last executing test programs: 3m11.195855674s ago: executing program 3 (id=1921): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000880)={&(0x7f0000000300)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000340)="4584094d84916c8be1580b", 0xb}, {&(0x7f0000000380)="795fcb0ae0514b455c11e3e26afacc88d249f66ca7dcf2bc9d802762681da67f1abb4176b3c9954b12eeed0fc5d97a3a3bb11b0733d1a199d8cd3a217859f475b8d83dd98be200ff3cf9ead0a873c5c9fde7685a0f46ea119e27b412ad3de4d0f68e45bfa09a9ce4e2ce56e6aed6e9f295b468", 0x73}, {&(0x7f0000000580)="09d21e5bb143cf7047c4f66cd6e9aef232c66a430b69be189eca0fa3b2af88aa4f01a92c8ed16764deb1f5a8a46bd3af88282ac0bc9ba1ba0694a09ee4b78ea29200e93d713c45a2b1df54b0923080c4d9592f35721b48ff89f6ce5ff45c030f9867ff814dedfaa499db3a7e9376f66c7f2a7df3b3191ac734ca14c453fe694d46ad5a45f90b194d2f92482fed94ff62976325bbf7e084cd399d48a054ea670b58c80d5489086594460219a21dd7b4310f91d89b72423457707144c7a8091c5e7a15ccc4df65d8b3ae3a532dba46bb05500539c5bfd8dfa2f53200", 0xdb}, {&(0x7f0000000400)="de9b4d082ec6c1c82487d73a43a8219b6cddea026cb2ed04643355fa3ca659eb68024945d3e7fd7efdb6a87997cc9c31b14079ad8c5cd064b8bd094f475456555ee09013243d84927f492ca147b7bd4722a0f9eb1ac50d4a2d322392d2ca12b35f9bd043e6322e2b01d84ab7a7611b65d494a64aad626a699e0e8ed100", 0x7d}, {&(0x7f0000000680)="3374465b4beae643d349a206649ac96b1e1b88be6b7be8dacbc95137abfb208c95631ac76e1666a061a7fc4d4ab5201509729328816bd1a634b34e6ca033a831b9c5ce8bafabdd32e1c7e00e91f55ff4982609b087231d07227d5e11dc4c671360d65bd2b0966ec9d16bc927255f5ef729960536ba4b758c4de3fb4e4699b2c3934097bc901b1eca352f156f91cbdbdece2ae0a91912a82bc2f10faa8339", 0x9e}, {&(0x7f0000000740)="5f9a8882931555210bb26fb57d1c0db4fd4d5b33c1f6c25777f0e42ab3d3cf0352da517ac77d48beac33c227852ee1385fe0cd0c0e0e2c0544122a89af12cd8d0cb29713ced8ba8712031a201889b24dfb7fb3123d19dc01ebcbe06b0fc1b641dd67c5a55ea53ad9e6d3843dd76aea90663ab09f5654a5", 0x77}, {&(0x7f00000007c0)="b2aa164a51166e1c32eafa4d503ea97a46df5067", 0x14}], 0x7}, 0x0) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x1ff, 0x200}, 0x8000, 0xcdd, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x28, 0x1, 0x0) r3 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r3, 0x6, 0x9, &(0x7f0000000c40)=r3, 0x4) recvmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x2160) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x3820, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x200, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x80) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r5 = socket$kcm(0x2, 0x200000000000001, 0x106) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={r2}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="9feb010018000000000000006000000060000000050000000000000004000004e92e47d362e43c38"], &(0x7f0000000b80)=""/224, 0x7d, 0xe0, 0x1, 0xde}, 0x28) sendmsg$inet(r5, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x30004001) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="1b00000000000000000000000100000000000000", @ANYRES32, @ANYBLOB="05000000000000000000000000000000000000005a673c9dec2f6dafb89c727d65f3a71748e592a21c336428f5921ffdc021c626326abeaf6e86526303318e0932d41117abbc58988f70c35e7fdf01d8c663af89", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="040000000400"/28], 0x50) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r7, &(0x7f00000000c0)="36e8c852a59da3ba3d74b374ed9907835eea7e74329ee05ed34087168a13037ca7199472174e9c191ce1bb5bcbbfb420d46a0ef3c721babd076d6e663790b112c17d811c0504b7ad782df762c8eb1f212c8c0b03f48281f1bbb1d0b701a27c6ecb6976c1177925047c678cddceac9dcfc1a2f91f6dae48449973ed478d351980a05cc10b0845e2d3118bac2899013c0dea794325c56bf34c85223a004313d4f3adbfa0aebe"}, 0x20) recvmsg$kcm(r6, &(0x7f0000000900)={&(0x7f00000001c0)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, 0x0}, 0x40000000) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 3m10.544883231s ago: executing program 3 (id=1925): perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0xc, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x1410, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x2) r0 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_bp={0x0, 0x2}, 0x5114, 0x80000001, 0x0, 0x0, 0x0, 0xc26, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)='cpu&-0\t\t\t') r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='hugetlb.1GB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0) 3m10.073995029s ago: executing program 3 (id=1929): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000fcffffff000000000900000018010000", @ANYRES32, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000ff7f00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'pimreg1\x00', 0x400}) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0xffffffffffffffff, 0x1, 0x18}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0xffffffffffffffff, 0x1, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000100000000000000000004018112d7a", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000008c000000bf0900000000000055090100000000009500000000000000bf9100000000000076080000004000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$OBJ_GET_MAP(0x7, &(0x7f00000004c0)=@o_path={&(0x7f0000000480)='./file0\x00', 0x0, 0x4010}, 0x18) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) 3m9.69258018s ago: executing program 3 (id=1932): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x23, &(0x7f0000000000), 0x4) sendmsg$inet(r1, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x803e000000000000) 3m8.884671747s ago: executing program 3 (id=1934): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000280), &(0x7f0000000240)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3m8.702000247s ago: executing program 3 (id=1938): close(0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000004000000040000180a00000000000000", @ANYRES32, @ANYBLOB='\x00@\x00'/20, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="000000000100"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\a\x00\x00\x00'], 0x50) socket$kcm(0x10, 0x2, 0x0) close(r1) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)}, 0x10021) 2m53.544051501s ago: executing program 32 (id=1938): close(0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000004000000040000180a00000000000000", @ANYRES32, @ANYBLOB='\x00@\x00'/20, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="000000000100"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\a\x00\x00\x00'], 0x50) socket$kcm(0x10, 0x2, 0x0) close(r1) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)}, 0x10021) 7.772054582s ago: executing program 2 (id=2682): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140)=ANY=[], 0xfffffdef) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x5421, 0xaab173f1cd7308c0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{}, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r3, &(0x7f0000000980), 0x20000992) 6.191937794s ago: executing program 2 (id=2692): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000680)='ns/cgroup\x00') openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000001c0)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080)) 6.139332366s ago: executing program 0 (id=2693): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0xe62}, 0x0, 0xc8, 0x0, 0x6, 0x0, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x69}, 0x0, 0x10, 0xffffffffffffffff, 0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000fffe80000000000000101000007f0c0800000000000000007127"], 0xfdef) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000), 0xfdef) 5.846638543s ago: executing program 0 (id=2695): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="560a0000000000007911100000000000180000000000000000000000000800009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x8000000000000000, 0x7ff}, 0x110c40, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x1800000000000060, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={0x0, &(0x7f0000000240)=""/109, 0x0, 0x6d, 0x1, 0x7, 0x10000}, 0x28) bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x300}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x30000000}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xa, 0x0, 0x0, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x48) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) 4.86194579s ago: executing program 1 (id=2696): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r2) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x27, 0xe, 0x0, &(0x7f0000000340)="f8ad1dcc02cb29cec80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.86174962s ago: executing program 2 (id=2697): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0), 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1e000034ccf4ce00040000000800000000000000", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x50) socketpair(0x2, 0x2, 0x1, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d56000005b200000900000000000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'veth1_macvtap\x00'}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000040)={0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, 0x0}, 0x8) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240)=r4, 0x5a) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000840)={r5, 0x27, &(0x7f0000000300)}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f0, &(0x7f0000000080)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080)) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'macsec0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8914, &(0x7f0000000080)) 4.86152795s ago: executing program 4 (id=2698): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x5, 0x1, 0x4, 0x4}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000380), 0xc, r0}, 0x38) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 4.708097719s ago: executing program 0 (id=2699): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a0000008400000000010000010000", @ANYRESHEX], 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB="02000000"], 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00'}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb9d001800000000000000280600002800000002"], 0x0, 0x42}, 0x28) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x3d) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080)) 4.663895451s ago: executing program 4 (id=2700): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x22fe0}], 0x1}, 0x0) close(r1) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) 4.35159734s ago: executing program 0 (id=2701): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002140)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b7000000000000009500010000000000060054cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a0972aa087975333a78170cefbb1b4cb451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745dba9a53a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fb87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a629a770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284bc80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b69192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b577a007f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c07953cbe1ad1a7c5a0850920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6fd9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4c526a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a086535bd07820e690d2755768612bb7330a8b285f2585892eaffbb43991d40feb5dd0700"/2734], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xc0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r1}, 0x4) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 4.308428692s ago: executing program 2 (id=2702): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x4003e80, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x20000281}], 0x1}, 0x200000000000000) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) 4.307582212s ago: executing program 1 (id=2703): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x7, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x1e) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) 4.243325335s ago: executing program 4 (id=2704): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61151400000000006113500000000000bfa000000000000007000000ee0016055e0301000000000064050000000000006916340000000000bf07000000000000260507000fff07206706000020000000470600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1f000000}, 0x48) 4.033757518s ago: executing program 0 (id=2705): bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_clone(0x40042700, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r2, 0xffffffffffffffff, 0x21}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r7}, &(0x7f0000000280), &(0x7f0000000240)=r4}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r8, 0x4) sendmsg$inet(r6, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = openat$cgroup_subtree(r9, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r10, &(0x7f0000000040)={[{0x2b, 'cpu'}, {0x2d, 'pids'}]}, 0xb) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x4, 0x1, 0x13}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x80) 3.99137398s ago: executing program 1 (id=2706): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x7ff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x87}}]}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.944082833s ago: executing program 4 (id=2707): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000"], 0x0}, 0x94) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@o_path={&(0x7f0000000140)='./file0\x00', 0x0, 0x8008}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[], 0x0, 0xa7, 0x0, 0x0, 0x9, 0x10000}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000080000000850000002b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b703000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="c1dfb061cd21d3084d94d35486dd", 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.82194193s ago: executing program 1 (id=2708): close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000240)={'lo\x00', 0x400}) 3.616134522s ago: executing program 4 (id=2709): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r3, &(0x7f0000001140)={0x0, 