffffffffda RBX: 00007f2f131b5fa0 RCX: 00007f2f12f8e929 [ 167.830698][ T7244] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000004 [ 167.830711][ T7244] RBP: 00007f2f13d64090 R08: 0000000000000000 R09: 0000000000000000 [ 167.830724][ T7244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.830735][ T7244] R13: 0000000000000000 R14: 00007f2f131b5fa0 R15: 00007ffc6c2ef868 [ 167.830837][ T7244] [ 168.443702][ T7260] __nla_validate_parse: 13 callbacks suppressed [ 168.450464][ T7260] netlink: 60 bytes leftover after parsing attributes in process `syz.2.375'. [ 168.465047][ T7254] netlink: 60 bytes leftover after parsing attributes in process `syz.2.375'. [ 168.499951][ T7263] netlink: 60 bytes leftover after parsing attributes in process `syz.2.375'. [ 168.742396][ T7261] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.377'. [ 169.202184][ T7051] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 169.270331][ T7051] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 169.318695][ T7051] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 169.355800][ T7051] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 169.380094][ T7278] netlink: 60 bytes leftover after parsing attributes in process `syz.1.379'. [ 169.438177][ T7275] netlink: 60 bytes leftover after parsing attributes in process `syz.1.379'. [ 169.482380][ T7282] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.380'. [ 169.493706][ T7281] netlink: 60 bytes leftover after parsing attributes in process `syz.1.379'. [ 170.022940][ T7297] netlink: 167 bytes leftover after parsing attributes in process `syz.1.381'. [ 170.647524][ T7051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.787501][ T7051] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.859114][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.866483][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.964343][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.971664][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.863613][ T7051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.053454][ T7051] veth0_vlan: entered promiscuous mode [ 172.096135][ T7051] veth1_vlan: entered promiscuous mode [ 172.324172][ T7319] netlink: 60 bytes leftover after parsing attributes in process `syz.4.382'. [ 172.387373][ T7051] veth0_macvtap: entered promiscuous mode [ 172.439013][ T7051] veth1_macvtap: entered promiscuous mode [ 172.563694][ T7051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.632236][ T7051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.705227][ T7051] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.766028][ T7051] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.803807][ T7051] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.835610][ T7051] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.868892][ T7333] FAULT_INJECTION: forcing a failure. [ 172.868892][ T7333] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.890793][ T7333] CPU: 0 UID: 0 PID: 7333 Comm: syz.4.389 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 172.890822][ T7333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.890835][ T7333] Call Trace: [ 172.890849][ T7333] [ 172.890860][ T7333] dump_stack_lvl+0x189/0x250 [ 172.890907][ T7333] ? __pfx____ratelimit+0x10/0x10 [ 172.890938][ T7333] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.890980][ T7333] ? __pfx__printk+0x10/0x10 [ 172.891016][ T7333] ? __might_fault+0xb0/0x130 [ 172.891058][ T7333] ? __might_fault+0xb0/0x130 [ 172.891113][ T7333] should_fail_ex+0x414/0x560 [ 172.891174][ T7333] _copy_from_user+0x2d/0xb0 [ 172.891211][ T7333] ___sys_sendmsg+0x158/0x2a0 [ 172.891264][ T7333] ? __pfx____sys_sendmsg+0x10/0x10 [ 172.891419][ T7333] ? __fget_files+0x2a/0x420 [ 172.891516][ T7333] ? __fget_files+0x2a/0x420 [ 172.891545][ T7333] ? __fget_files+0x3a0/0x420 [ 172.891635][ T7333] __x64_sys_sendmsg+0x19b/0x260 [ 172.891663][ T7333] ? clockevents_program_event+0x24d/0x360 [ 172.891706][ T7333] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 172.891733][ T7333] ? perf_trace_preemptirq_template+0xa3/0x340 [ 172.891812][ T7333] ? irqentry_exit_to_user_mode+0xd1/0x120 [ 172.891879][ T7333] ? do_syscall_64+0xbe/0x3b0 [ 172.891927][ T7333] do_syscall_64+0xfa/0x3b0 [ 172.891962][ T7333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.891982][ T7333] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 172.892003][ T7333] ? clear_bhb_loop+0x60/0xb0 [ 172.892048][ T7333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.892072][ T7333] RIP: 0033:0x7f3fc718e929 [ 172.892097][ T7333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.892115][ T7333] RSP: 002b:00007f3fc80c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 172.892137][ T7333] RAX: ffffffffffffffda RBX: 00007f3fc73b5fa0 RCX: 00007f3fc718e929 [ 172.892153][ T7333] RDX: 0000000004000050 RSI: 0000200000000240 RDI: 0000000000000005 [ 172.892166][ T7333] RBP: 00007f3fc80c4090 R08: 0000000000000000 R09: 0000000000000000 [ 172.892179][ T7333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.892191][ T7333] R13: 0000000000000000 R14: 00007f3fc73b5fa0 R15: 00007ffcdc01a4b8 [ 172.892292][ T7333] [ 173.311350][ T7344] Illegal XDP return value 4294967294 on prog (id 229) dev N/A, expect packet loss! [ 173.332428][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.369657][ T5841] Bluetooth: hci3: unexpected event 0x12 length: 15 > 8 [ 173.373473][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.516578][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.532347][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.221911][ T7369] FAULT_INJECTION: forcing a failure. [ 174.221911][ T7369] name failslab, interval 1, probability 0, space 0, times 0 [ 174.293275][ T7369] CPU: 0 UID: 0 PID: 7369 Comm: syz.1.398 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 174.293306][ T7369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.293319][ T7369] Call Trace: [ 174.293327][ T7369] [ 174.293336][ T7369] dump_stack_lvl+0x189/0x250 [ 174.293376][ T7369] ? __pfx____ratelimit+0x10/0x10 [ 174.293397][ T7369] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.293430][ T7369] ? __pfx__printk+0x10/0x10 [ 174.293457][ T7369] ? fs_reclaim_acquire+0x7d/0x100 [ 174.293497][ T7369] should_fail_ex+0x414/0x560 [ 174.293533][ T7369] should_failslab+0xa8/0x100 [ 174.293561][ T7369] __kmalloc_cache_noprof+0x70/0x3d0 [ 174.293584][ T7369] ? tcx_prog_attach+0x242/0x710 [ 174.293620][ T7369] tcx_prog_attach+0x242/0x710 [ 174.293650][ T7369] ? __fget_files+0x2a/0x420 [ 174.293682][ T7369] ? __pfx_tcx_prog_attach+0x10/0x10 [ 174.293709][ T7369] ? __fget_files+0x3a0/0x420 [ 174.293733][ T7369] ? __fget_files+0x2a/0x420 [ 174.293762][ T7369] ? bpf_prog_attach_check_attach_type+0x1e5/0x540 [ 174.293800][ T7369] bpf_prog_attach+0x5db/0x7f0 [ 174.293829][ T7369] ? bpf_lsm_bpf+0x9/0x20 [ 174.293853][ T7369] __sys_bpf+0x337/0x860 [ 174.293884][ T7369] ? __pfx___sys_bpf+0x10/0x10 [ 174.293928][ T7369] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 174.293969][ T7369] __x64_sys_bpf+0x7c/0x90 [ 174.293995][ T7369] do_syscall_64+0xfa/0x3b0 [ 174.294026][ T7369] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.294044][ T7369] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 174.294064][ T7369] ? clear_bhb_loop+0x60/0xb0 [ 174.294088][ T7369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.294107][ T7369] RIP: 0033:0x7f2f12f8e929 [ 174.294125][ T7369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.294141][ T7369] RSP: 002b:00007f2f13d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 174.294161][ T7369] RAX: ffffffffffffffda RBX: 00007f2f131b5fa0 RCX: 00007f2f12f8e929 [ 174.294175][ T7369] RDX: 0000000000000020 RSI: 0000200000000480 RDI: 0000000000000008 [ 174.294188][ T7369] RBP: 00007f2f13d64090 R08: 0000000000000000 R09: 0000000000000000 [ 174.294200][ T7369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.294212][ T7369] R13: 0000000000000000 R14: 00007f2f131b5fa0 R15: 00007ffc6c2ef868 [ 174.294245][ T7369] [ 174.914697][ T5841] Bluetooth: hci2: unexpected event 0x12 length: 15 > 8 [ 175.067739][ T7399] netlink: 'syz.0.407': attribute type 10 has an invalid length. [ 175.117263][ T7399] __nla_validate_parse: 2 callbacks suppressed [ 175.117284][ T7399] netlink: 40 bytes leftover after parsing attributes in process `syz.0.407'. [ 175.166978][ T7399] team0: entered promiscuous mode [ 175.177632][ T7399] team_slave_0: entered promiscuous mode [ 175.185940][ T7399] team_slave_1: entered promiscuous mode [ 175.192010][ T7399] team0: entered allmulticast mode [ 175.201583][ T7399] team_slave_0: entered allmulticast mode [ 175.208124][ T7399] team_slave_1: entered allmulticast mode [ 175.224772][ T7399] bridge0: port 3(team0) entered blocking state [ 175.283380][ T7399] bridge0: port 3(team0) entered disabled state [ 175.381954][ T7399] bridge0: port 3(team0) entered blocking state [ 175.388473][ T7399] bridge0: port 3(team0) entered forwarding state [ 175.625984][ T7420] netlink: 60 bytes leftover after parsing attributes in process `syz.1.412'. [ 175.682453][ T7417] netlink: 60 bytes leftover after parsing attributes in process `syz.1.412'. [ 175.724912][ T7426] netlink: 'syz.2.416': attribute type 2 has an invalid length. [ 175.732956][ T7426] netlink: 126524 bytes leftover after parsing attributes in process `syz.2.416'. [ 175.742635][ T7420] netlink: 60 bytes leftover after parsing attributes in process `syz.1.412'. [ 175.766103][ T7428] netlink: 60 bytes leftover after parsing attributes in process `syz.4.415'. [ 175.786951][ T7428] netlink: 60 bytes leftover after parsing attributes in process `syz.4.415'. [ 175.935672][ T7425] netlink: 60 bytes leftover after parsing attributes in process `syz.4.415'. [ 176.034422][ T7435] FAULT_INJECTION: forcing a failure. [ 176.034422][ T7435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 176.084036][ T7435] CPU: 1 UID: 0 PID: 7435 Comm: syz.1.418 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 176.084070][ T7435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.084083][ T7435] Call Trace: [ 176.084091][ T7435] [ 176.084101][ T7435] dump_stack_lvl+0x189/0x250 [ 176.084140][ T7435] ? __pfx____ratelimit+0x10/0x10 [ 176.084164][ T7435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.084198][ T7435] ? __pfx__printk+0x10/0x10 [ 176.084236][ T7435] should_fail_ex+0x414/0x560 [ 176.084272][ T7435] _copy_to_user+0x31/0xb0 [ 176.084297][ T7435] bpf_test_finish+0x1ab/0x700 [ 176.084334][ T7435] ? __pfx_bpf_test_finish+0x10/0x10 [ 176.084359][ T7435] ? __pfx_read_tsc+0x10/0x10 [ 176.084394][ T7435] bpf_prog_test_run_xdp+0x79a/0x1000 [ 176.084441][ T7435] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 176.084476][ T7435] ? __fget_files+0x2a/0x420 [ 176.084510][ T7435] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 176.084539][ T7435] bpf_prog_test_run+0x2c4/0x340 [ 176.084576][ T7435] __sys_bpf+0x4a4/0x860 [ 176.084608][ T7435] ? __pfx___sys_bpf+0x10/0x10 [ 176.084655][ T7435] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 176.084685][ T7435] ? __pfx_ksys_write+0x10/0x10 [ 176.084718][ T7435] __x64_sys_bpf+0x7c/0x90 [ 176.084745][ T7435] do_syscall_64+0xfa/0x3b0 [ 176.084770][ T7435] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.084790][ T7435] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 176.084812][ T7435] ? clear_bhb_loop+0x60/0xb0 [ 176.084839][ T7435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.084867][ T7435] RIP: 0033:0x7f2f12f8e929 [ 176.084888][ T7435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.084906][ T7435] RSP: 002b:00007f2f13d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 176.084928][ T7435] RAX: ffffffffffffffda RBX: 00007f2f131b5fa0 RCX: 00007f2f12f8e929 [ 176.084944][ T7435] RDX: 0000000000000024 RSI: 0000200000000200 RDI: 000000000000000a [ 176.084957][ T7435] RBP: 00007f2f13d64090 R08: 0000000000000000 R09: 0000000000000000 [ 176.084970][ T7435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 176.084983][ T7435] R13: 0000000000000000 R14: 00007f2f131b5fa0 R15: 00007ffc6c2ef868 [ 176.085016][ T7435] [ 176.426220][ T7438] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 176.468717][ T7444] netlink: 14 bytes leftover after parsing attributes in process `syz.4.421'. [ 176.810995][ T7457] netlink: 14 bytes leftover after parsing attributes in process `syz.0.425'. [ 177.113389][ T7473] netlink: 'syz.4.429': attribute type 21 has an invalid length. [ 177.463300][ T7457] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 177.561867][ T7457] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 