0x2, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1}, 0x40000100) write$cgroup_devices(r0, &(0x7f00000005c0)=ANY=[], 0xfffffeff) 306.261573ms ago: executing program 4 (id=2710): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r0}, 0x8) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0), 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1e000034ccf4ce00040000000800000000000000", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x50) socketpair(0x2, 0x2, 0x1, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d56000005b200000900000000000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'veth1_macvtap\x00'}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000040)={0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, 0x0}, 0x8) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240)=r4, 0x5a) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000840)={r5, 0x27, &(0x7f0000000300)}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f0, &(0x7f0000000080)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080)) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'macsec0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8914, &(0x7f0000000080)) 305.247063ms ago: executing program 0 (id=2718): perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x8, 0x7ff}, 0x110c40, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) write$cgroup_devices(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="1e030a004d8c71ef2685634a8270e7123c00000000000000000000000000ac1414cf14"], 0xffdd) 294.474533ms ago: executing program 1 (id=2711): openat$tun(0xffffffffffffff9c, 0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xd, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bca30000000000002403000040feffff720af0ff00000e0771a4f0ff000000001f030000000000002e0a0200000000002600000000ff000e6114ac00000000001d430000000000007a0a00fe00581c1f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0), 0x10}, 0x94) openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x6, 0x261, 0x2}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r0, 0xffffffffffffffff}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r1, &(0x7f0000000300), 0x0}, 0x20) 293.694303ms ago: executing program 2 (id=2712): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000005000000020000000000000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r2, 0x27, 0x14, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc800320088a8", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) 75.209546ms ago: executing program 1 (id=2713): perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fd, 0x20, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x40004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffff7fffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1102, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff3) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) 0s ago: executing program 2 (id=2714): bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) kernel console output (not intermixed with test programs): 409.190440][T11538] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 409.193759][T11234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.199828][T11538] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 409.199904][T11538] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 409.268851][T11234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.287750][T11234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 409.334636][T11234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.367442][T11234] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 409.487684][T11234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.535309][T11234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.658007][T11234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.669252][T11234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.684579][T11234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 409.712905][T11234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 409.781438][T11234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 409.795835][T11551] netlink: 'syz.2.1860': attribute type 39 has an invalid length. [ 409.805509][T11542] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.1858'. [ 409.872218][T11234] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.897674][T11234] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.928998][T11234] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.944999][T11234] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.131937][T11554] netlink: 'syz.2.1861': attribute type 29 has an invalid length. [ 410.198581][T11234] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 410.239778][T11234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.265957][T11554] netlink: 'syz.2.1861': attribute type 29 has an invalid length. [ 410.432819][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.474744][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.702785][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.726411][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.405085][T11580] FAULT_INJECTION: forcing a failure. [ 411.405085][T11580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 411.432094][T11582] netlink: 'syz.1.1866': attribute type 39 has an invalid length. [ 411.601341][T11580] CPU: 0 PID: 11580 Comm: syz.3.1865 Not tainted syzkaller #0 [ 411.608914][T11580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 411.619111][T11580] Call Trace: [ 411.622538][T11580] [ 411.626033][T11580] dump_stack_lvl+0x18c/0x250 [ 411.630797][T11580] ? show_regs_print_info+0x20/0x20 [ 411.636148][T11580] ? load_image+0x400/0x400 [ 411.640708][T11580] ? __lock_acquire+0x7d40/0x7d40 [ 411.646053][T11580] should_fail_ex+0x39d/0x4d0 [ 411.650797][T11580] _copy_from_user+0x2f/0xe0 [ 411.655533][T11580] __copy_msghdr+0x3bb/0x580 [ 411.660290][T11580] ___sys_sendmsg+0x214/0x360 [ 411.665023][T11580] ? get_pid_task+0x20/0x1e0 [ 411.669759][T11580] ? __sys_sendmsg+0x2a0/0x2a0 [ 411.674682][T11580] ? __lock_acquire+0x7d40/0x7d40 [ 411.679903][T11580] __se_sys_sendmsg+0x1c2/0x2b0 [ 411.684781][T11580] ? __x64_sys_sendmsg+0x80/0x80 [ 411.689786][T11580] ? lockdep_hardirqs_on+0x98/0x150 [ 411.695065][T11580] do_syscall_64+0x55/0xa0 [ 411.699524][T11580] ? clear_bhb_loop+0x40/0x90 [ 411.704237][T11580] ? clear_bhb_loop+0x40/0x90 [ 411.708944][T11580] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 411.714893][T11580] RIP: 0033:0x7f950179aeb9 [ 411.719417][T11580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 411.739498][T11580] RSP: 002b:00007f94ff9d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 411.747947][T11580] RAX: ffffffffffffffda RBX: 00007f9501a16090 RCX: 00007f950179aeb9 [ 411.756291][T11580] RDX: 0000000020000000 RSI: 00002000000015c0 RDI: 0000000000000004 [ 411.764384][T11580] RBP: 00007f94ff9d5090 R08: 0000000000000000 R09: 0000000000000000 [ 411.772381][T11580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.780736][T11580] R13: 00007f9501a16128 R14: 00007f9501a16090 R15: 00007ffece314d98 [ 411.788829][T11580] [ 411.890335][T11594] netlink: 'syz.1.1869': attribute type 39 has an invalid length. [ 412.270821][T11598] FAULT_INJECTION: forcing a failure. [ 412.270821][T11598] name failslab, interval 1, probability 0, space 0, times 0 [ 412.326587][T11598] CPU: 1 PID: 11598 Comm: syz.1.1870 Not tainted syzkaller #0 [ 412.334167][T11598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 412.344452][T11598] Call Trace: [ 412.347771][T11598] [ 412.350822][T11598] dump_stack_lvl+0x18c/0x250 [ 412.355763][T11598] ? show_regs_print_info+0x20/0x20 [ 412.361005][T11598] ? load_image+0x400/0x400 [ 412.365554][T11598] ? __might_sleep+0xe0/0xe0 [ 412.370189][T11598] ? __lock_acquire+0x7d40/0x7d40 [ 412.375349][T11598] should_fail_ex+0x39d/0x4d0 [ 412.380253][T11598] should_failslab+0x9/0x20 [ 412.384813][T11598] slab_pre_alloc_hook+0x59/0x310 [ 412.389879][T11598] ? trace_probe_init+0x302/0x410 [ 412.395029][T11598] ? create_local_trace_uprobe+0x3e5/0x6e0 [ 412.401221][T11598] ? create_local_trace_uprobe+0x3e5/0x6e0 [ 412.407068][T11598] __kmem_cache_alloc_node+0x53/0x250 [ 412.412480][T11598] ? __asan_memcpy+0x40/0x70 [ 412.417120][T11598] ? create_local_trace_uprobe+0x3e5/0x6e0 [ 412.422965][T11598] __kmalloc_node_track_caller+0xa2/0x230 [ 412.428832][T11598] kstrdup+0x3b/0x80 [ 412.432949][T11598] create_local_trace_uprobe+0x3e5/0x6e0 [ 412.438641][T11598] ? bpf_get_uprobe_info+0x520/0x520 [ 412.443977][T11598] ? __might_fault+0xaa/0x120 [ 412.448842][T11598] ? _copy_from_user+0xa5/0xe0 [ 412.453661][T11598] perf_uprobe_init+0xf3/0x190 [ 412.458553][T11598] perf_uprobe_event_init+0xe6/0x180 [ 412.463981][T11598] perf_try_init_event+0x12b/0x3c0 [ 412.469146][T11598] perf_event_alloc+0xfa4/0x21b0 [ 412.474214][T11598] ? perf_event_alloc+0xc06/0x21b0 [ 412.479566][T11598] ? find_lively_task_by_vpid+0x19/0x290 [ 412.485324][T11598] __se_sys_perf_event_open+0x740/0x1c50 [ 412.491027][T11598] ? mutex_unlock+0x10/0x10 [ 412.495668][T11598] ? __x64_sys_perf_event_open+0xc0/0xc0 [ 412.501459][T11598] ? lock_chain_count+0x20/0x20 [ 412.506456][T11598] ? lockdep_hardirqs_on+0x98/0x150 [ 412.511688][T11598] ? __x64_sys_perf_event_open+0x20/0xc0 [ 412.517381][T11598] do_syscall_64+0x55/0xa0 [ 412.521930][T11598] ? clear_bhb_loop+0x40/0x90 [ 412.526652][T11598] ? clear_bhb_loop+0x40/0x90 [ 412.531466][T11598] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 412.537554][T11598] RIP: 0033:0x7fc84699aeb9 [ 412.542016][T11598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 412.562219][T11598] RSP: 002b:00007fc847936028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 412.570693][T11598] RAX: ffffffffffffffda RBX: 00007fc846c15fa0 RCX: 00007fc84699aeb9 [ 412.578713][T11598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 412.586822][T11598] RBP: 00007fc847936090 R08: 0000000000000000 R09: 0000000000000000 [ 412.595032][T11598] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002 [ 412.603150][T11598] R13: 00007fc846c16038 R14: 00007fc846c15fa0 R15: 00007fff6b5807e8 [ 412.611440][T11598] [ 414.133737][T11632] netlink: 'syz.0.1877': attribute type 39 has an invalid length. [ 414.197324][T11636] netlink: 'syz.2.1878': attribute type 39 has an invalid length. [ 414.642163][T11647] batadv0: entered promiscuous mode [ 415.800767][T11676] netlink: 'syz.3.1889': attribute type 39 has an invalid length. [ 416.213733][T11684] netlink: 'syz.1.1892': attribute type 10 has an invalid length. [ 416.292796][T11684] team0: Port device dummy0 added [ 416.299119][T11686] netlink: 'syz.3.1893': attribute type 10 has an invalid length. [ 416.310279][T11686] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1893'. [ 416.341037][T11686] ipvlan1: entered allmulticast mode [ 416.346550][T11686] veth0_vlan: entered allmulticast mode [ 416.410381][T11686] net_ratelimit: 2039 callbacks suppressed [ 416.410406][T11686] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 416.492875][T11684] netlink: 'syz.1.1892': attribute type 10 has an invalid length. [ 416.669564][T11684] team0: Port device dummy0 removed [ 417.056302][T11698] netlink: 'syz.2.1894': attribute type 2 has an invalid length. [ 417.140544][T11698] netlink: 'syz.2.1894': attribute type 8 has an invalid length. [ 417.194358][T11698] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1894'. [ 417.425996][T11704] syzkaller0: entered promiscuous mode [ 417.455506][T11704] syzkaller0: entered allmulticast mode [ 418.052850][T11721] netlink: 'syz.3.1901': attribute type 39 has an invalid length. [ 419.107437][T11748] netlink: 'syz.1.1908': attribute type 10 has an invalid length. [ 419.260182][T11748] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 419.299349][T11748] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 419.348675][T11750] netlink: 'syz.2.1910': attribute type 17 has an invalid length. [ 419.788412][T11765] netlink: 'syz.1.1912': attribute type 39 has an invalid length. [ 420.195174][T11771] wg2: entered allmulticast mode [ 420.316084][T11775] wg2: entered promiscuous mode [ 421.883630][T11809] netlink: 'syz.1.1926': attribute type 39 has an invalid length. [ 422.338475][T11818] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1930'. [ 422.462094][T11812] delete_channel: no stack [ 423.286514][T11831] netlink: 'syz.1.1933': attribute type 10 has an invalid length. [ 423.549908][T11837] netlink: 'syz.0.1936': attribute type 39 has an invalid length. [ 424.870432][T11856] netlink: 'syz.2.1942': attribute type 13 has an invalid length. [ 424.878339][T11856] netlink: 24643 bytes leftover after parsing attributes in process `syz.2.1942'. [ 425.135577][T11866] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.143922][T11866] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.170880][T11866] bridge0: entered allmulticast mode [ 425.250548][T11867] bridge_slave_1: left allmulticast mode [ 425.256337][T11867] bridge_slave_1: left promiscuous mode [ 425.305936][T11867] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.404190][T11867] bridge_slave_0: left allmulticast mode [ 425.422605][T11867] bridge_slave_0: left promiscuous mode [ 425.433763][T11867] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.668593][T11869] netlink: 'syz.1.1947': attribute type 39 has an invalid length. [ 425.893217][T11875] netlink: 208064 bytes leftover after parsing attributes in process `syz.2.1950'. [ 426.599350][T11890] netlink: 'syz.1.1957': attribute type 39 has an invalid length. [ 426.987877][T11899] FAULT_INJECTION: forcing a failure. [ 426.987877][T11899] name failslab, interval 1, probability 0, space 0, times 0 [ 427.040061][T11899] CPU: 1 PID: 11899 Comm: syz.1.1960 Not tainted syzkaller #0 [ 427.047819][T11899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 427.057931][T11899] Call Trace: [ 427.061258][T11899] [ 427.064241][T11899] dump_stack_lvl+0x18c/0x250 [ 427.068959][T11899] ? sctp_sendmsg+0x1575/0x28c0 [ 427.073929][T11899] ? ___sys_sendmsg+0x2a6/0x360 [ 427.078836][T11899] ? show_regs_print_info+0x20/0x20 [ 427.084076][T11899] ? load_image+0x400/0x400 [ 427.088656][T11899] should_fail_ex+0x39d/0x4d0 [ 427.093391][T11899] should_failslab+0x9/0x20 [ 427.097932][T11899] slab_pre_alloc_hook+0x59/0x310 [ 427.103007][T11899] ? sctp_add_bind_addr+0x8c/0x360 [ 427.108163][T11899] __kmem_cache_alloc_node+0x53/0x250 [ 427.113707][T11899] ? sctp_add_bind_addr+0x8c/0x360 [ 427.118891][T11899] kmalloc_trace+0x2a/0xe0 [ 427.123422][T11899] sctp_add_bind_addr+0x8c/0x360 [ 427.128523][T11899] sctp_copy_local_addr_list+0x315/0x4f0 [ 427.134223][T11899] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 427.140031][T11899] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 427.146241][T11899] ? sctp_v6_is_any+0x64/0x70 [ 427.151056][T11899] ? sctp_copy_one_addr+0x8c/0x350 [ 427.156234][T11899] sctp_bind_addr_copy+0xb3/0x3c0 [ 427.161362][T11899] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 427.167737][T11899] sctp_connect_new_asoc+0x2f9/0x6a0 [ 427.173168][T11899] ? __sctp_connect+0xd80/0xd80 [ 427.178071][T11899] ? __local_bh_enable_ip+0x13a/0x1c0 [ 427.183598][T11899] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 427.189180][T11899] ? security_sctp_bind_connect+0x89/0xb0 [ 427.195042][T11899] sctp_sendmsg+0x1575/0x28c0 [ 427.200025][T11899] ? sctp_getsockopt+0xb60/0xb60 [ 427.205036][T11899] ? aa_sk_perm+0x83c/0x970 [ 427.209616][T11899] ? aa_af_perm+0x330/0x330 [ 427.214157][T11899] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 427.220622][T11899] ? sock_rps_record_flow+0x19/0x3f0 [ 427.225955][T11899] ? inet_sendmsg+0xe9/0x2f0 [ 427.230669][T11899] ? inet_send_prepare+0x260/0x260 [ 427.235916][T11899] ____sys_sendmsg+0x5ba/0x960 [ 427.240731][T11899] ? __lock_acquire+0x7d40/0x7d40 [ 427.245836][T11899] ? __sys_sendmsg_sock+0x30/0x30 [ 427.250988][T11899] ? __import_iovec+0x5f2/0x850 [ 427.255913][T11899] ? import_iovec+0x73/0xa0 [ 427.260476][T11899] ___sys_sendmsg+0x2a6/0x360 [ 427.265212][T11899] ? __sys_sendmsg+0x2a0/0x2a0 [ 427.270076][T11899] ? __lock_acquire+0x7d40/0x7d40 [ 427.275215][T11899] __se_sys_sendmsg+0x1c2/0x2b0 [ 427.280115][T11899] ? __x64_sys_sendmsg+0x80/0x80 [ 427.285332][T11899] ? lockdep_hardirqs_on+0x98/0x150 [ 427.290668][T11899] do_syscall_64+0x55/0xa0 [ 427.295209][T11899] ? clear_bhb_loop+0x40/0x90 [ 427.299929][T11899] ? clear_bhb_loop+0x40/0x90 [ 427.304642][T11899] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 427.310566][T11899] RIP: 0033:0x7fc84699aeb9 [ 427.315016][T11899] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 427.334778][T11899] RSP: 002b:00007fc847936028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 427.343341][T11899] RAX: ffffffffffffffda RBX: 00007fc846c15fa0 RCX: 00007fc84699aeb9 [ 427.351380][T11899] RDX: 0000000000000041 RSI: 0000200000000600 RDI: 0000000000000003 [ 427.359428][T11899] RBP: 00007fc847936090 R08: 0000000000000000 R09: 0000000000000000 [ 427.367436][T11899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 427.375528][T11899] R13: 00007fc846c16038 R14: 00007fc846c15fa0 R15: 00007fff6b5807e8 [ 427.383584][T11899] [ 427.827154][T11906] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1963'. [ 428.211941][T11922] netlink: 'syz.0.1968': attribute type 39 has an invalid length. [ 428.308564][T11926] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1970'. [ 428.321420][T11926] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1970'. [ 428.341521][T11926] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1970'. [ 428.360561][T11926] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1970'. [ 429.134943][T11941] netlink: 'syz.1.1974': attribute type 10 has an invalid length. [ 429.150497][T11941] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1974'. [ 429.159655][T11941] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 429.662728][T11953] netlink: 'syz.1.1976': attribute type 29 has an invalid length. [ 429.707440][T11953] netlink: 'syz.1.1976': attribute type 29 has an invalid length. [ 429.766658][T11955] netlink: 'syz.1.1976': attribute type 29 has an invalid length. [ 429.852065][T11957] netlink: 'syz.0.1979': attribute type 39 has an invalid length. [ 430.351505][T11969] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1985'. [ 431.234507][T11982] netlink: 'syz.2.1989': attribute type 39 has an invalid length. [ 432.244714][T11999] FAULT_INJECTION: forcing a failure. [ 432.244714][T11999] name failslab, interval 1, probability 0, space 0, times 0 [ 432.258015][T11999] CPU: 0 PID: 11999 Comm: syz.1.1994 Not tainted syzkaller #0 [ 432.265703][T11999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 432.275971][T11999] Call Trace: [ 432.279354][T11999] [ 432.282561][T11999] dump_stack_lvl+0x18c/0x250 [ 432.287278][T11999] ? show_regs_print_info+0x20/0x20 [ 432.292694][T11999] ? load_image+0x400/0x400 [ 432.297343][T11999] ? __might_sleep+0xe0/0xe0 [ 432.302402][T11999] ? __lock_acquire+0x7d40/0x7d40 [ 432.307561][T11999] should_fail_ex+0x39d/0x4d0 [ 432.312280][T11999] should_failslab+0x9/0x20 [ 432.316910][T11999] slab_pre_alloc_hook+0x59/0x310 [ 432.321962][T11999] ? memcg_alloc_slab_cgroups+0x87/0x130 [ 432.327614][T11999] ? memcg_alloc_slab_cgroups+0x87/0x130 [ 432.333347][T11999] __kmem_cache_alloc_node+0x53/0x250 [ 432.338757][T11999] ? memcg_alloc_slab_cgroups+0x87/0x130 [ 432.344493][T11999] __kmalloc_node+0xa4/0x230 [ 432.349104][T11999] memcg_alloc_slab_cgroups+0x87/0x130 [ 432.354594][T11999] slab_post_alloc_hook+0xf4/0x4b0 [ 432.359827][T11999] kmem_cache_alloc_node+0x14c/0x320 [ 432.365243][T11999] ? __alloc_skb+0x103/0x2c0 [ 432.369892][T11999] __alloc_skb+0x103/0x2c0 [ 432.374336][T11999] alloc_skb_with_frags+0xca/0x7b0 [ 432.379489][T11999] ? verify_lock_unused+0x140/0x140 [ 432.384752][T11999] ? verify_lock_unused+0x140/0x140 [ 432.389974][T11999] sock_alloc_send_pskb+0x883/0x9a0 [ 432.395205][T11999] ? sock_kzfree_s+0x50/0x50 [ 432.399808][T11999] ? do_raw_spin_lock+0x11f/0x2c0 [ 432.405022][T11999] ? __rwlock_init+0x150/0x150 [ 432.409805][T11999] ? do_raw_spin_unlock+0x121/0x230 [ 432.415113][T11999] unix_dgram_sendmsg+0x5a2/0x16d0 [ 432.420251][T11999] ? verify_lock_unused+0x140/0x140 [ 432.425651][T11999] ? aa_sk_perm+0x83c/0x970 [ 432.430291][T11999] ? unix_dgram_poll+0x680/0x680 [ 432.435276][T11999] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 432.441733][T11999] ? aa_sock_msg_perm+0x94/0x150 [ 432.446787][T11999] ? unix_seqpacket_sendmsg+0x10c/0x1e0 [ 432.452359][T11999] ? unix_dgram_peer_wake_me+0x430/0x430 [ 432.458017][T11999] ____sys_sendmsg+0x5ba/0x960 [ 432.462893][T11999] ? __asan_memset+0x22/0x40 [ 432.467503][T11999] ? __sys_sendmsg_sock+0x30/0x30 [ 432.472548][T11999] ? __import_iovec+0x5f2/0x850 [ 432.477424][T11999] ? import_iovec+0x73/0xa0 [ 432.481967][T11999] ___sys_sendmsg+0x2a6/0x360 [ 432.486665][T11999] ? get_pid_task+0x20/0x1e0 [ 432.491278][T11999] ? __sys_sendmsg+0x2a0/0x2a0 [ 432.496072][T11999] ? __lock_acquire+0x7d40/0x7d40 [ 432.501311][T11999] __se_sys_sendmsg+0x1c2/0x2b0 [ 432.506262][T11999] ? __x64_sys_sendmsg+0x80/0x80 [ 432.511263][T11999] ? lockdep_hardirqs_on+0x98/0x150 [ 432.516479][T11999] do_syscall_64+0x55/0xa0 [ 432.520912][T11999] ? clear_bhb_loop+0x40/0x90 [ 432.525611][T11999] ? clear_bhb_loop+0x40/0x90 [ 432.530304][T11999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 432.536303][T11999] RIP: 0033:0x7fc84699aeb9 [ 432.540833][T11999] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 432.560482][T11999] RSP: 002b:00007fc847915028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.569022][T11999] RAX: ffffffffffffffda RBX: 00007fc846c16090 RCX: 00007fc84699aeb9 [ 432.577038][T11999] RDX: 0000000000000014 RSI: 0000200000000640 RDI: 0000000000000006 [ 432.585144][T11999] RBP: 00007fc847915090 R08: 0000000000000000 R09: 0000000000000000 [ 432.593142][T11999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.601132][T11999] R13: 00007fc846c16128 R14: 00007fc846c16090 R15: 00007fff6b5807e8 [ 432.609308][T11999] [ 432.945404][T12008] netlink: 'syz.0.1995': attribute type 29 has an invalid length. [ 432.984719][T12008] netlink: 'syz.0.1995': attribute type 29 has an invalid length. [ 433.020139][T12010] netlink: 'syz.0.1995': attribute type 29 has an invalid length. [ 433.143711][T12014] netlink: 'syz.2.1999': attribute type 39 has an invalid length. [ 433.321682][T12006] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1998'. [ 434.333528][T12029] Ÿë: port 1(gretap0) entered blocking state [ 434.349974][T12029] Ÿë: port 1(gretap0) entered disabled state [ 434.356405][T12029] gretap0: entered allmulticast mode [ 434.376693][T12029] gretap0: entered promiscuous mode [ 435.506530][T12041] netlink: 'syz.1.2005': attribute type 153 has an invalid length. [ 435.537728][T12041] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.2005'. [ 436.142850][T12053] netlink: 'syz.2.2007': attribute type 10 has an invalid length. [ 436.194575][T12053] team0: left promiscuous mode [ 436.199454][T12053] team_slave_0: left promiscuous mode [ 436.210295][T12053] team_slave_1: left promiscuous mode [ 436.215950][T12053] macvlan0: left promiscuous mode [ 436.243708][T12053] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 436.269511][T12053] team0: left allmulticast mode [ 436.278518][T12053] team_slave_0: left allmulticast mode [ 436.334473][T12053] team_slave_1: left allmulticast mode [ 436.370401][T12053] macvlan0: left allmulticast mode [ 436.392421][T12053] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 437.034814][T12060] batadv0: entered promiscuous mode [ 439.044703][T12068] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2010'. [ 439.561749][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 439.572619][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 439.582075][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 439.620231][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 439.632560][ T51] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 439.652524][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 439.798161][ T51] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 440.462541][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.468910][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.969867][ T51] Bluetooth: hci4: command tx timeout [ 442.137153][T12088] chnl_net:caif_netlink_parms(): no params data found [ 442.299980][T12102] netlink: 'syz.0.2016': attribute type 21 has an invalid length. [ 442.326411][T12102] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2016'. [ 442.341347][T12102] netlink: 'syz.0.2016': attribute type 4 has an invalid length. [ 442.356725][T12102] netlink: 'syz.0.2016': attribute type 3 has an invalid length. [ 442.378799][T12102] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2016'. [ 442.484469][T12102] netlink: 'syz.0.2016': attribute type 21 has an invalid length. [ 442.499345][T12102] netlink: 'syz.0.2016': attribute type 11 has an invalid length. [ 442.611203][T12088] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.623687][T12088] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.638401][T12088] bridge_slave_0: entered allmulticast mode [ 442.651771][T12088] bridge_slave_0: entered promiscuous mode [ 442.668630][T12088] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.675969][T12088] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.689975][T12088] bridge_slave_1: entered allmulticast mode [ 442.704333][T12088] bridge_slave_1: entered promiscuous mode [ 442.749513][ T6069] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.825714][T12088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 442.858931][T12088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 442.905129][T12088] team0: Port device team_slave_0 added [ 442.928678][ T6069] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.947933][T12088] team0: Port device team_slave_1 added [ 443.012265][ T6069] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.050069][T12088] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.057119][T12088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.084666][T12088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.120738][T12088] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.127765][T12088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.160483][T12088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 443.215944][ T6069] netdevsim netdevsim3 netdevsim0 (unregistering): left promiscuous mode [ 443.235533][ T6069] netdevsim netdevsim3 netdevsim0 (unregistering): left allmulticast mode [ 443.259271][ T6069] team0: Port device netdevsim0 removed [ 443.269053][ T6069] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.349011][T12088] hsr_slave_0: entered promiscuous mode [ 443.356054][T12088] hsr_slave_1: entered promiscuous mode [ 443.368949][T12088] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 443.376647][T12088] Cannot create hsr debugfs directory [ 443.520645][T12088] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 443.530475][T12088] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 443.540374][T12088] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 443.550308][T12088] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 443.633125][T12088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.658900][T12088] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.679369][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.686583][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.700324][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.707442][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.923576][T12088] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 444.040304][ T51] Bluetooth: hci4: command tx timeout [ 444.161720][T12088] veth0_vlan: entered promiscuous mode [ 444.177272][T12088] veth1_vlan: entered promiscuous mode [ 444.211917][T12088] veth0_macvtap: entered promiscuous mode [ 444.226366][T12088] veth1_macvtap: entered promiscuous mode [ 444.245395][T12088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.257677][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.267654][T12088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.278979][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.290179][T12088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.301269][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.313192][T12088] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 