177.666390][ T7457] bond0 (unregistering): Released all slaves [ 180.498695][ T7507] __nla_validate_parse: 11 callbacks suppressed [ 180.498716][ T7507] netlink: 60 bytes leftover after parsing attributes in process `syz.2.436'. [ 180.625428][ T7504] netlink: 60 bytes leftover after parsing attributes in process `syz.2.436'. [ 180.656745][ T7507] netlink: 60 bytes leftover after parsing attributes in process `syz.2.436'. [ 183.469118][ T7529] netlink: 1057 bytes leftover after parsing attributes in process `syz.3.443'. [ 183.814252][ T7529] netlink: 'syz.3.443': attribute type 33 has an invalid length. [ 183.822122][ T7529] netlink: 143044 bytes leftover after parsing attributes in process `syz.3.443'. [ 183.953322][ T7529] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 184.415308][ T7544] netlink: 60 bytes leftover after parsing attributes in process `syz.0.445'. [ 184.513620][ T7543] netlink: 60 bytes leftover after parsing attributes in process `syz.0.445'. [ 184.566211][ T7544] netlink: 60 bytes leftover after parsing attributes in process `syz.0.445'. [ 184.878525][ T7549] netlink: 60 bytes leftover after parsing attributes in process `syz.1.448'. [ 184.938108][ T7548] netlink: 60 bytes leftover after parsing attributes in process `syz.1.448'. [ 186.128917][ T7563] __nla_validate_parse: 1 callbacks suppressed [ 186.128938][ T7563] netlink: 60 bytes leftover after parsing attributes in process `syz.4.452'. [ 186.529151][ T7559] netlink: 60 bytes leftover after parsing attributes in process `syz.4.452'. [ 186.672480][ T7569] netlink: 60 bytes leftover after parsing attributes in process `syz.4.452'. [ 186.944111][ T5841] Bluetooth: hci3: unexpected event 0x12 length: 15 > 8 [ 187.162726][ T7553] delete_channel: no stack [ 187.896746][ T7577] netlink: 10 bytes leftover after parsing attributes in process `syz.4.454'. [ 189.210774][ T7584] bridge_slave_1: left allmulticast mode [ 189.234328][ T7584] bridge_slave_1: left promiscuous mode [ 189.243567][ T7584] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.555666][ T7584] bridge_slave_0: left allmulticast mode [ 189.561807][ T7584] bridge_slave_0: left promiscuous mode [ 189.667145][ T7584] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.647309][ T7588] veth1_macvtap: left promiscuous mode [ 190.694009][ T7588] macsec0: entered promiscuous mode [ 190.699357][ T7588] macsec0: entered allmulticast mode [ 190.812803][ T7607] FAULT_INJECTION: forcing a failure. [ 190.812803][ T7607] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 190.923924][ T7607] CPU: 1 UID: 0 PID: 7607 Comm: syz.4.462 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 190.923955][ T7607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.923973][ T7607] Call Trace: [ 190.923986][ T7607] [ 190.923999][ T7607] dump_stack_lvl+0x189/0x250 [ 190.924058][ T7607] ? __pfx____ratelimit+0x10/0x10 [ 190.924091][ T7607] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.924137][ T7607] ? __pfx__printk+0x10/0x10 [ 190.924186][ T7607] ? fs_reclaim_acquire+0x7d/0x100 [ 190.924273][ T7607] should_fail_ex+0x414/0x560 [ 190.924345][ T7607] prepare_alloc_pages+0x213/0x610 [ 190.924431][ T7607] __alloc_frozen_pages_noprof+0x123/0x370 [ 190.924501][ T7607] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 190.924601][ T7607] ? policy_nodemask+0x27c/0x720 [ 190.924624][ T7607] ? __lock_acquire+0xab9/0xd20 [ 190.924694][ T7607] alloc_pages_mpol+0x232/0x4a0 [ 190.924764][ T7607] alloc_pages_noprof+0xa9/0x190 [ 190.924813][ T7607] get_free_pages_noprof+0xf/0x80 [ 190.924853][ T7607] kasan_populate_vmalloc+0x33/0x1a0 [ 190.924874][ T7607] ? do_raw_spin_unlock+0x122/0x240 [ 190.924935][ T7607] alloc_vmap_area+0xd51/0x1490 [ 190.925061][ T7607] ? __pfx_alloc_vmap_area+0x10/0x10 [ 190.925093][ T7607] ? __kasan_kmalloc+0x93/0xb0 [ 190.925133][ T7607] ? __kmalloc_cache_node_noprof+0x234/0x3d0 [ 190.925166][ T7607] ? __get_vm_area_node+0x13f/0x300 [ 190.925198][ T7607] ? copy_process+0x54b/0x3c00 [ 190.925230][ T7607] __get_vm_area_node+0x1f8/0x300 [ 190.925307][ T7607] __vmalloc_node_range_noprof+0x301/0x12f0 [ 190.925344][ T7607] ? copy_process+0x54b/0x3c00 [ 190.925432][ T7607] ? percpu_ref_get_many+0x19/0x140 [ 190.925475][ T7607] ? percpu_ref_get_many+0x19/0x140 [ 190.925587][ T7607] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 190.925641][ T7607] ? memcpy_and_pad+0x48/0x80 [ 190.925704][ T7607] __vmalloc_node_noprof+0xc2/0x110 [ 190.925740][ T7607] ? copy_process+0x54b/0x3c00 [ 190.925758][ T7607] ? copy_process+0x54b/0x3c00 [ 190.925802][ T7607] dup_task_struct+0x3e7/0x860 [ 190.925864][ T7607] copy_process+0x54b/0x3c00 [ 190.926015][ T7607] ? get_pid_task+0x20/0x1f0 [ 190.926072][ T7607] ? __pfx_copy_process+0x10/0x10 [ 190.926179][ T7607] kernel_clone+0x21e/0x870 [ 190.926207][ T7607] ? vfs_write+0x8d8/0xa90 [ 190.926264][ T7607] ? __pfx_kernel_clone+0x10/0x10 [ 190.926356][ T7607] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 190.926428][ T7607] __x64_sys_clone+0x18b/0x1e0 [ 190.926488][ T7607] ? __pfx___x64_sys_clone+0x10/0x10 [ 190.926598][ T7607] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 190.926641][ T7607] ? __pfx_ksys_write+0x10/0x10 [ 190.926706][ T7607] ? do_syscall_64+0xbe/0x3b0 [ 190.926759][ T7607] do_syscall_64+0xfa/0x3b0 [ 190.926782][ T7607] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.926810][ T7607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.926836][ T7607] ? clear_bhb_loop+0x60/0xb0 [ 190.926885][ T7607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.926908][ T7607] RIP: 0033:0x7f3fc718e929 [ 190.926943][ T7607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.926961][ T7607] RSP: 002b:00007f3fc80c3fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 190.926988][ T7607] RAX: ffffffffffffffda RBX: 00007f3fc73b5fa0 RCX: 00007f3fc718e929 [ 190.927003][ T7607] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000100000 [ 190.927018][ T7607] RBP: 00007f3fc80c4090 R08: 0000000000000000 R09: 0000000000000000 [ 190.927031][ T7607] R10: 0000200000000140 R11: 0000000000000206 R12: 0000000000000001 [ 190.927044][ T7607] R13: 0000000000000001 R14: 00007f3fc73b5fa0 R15: 00007ffcdc01a4b8 [ 190.927156][ T7607] [ 190.927293][ T7607] warn_alloc: 1 callbacks suppressed [ 190.927304][ T7607] syz.4.462: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 191.363875][ T7593] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 191.403821][ T7607] ,cpuset=/,mems_allowed=0-1 [ 191.408615][ T7607] CPU: 1 UID: 0 PID: 7607 Comm: syz.4.462 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 191.408643][ T7607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.408656][ T7607] Call Trace: [ 191.408668][ T7607] [ 191.408682][ T7607] dump_stack_lvl+0x189/0x250 [ 191.408747][ T7607] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.408792][ T7607] ? __pfx__printk+0x10/0x10 [ 191.408830][ T7607] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 191.408862][ T7607] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 191.408905][ T7607] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 191.408955][ T7607] warn_alloc+0x214/0x310 [ 191.408987][ T7607] ? kasan_quarantine_put+0xdd/0x220 [ 191.409016][ T7607] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.409059][ T7607] ? __pfx_warn_alloc+0x10/0x10 [ 191.409107][ T7607] ? kfree+0x18e/0x440 [ 191.409126][ T7607] ? __get_vm_area_node+0x13f/0x300 [ 191.409165][ T7607] ? copy_process+0x54b/0x3c00 [ 191.409196][ T7607] ? __get_vm_area_node+0x211/0x300 [ 191.409270][ T7607] __vmalloc_node_range_noprof+0x326/0x12f0 [ 191.409346][ T7607] ? percpu_ref_get_many+0x19/0x140 [ 191.409375][ T7607] ? percpu_ref_get_many+0x19/0x140 [ 191.409456][ T7607] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 191.409495][ T7607] ? memcpy_and_pad+0x48/0x80 [ 191.409543][ T7607] __vmalloc_node_noprof+0xc2/0x110 [ 191.409571][ T7607] ? copy_process+0x54b/0x3c00 [ 191.409585][ T7607] ? copy_process+0x54b/0x3c00 [ 191.409625][ T7607] dup_task_struct+0x3e7/0x860 [ 191.409671][ T7607] copy_process+0x54b/0x3c00 [ 191.409783][ T7607] ? get_pid_task+0x20/0x1f0 [ 191.409828][ T7607] ? __pfx_copy_process+0x10/0x10 [ 191.409911][ T7607] kernel_clone+0x21e/0x870 [ 191.409934][ T7607] ? vfs_write+0x8d8/0xa90 [ 191.409979][ T7607] ? __pfx_kernel_clone+0x10/0x10 [ 191.410054][ T7607] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 191.410115][ T7607] __x64_sys_clone+0x18b/0x1e0 [ 191.410166][ T7607] ? __pfx___x64_sys_clone+0x10/0x10 [ 191.410269][ T7607] ? __pfx_perf_trace_preemptirq_template+0x10/0x10 [ 191.410310][ T7607] ? __pfx_ksys_write+0x10/0x10 [ 191.410373][ T7607] ? do_syscall_64+0xbe/0x3b0 [ 191.410426][ T7607] do_syscall_64+0xfa/0x3b0 [ 191.410449][ T7607] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.410477][ T7607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.410526][ T7607] ? clear_bhb_loop+0x60/0xb0 [ 191.410573][ T7607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.410602][ T7607] RIP: 0033:0x7f3fc718e929 [ 191.410628][ T7607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.410646][ T7607] RSP: 002b:00007f3fc80c3fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 191.410669][ T7607] RAX: ffffffffffffffda RBX: 00007f3fc73b5fa0 RCX: 00007f3fc718e929 [ 191.410684][ T7607] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000100000 [ 191.410699][ T7607] RBP: 00007f3fc80c4090 R08: 0000000000000000 R09: 0000000000000000 [ 191.410712][ T7607] R10: 0000200000000140 R11: 0000000000000206 R12: 0000000000000001 [ 191.410725][ T7607] R13: 0000000000000001 R14: 00007f3fc73b5fa0 R15: 00007ffcdc01a4b8 [ 191.410834][ T7607] [ 191.410844][ T7607] Mem-Info: [ 191.809907][ T7607] active_anon:13876 inactive_anon:0 isolated_anon:0 [ 191.809907][ T7607] active_file:20747 inactive_file:39871 isolated_file:0 [ 191.809907][ T7607] unevictable:768 dirty:101 writeback:0 [ 191.809907][ T7607] slab_reclaimable:10095 slab_unreclaimable:97800 [ 191.809907][ T7607] mapped:38716 shmem:9540 pagetables:1313 [ 191.809907][ T7607] sec_pagetables:0 bounce:0 [ 191.809907][ T7607] kernel_misc_reclaimable:0 [ 191.809907][ T7607] free:1303594 free_pcp:14544 free_cma:0 [ 191.954171][ T7607] Node 0 active_anon:55204kB inactive_anon:0kB active_file:83088kB inactive_file:159284kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:151864kB dirty:404kB writeback:0kB shmem:36824kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11944kB pagetables:5124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 192.084249][ T7607] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 192.267598][ T7607] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 192.373828][ T7607] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 192.392397][ T7607] Node 0 DMA32 free:1286564kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:57896kB inactive_anon:0kB active_file:86088kB inactive_file:157456kB unevictable:1536kB writepending:412kB present:3129332kB managed:2560964kB mlocked:0kB bounce:0kB free_pcp:42576kB local_pcp:20792kB free_cma:0kB [ 192.543863][ T7607] lowmem_reserve[]: 0 0 1 1 1 [ 192.584728][ T7607] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 192.703812][ T7607] lowmem_reserve[]: 0 0 0 0 0 [ 192.708721][ T7607] Node 1 Normal free:3904856kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18544kB local_pcp:10656kB free_cma:0kB [ 192.821860][ T7607] lowmem_reserve[]: 0 0 0 0 0 [ 192.835824][ T7607] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 192.944332][ T7607] Node 0 DMA32: 476*4kB (UE) 141*8kB (UME) 96*16kB (UME) 731*32kB (UME) 571*64kB (UME) 298*128kB (UME) 129*256kB (UME) 61*512kB (UME) 23*1024kB (UM) 8*2048kB (UME) 263*4096kB (M) = 1284088kB [ 193.003856][ T7607] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 193.056010][ T7607] Node 1 Normal: 192*4kB (UE) 59*8kB (UME) 40*16kB (UME) 94*32kB (UME) 27*64kB (UME) 5*128kB (UME) 5*256kB (UME) 6*512kB (UME) 2*1024kB (ME) 2*2048kB (UE) 949*4096kB (M) = 3904856kB [ 193.137644][ T7607] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 193.232322][ T7607] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 193.247423][ T7607] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 193.317301][ T7607] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 193.363255][ T7607] 72994 total pagecache pages [ 193.370209][ T7607] 0 pages in swap cache [ 193.393990][ T7607] Free swap = 124996kB [ 193.398267][ T7607] Total swap = 124996kB [ 193.402492][ T7607] 2097051 pages RAM [ 193.442376][ T7607] 0 pages HighMem/MovableOnly [ 193.505818][ T7607] 424704 pages reserved [ 193.510080][ T7607] 0 pages cma reserved [ 193.948208][ T7630] netlink: 'syz.0.469': attribute type 10 has an invalid length. [ 194.055117][ T7630] bridge0: port 3(team0) entered disabled state [ 194.094514][ T5841] Bluetooth: hci1: unexpected event 0x12 length: 15 > 8 [ 194.134033][ T7630] team0: left allmulticast mode [ 194.187706][ T7630] team_slave_0: left allmulticast mode [ 194.234510][ T7630] team_slave_1: left allmulticast mode [ 194.245098][ T7630] team0: left promiscuous mode [ 194.274632][ T7630] team_slave_0: left promiscuous mode [ 194.305134][ T7630] team_slave_1: left promiscuous mode [ 194.333146][ T7630] bridge0: port 3(team0) entered disabled state [ 194.515451][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.522144][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.297748][ T7641] netlink: 10 bytes leftover after parsing attributes in process `syz.0.473'. [ 195.786416][ T7654] netlink: 60 bytes leftover after parsing attributes in process `syz.4.476'. [ 196.113535][ T7649] netlink: 60 bytes leftover after parsing attributes in process `syz.4.476'. [ 196.411180][ T7655] netlink: 60 bytes leftover after parsing attributes in process `syz.4.476'. [ 196.497279][ T7660] FAULT_INJECTION: forcing a failure. [ 196.497279][ T7660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.519569][ T7660] CPU: 0 UID: 0 PID: 7660 Comm: syz.0.478 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 196.519603][ T7660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.519617][ T7660] Call Trace: [ 196.519630][ T7660] [ 196.519644][ T7660] dump_stack_lvl+0x189/0x250 [ 196.519693][ T7660] ? __pfx____ratelimit+0x10/0x10 [ 196.519727][ T7660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.519773][ T7660] ? __pfx__printk+0x10/0x10 [ 196.519894][ T7660] should_fail_ex+0x414/0x560 [ 196.519968][ T7660] _copy_to_user+0x31/0xb0 [ 196.520017][ T7660] simple_read_from_buffer+0xe1/0x170 [ 196.520082][ T7660] proc_fail_nth_read+0x1df/0x250 [ 196.520146][ T7660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 196.520207][ T7660] ? rw_verify_area+0x258/0x650 [ 196.520226][ T7660] ? rcu_read_unlock_special+0x3fe/0x4c0 [ 196.520258][ T7660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 196.520308][ T7660] vfs_read+0x200/0x980 [ 196.520340][ T7660] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 196.520399][ T7660] ? __pfx___mutex_lock+0x10/0x10 [ 196.520435][ T7660] ? __pfx_vfs_read+0x10/0x10 [ 196.520497][ T7660] ? __rcu_read_unlock+0x84/0xe0 [ 196.520545][ T7660] ? __fget_files+0x3a0/0x420 [ 196.520575][ T7660] ? __fget_files+0x2a/0x420 [ 196.520667][ T7660] ksys_read+0x145/0x250 [ 196.520717][ T7660] ? __pfx_ksys_read+0x10/0x10 [ 196.520784][ T7660] ? do_syscall_64+0xbe/0x3b0 [ 196.520838][ T7660] do_syscall_64+0xfa/0x3b0 [ 196.520861][ T7660] ? lockdep_hardirqs_on+0x9c/0x150 [ 196.520890][ T7660] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.520916][ T7660] ? clear_bhb_loop+0x60/0xb0 [ 196.520967][ T7660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.520990][ T7660] RIP: 0033:0x7fab2938d33c [ 196.521018][ T7660] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 196.521035][ T7660] RSP: 002b:00007fab2a1f0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 196.521058][ T7660] RAX: ffffffffffffffda RBX: 00007fab295b5fa0 RCX: 00007fab2938d33c [ 196.521073][ T7660] RDX: 000000000000000f RSI: 00007fab2a1f00a0 RDI: 0000000000000003 [ 196.521086][ T7660] RBP: 00007fab2a1f0090 R08: 0000000000000000 R09: 0000000000000000 [ 196.521099][ T7660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 196.521110][ T7660] R13: 0000000000000001 R14: 00007fab295b5fa0 R15: 00007fff23bd73e8 [ 196.521230][ T7660] [ 198.256297][ T7677] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.484'. [ 198.755807][ T5841] Bluetooth: hci4: unexpected event 0x12 length: 15 > 8 [ 199.747854][ T7691] netlink: 'syz.3.488': attribute type 29 has an invalid length. [ 199.885151][ T7696] netlink: 60 bytes leftover after parsing attributes in process `syz.2.491'. [ 199.950881][ T7692] netlink: 10 bytes leftover after parsing attributes in process `syz.1.490'. [ 199.971026][ T7694] netlink: 60 bytes leftover after parsing attributes in process `syz.2.491'. [ 199.994912][ T7698] netlink: 60 bytes leftover after parsing attributes in process `syz.2.491'. [ 200.487517][ T7700] netlink: 13695 bytes leftover after parsing attributes in process `syz.1.490'. [ 201.495094][ T7708] @ÿ}: renamed from bond_slave_0 (while UP) [ 202.080818][ T7716] FAULT_INJECTION: forcing a failure. [ 202.080818][ T7716] name failslab, interval 1, probability 0, space 0, times 0 [ 202.140915][ T7716] CPU: 1 UID: 0 PID: 7716 Comm: syz.4.497 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 202.140948][ T7716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.140961][ T7716] Call Trace: [ 202.140974][ T7716] [ 202.140987][ T7716] dump_stack_lvl+0x189/0x250 [ 202.141036][ T7716] ? __pfx____ratelimit+0x10/0x10 [ 202.141070][ T7716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.141116][ T7716] ? __pfx__printk+0x10/0x10 [ 202.141190][ T7716] ? __pfx___might_resched+0x10/0x10 [ 202.141225][ T7716] ? fs_reclaim_acquire+0x7d/0x100 [ 202.141291][ T7716] should_fail_ex+0x414/0x560 [ 202.141372][ T7716] should_failslab+0xa8/0x100 [ 202.141424][ T7716] __kmalloc_noprof+0xcb/0x4f0 [ 202.141448][ T7716] ? kfree+0x4d/0x440 [ 202.141466][ T7716] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 202.141537][ T7716] tomoyo_realpath_from_path+0xe3/0x5d0 [ 202.141731][ T7716] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 202.141783][ T7716] tomoyo_path_number_perm+0x1e8/0x5a0 [ 202.141842][ T7716] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 202.141897][ T7716] ? perf_trace_lock_acquire+0x335/0x410 [ 202.141943][ T7716] ? trace_call_bpf+0xb7/0x850 [ 202.142038][ T7716] ? __lock_acquire+0xab9/0xd20 [ 202.142197][ T7716] ? __fget_files+0x2a/0x420 [ 202.142254][ T7716] ? __fget_files+0x2a/0x420 [ 202.142284][ T7716] ? __fget_files+0x3a0/0x420 [ 202.142314][ T7716] ? __fget_files+0x2a/0x420 [ 202.142379][ T7716] security_file_ioctl+0xcb/0x2d0 [ 202.142428][ T7716] __se_sys_ioctl+0x47/0x170 [ 202.142479][ T7716] do_syscall_64+0xfa/0x3b0 [ 202.142504][ T7716] ? lockdep_hardirqs_on+0x9c/0x150 [ 202.142534][ T7716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.142561][ T7716] ? clear_bhb_loop+0x60/0xb0 [ 202.142613][ T7716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.142639][ T7716] RIP: 0033:0x7f3fc718e929 [ 202.142676][ T7716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.142695][ T7716] RSP: 002b:00007f3fc80a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 202.142719][ T7716] RAX: ffffffffffffffda RBX: 00007f3fc73b6080 RCX: 00007f3fc718e929 [ 202.142735][ T7716] RDX: 0000200000000180 RSI: 0000000080047441 RDI: 0000000000000003 [ 202.142750][ T7716] RBP: 00007f3fc80a3090 R08: 0000000000000000 R09: 0000000000000000 [ 202.142764][ T7716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.142777][ T7716] R13: 0000000000000001 R14: 00007f3fc73b6080 R15: 00007ffcdc01a4b8 [ 202.142891][ T7716] [ 202.207813][ T7718] netlink: 167 bytes leftover after parsing attributes in process `syz.1.495'. [ 202.216361][ T7716] ERROR: Out of memory at tomoyo_realpath_from_path. [ 203.998690][ T7729] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.500'. [ 205.336744][ T7741] netlink: 167 bytes leftover after parsing attributes in process `syz.0.503'. [ 206.011896][ T7744] netlink: 60 bytes leftover after parsing attributes in process `syz.3.504'. [ 206.055493][ T7743] netlink: 60 bytes leftover after parsing attributes in process `syz.3.504'. [ 206.093060][ T7744] netlink: 60 bytes leftover after parsing attributes in process `syz.3.504'. [ 211.383743][ C1] sched: DL replenish lagged too much [ 212.753843][ T5841] Bluetooth: hci0: unexpected event 0x12 length: 15 > 8 [ 212.756355][ T7764] blkio.reset_stats is deprecated [ 213.201901][ T7779] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 213.274299][ T7784] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.518'. [ 213.345552][ T7779] syzkaller0: entered promiscuous mode [ 213.366365][ T7788] netlink: 167 bytes leftover after parsing attributes in process `syz.4.520'. [ 213.383095][ T7779] syzkaller0: entered allmulticast mode [ 213.421113][ T7791] netlink: 60 bytes leftover after parsing attributes in process `syz.3.519'. [ 213.579597][ T7792] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.519'. [ 213.624064][ T7791] netlink: 132 bytes leftover after parsing attributes in process `syz.3.519'. [ 214.706021][ T5841] Bluetooth: hci0: unexpected event 0x12 length: 15 > 8 [ 216.111550][ T7815] FAULT_INJECTION: forcing a failure. [ 216.111550][ T7815] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.205432][ T7815] CPU: 1 UID: 0 PID: 7815 Comm: syz.1.527 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 216.205466][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.205480][ T7815] Call Trace: [ 216.205493][ T7815] [ 216.205507][ T7815] dump_stack_lvl+0x189/0x250 [ 216.205556][ T7815] ? __pfx____ratelimit+0x10/0x10 [ 216.205589][ T7815] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.205634][ T7815] ? __pfx__printk+0x10/0x10 [ 216.205674][ T7815] ? __might_fault+0xb0/0x130 [ 216.205762][ T7815] should_fail_ex+0x414/0x560 [ 216.205833][ T7815] _copy_from_user+0x2d/0xb0 [ 216.205871][ T7815] vmemdup_user+0x59/0xd0 [ 216.205916][ T7815] map_get_next_key+0x1be/0x5f0 [ 216.205960][ T7815] ? bpf_lsm_bpf+0x9/0x20 [ 216.205981][ T7815] ? security_bpf+0x7e/0x300 [ 216.206035][ T7815] __sys_bpf+0x7bf/0x860 [ 216.206092][ T7815] ? __pfx___sys_bpf+0x10/0x10 [ 216.206212][ T7815] ? ksys_write+0x22a/0x250 [ 216.206259][ T7815] ? __pfx_ksys_write+0x10/0x10 [ 216.206280][ T7815] ? rcu_is_watching+0x15/0xb0 [ 216.206376][ T7815] __x64_sys_bpf+0x7c/0x90 [ 216.206421][ T7815] do_syscall_64+0xfa/0x3b0 [ 216.206444][ T7815] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.206473][ T7815] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.206499][ T7815] ? clear_bhb_loop+0x60/0xb0 [ 216.206548][ T7815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.206571][ T7815] RIP: 0033:0x7f2f12f8e929 [ 216.206599][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.206617][ T7815] RSP: 002b:00007f2f13d43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 216.206641][ T7815] RAX: ffffffffffffffda RBX: 00007f2f131b6080 RCX: 00007f2f12f8e929 [ 216.206658][ T7815] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000004 [ 216.206672][ T7815] RBP: 00007f2f13d43090 R08: 0000000000000000 R09: 0000000000000000 [ 216.206685][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 216.206698][ T7815] R13: 0000000000000000 R14: 00007f2f131b6080 R15: 00007ffc6c2ef868 [ 216.206809][ T7815] [ 217.058208][ T5847] Bluetooth: hci4: command 0x0406 tx timeout [ 217.058295][ T5149] Bluetooth: hci2: command 0x0406 tx timeout [ 217.071155][ T5846] Bluetooth: hci1: command 0x0406 tx timeout [ 217.077534][ T5845] Bluetooth: hci3: command 0x0406 tx timeout [ 219.301960][ T5841] Bluetooth: hci4: unexpected event 0x12 length: 15 > 8 [ 223.906733][ T7808] bond0: entered promiscuous mode [ 223.919029][ T7808] bond_slave_0: entered promiscuous mode [ 223.926088][ T7808] bond_slave_1: entered promiscuous mode [ 223.935361][ T7836] netlink: 60 bytes leftover after parsing attributes in process `syz.0.537'. [ 223.945631][ T7841] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 223.953109][ T7841] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 224.038032][ T7841] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.066622][ T7841] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.681944][ T7865] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.544'. [ 224.703075][ T7860] bond_slave_1: mtu less than device minimum [ 225.003587][ T5841] Bluetooth: hci1: unexpected event 0x12 length: 15 > 8 [ 225.296761][ T7881] netlink: 60 bytes leftover after parsing attributes in process `syz.3.552'. [ 225.324286][ T7878] netlink: 60 bytes leftover after parsing attributes in process `syz.3.552'. [ 225.345078][ T7878] netlink: 60 bytes leftover after parsing attributes in process `syz.3.552'. [ 226.498930][ T7905] netlink: 'syz.3.561': attribute type 10 has an invalid length. [ 226.569952][ T7905] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.614633][ T7905] team0: entered promiscuous mode [ 226.639602][ T7905] team_slave_0: entered promiscuous mode [ 226.651118][ T7905] team_slave_1: entered promiscuous mode [ 226.665913][ T7905] bond0: (slave team0): Enslaving as an active interface with an up link [ 226.685512][ T5841] Bluetooth: hci2: unexpected event 0x12 length: 15 > 8 [ 226.818750][ T7909] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.563'. [ 227.044106][ T7921] netlink: 60 bytes leftover after parsing attributes in process `syz.4.565'. [ 227.077702][ T7914] netlink: 60 bytes leftover after parsing attributes in process `syz.4.565'. [ 227.092898][ T7922] netlink: 60 bytes leftover after parsing attributes in process `syz.1.566'. [ 227.120088][ T7921] netlink: 60 bytes leftover after parsing attributes in process `syz.4.565'. [ 228.011508][ T5841] Bluetooth: hci2: unexpected event 0x12 length: 15 > 8 [ 228.616200][ T7962] FAULT_INJECTION: forcing a failure. [ 228.616200][ T7962] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.638253][ T7962] CPU: 0 UID: 0 PID: 7962 Comm: syz.3.581 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 228.638283][ T7962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 228.638296][ T7962] Call Trace: [ 228.638304][ T7962] [ 228.638313][ T7962] dump_stack_lvl+0x189/0x250 [ 228.638353][ T7962] ? __pfx____ratelimit+0x10/0x10 [ 228.638374][ T7962] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.638405][ T7962] ? __pfx__printk+0x10/0x10 [ 228.638436][ T7962] should_fail_ex+0x414/0x560 [ 228.638466][ T7962] _copy_to_user+0x31/0xb0 [ 228.638489][ T7962] simple_read_from_buffer+0xe1/0x170 [ 228.638522][ T7962] proc_fail_nth_read+0x1df/0x250 [ 228.638550][ T7962] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.638578][ T7962] ? rw_verify_area+0x258/0x650 [ 228.638597][ T7962] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 228.638624][ T7962] vfs_read+0x200/0x980 [ 228.638647][ T7962] ? __pfx___mutex_lock+0x10/0x10 [ 228.638667][ T7962] ? __pfx_vfs_read+0x10/0x10 [ 228.638687][ T7962] ? __fget_files+0x2a/0x420 [ 228.638719][ T7962] ? __fget_files+0x3a0/0x420 [ 228.638743][ T7962] ? __fget_files+0x2a/0x420 [ 228.638778][ T7962] ksys_read+0x145/0x250 [ 228.638801][ T7962] ? __pfx_ksys_read+0x10/0x10 [ 228.638826][ T7962] ? do_syscall_64+0xbe/0x3b0 [ 228.638847][ T7962] do_syscall_64+0xfa/0x3b0 [ 228.638872][ T7962] ? lockdep_hardirqs_on+0x9c/0x150 [ 228.638889][ T7962] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.638906][ T7962] ? clear_bhb_loop+0x60/0xb0 [ 228.638927][ T7962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.638944][ T7962] RIP: 0033:0x7f3c1318d33c [ 228.638959][ T7962] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 228.638975][ T7962] RSP: 002b:00007f3c140ce030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 228.638994][ T7962] RAX: ffffffffffffffda RBX: 00007f3c133b5fa0 RCX: 00007f3c1318d33c [ 228.639007][ T7962] RDX: 000000000000000f RSI: 00007f3c140ce0a0 RDI: 0000000000000003 [ 228.639018][ T7962] RBP: 00007f3c140ce090 R08: 0000000000000000 R09: 0000000000000000 [ 228.639028][ T7962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.639039][ T7962] R13: 0000000000000001 R14: 00007f3c133b5fa0 R15: 00007ffcbe62e868 [ 228.639065][ T7962] [ 229.232437][ T7975] __nla_validate_parse: 8 callbacks suppressed [ 229.232486][ T7975] netlink: 60 bytes leftover after parsing attributes in process `syz.2.583'. [ 229.274318][ T7972] netlink: 60 bytes leftover after parsing attributes in process `syz.2.583'. [ 229.294117][ T7975] netlink: 60 bytes leftover after parsing attributes in process `syz.2.583'. [ 229.431269][ T7980] netlink: 60 bytes leftover after parsing attributes in process `syz.0.587'. [ 229.455470][ T7979] netlink: 60 bytes leftover after parsing attributes in process `syz.0.587'. [ 229.483247][ T7980] netlink: 60 bytes leftover after parsing attributes in process `syz.0.587'. [ 229.756724][ T5841] Bluetooth: hci2: unexpected event 0x12 length: 15 > 8 [ 230.351247][ T8000] netlink: 2451 bytes leftover after parsing attributes in process `syz.1.595'. [ 231.310756][ T5841] Bluetooth: hci4: unexpected event 0x12 length: 15 > 8 [ 233.078083][ T5841] Bluetooth: hci1: unexpected event 0x12 length: 15 > 8 [ 233.733413][ T8081] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 234.383502][ T8088] netlink: 'syz.0.623': attribute type 21 has an invalid length. [ 234.579787][ T8094] netlink: 15487 bytes leftover after parsing attributes in process `syz.1.626'. [ 234.766744][ T8098] netlink: 'syz.0.628': attribute type 10 has an invalid length. [ 234.988409][ T8106] netlink: 'syz.0.632': attribute type 2 has an invalid length. [ 235.016312][ T8105] netlink: 167 bytes leftover after parsing attributes in process `syz.1.630'. [ 235.181607][ T8109] netlink: 'syz.2.634': attribute type 6 has an invalid length. [ 235.206893][ T8109] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.634'. [ 235.285372][ T8113] netlink: 'syz.2.634': attribute type 21 has an invalid length. [ 235.292532][ T8111] netlink: 60 bytes leftover after parsing attributes in process `syz.0.635'. [ 235.323916][ T8113] netlink: 128 bytes leftover after parsing attributes in process `syz.2.634'. [ 235.334589][ T8113] netlink: 'syz.2.634': attribute type 5 has an invalid length. [ 235.350042][ T8113] netlink: 3 bytes leftover after parsing attributes in process `syz.2.634'. [ 235.700967][ T8121] netlink: 'syz.2.638': attribute type 39 has an invalid length. [ 235.968139][ T8127] netlink: 60 bytes leftover after parsing attributes in process `syz.3.639'. [ 236.014218][ T8124] netlink: 60 bytes leftover after parsing attributes in process `syz.3.639'. [ 236.023853][ T8128] netlink: 60 bytes leftover after parsing attributes in process `syz.3.639'. [ 236.991607][ T8146] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.648'. [ 237.083266][ T5921] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 239.338107][ T8182] €Â: renamed from hsr0 (while UP) [ 239.412783][ T8182] €Â: failed to rename [ 239.895139][ T5841] Bluetooth: hci0: unexpected event 0x12 length: 15 > 8 [ 240.437663][ T5841] Bluetooth: hci4: unexpected event 0x12 length: 15 > 8 [ 241.531025][ T8220] netlink: 'syz.0.671': attribute type 2 has an invalid length. [ 241.546234][ T8220] __nla_validate_parse: 6 callbacks suppressed [ 241.546251][ T8220] netlink: 126524 bytes leftover after parsing attributes in process `syz.0.671'. [ 241.984759][ T8222] netlink: 10 bytes leftover after parsing attributes in process `syz.1.672'. [ 242.505331][ T8232] netlink: 60 bytes leftover after parsing attributes in process `syz.2.674'. [ 242.540005][ T8231] netlink: 60 bytes leftover after parsing attributes in process `syz.2.674'. [ 242.586450][ T8232] netlink: 60 bytes leftover after parsing attributes in process `syz.2.674'. [ 242.694007][ T8234] netlink: 167 bytes leftover after parsing attributes in process `syz.1.675'. [ 242.877593][ T8241] netlink: 'syz.1.678': attribute type 2 has an invalid length. [ 243.002258][ T8243] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.679'. [ 243.553414][ T8263] netlink: 10 bytes leftover after parsing attributes in process `syz.3.685'. [ 243.914801][ T8270] netlink: 167 bytes leftover after parsing attributes in process `syz.3.688'. [ 244.317672][ T8283] netlink: 176 bytes leftover after parsing attributes in process `syz.2.693'. [ 244.526610][ T8290] netlink: 'syz.3.696': attribute type 10 has an invalid length. [ 244.841661][ T8290] team0: Device ipvlan1 failed to register rx_handler [ 247.096208][ T8365] __nla_validate_parse: 12 callbacks suppressed [ 247.096232][ T8365] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.722'. [ 247.150247][ T8368] FAULT_INJECTION: forcing a failure. [ 247.150247][ T8368] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 247.175230][ T8368] CPU: 1 UID: 0 PID: 8368 Comm: syz.2.724 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 247.175263][ T8368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.175291][ T8368] Call Trace: [ 247.175300][ T8368] [ 247.175310][ T8368] dump_stack_lvl+0x189/0x250 [ 247.175349][ T8368] ? __pfx____ratelimit+0x10/0x10 [ 247.175371][ T8368] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.175412][ T8368] ? __pfx__printk+0x10/0x10 [ 247.175436][ T8368] ? __might_fault+0xb0/0x130 [ 247.175473][ T8368] should_fail_ex+0x414/0x560 [ 247.175509][ T8368] _copy_from_user+0x2d/0xb0 [ 247.175535][ T8368] csum_and_copy_from_iter_full+0x1e1/0x1eb0 [ 247.175591][ T8368] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 247.175636][ T8368] ? trace_kmalloc+0x1f/0xd0 [ 247.175662][ T8368] ip_generic_getfrag+0x12f/0x2b0 [ 247.175687][ T8368] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 247.175712][ T8368] ? skb_put+0x11b/0x210 [ 247.175744][ T8368] __ip_append_data+0x3240/0x40f0 [ 247.175789][ T8368] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 247.175833][ T8368] ? __pfx___ip_append_data+0x10/0x10 [ 247.175855][ T8368] ? __asan_memcpy+0x40/0x70 [ 247.175890][ T8368] ? ip_setup_cork+0x577/0x9a0 [ 247.175914][ T8368] ip_make_skb+0x1de/0x3f0 [ 247.175942][ T8368] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 247.175963][ T8368] ? __pfx_ip_make_skb+0x10/0x10 [ 247.175996][ T8368] ? bpf_lsm_sk_getsecid+0x9/0x10 [ 247.176036][ T8368] udp_sendmsg+0x191e/0x2300 [ 247.176081][ T8368] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 247.176102][ T8368] ? __pfx_udp_sendmsg+0x10/0x10 [ 247.176131][ T8368] ? __local_bh_enable_ip+0xce/0x1c0 [ 247.176174][ T8368] ? __pfx_ip4_datagram_release_cb+0x10/0x10 [ 247.176219][ T8368] ? __local_bh_enable_ip+0x12d/0x1c0 [ 247.176260][ T8368] ? inet_sendmsg+0x14f/0x370 [ 247.176284][ T8368] ? inet_sendmsg+0x29c/0x370 [ 247.176311][ T8368] __sock_sendmsg+0x19c/0x270 [ 247.176338][ T8368] ____sys_sendmsg+0x505/0x830 [ 247.176376][ T8368] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.176421][ T8368] ? import_iovec+0x74/0xa0 [ 247.176457][ T8368] ___sys_sendmsg+0x21f/0x2a0 [ 247.176488][ T8368] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.176559][ T8368] ? __fget_files+0x2a/0x420 [ 247.176585][ T8368] ? __fget_files+0x3a0/0x420 [ 247.176624][ T8368] __x64_sys_sendmsg+0x19b/0x260 [ 247.176657][ T8368] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 247.176705][ T8368] ? do_syscall_64+0xbe/0x3b0 [ 247.176732][ T8368] do_syscall_64+0xfa/0x3b0 [ 247.176754][ T8368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.176774][ T8368] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 247.176794][ T8368] ? clear_bhb_loop+0x60/0xb0 [ 247.176820][ T8368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.176840][ T8368] RIP: 0033:0x7f840d58e929 [ 247.176860][ T8368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.176878][ T8368] RSP: 002b:00007f840e333038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.176900][ T8368] RAX: ffffffffffffffda RBX: 00007f840d7b5fa0 RCX: 00007f840d58e929 [ 247.176915][ T8368] RDX: 0000000000000000 RSI: 0000200000007940 RDI: 000000000000000b [ 247.176928][ T8368] RBP: 00007f840e333090 R08: 0000000000000000 R09: 0000000000000000 [ 247.176940][ T8368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 247.176952][ T8368] R13: 0000000000000000 R14: 00007f840d7b5fa0 R15: 00007ffec5a33f28 [ 247.176984][ T8368] [ 247.618095][ T8371] netlink: 26 bytes leftover after parsing attributes in process `syz.0.725'. [ 247.669280][ T8376] netlink: 36 bytes leftover after parsing attributes in process `syz.1.726'. [ 248.122526][ T8387] netlink: 10 bytes leftover after parsing attributes in process `syz.3.730'. [ 249.146582][ T8399] FAULT_INJECTION: forcing a failure. [ 249.146582][ T8399] name failslab, interval 1, probability 0, space 0, times 0 [ 249.215597][ T8399] CPU: 0 UID: 0 PID: 8399 Comm: syz.0.734 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 249.215628][ T8399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.215642][ T8399] Call Trace: [ 249.215651][ T8399] [ 249.215660][ T8399] dump_stack_lvl+0x189/0x250 [ 249.215700][ T8399] ? __pfx____ratelimit+0x10/0x10 [ 249.215721][ T8399] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.215754][ T8399] ? __pfx__printk+0x10/0x10 [ 249.215781][ T8399] ? __pfx___might_resched+0x10/0x10 [ 249.215814][ T8399] ? fs_reclaim_acquire+0x7d/0x100 [ 249.215848][ T8399] should_fail_ex+0x414/0x560 [ 249.215884][ T8399] should_failslab+0xa8/0x100 [ 249.215923][ T8399] __kmalloc_noprof+0xcb/0x4f0 [ 249.215946][ T8399] ? tomoyo_encode+0x28b/0x550 [ 249.215984][ T8399] tomoyo_encode+0x28b/0x550 [ 249.216023][ T8399] tomoyo_realpath_from_path+0x58d/0x5d0 [ 249.216065][ T8399] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 249.216091][ T8399] tomoyo_path_number_perm+0x1e8/0x5a0 [ 249.216118][ T8399] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 249.216163][ T8399] ? __lock_acquire+0xab9/0xd20 [ 249.216216][ T8399] ? __fget_files+0x2a/0x420 [ 249.216245][ T8399] ? __fget_files+0x2a/0x420 [ 249.216269][ T8399] ? __fget_files+0x3a0/0x420 [ 249.216292][ T8399] ? __fget_files+0x2a/0x420 [ 249.216324][ T8399] security_file_ioctl+0xcb/0x2d0 [ 249.216353][ T8399] __se_sys_ioctl+0x47/0x170 [ 249.216378][ T8399] do_syscall_64+0xfa/0x3b0 [ 249.216399][ T8399] ? lockdep_hardirqs_on+0x9c/0x150 [ 249.216419][ T8399] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.216440][ T8399] ? clear_bhb_loop+0x60/0xb0 [ 249.216466][ T8399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.216486][ T8399] RIP: 0033:0x7fab2938e929 [ 249.216504][ T8399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.216522][ T8399] RSP: 002b:00007fab2a1f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.216545][ T8399] RAX: ffffffffffffffda RBX: 00007fab295b5fa0 RCX: 00007fab2938e929 [ 249.216561][ T8399] RDX: 0000200000000180 RSI: 0000000080047441 RDI: 0000000000000003 [ 249.216575][ T8399] RBP: 00007fab2a1f0090 R08: 0000000000000000 R09: 0000000000000000 [ 249.216587][ T8399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.216600][ T8399] R13: 0000000000000000 R14: 00007fab295b5fa0 R15: 00007fff23bd73e8 [ 249.216635][ T8399] [ 249.219813][ T8399] ERROR: Out of memory at tomoyo_realpath_from_path. [ 249.286577][ T8401] netlink: 'syz.3.736': attribute type 1 has an invalid length. [ 249.498099][ T8401] netlink: 17 bytes leftover after parsing attributes in process `syz.3.736'. [ 249.651041][ T8405] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.738'. [ 249.840012][ T8416] netlink: 60 bytes leftover after parsing attributes in process `syz.0.739'. [ 249.872200][ T8416] netlink: 60 bytes leftover after parsing attributes in process `syz.0.739'. [ 249.929805][ T8413] netlink: 60 bytes leftover after parsing attributes in process `syz.0.739'. [ 250.157796][ T8422] netlink: 16222 bytes leftover after parsing attributes in process `syz.0.743'. [ 250.420905][ T5841] Bluetooth: hci4: unexpected event 0x08 length: 15 > 4 [ 252.113683][ T8475] __nla_validate_parse: 2 callbacks suppressed [ 252.152673][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 252.163382][ T8475] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.762'. [ 252.173116][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 252.182107][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 252.195163][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 252.205000][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 252.556629][ T8490] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.765'. [ 252.638720][ T8478] chnl_net:caif_netlink_parms(): no params data found [ 252.759325][ T8499] netlink: 60 bytes leftover after parsing attributes in process `syz.0.768'. [ 252.809985][ T8496] netlink: 60 bytes leftover after parsing attributes in process `syz.0.768'. [ 252.820846][ T8502] netlink: 'syz.2.770': attribute type 10 has an invalid length. [ 252.849203][ T8499] netlink: 60 bytes leftover after parsing attributes in process `syz.0.768'. [ 252.878036][ T8502] team0: Device ipvlan1 failed to register rx_handler [ 253.022450][ T8511] netlink: 167 bytes leftover after parsing attributes in process `syz.0.773'. [ 253.157240][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.166975][ T5836] Bluetooth: hci0: unexpected event 0x03 length: 15 > 11 [ 253.170283][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.185498][ T8478] bridge_slave_0: entered allmulticast mode [ 253.211229][ T8478] bridge_slave_0: entered promiscuous mode [ 253.266731][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.278955][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.287555][ T8478] bridge_slave_1: entered allmulticast mode [ 253.299644][ T8478] bridge_slave_1: entered promiscuous mode [ 253.414992][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 253.466200][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 253.662144][ T8478] team0: Port device team_slave_0 added [ 253.719171][ T8535] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.781'. [ 253.751087][ T8478] team0: Port device team_slave_1 added [ 253.860121][ T8538] netlink: 60 bytes leftover after parsing attributes in process `syz.2.783'. [ 253.878097][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.887515][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.916188][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 253.929197][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 253.936637][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.962890][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 253.977115][ T8537] netlink: 60 bytes leftover after parsing attributes in process `syz.2.783'. [ 253.990200][ T8538] netlink: 60 bytes leftover after parsing attributes in process `syz.2.783'. [ 254.145888][ T8478] hsr_slave_0: entered promiscuous mode [ 254.158839][ T8478] hsr_slave_1: entered promiscuous mode [ 254.190518][ T8478] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 254.214669][ T8478] Cannot create hsr debugfs directory [ 254.264282][ T5836] Bluetooth: hci2: command tx timeout [ 254.439775][ T8555] FAULT_INJECTION: forcing a failure. [ 254.439775][ T8555] name failslab, interval 1, probability 0, space 0, times 0 [ 254.490327][ T8555] CPU: 1 UID: 0 PID: 8555 Comm: syz.1.791 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 254.490362][ T8555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.490376][ T8555] Call Trace: [ 254.490385][ T8555] [ 254.490395][ T8555] dump_stack_lvl+0x189/0x250 [ 254.490438][ T8555] ? __pfx____ratelimit+0x10/0x10 [ 254.490461][ T8555] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.490496][ T8555] ? __pfx__printk+0x10/0x10 [ 254.490529][ T8555] ? __pfx___might_resched+0x10/0x10 [ 254.490571][ T8555] should_fail_ex+0x414/0x560 [ 254.490607][ T8555] ? map_get_next_key+0x22a/0x5f0 [ 254.490637][ T8555] should_failslab+0xa8/0x100 [ 254.490666][ T8555] __kvmalloc_node_noprof+0x161/0x5f0 [ 254.490706][ T8555] ? map_get_next_key+0x22a/0x5f0 [ 254.490735][ T8555] ? _copy_from_user+0x94/0xb0 [ 254.490766][ T8555] map_get_next_key+0x22a/0x5f0 [ 254.490799][ T8555] ? bpf_lsm_bpf+0x9/0x20 [ 254.490827][ T8555] __sys_bpf+0x7bf/0x860 [ 254.490860][ T8555] ? __pfx___sys_bpf+0x10/0x10 [ 254.490909][ T8555] ? ksys_write+0x22a/0x250 [ 254.490937][ T8555] ? __pfx_ksys_write+0x10/0x10 [ 254.490958][ T8555] ? rcu_is_watching+0x15/0xb0 [ 254.491003][ T8555] __x64_sys_bpf+0x7c/0x90 [ 254.491032][ T8555] do_syscall_64+0xfa/0x3b0 [ 254.491054][ T8555] ? lockdep_hardirqs_on+0x9c/0x150 [ 254.491075][ T8555] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.491097][ T8555] ? clear_bhb_loop+0x60/0xb0 [ 254.491126][ T8555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.491147][ T8555] RIP: 0033:0x7f2f12f8e929 [ 254.491167][ T8555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.491187][ T8555] RSP: 002b:00007f2f13d43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 254.491211][ T8555] RAX: ffffffffffffffda RBX: 00007f2f131b6080 RCX: 00007f2f12f8e929 [ 254.491228][ T8555] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000004 [ 254.491241][ T8555] RBP: 00007f2f13d43090 R08: 0000000000000000 R09: 0000000000000000 [ 254.491255][ T8555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.491268][ T8555] R13: 0000000000000000 R14: 00007f2f131b6080 R15: 00007ffc6c2ef868 [ 254.491306][ T8555] [ 255.015289][ T8478] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.191824][ T8478] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.352253][ T8478] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.115618][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.128083][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.190968][ T8478] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.340624][ T5836] Bluetooth: hci2: command tx timeout [ 256.507224][ T8589] team_slave_0: left promiscuous mode [ 256.535934][ T8589] team0: Port device team_slave_0 removed [ 256.545263][ T8589] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 256.597933][ T8478] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 256.618329][ T8478] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 256.661882][ T8478] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 256.728033][ T8478] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 257.082162][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.137271][ T8478] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.162498][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.169764][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.201163][ T6071] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.208478][ T6071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.771556][ T8630] FAULT_INJECTION: forcing a failure. [ 257.771556][ T8630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 257.816175][ T8630] CPU: 0 UID: 0 PID: 8630 Comm: syz.3.813 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 257.816218][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 257.816231][ T8630] Call Trace: [ 257.816242][ T8630] [ 257.816257][ T8630] dump_stack_lvl+0x189/0x250 [ 257.816306][ T8630] ? __pfx____ratelimit+0x10/0x10 [ 257.816338][ T8630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.816381][ T8630] ? __pfx__printk+0x10/0x10 [ 257.816485][ T8630] should_fail_ex+0x414/0x560 [ 257.816553][ T8630] _copy_to_user+0x31/0xb0 [ 257.816600][ T8630] map_get_next_key+0x48b/0x5f0 [ 257.816642][ T8630] ? map_get_next_key+0x269/0x5f0 [ 257.816698][ T8630] __sys_bpf+0x7bf/0x860 [ 257.816750][ T8630] ? __pfx___sys_bpf+0x10/0x10 [ 257.816858][ T8630] ? ksys_write+0x22a/0x250 [ 257.816904][ T8630] ? __pfx_ksys_write+0x10/0x10 [ 257.816925][ T8630] ? rcu_is_watching+0x15/0xb0 [ 257.817012][ T8630] __x64_sys_bpf+0x7c/0x90 [ 257.817054][ T8630] do_syscall_64+0xfa/0x3b0 [ 257.817076][ T8630] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.817102][ T8630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.817128][ T8630] ? clear_bhb_loop+0x60/0xb0 [ 257.817175][ T8630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.817197][ T8630] RIP: 0033:0x7f3c1318e929 [ 257.817233][ T8630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.817253][ T8630] RSP: 002b:00007f3c140ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 257.817275][ T8630] RAX: ffffffffffffffda RBX: 00007f3c133b5fa0 RCX: 00007f3c1318e929 [ 257.817291][ T8630] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000004 [ 257.817304][ T8630] RBP: 00007f3c140ce090 R08: 0000000000000000 R09: 0000000000000000 [ 257.817318][ T8630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.817330][ T8630] R13: 0000000000000000 R14: 00007f3c133b5fa0 R15: 00007ffcbe62e868 [ 257.817432][ T8630] [ 257.882549][ T8632] __nla_validate_parse: 5 callbacks suppressed [ 257.882574][ T8632] netlink: 167 bytes leftover after parsing attributes in process `syz.2.814'. [ 258.024410][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.203255][ T8640] netlink: 'syz.2.817': attribute type 4 has an invalid length. [ 258.341085][ T8646] netlink: 60 bytes leftover after parsing attributes in process `syz.1.818'. [ 258.366484][ T8644] netlink: 60 bytes leftover after parsing attributes in process `syz.1.818'. [ 258.378992][ T8646] netlink: 60 bytes leftover after parsing attributes in process `syz.1.818'. [ 258.426219][ T5836] Bluetooth: hci2: command tx timeout [ 258.606500][ T8654] FAULT_INJECTION: forcing a failure. [ 258.606500][ T8654] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.628589][ T8654] CPU: 0 UID: 0 PID: 8654 Comm: syz.2.820 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 258.628620][ T8654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 258.628634][ T8654] Call Trace: [ 258.628643][ T8654] [ 258.628652][ T8654] dump_stack_lvl+0x189/0x250 [ 258.628691][ T8654] ? __pfx____ratelimit+0x10/0x10 [ 258.628713][ T8654] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.628746][ T8654] ? __pfx__printk+0x10/0x10 [ 258.628786][ T8654] should_fail_ex+0x414/0x560 [ 258.628823][ T8654] _copy_from_iter+0x575/0x16f0 [ 258.628857][ T8654] ? __pfx__copy_from_iter+0x10/0x10 [ 258.628875][ T8654] ? sock_alloc_send_pskb+0x875/0x990 [ 258.628915][ T8654] ? __pfx__copy_from_iter+0x10/0x10 [ 258.628938][ T8654] ? page_copy_sane+0x16a/0x280 [ 258.628961][ T8654] copy_page_from_iter+0xdd/0x170 [ 258.628987][ T8654] skb_copy_datagram_from_iter+0x306/0x720 [ 258.629035][ T8654] packet_sendmsg+0x3abb/0x53f0 [ 258.629081][ T8654] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 258.629132][ T8654] ? __pfx___might_resched+0x10/0x10 [ 258.629166][ T8654] ? __lock_acquire+0xab9/0xd20 [ 258.629203][ T8654] ? ktime_get+0x3e/0x1f0 [ 258.629231][ T8654] ? __pfx_packet_sendmsg+0x10/0x10 [ 258.629259][ T8654] ? aa_sk_perm+0x81e/0x950 [ 258.629293][ T8654] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 258.629335][ T8654] ? __lock_acquire+0xab9/0xd20 [ 258.629361][ T8654] ? aa_sock_msg_perm+0x94/0x160 [ 258.629401][ T8654] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 258.629430][ T8654] ? __pfx_packet_sendmsg+0x10/0x10 [ 258.629462][ T8654] __sock_sendmsg+0x219/0x270 [ 258.629488][ T8654] ____sys_sendmsg+0x505/0x830 [ 258.629525][ T8654] ? __pfx_____sys_sendmsg+0x10/0x10 [ 258.629564][ T8654] ? import_iovec+0x74/0xa0 [ 258.629592][ T8654] ___sys_sendmsg+0x21f/0x2a0 [ 258.629624][ T8654] ? __pfx____sys_sendmsg+0x10/0x10 [ 258.629692][ T8654] ? __fget_files+0x2a/0x420 [ 258.629731][ T8654] ? __fget_files+0x3a0/0x420 [ 258.629768][ T8654] __x64_sys_sendmsg+0x19b/0x260 [ 258.629795][ T8654] ? clockevents_program_event+0x24d/0x360 [ 258.629823][ T8654] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 258.629873][ T8654] ? do_syscall_64+0xbe/0x3b0 [ 258.629918][ T8654] do_syscall_64+0xfa/0x3b0 [ 258.629942][ T8654] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.629962][ T8654] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 258.629984][ T8654] ? clear_bhb_loop+0x60/0xb0 [ 258.630011][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.630032][ T8654] RIP: 0033:0x7f840d58e929 [ 258.630051][ T8654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.630070][ T8654] RSP: 002b:00007f840e333038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 258.630093][ T8654] RAX: ffffffffffffffda RBX: 00007f840d7b5fa0 RCX: 00007f840d58e929 [ 258.630110][ T8654] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006 [ 258.630123][ T8654] RBP: 00007f840e333090 R08: 0000000000000000 R09: 0000000000000000 [ 258.630137][ T8654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 258.630149][ T8654] R13: 0000000000000000 R14: 00007f840d7b5fa0 R15: 00007ffec5a33f28 [ 258.630183][ T8654] [ 258.976230][ T8478] veth0_vlan: entered promiscuous mode [ 259.009759][ T8657] netlink: 44 bytes leftover after parsing attributes in process `syz.0.822'. [ 259.029477][ T8478] veth1_vlan: entered promiscuous mode [ 259.074505][ T8478] veth0_macvtap: entered promiscuous mode [ 259.085849][ T8478] veth1_macvtap: entered promiscuous mode [ 259.112601][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.128385][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.140980][ T8478] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.150038][ T8478] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.160174][ T8478] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.169031][ T8478] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.430326][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.462967][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 259.571732][ T8673] netlink: 60 bytes leftover after parsing attributes in process `syz.2.827'. [ 259.589539][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.589621][ T8669] netlink: 60 bytes leftover after parsing attributes in process `syz.2.827'. [ 259.607135][ T8673] netlink: 60 bytes leftover after parsing attributes in process `syz.2.827'. [ 259.622492][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.115205][ T8686] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.830'. [ 260.809231][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.935234][ T8701] netlink: 60 bytes leftover after parsing attributes in process `syz.3.836'. [ 261.257744][ T8713] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 261.353096][ T8715] FAULT_INJECTION: forcing a failure. [ 261.353096][ T8715] name failslab, interval 1, probability 0, space 0, times 0 [ 261.478639][ T8715] CPU: 0 UID: 0 PID: 8715 Comm: syz.1.841 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 261.478673][ T8715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.478688][ T8715] Call Trace: [ 261.478700][ T8715] [ 261.478714][ T8715] dump_stack_lvl+0x189/0x250 [ 261.478764][ T8715] ? __pfx____ratelimit+0x10/0x10 [ 261.478796][ T8715] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.478848][ T8715] ? __pfx__printk+0x10/0x10 [ 261.478899][ T8715] ? __pfx___might_resched+0x10/0x10 [ 261.478940][ T8715] ? fs_reclaim_acquire+0x7d/0x100 [ 261.479002][ T8715] should_fail_ex+0x414/0x560 [ 261.479070][ T8715] should_failslab+0xa8/0x100 [ 261.479116][ T8715] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 261.479150][ T8715] ? __alloc_skb+0x112/0x2d0 [ 261.479209][ T8715] __alloc_skb+0x112/0x2d0 [ 261.479270][ T8715] alloc_skb_with_frags+0xca/0x890 [ 261.479343][ T8715] ? perf_trace_lock_acquire+0x335/0x410 [ 261.479414][ T8715] sock_alloc_send_pskb+0x857/0x990 [ 261.479562][ T8715] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 261.479632][ T8715] ? dev_get_by_index+0x22/0x2e0 [ 261.479659][ T8715] ? dev_get_by_index+0x22/0x2e0 [ 261.479724][ T8715] packet_sendmsg+0x3672/0x53f0 [ 261.479832][ T8715] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 261.479986][ T8715] ? __pfx___might_resched+0x10/0x10 [ 261.480018][ T8715] ? trace_call_bpf+0xb7/0x850 [ 261.480116][ T8715] ? perf_trace_run_bpf_submit+0xf9/0x170 [ 261.480167][ T8715] ? __pfx_packet_sendmsg+0x10/0x10 [ 261.480195][ T8715] ? aa_sk_perm+0x81e/0x950 [ 261.480270][ T8715] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 261.480339][ T8715] ? __lock_acquire+0xab9/0xd20 [ 261.480366][ T8715] ? aa_sock_msg_perm+0x94/0x160 [ 261.480415][ T8715] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 261.480449][ T8715] ? __pfx_packet_sendmsg+0x10/0x10 [ 261.480495][ T8715] __sock_sendmsg+0x219/0x270 [ 261.480547][ T8715] ____sys_sendmsg+0x505/0x830 [ 261.480618][ T8715] ? __pfx_____sys_sendmsg+0x10/0x10 [ 261.480710][ T8715] ? import_iovec+0x74/0xa0 [ 261.480766][ T8715] ___sys_sendmsg+0x21f/0x2a0 [ 261.480821][ T8715] ? __pfx____sys_sendmsg+0x10/0x10 [ 261.481054][ T8715] ? __fget_files+0x2a/0x420 [ 261.481085][ T8715] ? __fget_files+0x3a0/0x420 [ 261.481176][ T8715] __x64_sys_sendmsg+0x19b/0x260 [ 261.481233][ T8715] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 261.481326][ T8715] ? __pfx_ksys_write+0x10/0x10 [ 261.481347][ T8715] ? rcu_is_watching+0x15/0xb0 [ 261.481417][ T8715] ? do_syscall_64+0xbe/0x3b0 [ 261.481468][ T8715] do_syscall_64+0xfa/0x3b0 [ 261.481491][ T8715] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.481519][ T8715] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.481544][ T8715] ? clear_bhb_loop+0x60/0xb0 [ 261.481592][ T8715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.481615][ T8715] RIP: 0033:0x7f2f12f8e929 [ 261.481642][ T8715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.481661][ T8715] RSP: 002b:00007f2f13d64038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 261.481684][ T8715] RAX: ffffffffffffffda RBX: 00007f2f131b5fa0 RCX: 00007f2f12f8e929 [ 261.481700][ T8715] RDX: 0000000004008050 RSI: 0000200000001780 RDI: 0000000000000006 [ 261.481715][ T8715] RBP: 00007f2f13d64090 R08: 0000000000000000 R09: 0000000000000000 [ 261.481728][ T8715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.481741][ T8715] R13: 0000000000000000 R14: 00007f2f131b5fa0 R15: 00007ffc6c2ef868 [ 261.481861][ T8715] [ 262.339868][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.478375][ T8714] delete_channel: no stack [ 262.583337][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.708411][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 262.717755][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 262.725888][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 262.735303][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 262.743874][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 262.970971][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.804187][ T36] bridge_slave_1: left allmulticast mode [ 263.826826][ T36] bridge_slave_1: left promiscuous mode [ 263.876977][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.905209][ T8751] FAULT_INJECTION: forcing a failure. [ 263.905209][ T8751] name failslab, interval 1, probability 0, space 0, times 0 [ 263.941423][ T8751] CPU: 0 UID: 0 PID: 8751 Comm: syz.2.853 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 263.941455][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.941468][ T8751] Call Trace: [ 263.941476][ T8751] [ 263.941486][ T8751] dump_stack_lvl+0x189/0x250 [ 263.941523][ T8751] ? __pfx____ratelimit+0x10/0x10 [ 263.941545][ T8751] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.941579][ T8751] ? __pfx__printk+0x10/0x10 [ 263.941605][ T8751] ? __pfx___might_resched+0x10/0x10 [ 263.941637][ T8751] ? fs_reclaim_acquire+0x7d/0x100 [ 263.941671][ T8751] should_fail_ex+0x414/0x560 [ 263.941706][ T8751] should_failslab+0xa8/0x100 [ 263.941734][ T8751] __kmalloc_noprof+0xcb/0x4f0 [ 263.941755][ T8751] ? lockdep_hardirqs_on+0x9c/0x150 [ 263.941773][ T8751] ? sock_kmalloc+0xd6/0x160 [ 263.941814][ T8751] sock_kmalloc+0xd6/0x160 [ 263.941848][ T8751] ____sys_sendmsg+0x1b5/0x830 [ 263.941885][ T8751] ? __pfx_____sys_sendmsg+0x10/0x10 [ 263.941924][ T8751] ? import_iovec+0x74/0xa0 [ 263.941952][ T8751] ___sys_sendmsg+0x21f/0x2a0 [ 263.941983][ T8751] ? __pfx____sys_sendmsg+0x10/0x10 [ 263.942054][ T8751] ? __fget_files+0x2a/0x420 [ 263.942079][ T8751] ? __fget_files+0x3a0/0x420 [ 263.942117][ T8751] __x64_sys_sendmsg+0x19b/0x260 [ 263.942149][ T8751] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 263.942207][ T8751] do_syscall_64+0xfa/0x3b0 [ 263.942230][ T8751] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.942249][ T8751] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 263.942271][ T8751] ? clear_bhb_loop+0x60/0xb0 [ 263.942297][ T8751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.942317][ T8751] RIP: 0033:0x7f840d58e929 [ 263.942336][ T8751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.942354][ T8751] RSP: 002b:00007f840e333038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 263.942377][ T8751] RAX: ffffffffffffffda RBX: 00007f840d7b5fa0 RCX: 00007f840d58e929 [ 263.942392][ T8751] RDX: 0000000000000000 RSI: 0000200000007940 RDI: 000000000000000b [ 263.942405][ T8751] RBP: 00007f840e333090 R08: 0000000000000000 R09: 0000000000000000 [ 263.942419][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.942431][ T8751] R13: 0000000000000000 R14: 00007f840d7b5fa0 R15: 00007ffec5a33f28 [ 263.942464][ T8751] [ 264.287372][ T36] bridge_slave_0: left allmulticast mode [ 264.293121][ T36] bridge_slave_0: left promiscuous mode [ 264.299823][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.815232][ T5841] Bluetooth: hci2: command tx timeout [ 265.262352][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.278485][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.297944][ T36] bond0 (unregistering): Released all slaves [ 265.360489][ T8759] __nla_validate_parse: 3 callbacks suppressed [ 265.360510][ T8759] netlink: 60 bytes leftover after parsing attributes in process `syz.1.855'. [ 265.414049][ T8771] netlink: 60 bytes leftover after parsing attributes in process `syz.3.857'. [ 265.602280][ T5841] Bluetooth: hci0: unexpected event 0x12 length: 15 > 8 [ 265.868347][ T8728] chnl_net:caif_netlink_parms(): no params data found [ 266.151384][ T8810] netlink: 152 bytes leftover after parsing attributes in process `syz.3.865'. [ 266.198370][ T8810] netlink: 6 bytes leftover after parsing attributes in process `syz.3.865'. [ 266.895557][ T5841] Bluetooth: hci2: command tx timeout [ 266.898107][ T8830] netlink: 'syz.1.868': attribute type 10 has an invalid length. [ 268.976791][ T5841] Bluetooth: hci2: command tx timeout [ 269.128222][ T36] hsr_slave_0: left promiscuous mode [ 269.136352][ T36] hsr_slave_1: left promiscuous mode [ 269.145217][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 269.152709][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 269.163681][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 269.171995][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 269.195402][ T36] veth1_macvtap: left promiscuous mode [ 269.201014][ T36] veth0_macvtap: left promiscuous mode [ 269.210282][ T36] veth1_vlan: left promiscuous mode [ 269.216416][ T36] veth0_vlan: left promiscuous mode [ 269.697326][ T36] team0 (unregistering): Port device team_slave_1 removed [ 269.745718][ T36] team0 (unregistering): Port device team_slave_0 removed [ 270.134349][ T8830] team0: Device ipvlan1 failed to register rx_handler [ 270.182778][ T8728] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.191244][ T8728] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.198741][ T8728] bridge_slave_0: entered allmulticast mode [ 270.206641][ T8728] bridge_slave_0: entered promiscuous mode [ 270.215052][ T8728] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.222249][ T8728] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.229572][ T8728] bridge_slave_1: entered allmulticast mode [ 270.237886][ T8728] bridge_slave_1: entered promiscuous mode [ 270.278693][ T8846] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.871'. [ 270.304166][ T8850] netlink: 60 bytes leftover after parsing attributes in process `syz.2.872'. [ 270.522293][ T8859] netlink: 60 bytes leftover after parsing attributes in process `syz.1.873'. [ 270.540192][ T8853] netlink: 60 bytes leftover after parsing attributes in process `syz.1.873'. [ 270.566100][ T8728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 270.588969][ T8728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 270.616077][ T8859] netlink: 60 bytes leftover after parsing attributes in process `syz.1.873'. [ 270.800642][ T8728] team0: Port device team_slave_0 added [ 270.815831][ T8728] team0: Port device team_slave_1 added [ 270.937009][ T8728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 270.945870][ T8728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.990532][ T8728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 271.014018][ T8728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 271.032511][ T8728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.063673][ T5841] Bluetooth: hci2: command tx timeout [ 271.071131][ T8728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 271.221176][ T8728] hsr_slave_0: entered promiscuous mode [ 271.252208][ T8728] hsr_slave_1: entered promiscuous mode [ 271.259407][ T8728] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 271.275628][ T8728] Cannot create hsr debugfs directory [ 271.719562][ T8893] netlink: 'syz.1.883': attribute type 2 has an invalid length. [ 271.731290][ T8893] netlink: 137592 bytes leftover after parsing attributes in process `syz.1.883'. [ 271.840165][ T8895] netlink: 4735 bytes leftover after parsing attributes in process `syz.1.883'. [ 273.303570][ T8933] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.891'. [ 273.726749][ T8728] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 273.749897][ T8728] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 273.767329][ T8728] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 273.791019][ T8728] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 274.086641][ T8728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.148002][ T8728] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.180295][ T6071] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.187585][ T6071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.233627][ T6071] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.240934][ T6071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.441428][ T8728] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.712434][ T8988] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.906'. [ 275.796654][ T8993] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.824120][ T8993] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.856190][ T8993] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.869952][ T8993] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 276.631630][ T1145] bridge_slave_1: left allmulticast mode [ 276.641662][ T1145] bridge_slave_1: left promiscuous mode [ 276.670258][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.910966][ T1145] bridge_slave_0: left allmulticast mode [ 276.928609][ T1145] bridge_slave_0: left promiscuous mode [ 276.948184][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.982671][ T9049] netlink: 'syz.2.921': attribute type 2 has an invalid length. [ 279.371773][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.397917][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.427021][ T1145] bond0 (unregistering): Released all slaves [ 279.668617][ T8728] veth0_vlan: entered promiscuous mode [ 279.802111][ T9067] netlink: 'syz.1.924': attribute type 10 has an invalid length. [ 280.056983][ T8728] veth1_vlan: entered promiscuous mode [ 280.270795][ T8728] veth0_macvtap: entered promiscuous mode [ 280.349596][ T8728] veth1_macvtap: entered promiscuous mode [ 280.508396][ T9087] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.928'. [ 280.826030][ T1145] hsr_slave_0: left promiscuous mode [ 280.847567][ T1145] hsr_slave_1: left promiscuous mode [ 280.883628][ T1145] veth1_macvtap: left promiscuous mode [ 280.898509][ T1145] veth0_macvtap: left promiscuous mode [ 280.914332][ T1145] veth1_vlan: left promiscuous mode [ 280.934033][ T1145] veth0_vlan: left promiscuous mode [ 281.328551][ T9102] netlink: 'syz.1.932': attribute type 2 has an invalid length. [ 281.613557][ T9108] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.933'. [ 282.724028][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 282.828432][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 283.614590][ T5836] Bluetooth: hci0: command 0x0406 tx timeout [ 283.660248][ T8728] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.737793][ T8728] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.785638][ T8728] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.823744][ T8728] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.832539][ T8728] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.883828][ T8728] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.131007][ T9143] FAULT_INJECTION: forcing a failure. [ 284.131007][ T9143] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 284.222126][ T9143] CPU: 0 UID: 0 PID: 9143 Comm: syz.0.938 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 284.222157][ T9143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 284.222171][ T9143] Call Trace: [ 284.222179][ T9143] [ 284.222189][ T9143] dump_stack_lvl+0x189/0x250 [ 284.222228][ T9143] ? __pfx____ratelimit+0x10/0x10 [ 284.222250][ T9143] ? __pfx_dump_stack_lvl+0x10/0x10 [ 284.222283][ T9143] ? __pfx__printk+0x10/0x10 [ 284.222320][ T9143] should_fail_ex+0x414/0x560 [ 284.222356][ T9143] _copy_to_user+0x31/0xb0 [ 284.222382][ T9143] bpf_obj_get_info_by_fd+0x223f/0x2f70 [ 284.222433][ T9143] ? __pfx_bpf_obj_get_info_by_fd+0x10/0x10 [ 284.222475][ T9143] ? get_pid_task+0x20/0x1f0 [ 284.222548][ T9143] ? bpf_lsm_bpf+0x9/0x20 [ 284.222567][ T9143] ? security_bpf+0x7e/0x300 [ 284.222598][ T9143] __sys_bpf+0x77a/0x860 [ 284.222628][ T9143] ? __pfx___sys_bpf+0x10/0x10 [ 284.222671][ T9143] ? ksys_write+0x22a/0x250 [ 284.222696][ T9143] ? __pfx_ksys_write+0x10/0x10 [ 284.222716][ T9143] ? rcu_is_watching+0x15/0xb0 [ 284.222758][ T9143] __x64_sys_bpf+0x7c/0x90 [ 284.222784][ T9143] do_syscall_64+0xfa/0x3b0 [ 284.222804][ T9143] ? lockdep_hardirqs_on+0x9c/0x150 [ 284.222824][ T9143] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.222845][ T9143] ? clear_bhb_loop+0x60/0xb0 [ 284.222870][ T9143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.222891][ T9143] RIP: 0033:0x7fab2938e929 [ 284.222908][ T9143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.222927][ T9143] RSP: 002b:00007fab2a1f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 284.222950][ T9143] RAX: ffffffffffffffda RBX: 00007fab295b5fa0 RCX: 00007fab2938e929 [ 284.222965][ T9143] RDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000f [ 284.222985][ T9143] RBP: 00007fab2a1f0090 R08: 0000000000000000 R09: 0000000000000000 [ 284.222997][ T9143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.223010][ T9143] R13: 0000000000000000 R14: 00007fab295b5fa0 R15: 00007fff23bd73e8 [ 284.223043][ T9143] [ 284.415814][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.587210][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.700656][ T9149] wg2: entered promiscuous mode [ 284.706869][ T9149] wg2: entered allmulticast mode [ 284.879841][ T9158] syzkaller0: entered promiscuous mode [ 284.887312][ T9158] syzkaller0: entered allmulticast mode [ 287.321577][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.343082][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.863314][ T9206] netlink: 'syz.2.957': attribute type 21 has an invalid length. [ 287.872369][ T9206] netlink: 156 bytes leftover after parsing attributes in process `syz.2.957'. [ 288.364180][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.438620][ T9218] wg2: entered promiscuous mode [ 288.450631][ T9218] wg2: entered allmulticast mode [ 288.519714][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.663498][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.843633][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.067453][ T9230] Â: renamed from bond_slave_1 (while UP) [ 289.384942][ T36] bridge_slave_1: left allmulticast mode [ 289.391612][ T36] bridge_slave_1: left promiscuous mode [ 289.409610][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.466353][ T36] bridge_slave_0: left allmulticast mode [ 289.472100][ T36] bridge_slave_0: left promiscuous mode [ 289.489003][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.739091][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 289.751564][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 289.760193][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 289.770749][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 289.794050][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 290.485921][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.499013][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.510316][ T36] bond0 (unregistering): Released all slaves [ 291.101529][ T9293] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.563874][ T36] hsr_slave_0: left promiscuous mode [ 291.582841][ T36] hsr_slave_1: left promiscuous mode [ 291.612508][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 291.630788][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.646624][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 291.663782][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 291.721711][ T36] veth1_macvtap: left promiscuous mode [ 291.731440][ T36] veth0_macvtap: left promiscuous mode [ 291.737627][ T36] veth1_vlan: left promiscuous mode [ 291.743382][ T36] veth0_vlan: left promiscuous mode [ 291.853882][ T5841] Bluetooth: hci2: command tx timeout [ 292.265537][ T36] team0 (unregistering): Port device team_slave_1 removed [ 292.307412][ T36] team0 (unregistering): Port device team_slave_0 removed [ 293.315631][ T9260] chnl_net:caif_netlink_parms(): no params data found [ 293.933938][ T5841] Bluetooth: hci2: command tx timeout [ 294.659656][ T5841] Bluetooth: hci4: ISO packet for unknown connection handle 255 [ 294.761297][ T9260] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.768848][ T9260] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.776275][ T9260] bridge_slave_0: entered allmulticast mode [ 294.783928][ T9260] bridge_slave_0: entered promiscuous mode [ 294.807810][ T9386] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1012'. [ 294.838283][ T9387] wg2: entered promiscuous mode [ 294.845552][ T9387] wg2: entered allmulticast mode [ 294.853367][ T9260] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.864351][ T9260] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.871853][ T9260] bridge_slave_1: entered allmulticast mode [ 294.893512][ T9260] bridge_slave_1: entered promiscuous mode [ 294.904936][ T9383] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1012'. [ 295.239262][ T9390] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1012'. [ 295.506954][ T9260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.696716][ T9260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 296.045492][ T5841] Bluetooth: hci2: command tx timeout [ 297.126196][ T9260] team0: Port device team_slave_0 added [ 297.332433][ T9439] syzkaller0: entered promiscuous mode [ 297.388794][ T9439] syzkaller0: entered allmulticast mode [ 297.432933][ T9260] team0: Port device team_slave_1 added [ 297.691075][ T9260] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.706564][ T9260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.736777][ T9260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.094078][ T5841] Bluetooth: hci2: command tx timeout [ 298.999920][ T9260] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.007417][ T9260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.033879][ T9260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.280698][ T9260] hsr_slave_0: entered promiscuous mode [ 299.308966][ T9260] hsr_slave_1: entered promiscuous