444.329325][T12088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.340263][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.350627][T12088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.362538][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.372771][T12088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.383714][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.393806][T12088] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 444.404319][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.415964][T12088] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 444.429499][T12088] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.438901][T12088] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.448790][T12088] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.458291][T12088] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 444.538659][T12088] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 444.548656][T12088] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.568386][ T6071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.585374][ T6071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 444.613990][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.623420][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 444.889638][T12127] C: renamed from team_slave_0 (while UP) [ 444.906628][T12127] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2029'. [ 445.156509][T12131] Ÿë: port 1(gretap0) entered blocking state [ 445.165058][T12131] Ÿë: port 1(gretap0) entered disabled state [ 445.171742][T12131] gretap0: entered allmulticast mode [ 445.178937][T12131] gretap0: entered promiscuous mode [ 445.556959][T12143] netlink: 'syz.2.2019': attribute type 39 has an invalid length. [ 446.120796][ T51] Bluetooth: hci4: command tx timeout [ 446.250019][T12160] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2024'. [ 446.642563][T12160] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 447.331583][T12193] netlink: 'syz.0.2037': attribute type 39 has an invalid length. [ 447.580037][T12199] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2039'. [ 448.259859][ T51] Bluetooth: hci4: command tx timeout [ 448.302325][ T51] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18 [ 448.906446][T12203] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 450.948379][ T6069] batman_adv: batadv0: Interface deactivated: wlan0 [ 451.247751][ T6069] batman_adv: batadv0: Removing interface: wlan0 [ 451.397246][T12250] netlink: 'syz.2.2047': attribute type 39 has an invalid length. [ 451.507493][T12256] netlink: 'syz.0.2049': attribute type 17 has an invalid length. [ 451.559941][T12256] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2049'. [ 451.668739][T12256] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 451.757154][T12251] netlink: 'syz.4.2048': attribute type 4 has an invalid length. [ 451.793750][T12251] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2048'. [ 451.957604][T12251] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 452.139908][T12260] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2050'. [ 452.264731][ T6069] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 452.365026][ T6069] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 452.505326][ T6069] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 452.559527][ T6069] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 453.009417][T12290] FAULT_INJECTION: forcing a failure. [ 453.009417][T12290] name failslab, interval 1, probability 0, space 0, times 0 [ 453.090045][T12290] CPU: 0 PID: 12290 Comm: syz.1.2057 Not tainted syzkaller #0 [ 453.090204][ T6069] veth1_macvtap: left promiscuous mode [ 453.097651][T12290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 453.097666][T12290] Call Trace: [ 453.116695][T12290] [ 453.119748][T12290] dump_stack_lvl+0x18c/0x250 [ 453.124585][T12290] ? show_regs_print_info+0x20/0x20 [ 453.129922][T12290] ? load_image+0x400/0x400 [ 453.134463][T12290] ? __might_sleep+0xe0/0xe0 [ 453.139089][T12290] ? __lock_acquire+0x7d40/0x7d40 [ 453.144153][T12290] ? __lock_acquire+0x1273/0x7d40 [ 453.149332][T12290] should_fail_ex+0x39d/0x4d0 [ 453.154059][T12290] should_failslab+0x9/0x20 [ 453.158601][T12290] slab_pre_alloc_hook+0x59/0x310 [ 453.163674][T12290] kmem_cache_alloc_node+0x60/0x320 [ 453.168911][T12290] ? __alloc_skb+0x103/0x2c0 [ 453.173688][T12290] __alloc_skb+0x103/0x2c0 [ 453.178191][T12290] alloc_skb_with_frags+0xca/0x7b0 [ 453.183506][T12290] ? __lock_acquire+0x7d40/0x7d40 [ 453.188578][T12290] ? __lock_acquire+0x1273/0x7d40 [ 453.193735][T12290] sock_alloc_send_pskb+0x883/0x9a0 [ 453.199168][T12290] ? sock_kzfree_s+0x50/0x50 [ 453.203810][T12290] ? verify_lock_unused+0x140/0x140 [ 453.209062][T12290] ? dev_get_by_index+0x22/0x2d0 [ 453.214035][T12290] ? dev_get_by_index+0x22/0x2d0 [ 453.219101][T12290] packet_sendmsg+0x316e/0x4d70 [ 453.224023][T12290] ? __might_sleep+0xe0/0xe0 [ 453.228662][T12290] ? verify_lock_unused+0x140/0x140 [ 453.233979][T12290] ? mark_lock+0x94/0x320 [ 453.238349][T12290] ? __lock_acquire+0x1273/0x7d40 [ 453.243494][T12290] ? verify_lock_unused+0x140/0x140 [ 453.248731][T12290] ? aa_sk_perm+0x83c/0x970 [ 453.253368][T12290] ? packet_getsockopt+0xad0/0xad0 [ 453.258535][T12290] ? aa_sock_msg_perm+0x94/0x150 [ 453.263519][T12290] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 453.268840][T12290] ? security_socket_sendmsg+0x80/0xa0 [ 453.274333][T12290] ? packet_getsockopt+0xad0/0xad0 [ 453.279568][T12290] ____sys_sendmsg+0x5ba/0x960 [ 453.284374][T12290] ? __lock_acquire+0x7d40/0x7d40 [ 453.289439][T12290] ? __asan_memset+0x22/0x40 [ 453.294079][T12290] ? __sys_sendmsg_sock+0x30/0x30 [ 453.299151][T12290] ? __import_iovec+0x3fa/0x850 [ 453.300680][ T6069] veth0_macvtap: left promiscuous mode [ 453.304117][T12290] ? import_iovec+0x73/0xa0 [ 453.314135][T12290] ___sys_sendmsg+0x2a6/0x360 [ 453.318845][T12290] ? get_pid_task+0x20/0x1e0 [ 453.323483][T12290] ? __sys_sendmsg+0x2a0/0x2a0 [ 453.328302][T12290] ? __lock_acquire+0x7d40/0x7d40 [ 453.333477][T12290] __se_sys_sendmsg+0x1c2/0x2b0 [ 453.338397][T12290] ? __x64_sys_sendmsg+0x80/0x80 [ 453.343730][T12290] ? lockdep_hardirqs_on+0x98/0x150 [ 453.349055][T12290] do_syscall_64+0x55/0xa0 [ 453.353768][T12290] ? clear_bhb_loop+0x40/0x90 [ 453.358562][T12290] ? clear_bhb_loop+0x40/0x90 [ 453.363364][T12290] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 453.369297][T12290] RIP: 0033:0x7fc84699aeb9 [ 453.374017][T12290] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.393923][T12290] RSP: 002b:00007fc847936028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.402385][T12290] RAX: ffffffffffffffda RBX: 00007fc846c15fa0 RCX: 00007fc84699aeb9 [ 453.409790][ T6069] veth1_vlan: left promiscuous mode [ 453.410399][T12290] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 453.415886][ T6069] veth0_vlan: left promiscuous mode [ 453.423821][T12290] RBP: 00007fc847936090 R08: 0000000000000000 R09: 0000000000000000 [ 453.423839][T12290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.423852][T12290] R13: 00007fc846c16038 R14: 00007fc846c15fa0 R15: 00007fff6b5807e8 [ 453.423884][T12290] [ 454.297462][ T6069] geneve1 (unregistering): left promiscuous mode [ 454.317423][ T6069] geneve1 (unregistering): left allmulticast mode [ 454.355616][ T6069] team0 (unregistering): Port device geneve1 removed [ 454.999413][ T6069] macvlan0 (unregistering): left promiscuous mode [ 455.007472][ T6069] macvlan0 (unregistering): left allmulticast mode [ 455.026430][ T6069] team0 (unregistering): Port device macvlan0 removed [ 455.398388][ T6069] žÿ (unregistering): left promiscuous mode [ 455.406185][ T6069] žÿ (unregistering): left allmulticast mode [ 455.416676][ T6069] team0 (unregistering): Port device 72žÿ removed [ 455.488415][ T6069] team_slave_0 (unregistering): left promiscuous mode [ 455.497907][ T6069] team_slave_0 (unregistering): left allmulticast mode [ 455.516446][ T6069] team0 (unregistering): Port device team_slave_0 removed [ 455.595129][ T6069] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 455.645629][ T6069] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 455.995153][ T6069] bond0 (unregistering): Released all slaves [ 456.056907][T12305] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2062'. [ 456.087468][T12324] netlink: 'syz.0.2069': attribute type 21 has an invalid length. [ 456.386925][T12333] netlink: 'syz.2.2072': attribute type 21 has an invalid length. [ 456.430102][T12333] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2072'. [ 456.569082][T12338] netlink: 'syz.4.2075': attribute type 10 has an invalid length. [ 456.896791][T12352] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2078'. [ 457.161932][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.171413][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.180823][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.190189][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.199484][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.208890][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.217831][T12342] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.2074'. [ 457.218290][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.236830][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.246185][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.255527][T12362] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 457.294714][T12365] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2081'. [ 458.143384][T12371] netlink: 'syz.0.2082': attribute type 10 has an invalid length. [ 458.161028][T12371] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2082'. [ 458.190255][T12371] ipvlan1: entered promiscuous mode [ 458.210345][T12371] ipvlan1: entered allmulticast mode [ 458.228037][T12371] veth0_vlan: entered allmulticast mode [ 458.639284][T12384] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2086'. [ 458.673567][T12384] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2086'. [ 458.741835][T12384] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2086'. [ 458.871426][T12384] team_slave_0: entered allmulticast mode [ 459.946561][T12397] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2088'. [ 460.847837][T12403] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2089'. [ 461.883774][T12418] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2091'. [ 461.955212][T12423] netlink: 'syz.1.2093': attribute type 10 has an invalid length. [ 462.020376][T12423] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2093'. [ 462.041485][T12423] team0: entered promiscuous mode [ 462.046652][T12423] team_slave_0: entered promiscuous mode [ 462.082532][T12423] team_slave_1: entered promiscuous mode [ 462.096873][T12423] macvlan0: entered promiscuous mode [ 462.103678][T12423] bond0: entered promiscuous mode [ 462.109262][T12423] bond_slave_0: entered promiscuous mode [ 462.120292][T12423] bond_slave_1: entered promiscuous mode [ 462.126583][T12423] batadv_slave_0: entered promiscuous mode [ 462.148756][T12423] geneve1: entered promiscuous mode [ 462.166064][T12423] team0: entered allmulticast mode [ 462.185082][T12423] team_slave_0: entered allmulticast mode [ 462.202826][T12423] team_slave_1: entered allmulticast mode [ 462.221196][T12423] macvlan0: entered allmulticast mode [ 462.240726][T12423] bond0: entered allmulticast mode [ 462.259355][T12423] bond_slave_0: entered allmulticast mode [ 462.270705][T12423] bond_slave_1: entered allmulticast mode [ 462.277150][T12423] batadv_slave_0: entered allmulticast mode [ 462.294185][T12423] batadv0: entered allmulticast mode [ 462.300944][T12423] geneve1: entered allmulticast mode [ 462.313161][T12423] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.334693][T12423] net_ratelimit: 3321 callbacks suppressed [ 462.334714][T12423] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 462.364839][T12418] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2091'. [ 462.746426][T12440] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2097'. [ 462.835698][T12442] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2098'. [ 463.192422][T12447] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2099'. [ 464.351304][T12472] delete_channel: no stack [ 464.584543][T12487] netlink: 'syz.4.2110': attribute type 39 has an invalid length. [ 464.618113][T12486] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2108'. [ 464.859091][T12494] FAULT_INJECTION: forcing a failure. [ 464.859091][T12494] name failslab, interval 1, probability 0, space 0, times 0 [ 464.948580][T12494] CPU: 0 PID: 12494 Comm: syz.4.2112 Not tainted syzkaller #0 [ 464.956172][T12494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 464.966444][T12494] Call Trace: [ 464.969757][T12494] [ 464.972714][T12494] dump_stack_lvl+0x18c/0x250 [ 464.977520][T12494] ? show_regs_print_info+0x20/0x20 [ 464.982755][T12494] ? load_image+0x400/0x400 [ 464.987393][T12494] ? __might_sleep+0xe0/0xe0 [ 464.992037][T12494] ? __lock_acquire+0x7d40/0x7d40 [ 464.997121][T12494] should_fail_ex+0x39d/0x4d0 [ 465.002002][T12494] should_failslab+0x9/0x20 [ 465.006560][T12494] slab_pre_alloc_hook+0x59/0x310 [ 465.011720][T12494] ? __get_vm_area_node+0x125/0x370 [ 465.017051][T12494] __kmem_cache_alloc_node+0x53/0x250 [ 465.022468][T12494] ? __get_vm_area_node+0x125/0x370 [ 465.027876][T12494] kmalloc_node_trace+0x26/0xe0 [ 465.032878][T12494] __get_vm_area_node+0x125/0x370 [ 465.038322][T12494] __vmalloc_node_range+0x36e/0x1330 [ 465.043661][T12494] ? netlink_sendmsg+0x602/0xbf0 [ 465.048724][T12494] ? netlink_insert+0x109f/0x13a0 [ 465.053805][T12494] ? netlink_data_ready+0x10/0x10 [ 465.058866][T12494] ? free_vm_area+0x50/0x50 [ 465.063505][T12494] ? netlink_sendmsg+0x602/0xbf0 [ 465.068476][T12494] vmalloc+0x79/0x90 [ 465.072588][T12494] ? netlink_sendmsg+0x602/0xbf0 [ 465.078034][T12494] netlink_sendmsg+0x602/0xbf0 [ 465.082939][T12494] ? netlink_getsockopt+0x590/0x590 [ 465.088213][T12494] ? aa_sock_msg_perm+0x94/0x150 [ 465.093214][T12494] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 465.098532][T12494] ? security_socket_sendmsg+0x80/0xa0 [ 465.104193][T12494] sock_write_iter+0x2df/0x420 [ 465.108988][T12494] ? sock_read_iter+0x3e0/0x3e0 [ 465.113966][T12494] ? common_file_perm+0x198/0x1f0 [ 465.119034][T12494] vfs_write+0x46c/0x990 [ 465.123362][T12494] ? file_end_write+0x250/0x250 [ 465.128457][T12494] ? __fget_files+0x43d/0x4b0 [ 465.133173][T12494] ? __fdget_pos+0x1d8/0x330 [ 465.137792][T12494] ? ksys_write+0x75/0x260 [ 465.142428][T12494] ksys_write+0x150/0x260 [ 465.146883][T12494] ? __ia32_sys_read+0x90/0x90 [ 465.151686][T12494] ? lockdep_hardirqs_on+0x98/0x150 [ 465.156915][T12494] do_syscall_64+0x55/0xa0 [ 465.161465][T12494] ? clear_bhb_loop+0x40/0x90 [ 465.166192][T12494] ? clear_bhb_loop+0x40/0x90 [ 465.170902][T12494] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 465.177005][T12494] RIP: 0033:0x7f410a19aeb9 [ 465.181537][T12494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.201171][T12494] RSP: 002b:00007f410aff0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.209793][T12494] RAX: ffffffffffffffda RBX: 00007f410a415fa0 RCX: 00007f410a19aeb9 [ 465.217796][T12494] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003 [ 465.225789][T12494] RBP: 00007f410aff0090 R08: 0000000000000000 R09: 0000000000000000 [ 465.233782][T12494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.241868][T12494] R13: 00007f410a416038 R14: 00007f410a415fa0 R15: 00007ffd945aee78 [ 465.249982][T12494] [ 465.297752][T12500] netlink: 'syz.0.2113': attribute type 10 has an invalid length. [ 465.305951][T12500] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2113'. [ 465.318922][T12494] syz.4.2112: vmalloc error: size 65408, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 465.349201][T12494] CPU: 1 PID: 12494 Comm: syz.4.2112 Not tainted syzkaller #0 [ 465.356729][T12494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 465.366987][T12494] Call Trace: [ 465.370370][T12494] [ 465.373310][T12494] dump_stack_lvl+0x18c/0x250 [ 465.378011][T12494] ? show_regs_print_info+0x20/0x20 [ 465.383337][T12494] ? load_image+0x400/0x400 [ 465.387895][T12494] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 465.394368][T12494] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 465.400913][T12494] warn_alloc+0x246/0x340 [ 465.405264][T12494] ? __get_vm_area_node+0x125/0x370 [ 465.410485][T12494] ? zone_watermark_ok_safe+0x230/0x230 [ 465.416056][T12494] ? rcu_is_watching+0x15/0xb0 [ 465.420849][T12494] ? __get_vm_area_node+0x356/0x370 [ 465.426075][T12494] __vmalloc_node_range+0x393/0x1330 [ 465.431553][T12494] ? netlink_insert+0x109f/0x13a0 [ 465.436832][T12494] ? netlink_data_ready+0x10/0x10 [ 465.441878][T12494] ? free_vm_area+0x50/0x50 [ 465.446515][T12494] ? netlink_sendmsg+0x602/0xbf0 [ 465.451559][T12494] vmalloc+0x79/0x90 [ 465.455561][T12494] ? netlink_sendmsg+0x602/0xbf0 [ 465.460524][T12494] netlink_sendmsg+0x602/0xbf0 [ 465.465354][T12494] ? netlink_getsockopt+0x590/0x590 [ 465.470832][T12494] ? aa_sock_msg_perm+0x94/0x150 [ 465.475789][T12494] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 465.481090][T12494] ? security_socket_sendmsg+0x80/0xa0 [ 465.486654][T12494] sock_write_iter+0x2df/0x420 [ 465.491534][T12494] ? sock_read_iter+0x3e0/0x3e0 [ 465.496403][T12494] ? common_file_perm+0x198/0x1f0 [ 465.501455][T12494] vfs_write+0x46c/0x990 [ 465.505731][T12494] ? file_end_write+0x250/0x250 [ 465.510690][T12494] ? __fget_files+0x43d/0x4b0 [ 465.515391][T12494] ? __fdget_pos+0x1d8/0x330 [ 465.520002][T12494] ? ksys_write+0x75/0x260 [ 465.524440][T12494] ksys_write+0x150/0x260 [ 465.528791][T12494] ? __ia32_sys_read+0x90/0x90 [ 465.533584][T12494] ? lockdep_hardirqs_on+0x98/0x150 [ 465.538833][T12494] do_syscall_64+0x55/0xa0 [ 465.543303][T12494] ? clear_bhb_loop+0x40/0x90 [ 465.547998][T12494] ? clear_bhb_loop+0x40/0x90 [ 465.552779][T12494] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 465.558691][T12494] RIP: 0033:0x7f410a19aeb9 [ 465.563132][T12494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 465.583034][T12494] RSP: 002b:00007f410aff0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 465.591561][T12494] RAX: ffffffffffffffda RBX: 00007f410a415fa0 RCX: 00007f410a19aeb9 [ 465.599808][T12494] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003 [ 465.607878][T12494] RBP: 00007f410aff0090 R08: 0000000000000000 R09: 0000000000000000 [ 465.615952][T12494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.624042][T12494] R13: 00007f410a416038 R14: 00007f410a415fa0 R15: 00007ffd945aee78 [ 465.632092][T12494] [ 465.690390][T12494] Mem-Info: [ 465.693590][T12494] active_anon:5827 inactive_anon:0 isolated_anon:0 [ 465.693590][T12494] active_file:17859 inactive_file:40079 isolated_file:0 [ 465.693590][T12494] unevictable:768 dirty:97 writeback:0 [ 465.693590][T12494] slab_reclaimable:10223 slab_unreclaimable:92024 [ 465.693590][T12494] mapped:24683 shmem:1373 pagetables:579 [ 465.693590][T12494] sec_pagetables:0 bounce:0 [ 465.693590][T12494] kernel_misc_reclaimable:0 [ 465.693590][T12494] free:1340855 free_pcp:13041 free_cma:0 [ 465.741409][T12494] Node 0 active_anon:23308kB inactive_anon:0kB active_file:71436kB inactive_file:160112kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98732kB dirty:388kB writeback:0kB shmem:3956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11032kB pagetables:2316kB sec_pagetables:0kB all_unreclaimable? no [ 465.900018][T12494] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 465.983640][T12494] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 466.016135][T12494] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 466.024013][T12494] Node 0 DMA32 free:1457520kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:23268kB inactive_anon:0kB active_file:71436kB inactive_file:159280kB unevictable:1536kB writepending:388kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:30392kB local_pcp:16360kB free_cma:0kB [ 466.057755][T12494] lowmem_reserve[]: 0 0 0 0 0 [ 466.062890][T12494] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:832kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 466.090407][T12494] lowmem_reserve[]: 0 0 0 0 0 [ 466.095247][T12494] Node 1 Normal free:3890540kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:21964kB local_pcp:10376kB free_cma:0kB [ 466.125577][T12494] lowmem_reserve[]: 0 0 0 0 0 [ 466.131808][T12494] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 466.145083][T12494] Node 0 DMA32: 302*4kB (UM) 1633*8kB (UME) 1761*16kB (UM) 1205*32kB (UM) 978*64kB (UME) 557*128kB (UME) 352*256kB (UME) 247*512kB (U) 158*1024kB (UM) 12*2048kB (UME) 205*4096kB (M) = 1457520kB [ 466.185391][T12494] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 466.220040][T12494] Node 1 Normal: 275*4kB (UME) 58*8kB (UME) 47*16kB (UME) 63*32kB (UME) 18*64kB (UME) 10*128kB (UME) 3*256kB (UME) 0*512kB 0*1024kB 2*2048kB (UE) 947*4096kB (M) = 3890540kB [ 466.259318][T12494] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 466.279395][T12494] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 466.301788][T12494] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 466.321345][T12494] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 466.341221][T12494] 59311 total pagecache pages [ 466.356510][T12494] 0 pages in swap cache [ 466.369818][T12494] Free swap = 124996kB [ 466.376754][T12494] Total swap = 124996kB [ 466.389867][T12494] 2097051 pages RAM [ 466.393738][T12494] 0 pages HighMem/MovableOnly [ 466.459810][T12494] 416922 pages reserved [ 466.479726][T12494] 0 pages cma reserved [ 466.975552][T12522] netlink: 'syz.4.2117': attribute type 16 has an invalid length. [ 467.001689][T12522] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2117'. [ 467.382625][T12535] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2121'. [ 467.723384][T12542] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.2122'. [ 468.151822][T12544] FAULT_INJECTION: forcing a failure. [ 468.151822][T12544] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 468.192989][T12544] CPU: 1 PID: 12544 Comm: syz.4.2123 Not tainted syzkaller #0 [ 468.200666][T12544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 468.210874][T12544] Call Trace: [ 468.214291][T12544] [ 468.217336][T12544] dump_stack_lvl+0x18c/0x250 [ 468.222151][T12544] ? show_regs_print_info+0x20/0x20 [ 468.227478][T12544] ? load_image+0x400/0x400 [ 468.232177][T12544] ? __might_fault+0xaa/0x120 [ 468.236954][T12544] ? __lock_acquire+0x7d40/0x7d40 [ 468.242018][T12544] should_fail_ex+0x39d/0x4d0 [ 468.246814][T12544] _copy_from_user+0x2f/0xe0 [ 468.251600][T12544] __sys_bpf+0x23e/0x890 [ 468.255865][T12544] ? bpf_link_show_fdinfo+0x390/0x390 [ 468.261266][T12544] ? lock_chain_count+0x20/0x20 [ 468.266142][T12544] __x64_sys_bpf+0x7c/0x90 [ 468.270577][T12544] do_syscall_64+0x55/0xa0 [ 468.275015][T12544] ? clear_bhb_loop+0x40/0x90 [ 468.279706][T12544] ? clear_bhb_loop+0x40/0x90 [ 468.284839][T12544] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 468.290929][T12544] RIP: 0033:0x7f410a19aeb9 [ 468.295537][T12544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 468.315174][T12544] RSP: 002b:00007f410aff0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 468.323700][T12544] RAX: ffffffffffffffda RBX: 00007f410a415fa0 RCX: 00007f410a19aeb9 [ 468.331865][T12544] RDX: 0000000000000050 RSI: 0000200000000300 RDI: 000000000000000a [ 468.339851][T12544] RBP: 00007f410aff0090 R08: 0000000000000000 R09: 0000000000000000 [ 468.347924][T12544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 468.356014][T12544] R13: 00007f410a416038 R14: 00007f410a415fa0 R15: 00007ffd945aee78 [ 468.364025][T12544] [ 469.512389][T12572] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2131'. [ 469.887126][T12574] netlink: 3076 bytes leftover after parsing attributes in process `syz.2.2132'. [ 469.931709][T12574] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.2132'. [ 470.065538][T12587] netlink: 'syz.4.2133': attribute type 153 has an invalid length. [ 470.140093][T12587] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.2133'. [ 470.765328][T12611] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2139'. [ 470.815474][T12611] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2139'. [ 470.873909][T12614] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2139'. [ 473.220431][T12644] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2148'. [ 473.302559][T12651] netlink: 3076 bytes leftover after parsing attributes in process `syz.4.2150'. [ 473.359902][T12651] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.2150'. [ 475.029831][T12684] netlink: 'syz.1.2156': attribute type 46 has an invalid length. [ 478.069196][T12747] IPv6: Can't replace route, no match found [ 478.110305][T12737] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2162'. [ 478.144901][T12747] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 480.017786][T12765] delete_channel: no stack [ 481.569796][T12787] netlink: 'syz.1.2177': attribute type 39 has an invalid length. [ 482.076799][T12796] netlink: 3076 bytes leftover after parsing attributes in process `syz.0.2179'. [ 482.199723][T12796] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.2179'. [ 483.065494][T12817] netlink: 'syz.4.2178': attribute type 153 has an invalid length. [ 483.289804][T12817] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.2178'. [ 486.207324][T12865] netlink: 'syz.2.2188': attribute type 39 has an invalid length. [ 486.481709][T12872] netlink: 'syz.2.2189': attribute type 3 has an invalid length. [ 486.489529][T12872] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2189'. [ 486.732621][T12870] Ÿë: port 2(veth0_to_team) entered blocking state [ 486.740400][T12870] Ÿë: port 2(veth0_to_team) entered disabled state [ 486.747332][T12870] veth0_to_team: entered allmulticast mode [ 486.769874][T12870] veth0_to_team: entered promiscuous mode [ 487.345970][T12888] netlink: 'syz.0.2191': attribute type 19 has an invalid length. [ 487.956909][T12904] netlink: 'syz.0.2196': attribute type 9 has an invalid length. [ 487.989812][T12904] netlink: 399 bytes leftover after parsing attributes in process `syz.0.2196'. [ 488.413759][T12911] netlink: 'syz.2.2197': attribute type 39 has an invalid length. [ 488.763243][T12917] netlink: 'syz.2.2198': attribute type 39 has an invalid length. [ 489.677281][T12936] FAULT_INJECTION: forcing a failure. [ 489.677281][T12936] name failslab, interval 1, probability 0, space 0, times 0 [ 489.744124][T12936] CPU: 1 PID: 12936 Comm: syz.2.2201 Not tainted syzkaller #0 [ 489.751676][T12936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 489.761872][T12936] Call Trace: [ 489.765310][T12936] [ 489.768288][T12936] dump_stack_lvl+0x18c/0x250 [ 489.773122][T12936] ? sctp_sendmsg+0x1575/0x28c0 [ 489.778034][T12936] ? ___sys_sendmsg+0x2a6/0x360 [ 489.783020][T12936] ? show_regs_print_info+0x20/0x20 [ 489.788280][T12936] ? load_image+0x400/0x400 [ 489.792867][T12936] should_fail_ex+0x39d/0x4d0 [ 489.797702][T12936] should_failslab+0x9/0x20 [ 489.802348][T12936] slab_pre_alloc_hook+0x59/0x310 [ 489.807521][T12936] ? sctp_add_bind_addr+0x8c/0x360 [ 489.812778][T12936] __kmem_cache_alloc_node+0x53/0x250 [ 489.818219][T12936] ? sctp_add_bind_addr+0x8c/0x360 [ 489.823389][T12936] kmalloc_trace+0x2a/0xe0 [ 489.827857][T12936] sctp_add_bind_addr+0x8c/0x360 [ 489.833052][T12936] sctp_copy_local_addr_list+0x315/0x4f0 [ 489.838757][T12936] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 489.844543][T12936] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 489.850754][T12936] ? sctp_v6_is_any+0x64/0x70 [ 489.855465][T12936] ? sctp_copy_one_addr+0x8c/0x350 [ 489.860956][T12936] sctp_bind_addr_copy+0xb3/0x3c0 [ 489.866013][T12936] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 489.872453][T12936] sctp_connect_new_asoc+0x2f9/0x6a0 [ 489.877843][T12936] ? __sctp_connect+0xd80/0xd80 [ 489.882804][T12936] ? __local_bh_enable_ip+0x13a/0x1c0 [ 489.888289][T12936] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 489.893946][T12936] ? security_sctp_bind_connect+0x89/0xb0 [ 