mode [ 299.319944][ T9260] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 299.336507][ T9260] Cannot create hsr debugfs directory [ 299.979478][ T9487] pim6reg1: entered allmulticast mode [ 300.171277][ T9499] netlink: 'syz.2.1048': attribute type 10 has an invalid length. [ 300.213882][ T9499] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1048'. [ 300.311470][ T9499] dummy0: entered promiscuous mode [ 300.342608][ T9501] netlink: 'syz.3.1050': attribute type 29 has an invalid length. [ 300.387969][ T9501] netlink: 'syz.3.1050': attribute type 29 has an invalid length. [ 300.432787][ T9501] netlink: 'syz.3.1050': attribute type 29 has an invalid length. [ 300.513416][ T9510] netlink: 'syz.3.1050': attribute type 29 has an invalid length. [ 300.953518][ T5841] Bluetooth: hci3: Malformed LE Event: 0x0d [ 301.464928][ T9537] netlink: 56537 bytes leftover after parsing attributes in process `syz.3.1060'. [ 301.737897][ T9543] syzkaller0: entered promiscuous mode [ 301.743500][ T9543] syzkaller0: entered allmulticast mode [ 304.643540][ T9260] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 304.697816][ T9260] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 304.751584][ T9260] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 304.850628][ T9260] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 305.630305][ T9260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.687983][ T9260] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.725548][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.732795][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.748267][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.755561][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 306.002587][ T9260] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 306.738819][ T9260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.884882][ T9672] tap0: tun_chr_ioctl cmd 2147767507 [ 308.124806][ T9686] ------------[ cut here ]------------ [ 308.130366][ T9686] verifier bug: expected array map for tail call(1) [ 308.171464][ T9686] WARNING: CPU: 1 PID: 9686 at kernel/bpf/verifier.c:11084 record_func_key+0x2d6/0x490 [ 308.181395][ T9686] Modules linked in: [ 308.185410][ T9686] CPU: 1 UID: 0 PID: 9686 Comm: syz.1.1109 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 308.197121][ T9686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.207380][ T9686] RIP: 0010:record_func_key+0x2d6/0x490 [ 308.212997][ T9686] Code: 09 cc e8 cd 64 e3 ff 80 3d 78 15 ae 0d 01 74 ba e8 bf 64 e3 ff c6 05 6a 15 ae 0d 01 90 48 c7 c7 e0 e3 91 8b e8 bb 07 a7 ff 90 <0f> 0b 90 90 eb 9f e8 9f 64 e3 ff eb 05 e8 98 64 e3 ff 48 8b 5c 24 [ 308.232796][ T9686] RSP: 0018:ffffc90004996c70 EFLAGS: 00010246 [ 308.238998][ T9686] RAX: cc6fefd331470300 RBX: dffffc0000000000 RCX: 0000000000080000 [ 308.247182][ T9686] RDX: ffffc9000b219000 RSI: 0000000000003a1e RDI: 0000000000003a1f [ 308.255453][ T9686] RBP: 000000000000001b R08: 0000000000000003 R09: 0000000000000004 [ 308.263648][ T9686] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: ffff888056214800 [ 308.271790][ T9686] R13: ffff888033599000 R14: ffff8880349a0000 R15: 1ffff11006934006 [ 308.279873][ T9686] FS: 00007f2f13d646c0(0000) GS:ffff888125d4d000(0000) knlGS:0000000000000000 [ 308.288995][ T9686] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 308.295739][ T9686] CR2: 00007efde3d57000 CR3: 0000000060b0e000 CR4: 00000000003526f0 [ 308.303842][ T9686] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 [ 308.311876][ T9686] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 308.319982][ T9686] Call Trace: [ 308.323307][ T9686] [ 308.326397][ T9686] check_helper_call+0x2fb8/0x6b60 [ 308.331608][ T9686] ? __pfx_check_helper_call+0x10/0x10 [ 308.337327][ T9686] ? tnum_const+0xd/0x20 [ 308.341641][ T9686] ? __mark_reg_known+0x79/0x240 [ 308.346745][ T9686] do_check+0x95ec/0xe080 [ 308.351137][ T9686] ? unwind_get_return_address+0x4d/0x90 [ 308.356977][ T9686] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 308.363508][ T9686] ? bpf_prog_load+0x1318/0x1930 [ 308.368571][ T9686] ? __x64_sys_bpf+0x7c/0x90 [ 308.373222][ T9686] ? do_syscall_64+0xfa/0x3b0 [ 308.378056][ T9686] ? __pfx_do_check+0x10/0x10 [ 308.382905][ T9686] ? __asan_memset+0x22/0x50 [ 308.383912][ T9260] veth0_vlan: entered promiscuous mode [ 308.387617][ T9686] ? init_func_state+0x1ddf/0x2d20 [ 308.398257][ T9686] do_check_common+0x188f/0x23f0 [ 308.403272][ T9686] bpf_check+0x10252/0x1a5d0 [ 308.408050][ T9686] ? __lock_acquire+0xab9/0xd20 [ 308.412983][ T9686] ? is_bpf_text_address+0x26/0x2b0 [ 308.418318][ T9686] ? is_bpf_text_address+0x292/0x2b0 [ 308.423740][ T9686] ? is_bpf_text_address+0x26/0x2b0 [ 308.429043][ T9686] ? __kernel_text_address+0xd/0x40 [ 308.434358][ T9686] ? unwind_get_return_address+0x4d/0x90 [ 308.440063][ T9686] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 308.446363][ T9686] ? __pfx_bpf_check+0x10/0x10 [ 308.448114][ T9260] veth1_vlan: entered promiscuous mode [ 308.451178][ T9686] ? __lock_acquire+0xab9/0xd20 [ 308.461816][ T9686] ? __pfx___mutex_trylock_common+0x10/0x10 [ 308.467846][ T9686] ? css_rstat_updated+0x1a5/0xca0 [ 308.473054][ T9686] ? __lock_acquire+0xab9/0xd20 [ 308.478071][ T9686] ? ktime_get_with_offset+0x8c/0x2a0 [ 308.483518][ T9686] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 308.489894][ T9686] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.495449][ T9686] ? ktime_get_with_offset+0x8c/0x2a0 [ 308.500885][ T9686] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 308.507230][ T9686] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 308.513960][ T9686] ? bpf_obj_name_cpy+0x194/0x1e0 [ 308.519036][ T9686] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 308.524356][ T9686] ? security_bpf_prog_load+0x7f/0x310 [ 308.529881][ T9686] bpf_prog_load+0x1318/0x1930 [ 308.534776][ T9686] ? __pfx_bpf_prog_load+0x10/0x10 [ 308.539986][ T9686] ? bpf_lsm_bpf+0x9/0x20 [ 308.544443][ T9686] ? security_bpf+0x7e/0x300 [ 308.549102][ T9686] __sys_bpf+0x5f1/0x860 [ 308.553416][ T9686] ? __pfx___sys_bpf+0x10/0x10 [ 308.558375][ T9686] ? rcu_is_watching+0x15/0xb0 [ 308.563221][ T9686] __x64_sys_bpf+0x7c/0x90 [ 308.567957][ T9686] do_syscall_64+0xfa/0x3b0 [ 308.572523][ T9686] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.577908][ T9686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.584099][ T9686] ? clear_bhb_loop+0x60/0xb0 [ 308.586866][ T9260] veth0_macvtap: entered promiscuous mode [ 308.588817][ T9686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.588850][ T9686] RIP: 0033:0x7f2f12f8e929 [ 308.605095][ T9686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.609195][ T9260] veth1_macvtap: entered promiscuous mode [ 308.624804][ T9686] RSP: 002b:00007f2f13d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 308.639088][ T9686] RAX: ffffffffffffffda RBX: 00007f2f131b5fa0 RCX: 00007f2f12f8e929 [ 308.647192][ T9686] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005 [ 308.655364][ T9686] RBP: 00007f2f13010b39 R08: 0000000000000000 R09: 0000000000000000 [ 308.663389][ T9686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 308.671636][ T9686] R13: 0000000000000000 R14: 00007f2f131b5fa0 R15: 00007ffc6c2ef868 [ 308.679781][ T9686] [ 308.682868][ T9686] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 308.690272][ T9686] CPU: 1 UID: 0 PID: 9686 Comm: syz.1.1109 Not tainted 6.16.0-rc3-syzkaller-g212ec9229567 #0 PREEMPT(full) [ 308.701752][ T9686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.711828][ T9686] Call Trace: [ 308.715124][ T9686] [ 308.718074][ T9686] dump_stack_lvl+0x99/0x250 [ 308.722703][ T9686] ? __asan_memcpy+0x40/0x70 [ 308.727333][ T9686] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.732572][ T9686] ? __pfx__printk+0x10/0x10 [ 308.737199][ T9686] panic+0x2db/0x790 [ 308.741133][ T9686] ? __pfx_panic+0x10/0x10 [ 308.745637][ T9686] __warn+0x31b/0x4b0 [ 308.749655][ T9686] ? record_func_key+0x2d6/0x490 [ 308.754636][ T9686] ? record_func_key+0x2d6/0x490 [ 308.759604][ T9686] report_bug+0x2be/0x4f0 [ 308.763972][ T9686] ? record_func_key+0x2d6/0x490 [ 308.768941][ T9686] ? record_func_key+0x2d6/0x490 [ 308.773918][ T9686] ? record_func_key+0x2d8/0x490 [ 308.778902][ T9686] handle_bug+0x84/0x160 [ 308.783175][ T9686] exc_invalid_op+0x1a/0x50 [ 308.787701][ T9686] asm_exc_invalid_op+0x1a/0x20 [ 308.792607][ T9686] RIP: 0010:record_func_key+0x2d6/0x490 [ 308.798190][ T9686] Code: 09 cc e8 cd 64 e3 ff 80 3d 78 15 ae 0d 01 74 ba e8 bf 64 e3 ff c6 05 6a 15 ae 0d 01 90 48 c7 c7 e0 e3 91 8b e8 bb 07 a7 ff 90 <0f> 0b 90 90 eb 9f e8 9f 64 e3 ff eb 05 e8 98 64 e3 ff 48 8b 5c 24 [ 308.817818][ T9686] RSP: 0018:ffffc90004996c70 EFLAGS: 00010246 [ 308.823922][ T9686] RAX: cc6fefd331470300 RBX: dffffc0000000000 RCX: 0000000000080000 [ 308.831934][ T9686] RDX: ffffc9000b219000 RSI: 0000000000003a1e RDI: 0000000000003a1f [ 308.839932][ T9686] RBP: 000000000000001b R08: 0000000000000003 R09: 0000000000000004 [ 308.847925][ T9686] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: ffff888056214800 [ 308.855916][ T9686] R13: ffff888033599000 R14: ffff8880349a0000 R15: 1ffff11006934006 [ 308.863933][ T9686] check_helper_call+0x2fb8/0x6b60 [ 308.869098][ T9686] ? __pfx_check_helper_call+0x10/0x10 [ 308.874625][ T9686] ? tnum_const+0xd/0x20 [ 308.878894][ T9686] ? __mark_reg_known+0x79/0x240 [ 308.883868][ T9686] do_check+0x95ec/0xe080 [ 308.888234][ T9686] ? unwind_get_return_address+0x4d/0x90 [ 308.893902][ T9686] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 308.900110][ T9686] ? bpf_prog_load+0x1318/0x1930 [ 308.905074][ T9686] ? __x64_sys_bpf+0x7c/0x90 [ 308.909685][ T9686] ? do_syscall_64+0xfa/0x3b0 [ 308.914408][ T9686] ? __pfx_do_check+0x10/0x10 [ 308.919122][ T9686] ? __asan_memset+0x22/0x50 [ 308.923767][ T9686] ? init_func_state+0x1ddf/0x2d20 [ 308.928913][ T9686] do_check_common+0x188f/0x23f0 [ 308.933895][ T9686] bpf_check+0x10252/0x1a5d0 [ 308.938539][ T9686] ? __lock_acquire+0xab9/0xd20 [ 308.943441][ T9686] ? is_bpf_text_address+0x26/0x2b0 [ 308.948674][ T9686] ? is_bpf_text_address+0x292/0x2b0 [ 308.953986][ T9686] ? is_bpf_text_address+0x26/0x2b0 [ 308.959214][ T9686] ? __kernel_text_address+0xd/0x40 [ 308.964438][ T9686] ? unwind_get_return_address+0x4d/0x90 [ 308.970121][ T9686] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 308.976319][ T9686] ? __pfx_bpf_check+0x10/0x10 [ 308.981132][ T9686] ? __lock_acquire+0xab9/0xd20 [ 308.986029][ T9686] ? __pfx___mutex_trylock_common+0x10/0x10 [ 308.991949][ T9686] ? css_rstat_updated+0x1a5/0xca0 [ 308.997112][ T9686] ? __lock_acquire+0xab9/0xd20 [ 309.002003][ T9686] ? ktime_get_with_offset+0x8c/0x2a0 [ 309.007409][ T9686] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 309.013698][ T9686] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.018948][ T9686] ? ktime_get_with_offset+0x8c/0x2a0 [ 309.024357][ T9686] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 309.030619][ T9686] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 309.037250][ T9686] ? bpf_obj_name_cpy+0x194/0x1e0 [ 309.042295][ T9686] ? bpf_lsm_bpf_prog_load+0x9/0x20 [ 309.047519][ T9686] ? security_bpf_prog_load+0x7f/0x310 [ 309.053005][ T9686] bpf_prog_load+0x1318/0x1930 [ 309.057803][ T9686] ? __pfx_bpf_prog_load+0x10/0x10 [ 309.062956][ T9686] ? bpf_lsm_bpf+0x9/0x20 [ 309.067304][ T9686] ? security_bpf+0x7e/0x300 [ 309.071923][ T9686] __sys_bpf+0x5f1/0x860 [ 309.076203][ T9686] ? __pfx___sys_bpf+0x10/0x10 [ 309.081014][ T9686] ? rcu_is_watching+0x15/0xb0 [ 309.085822][ T9686] __x64_sys_bpf+0x7c/0x90 [ 309.090270][ T9686] do_syscall_64+0xfa/0x3b0 [ 309.094800][ T9686] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.100021][ T9686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.106109][ T9686] ? clear_bhb_loop+0x60/0xb0 [ 309.110826][ T9686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.116839][ T9686] RIP: 0033:0x7f2f12f8e929 [ 309.121273][ T9686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.140910][ T9686] RSP: 002b:00007f2f13d64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 309.149352][ T9686] RAX: ffffffffffffffda RBX: 00007f2f131b5fa0 RCX: 00007f2f12f8e929 [ 309.157347][ T9686] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005 [ 309.165348][ T9686] RBP: 00007f2f13010b39 R08: 0000000000000000 R09: 0000000000000000 [ 309.173344][ T9686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.181364][ T9686] R13: 0000000000000000 R14: 00007f2f131b5fa0 R15: 00007ffc6c2ef868 [ 309.189379][ T9686] [ 309.192766][ T9686] Kernel Offset: disabled [ 309.197109][ T9686] Rebooting in 86400 seconds..