489.899879][T12936] sctp_sendmsg+0x1575/0x28c0 [ 489.904587][T12936] ? sctp_getsockopt+0xb60/0xb60 [ 489.909543][T12936] ? aa_sk_perm+0x83c/0x970 [ 489.914080][T12936] ? aa_af_perm+0x330/0x330 [ 489.918609][T12936] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 489.925145][T12936] ? sock_rps_record_flow+0x19/0x3f0 [ 489.930515][T12936] ? inet_sendmsg+0xe9/0x2f0 [ 489.935122][T12936] ? inet_send_prepare+0x260/0x260 [ 489.940526][T12936] ____sys_sendmsg+0x5ba/0x960 [ 489.945316][T12936] ? __lock_acquire+0x7d40/0x7d40 [ 489.950390][T12936] ? __sys_sendmsg_sock+0x30/0x30 [ 489.955512][T12936] ? __import_iovec+0x5f2/0x850 [ 489.960548][T12936] ? import_iovec+0x73/0xa0 [ 489.965229][T12936] ___sys_sendmsg+0x2a6/0x360 [ 489.970046][T12936] ? __sys_sendmsg+0x2a0/0x2a0 [ 489.974853][T12936] ? __lock_acquire+0x7d40/0x7d40 [ 489.980013][T12936] __se_sys_sendmsg+0x1c2/0x2b0 [ 489.984975][T12936] ? __x64_sys_sendmsg+0x80/0x80 [ 489.990034][T12936] ? lockdep_hardirqs_on+0x98/0x150 [ 489.995350][T12936] do_syscall_64+0x55/0xa0 [ 489.999978][T12936] ? clear_bhb_loop+0x40/0x90 [ 490.004759][T12936] ? clear_bhb_loop+0x40/0x90 [ 490.009456][T12936] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 490.015366][T12936] RIP: 0033:0x7ff429f9aeb9 [ 490.019821][T12936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 490.039795][T12936] RSP: 002b:00007ff42af21028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 490.048330][T12936] RAX: ffffffffffffffda RBX: 00007ff42a215fa0 RCX: 00007ff429f9aeb9 [ 490.056442][T12936] RDX: 0000000000000041 RSI: 0000200000000600 RDI: 0000000000000003 [ 490.064696][T12936] RBP: 00007ff42af21090 R08: 0000000000000000 R09: 0000000000000000 [ 490.072680][T12936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 490.080751][T12936] R13: 00007ff42a216038 R14: 00007ff42a215fa0 R15: 00007fffb4bcbf98 [ 490.088760][T12936] [ 491.193123][T12960] netlink: 'syz.2.2206': attribute type 39 has an invalid length. [ 491.601086][T12964] netlink: 'syz.1.2207': attribute type 39 has an invalid length. [ 491.934008][T12969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2209'. [ 492.407049][T12979] netlink: 'syz.4.2210': attribute type 17 has an invalid length. [ 492.585733][T12979] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2210'. [ 492.807329][T12999] netlink: 'syz.2.2215': attribute type 153 has an invalid length. [ 492.851051][T12999] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.2215'. [ 492.961459][T12996] netlink: 'syz.1.2216': attribute type 39 has an invalid length. [ 496.850090][T13031] netlink: 'syz.4.2226': attribute type 39 has an invalid length. [ 497.925177][T13053] netlink: 'syz.0.2233': attribute type 21 has an invalid length. [ 498.597667][T13071] netlink: 'syz.4.2236': attribute type 39 has an invalid length. [ 498.795336][T13076] netlink: 'syz.0.2239': attribute type 39 has an invalid length. [ 498.969983][T13075] netlink: 'syz.4.2238': attribute type 2 has an invalid length. [ 499.006607][T13075] netlink: 'syz.4.2238': attribute type 11 has an invalid length. [ 499.028417][T13075] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2238'. [ 499.236548][T13075] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.2238'. [ 499.280080][T13075] netlink: 'syz.4.2238': attribute type 2 has an invalid length. [ 500.082256][T13099] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2243'. [ 500.187993][T13105] netlink: 'syz.4.2244': attribute type 153 has an invalid length. [ 500.243729][T13105] netlink: 128124 bytes leftover after parsing attributes in process `syz.4.2244'. [ 500.629507][T13110] netlink: 'syz.0.2246': attribute type 39 has an invalid length. [ 500.923425][T13116] FAULT_INJECTION: forcing a failure. [ 500.923425][T13116] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 500.967846][T13116] CPU: 0 PID: 13116 Comm: syz.0.2248 Not tainted syzkaller #0 [ 500.975512][T13116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 500.985880][T13116] Call Trace: [ 500.989290][T13116] [ 500.992339][T13116] dump_stack_lvl+0x18c/0x250 [ 500.997238][T13116] ? show_regs_print_info+0x20/0x20 [ 501.002579][T13116] ? load_image+0x400/0x400 [ 501.007325][T13116] ? __might_fault+0xaa/0x120 [ 501.012060][T13116] should_fail_ex+0x39d/0x4d0 [ 501.017231][T13116] copyin+0x1a/0x90 [ 501.021095][T13116] _copy_from_iter+0x54f/0x12e0 [ 501.026011][T13116] ? __virt_addr_valid+0x18c/0x540 [ 501.031191][T13116] ? copyout_mc+0x70/0x70 [ 501.035647][T13116] ? __virt_addr_valid+0x18c/0x540 [ 501.040978][T13116] ? __virt_addr_valid+0x18c/0x540 [ 501.046234][T13116] ? __virt_addr_valid+0x469/0x540 [ 501.051407][T13116] ? __check_object_size+0x506/0xa20 [ 501.056850][T13116] skb_copy_datagram_from_iter+0xf4/0x6e0 [ 501.062700][T13116] ? dev_get_by_index+0x22/0x2d0 [ 501.067744][T13116] ? skb_put+0x11b/0x210 [ 501.072104][T13116] packet_sendmsg+0x3566/0x4d70 [ 501.077007][T13116] ? verify_lock_unused+0x140/0x140 [ 501.082311][T13116] ? mark_lock+0x94/0x320 [ 501.086755][T13116] ? __lock_acquire+0x1273/0x7d40 [ 501.091795][T13116] ? verify_lock_unused+0x140/0x140 [ 501.097013][T13116] ? aa_sk_perm+0x83c/0x970 [ 501.101542][T13116] ? packet_getsockopt+0xad0/0xad0 [ 501.106684][T13116] ? aa_sock_msg_perm+0x94/0x150 [ 501.111637][T13116] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 501.117112][T13116] ? security_socket_sendmsg+0x80/0xa0 [ 501.122685][T13116] ? packet_getsockopt+0xad0/0xad0 [ 501.127818][T13116] ____sys_sendmsg+0x5ba/0x960 [ 501.132696][T13116] ? __lock_acquire+0x7d40/0x7d40 [ 501.137999][T13116] ? __asan_memset+0x22/0x40 [ 501.142610][T13116] ? __sys_sendmsg_sock+0x30/0x30 [ 501.147662][T13116] ? __import_iovec+0x3fa/0x850 [ 501.152628][T13116] ? import_iovec+0x73/0xa0 [ 501.157248][T13116] ___sys_sendmsg+0x2a6/0x360 [ 501.162051][T13116] ? get_pid_task+0x20/0x1e0 [ 501.166691][T13116] ? __sys_sendmsg+0x2a0/0x2a0 [ 501.171499][T13116] ? __lock_acquire+0x7d40/0x7d40 [ 501.176567][T13116] __se_sys_sendmsg+0x1c2/0x2b0 [ 501.181449][T13116] ? __x64_sys_sendmsg+0x80/0x80 [ 501.186504][T13116] ? lockdep_hardirqs_on+0x98/0x150 [ 501.191898][T13116] do_syscall_64+0x55/0xa0 [ 501.196369][T13116] ? clear_bhb_loop+0x40/0x90 [ 501.201089][T13116] ? clear_bhb_loop+0x40/0x90 [ 501.205808][T13116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 501.211816][T13116] RIP: 0033:0x7f71fbf9aeb9 [ 501.216341][T13116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 501.236383][T13116] RSP: 002b:00007f71fced1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 501.245000][T13116] RAX: ffffffffffffffda RBX: 00007f71fc215fa0 RCX: 00007f71fbf9aeb9 [ 501.253316][T13116] RDX: 0000000000000000 RSI: 0000200000000b00 RDI: 0000000000000003 [ 501.261341][T13116] RBP: 00007f71fced1090 R08: 0000000000000000 R09: 0000000000000000 [ 501.269679][T13116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 501.277670][T13116] R13: 00007f71fc216038 R14: 00007f71fc215fa0 R15: 00007ffffe48ff98 [ 501.285672][T13116] [ 501.418008][T13118] netlink: 'syz.1.2249': attribute type 39 has an invalid length. [ 501.887280][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.896226][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.924881][T13127] netlink: 4079 bytes leftover after parsing attributes in process `syz.2.2252'. [ 502.494683][T13137] netlink: 'syz.1.2256': attribute type 39 has an invalid length. [ 502.977252][T13140] FAULT_INJECTION: forcing a failure. [ 502.977252][T13140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 503.019971][T13140] CPU: 1 PID: 13140 Comm: syz.0.2258 Not tainted syzkaller #0 [ 503.027613][T13140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 503.037799][T13140] Call Trace: [ 503.041220][T13140] [ 503.044186][T13140] dump_stack_lvl+0x18c/0x250 [ 503.048908][T13140] ? show_regs_print_info+0x20/0x20 [ 503.054140][T13140] ? load_image+0x400/0x400 [ 503.058853][T13140] ? __might_fault+0xaa/0x120 [ 503.063643][T13140] ? __lock_acquire+0x7d40/0x7d40 [ 503.068974][T13140] ? unix_ioctl+0x261/0x670 [ 503.073520][T13140] should_fail_ex+0x39d/0x4d0 [ 503.078332][T13140] _copy_from_user+0x2f/0xe0 [ 503.082964][T13140] sock_do_ioctl+0x190/0x310 [ 503.087581][T13140] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 503.093765][T13140] ? sock_show_fdinfo+0xb0/0xb0 [ 503.098665][T13140] sock_ioctl+0x5ba/0x7e0 [ 503.103047][T13140] ? sock_poll+0x3e0/0x3e0 [ 503.107509][T13140] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 503.114060][T13140] ? __se_sys_ioctl+0x91/0x170 [ 503.119030][T13140] ? sock_poll+0x3e0/0x3e0 [ 503.123474][T13140] __se_sys_ioctl+0xfd/0x170 [ 503.128105][T13140] do_syscall_64+0x55/0xa0 [ 503.132555][T13140] ? clear_bhb_loop+0x40/0x90 [ 503.137264][T13140] ? clear_bhb_loop+0x40/0x90 [ 503.142060][T13140] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 503.147991][T13140] RIP: 0033:0x7f71fbf9aeb9 [ 503.152440][T13140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 503.172094][T13140] RSP: 002b:00007f71fced1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 503.180546][T13140] RAX: ffffffffffffffda RBX: 00007f71fc215fa0 RCX: 00007f71fbf9aeb9 [ 503.188547][T13140] RDX: 0000200000000040 RSI: 0000000000008924 RDI: 0000000000000008 [ 503.196758][T13140] RBP: 00007f71fced1090 R08: 0000000000000000 R09: 0000000000000000 [ 503.204781][T13140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.212880][T13140] R13: 00007f71fc216038 R14: 00007f71fc215fa0 R15: 00007ffffe48ff98 [ 503.220902][T13140] [ 503.580689][T13146] netlink: 'syz.0.2260': attribute type 39 has an invalid length. [ 504.144503][T13158] netlink: 'syz.4.2265': attribute type 39 has an invalid length. [ 504.258381][T13157] FAULT_INJECTION: forcing a failure. [ 504.258381][T13157] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 504.321734][T13157] CPU: 0 PID: 13157 Comm: syz.0.2266 Not tainted syzkaller #0 [ 504.329465][T13157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 504.339746][T13157] Call Trace: [ 504.343144][T13157] [ 504.346178][T13157] dump_stack_lvl+0x18c/0x250 [ 504.350982][T13157] ? show_regs_print_info+0x20/0x20 [ 504.356200][T13157] ? load_image+0x400/0x400 [ 504.360726][T13157] ? __lock_acquire+0x7d40/0x7d40 [ 504.365769][T13157] should_fail_ex+0x39d/0x4d0 [ 504.370481][T13157] _copy_to_user+0x2f/0xa0 [ 504.375002][T13157] simple_read_from_buffer+0xe7/0x150 [ 504.380403][T13157] proc_fail_nth_read+0x1e8/0x260 [ 504.385489][T13157] ? proc_fault_inject_write+0x360/0x360 [ 504.391149][T13157] ? proc_fault_inject_write+0x360/0x360 [ 504.396885][T13157] vfs_read+0x28b/0x970 [ 504.401066][T13157] ? kernel_read+0x1e0/0x1e0 [ 504.405678][T13157] ? __fget_files+0x28/0x4b0 [ 504.410285][T13157] ? __fget_files+0x28/0x4b0 [ 504.414920][T13157] ? __fget_files+0x43d/0x4b0 [ 504.419712][T13157] ? __fdget_pos+0x2a3/0x330 [ 504.424328][T13157] ? ksys_read+0x75/0x260 [ 504.428765][T13157] ksys_read+0x150/0x260 [ 504.433326][T13157] ? vfs_write+0x990/0x990 [ 504.437770][T13157] ? lockdep_hardirqs_on+0x98/0x150 [ 504.442991][T13157] do_syscall_64+0x55/0xa0 [ 504.447514][T13157] ? clear_bhb_loop+0x40/0x90 [ 504.452295][T13157] ? clear_bhb_loop+0x40/0x90 [ 504.456992][T13157] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 504.462900][T13157] RIP: 0033:0x7f71fbf5b78e [ 504.467331][T13157] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 504.487041][T13157] RSP: 002b:00007f71fced0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 504.495559][T13157] RAX: ffffffffffffffda RBX: 00007f71fced16c0 RCX: 00007f71fbf5b78e [ 504.503543][T13157] RDX: 000000000000000f RSI: 00007f71fced10a0 RDI: 0000000000000006 [ 504.511703][T13157] RBP: 00007f71fced1090 R08: 0000000000000000 R09: 0000000000000000 [ 504.520126][T13157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 504.528200][T13157] R13: 00007f71fc216038 R14: 00007f71fc215fa0 R15: 00007ffffe48ff98 [ 504.536381][T13157] [ 505.083811][T13169] netlink: 'syz.0.2270': attribute type 39 has an invalid length. [ 505.520018][T13179] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 505.529437][T13179] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 505.555964][T13179] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 505.572261][T13179] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 505.581445][T13179] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 505.590125][T13179] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 506.330010][T13189] netlink: 'syz.4.2276': attribute type 39 has an invalid length. [ 507.640658][ T5782] Bluetooth: hci0: command tx timeout [ 509.143010][T13200] netlink: 'syz.4.2278': attribute type 10 has an invalid length. [ 509.152654][T13200] macvlan0: entered promiscuous mode [ 509.158209][T13200] macvlan0: entered allmulticast mode [ 509.165710][T13200] veth1_vlan: entered allmulticast mode [ 509.174311][T13200] team0: Port device macvlan0 added [ 509.349349][T13205] netlink: 'syz.2.2280': attribute type 39 has an invalid length. [ 509.356814][T13207] netlink: 16211 bytes leftover after parsing attributes in process `syz.0.2279'. [ 509.401858][T13178] chnl_net:caif_netlink_parms(): no params data found [ 509.605553][T13178] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.625396][T13178] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.633241][T13178] bridge_slave_0: entered allmulticast mode [ 509.641311][T13178] bridge_slave_0: entered promiscuous mode [ 509.662234][T13221] netlink: 'syz.2.2285': attribute type 39 has an invalid length. [ 509.675771][T13178] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.686087][T13178] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.698583][T13178] bridge_slave_1: entered allmulticast mode [ 509.716072][T13178] bridge_slave_1: entered promiscuous mode [ 509.722350][ T5782] Bluetooth: hci0: command tx timeout [ 509.774103][T13178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 509.788215][T13178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.866043][T13178] team0: Port device team_slave_0 added [ 509.888030][T13178] team0: Port device team_slave_1 added [ 509.975998][T13178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 510.002484][T13178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 510.047091][T13178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 510.076157][T13178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 510.096785][T13178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 510.124470][T13178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 510.257981][T13178] hsr_slave_0: entered promiscuous mode [ 510.269240][T13178] hsr_slave_1: entered promiscuous mode [ 510.278212][T13178] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 510.297392][T13178] Cannot create hsr debugfs directory [ 510.715842][T13178] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.878016][T13178] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.911394][T13238] netlink: 'syz.2.2290': attribute type 39 has an invalid length. [ 511.103067][T13178] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.254051][T13249] netlink: 'syz.4.2293': attribute type 39 has an invalid length. [ 511.262685][T13249] veth1_vlan: left allmulticast mode [ 511.277699][T13249] macvlan0: left promiscuous mode [ 511.283013][T13249] macvlan0: left allmulticast mode [ 511.397507][T13178] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.568802][T13260] netlink: 'syz.4.2297': attribute type 10 has an invalid length. [ 511.765411][T13262] netlink: 'syz.0.2299': attribute type 39 has an invalid length. [ 511.799887][ T5782] Bluetooth: hci0: command tx timeout [ 511.828161][T13264] tap0: tun_chr_ioctl cmd 35108 [ 511.836646][T13178] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 511.858159][T13178] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 512.585384][T13178] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 512.615892][T13178] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 512.994521][T13178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.050311][T13283] netlink: 'syz.0.2304': attribute type 39 has an invalid length. [ 513.070056][T13178] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.132977][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.140431][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.172230][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.179615][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.416908][T13290] netlink: 'syz.4.2307': attribute type 5 has an invalid length. [ 513.459900][T13290] netlink: 176 bytes leftover after parsing attributes in process `syz.4.2307'. [ 513.532525][T13295] netlink: 'syz.2.2308': attribute type 39 has an invalid length. [ 513.886023][T13179] Bluetooth: hci0: command tx timeout [ 514.138000][T13178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.232999][T13179] Bluetooth: hci2: command 0x0406 tx timeout [ 514.440707][T13178] veth0_vlan: entered promiscuous mode [ 514.457246][T13178] veth1_vlan: entered promiscuous mode [ 514.663578][T13178] veth0_macvtap: entered promiscuous mode [ 514.709212][T13178] veth1_macvtap: entered promiscuous mode [ 514.813197][T13178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.849712][T13178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.869741][T13178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.888340][T13178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.898485][T13178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 514.911719][T13178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 514.925459][T13178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 514.946199][T13310] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2313'. [ 514.980543][T13178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 514.992115][T13178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 515.003666][T13178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 515.014700][T13178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 515.024957][T13178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 515.036249][T13178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 515.046135][T13178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 515.057628][T13178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 515.069525][T13178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 515.079024][T13316] netlink: 'syz.0.2314': attribute type 39 has an invalid length. [ 515.124733][T13178] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.150562][T13178] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.169742][T13178] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.178603][T13178] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 515.264612][T13322] netlink: 'syz.4.2316': attribute type 39 has an invalid length. [ 515.389087][ T6071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.437348][ T6071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.515066][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 515.548880][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 515.866653][T13334] netlink: 'syz.2.2318': attribute type 153 has an invalid length. [ 515.883711][T13337] netlink: 'syz.0.2320': attribute type 2 has an invalid length. [ 515.901619][T13334] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.2318'. [ 515.902995][T13337] netlink: 'syz.0.2320': attribute type 8 has an invalid length. [ 515.903015][T13337] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2320'. [ 516.217093][T13350] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2322'. [ 516.506788][T13354] netlink: 'syz.0.2324': attribute type 39 has an invalid length. [ 516.609128][T13356] netlink: 'syz.1.2325': attribute type 21 has an invalid length. [ 516.780269][T13359] netlink: 'syz.0.2326': attribute type 39 has an invalid length. [ 517.031349][T13367] FAULT_INJECTION: forcing a failure. [ 517.031349][T13367] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.082097][T13369] netlink: 'syz.0.2330': attribute type 21 has an invalid length. [ 517.100555][T13367] CPU: 0 PID: 13367 Comm: syz.1.2329 Not tainted syzkaller #0 [ 517.108094][T13367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 517.118461][T13367] Call Trace: [ 517.121781][T13367] [ 517.124744][T13367] dump_stack_lvl+0x18c/0x250 [ 517.129479][T13367] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 517.135688][T13367] ? show_regs_print_info+0x20/0x20 [ 517.140943][T13367] ? load_image+0x400/0x400 [ 517.145521][T13367] should_fail_ex+0x39d/0x4d0 [ 517.150271][T13367] _copy_from_user+0x2f/0xe0 [ 517.155180][T13367] ___sys_sendmsg+0x1c7/0x360 [ 517.160085][T13367] ? __sys_sendmsg+0x2a0/0x2a0 [ 517.165117][T13367] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 517.171529][T13367] __se_sys_sendmsg+0x1c2/0x2b0 [ 517.176533][T13367] ? __x64_sys_sendmsg+0x80/0x80 [ 517.181518][T13367] ? lockdep_hardirqs_on+0x98/0x150 [ 517.186827][T13367] do_syscall_64+0x55/0xa0 [ 517.191268][T13367] ? clear_bhb_loop+0x40/0x90 [ 517.196045][T13367] ? clear_bhb_loop+0x40/0x90 [ 517.200914][T13367] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 517.206821][T13367] RIP: 0033:0x7fbfd979aeb9 [ 517.211249][T13367] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.231048][T13367] RSP: 002b:00007fbfda6b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 517.239747][T13367] RAX: ffffffffffffffda RBX: 00007fbfd9a15fa0 RCX: 00007fbfd979aeb9 [ 517.247835][T13367] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 517.256081][T13367] RBP: 00007fbfda6b2090 R08: 0000000000000000 R09: 0000000000000000 [ 517.264071][T13367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.272293][T13367] R13: 00007fbfd9a16038 R14: 00007fbfd9a15fa0 R15: 00007ffd9fd3fc98 [ 517.280292][T13367] [ 518.101299][T13179] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 518.122894][T13179] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 518.131977][T13179] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 518.145340][T13179] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 518.157208][T13179] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 518.165813][T13179] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 518.565835][T13386] netlink: 'syz.0.2334': attribute type 39 has an invalid length. [ 519.145338][T13401] delete_channel: no stack [ 519.199838][T13411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2340'. [ 519.226191][T13409] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.2339'. [ 519.236611][T13411] team_slave_0: entered allmulticast mode [ 519.545195][T13413] team_slave_0: entered promiscuous mode [ 519.565017][T13411] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2340'. [ 519.605620][T13378] chnl_net:caif_netlink_parms(): no params data found [ 519.778804][T13421] netlink: 49920 bytes leftover after parsing attributes in process `syz.0.2349'. [ 519.994317][ T6071] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.072514][T13378] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.087500][T13378] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.098312][T13378] bridge_slave_0: entered allmulticast mode [ 520.179577][T13378] bridge_slave_0: entered promiscuous mode [ 520.200565][ T5782] Bluetooth: hci3: command tx timeout [ 520.212533][T13378] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.232267][T13378] bridge0: port 2(bridge_slave_1) entered disabled state [ 520.240142][T13378] bridge_slave_1: entered allmulticast mode [ 520.247800][T13378] bridge_slave_1: entered promiscuous mode [ 520.306165][ T6071] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.353314][T13436] validate_nla: 2 callbacks suppressed [ 520.353331][T13436] netlink: 'syz.1.2347': attribute type 39 has an invalid length. [ 520.422746][T13378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 520.479384][T13378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 520.671979][ T6071] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.047216][T13378] team0: Port device team_slave_0 added [ 521.092301][T13378] team0: Port device team_slave_1 added [ 521.169506][ T6071] team0: Port device netdevsim0 removed [ 521.182573][ T6071] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.437555][T13458] FAULT_INJECTION: forcing a failure. [ 521.437555][T13458] name failslab, interval 1, probability 0, space 0, times 0 [ 521.462206][T13458] CPU: 0 PID: 13458 Comm: syz.4.2353 Not tainted syzkaller #0 [ 521.469843][T13458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 521.480191][T13458] Call Trace: [ 521.483492][T13458] [ 521.486443][T13458] dump_stack_lvl+0x18c/0x250 [ 521.491155][T13458] ? show_regs_print_info+0x20/0x20 [ 521.496389][T13458] ? load_image+0x400/0x400 [ 521.501010][T13458] ? __might_sleep+0xe0/0xe0 [ 521.505714][T13458] ? __lock_acquire+0x7d40/0x7d40 [ 521.510770][T13458] should_fail_ex+0x39d/0x4d0 [ 521.515659][T13458] should_failslab+0x9/0x20 [ 521.520269][T13458] slab_pre_alloc_hook+0x59/0x310 [ 521.525320][T13458] ? ip_setup_cork+0x22e/0x860 [ 521.530132][T13458] __kmem_cache_alloc_node+0x53/0x250 [ 521.535602][T13458] ? ip_setup_cork+0x22e/0x860 [ 521.540403][T13458] kmalloc_trace+0x2a/0xe0 [ 521.545195][T13458] ip_setup_cork+0x22e/0x860 [ 521.549909][T13458] ip_make_skb+0x157/0x440 [ 521.554346][T13458] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 521.559266][T13458] ? ip_flush_pending_frames+0x250/0x250 [ 521.565280][T13458] udp_sendmsg+0x1ade/0x23b0 [ 521.569919][T13458] ? ip_skb_dst_mtu+0x9c0/0x9c0 [ 521.574882][T13458] ? udp_cmsg_send+0x350/0x350 [ 521.579679][T13458] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 521.585775][T13458] ? lock_chain_count+0x20/0x20 [ 521.590726][T13458] ? inet_sendmsg+0x14b/0x2f0 [ 521.595430][T13458] ? __local_bh_enable_ip+0x13a/0x1c0 [ 521.601166][T13458] ? _local_bh_enable+0xa0/0xa0 [ 521.606123][T13458] ? inet_sendmsg+0x14b/0x2f0 [ 521.610827][T13458] ? inet_sendmsg+0x14b/0x2f0 [ 521.615604][T13458] ? inet_send_prepare+0x260/0x260 [ 521.620734][T13458] ____sys_sendmsg+0x5ba/0x960 [ 521.625605][T13458] ? __lock_acquire+0x7d40/0x7d40 [ 521.630869][T13458] ? __sys_sendmsg_sock+0x30/0x30 [ 521.635978][T13458] ? __import_iovec+0x3fa/0x850 [ 521.640983][T13458] ? import_iovec+0x73/0xa0 [ 521.645702][T13458] ___sys_sendmsg+0x2a6/0x360 [ 521.650582][T13458] ? __sys_sendmsg+0x2a0/0x2a0 [ 521.655468][T13458] ? trace_call_bpf+0xc3/0x6c0 [ 521.660293][T13458] __se_sys_sendmsg+0x1c2/0x2b0 [ 521.665247][T13458] ? __x64_sys_sendmsg+0x80/0x80 [ 521.670237][T13458] ? lockdep_hardirqs_on+0x98/0x150 [ 521.675627][T13458] do_syscall_64+0x55/0xa0 [ 521.680157][T13458] ? clear_bhb_loop+0x40/0x90 [ 521.684936][T13458] ? clear_bhb_loop+0x40/0x90 [ 521.689738][T13458] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 521.695650][T13458] RIP: 0033:0x7f410a19aeb9 [ 521.700087][T13458] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 521.719995][T13458] RSP: 002b:00007f410aff0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 521.728457][T13458] RAX: ffffffffffffffda RBX: 00007f410a415fa0 RCX: 00007f410a19aeb9 [ 521.736446][T13458] RDX: 0000000020000044 RSI: 00002000000025c0 RDI: 0000000000000003 [ 521.744435][T13458] RBP: 00007f410aff0090 R08: 0000000000000000 R09: 0000000000000000 [ 521.752507][T13458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 521.760668][T13458] R13: 00007f410a416038 R14: 00007f410a415fa0 R15: 00007ffd945aee78 [ 521.768704][T13458] [ 521.814530][T13378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 521.824618][T13378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 521.858097][T13378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 521.911583][T13378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 521.929790][T13378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 521.971131][T13378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 522.205522][T13461] netlink: 'syz.4.2355': attribute type 9 has an invalid length. [ 522.243242][T13464] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2356'. [ 522.258462][T13461] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2355'. [ 522.268687][T13464] openvswitch: netlink: Key type 2832 is out of range max 32 [ 522.296342][ T5782] Bluetooth: hci3: command tx timeout [ 522.340971][T13466] netlink: 'syz.1.2357': attribute type 39 has an invalid length. [ 522.444910][T13378] hsr_slave_0: entered promiscuous mode [ 522.488807][T13378] hsr_slave_1: entered promiscuous mode [ 522.521712][T13378] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 522.529440][T13378] Cannot create hsr debugfs directory [ 523.128601][T13478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 523.489790][T13488] netlink: 'syz.4.2365': attribute type 2 has an invalid length. [ 523.508616][T13488] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2365'. [ 523.531095][T13496] netlink: 'syz.0.2366': attribute type 39 has an invalid length. [ 524.359908][ T5782] Bluetooth: hci3: command tx timeout [ 524.440718][T13518] netlink: 'syz.1.2371': attribute type 10 has an invalid length. [ 524.448687][T13518] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 524.592188][ T6071] gretap0 (unregistering): left allmulticast mode [ 524.598708][ T6071] gretap0 (unregistering): left promiscuous mode [ 524.626785][ T6071] Ÿë: port 1(gretap0) entered disabled state [ 524.883107][T13523] netlink: 'syz.1.2374': attribute type 10 has an invalid length. [ 524.910561][T13523] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port [ 525.153931][T13528] netlink: 'syz.0.2375': attribute type 39 has an invalid length. [ 525.518155][T13540] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2378'. [ 525.519497][T13543] hsr0: entered promiscuous mode [ 525.560492][T13540] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8 [ 525.569417][T13543] hsr0: entered allmulticast mode [ 525.601929][T13543] hsr_slave_0: entered allmulticast mode [ 525.607729][T13543] hsr_slave_1: entered allmulticast mode [ 526.134091][T13378] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 526.197753][T13378] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 526.258537][T13563] netlink: 'syz.4.2383': attribute type 10 has an invalid length. [ 526.301965][T13563] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2383'. [ 526.325305][T13563] ipvlan1: entered promiscuous mode [ 526.345124][T13563] ipvlan1: entered allmulticast mode [ 526.369845][T13563] veth0_vlan: entered allmulticast mode [ 526.386542][T13563] bridge0: port 3(ipvlan1) entered blocking state [ 526.401483][T13563] bridge0: port 3(ipvlan1) entered disabled state [ 526.421491][T13563] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 526.440294][ T5782] Bluetooth: hci3: command tx timeout [ 526.457028][ T6071] veth0_to_team: left allmulticast mode [ 526.469064][ T6071] veth0_to_team: left promiscuous mode [ 526.480732][ T6071] Ÿë: port 2(veth0_to_team) entered disabled state [ 526.519423][ T6071] hsr_slave_0: left promiscuous mode [ 526.547314][ T6071] hsr_slave_1: left promiscuous mode [ 526.566786][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 526.587637][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 526.620546][ T6071] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 526.639264][ T6071] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 526.701015][ T6071] veth1_macvtap: left promiscuous mode [ 526.706852][ T6071] veth0_macvtap: left promiscuous mode [ 526.719953][ T6071] veth1_vlan: left promiscuous mode [ 526.727376][ T6071] veth0_vlan: left promiscuous mode [ 527.088577][T13576] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.2385'. [ 528.105147][ T6071] team0 (unregistering): Port device macvlan0 removed [ 528.576318][ T6071] team0 (unregistering): Port device team_slave_1 removed [ 528.632783][ T6071] team0 (unregistering): Port device C removed [ 528.683002][ T6071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 529.059323][ T6071] bond0 (unregistering): Released all slaves [ 529.117937][T13378] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 529.128054][T13378] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 529.138550][T13568] netlink: 'syz.1.2384': attribute type 1 has an invalid length. [ 529.146794][T13568] netlink: 'syz.1.2384': attribute type 4 has an invalid length. [ 529.169704][T13568] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2384'. [ 529.266141][T13588] netlink: 'syz.0.2386': attribute type 39 has an invalid length. [ 529.685463][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.694728][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.704058][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.713363][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.722625][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.731943][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.741139][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.750443][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.759605][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.768820][T13601] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 529.788073][T13378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 530.192323][T13378] 8021q: adding VLAN 0 to HW filter on device team0 [ 530.265083][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.272495][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 530.327985][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.335271][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 530.490971][T13378] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 530.502274][T13378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 530.713813][T13629] netlink: 'syz.4.2396': attribute type 39 has an invalid length. [ 531.222237][T13637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2399'. [ 531.704689][T13641] netlink: 'syz.1.2400': attribute type 39 has an invalid length. [ 531.835535][T13378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 531.892468][T13652] netlink: 'syz.1.2403': attribute type 10 has an invalid length. [ 531.905698][T13652] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2403'. [ 531.918388][T13652] ipvlan1: entered promiscuous mode [ 531.924487][T13652] ipvlan1: entered allmulticast mode [ 531.960257][T13652] veth0_vlan: entered allmulticast mode [ 532.002913][T13652] bridge0: port 3(ipvlan1) entered blocking state [ 532.020471][T13652] bridge0: port 3(ipvlan1) entered disabled state [ 532.125950][T13378] veth0_vlan: entered promiscuous mode [ 532.149202][T13378] veth1_vlan: entered promiscuous mode [ 532.220508][T13378] veth0_macvtap: entered promiscuous mode [ 532.248016][T13378] veth1_macvtap: entered promiscuous mode [ 532.292611][T13378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 532.307729][T13378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.334803][T13378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 532.346905][T13378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.357535][T13378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 532.368641][T13378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.412607][T13378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 532.471034][T13378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.502462][T13378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.513741][T13378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.525041][T13378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.535946][T13378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.551906][T13378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.564113][T13378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 532.575226][T13378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 532.587481][T13378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 532.598400][T13661] netlink: 'syz.1.2407': attribute type 39 has an invalid length. [ 532.663197][T13378] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.690977][T13378] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.709861][T13378] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.725937][T13378] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.797486][T13671] netlink: 'syz.1.2410': attribute type 39 has an invalid length. [ 532.808985][T13664] syzkaller0: entered promiscuous mode [ 532.821203][T13664] syzkaller0: entered allmulticast mode [ 533.169099][T13677] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.2412'. [ 533.739412][T13688] netlink: 'syz.0.2415': attribute type 10 has an invalid length. [ 533.773152][T13688] team0: Device hsr_slave_0 failed to register rx_handler [ 533.903791][T13694] netlink: 'syz.0.2416': attribute type 3 has an invalid length. [ 533.910312][ T1124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 533.918255][T13694] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2416'. [ 533.943899][ T1124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.066777][ T6071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.077294][ T6071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.471539][T13704] netlink: 'syz.0.2419': attribute type 39 has an invalid length. [ 534.577289][T13708] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.2420'. [ 534.594053][T13706] netlink: 140 bytes leftover after parsing attributes in process `syz.2.2421'. [ 534.635240][T13706] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2421'. [ 534.651548][T13708] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2420'. [ 535.352030][T13725] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.2426'. [ 535.539161][T13722] delete_channel: no stack [ 535.585180][T13731] netlink: 'syz.0.2428': attribute type 10 has an invalid length. [ 535.791408][ T11] hsr_slave_0: left promiscuous mode [ 535.880602][ T11] hsr_slave_1: left promiscuous mode [ 535.924621][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.113208][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 536.314604][T13749] netlink: 208064 bytes leftover after parsing attributes in process `syz.1.2435'. [ 536.667431][ T11] veth1_macvtap: left promiscuous mode [ 536.702939][ T11] veth0_macvtap: left promiscuous mode [ 536.708647][ T11] veth1_vlan: left promiscuous mode [ 536.724759][ T11] veth0_vlan: left promiscuous mode [ 536.736989][T13756] FAULT_INJECTION: forcing a failure. [ 536.736989][T13756] name failslab, interval 1, probability 0, space 0, times 0 [ 536.751488][T13756] CPU: 0 PID: 13756 Comm: syz.1.2438 Not tainted syzkaller #0 [ 536.759102][T13756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 536.769733][T13756] Call Trace: [ 536.773071][T13756] [ 536.776052][T13756] dump_stack_lvl+0x18c/0x250 [ 536.780874][T13756] ? sctp_sendmsg+0x1575/0x28c0 [ 536.786221][T13756] ? ___sys_sendmsg+0x2a6/0x360 [ 536.791469][T13756] ? show_regs_print_info+0x20/0x20 [ 536.796816][T13756] ? load_image+0x400/0x400 [ 536.801586][T13756] should_fail_ex+0x39d/0x4d0 [ 536.806687][T13756] should_failslab+0x9/0x20 [ 536.811366][T13756] slab_pre_alloc_hook+0x59/0x310 [ 536.816865][T13756] ? sctp_add_bind_addr+0x8c/0x360 [ 536.822166][T13756] __kmem_cache_alloc_node+0x53/0x250 [ 536.827784][T13756] ? sctp_add_bind_addr+0x8c/0x360 [ 536.832965][T13756] kmalloc_trace+0x2a/0xe0 [ 536.837453][T13756] sctp_add_bind_addr+0x8c/0x360 [ 536.842560][T13756] sctp_copy_local_addr_list+0x315/0x4f0 [ 536.848276][T13756] ? sctp_copy_local_addr_list+0xa5/0x4f0 [ 536.854060][T13756] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 536.860289][T13756] ? sctp_v6_is_any+0x64/0x70 [ 536.865028][T13756] ? sctp_copy_one_addr+0x8c/0x350 [ 536.870209][T13756] sctp_bind_addr_copy+0xb3/0x3c0 [ 536.875377][T13756] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 536.881758][T13756] sctp_connect_new_asoc+0x2f9/0x6a0 [ 536.887099][T13756] ? __sctp_connect+0xd80/0xd80 [ 536.892002][T13756] ? __local_bh_enable_ip+0x13a/0x1c0 [ 536.897444][T13756] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 536.903067][T13756] ? security_sctp_bind_connect+0x89/0xb0 [ 536.909035][T13756] sctp_sendmsg+0x1575/0x28c0 [ 536.913787][T13756] ? sctp_getsockopt+0xb60/0xb60 [ 536.918775][T13756] ? aa_sk_perm+0x83c/0x970 [ 536.923345][T13756] ? aa_af_perm+0x330/0x330 [ 536.927926][T13756] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 536.934576][T13756] ? sock_rps_record_flow+0x19/0x3f0 [ 536.940024][T13756] ? inet_sendmsg+0xe9/0x2f0 [ 536.944674][T13756] ? inet_send_prepare+0x260/0x260 [ 536.949857][T13756] ____sys_sendmsg+0x5ba/0x960 [ 536.954866][T13756] ? __lock_acquire+0x7d40/0x7d40 [ 536.959953][T13756] ? __sys_sendmsg_sock+0x30/0x30 [ 536.965146][T13756] ? __import_iovec+0x5f2/0x850 [ 536.970073][T13756] ? import_iovec+0x73/0xa0 [ 536.974723][T13756] ___sys_sendmsg+0x2a6/0x360 [ 536.979452][T13756] ? get_pid_task+0x20/0x1e0 [ 536.984099][T13756] ? __sys_sendmsg+0x2a0/0x2a0 [ 536.988934][T13756] ? __lock_acquire+0x7d40/0x7d40 [ 536.994060][T13756] __se_sys_sendmsg+0x1c2/0x2b0 [ 536.998984][T13756] ? __x64_sys_sendmsg+0x80/0x80 [ 537.004011][T13756] ? lockdep_hardirqs_on+0x98/0x150 [ 537.009456][T13756] do_syscall_64+0x55/0xa0 [ 537.013945][T13756] ? clear_bhb_loop+0x40/0x90 [ 537.018764][T13756] ? clear_bhb_loop+0x40/0x90 [ 537.023668][T13756] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 537.029623][T13756] RIP: 0033:0x7fbfd979aeb9 [ 537.034146][T13756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 537.053994][T13756] RSP: 002b:00007fbfda6b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 537.062900][T13756] RAX: ffffffffffffffda RBX: 00007fbfd9a15fa0 RCX: 00007fbfd979aeb9 [ 537.071011][T13756] RDX: 0000000000000041 RSI: 0000200000000600 RDI: 0000000000000003 [ 537.079151][T13756] RBP: 00007fbfda6b2090 R08: 0000000000000000 R09: 0000000000000000 [ 537.087352][T13756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 537.095368][T13756] R13: 00007fbfd9a16038 R14: 00007fbfd9a15fa0 R15: 00007ffd9fd3fc98 [ 537.103588][T13756] [ 538.801026][ T11] geneve1 (unregistering): left promiscuous mode [ 538.815133][ T11] geneve1 (unregistering): left allmulticast mode [ 538.832898][ T11] team0 (unregistering): Port device geneve1 removed [ 539.593745][ T11] macvlan0 (unregistering): left promiscuous mode [ 539.605455][ T11] macvlan0 (unregistering): left allmulticast mode [ 539.614965][ T11] team0 (unregistering): Port device macvlan0 removed [ 540.071506][ T11] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 540.082797][ T11] batadv_slave_0 (unregistering): left promiscuous mode [ 540.090188][ T11] batadv_slave_0 (unregistering): left allmulticast mode [ 540.144235][ T11] team_slave_1 (unregistering): left promiscuous mode [ 540.151544][ T11] team_slave_1 (unregistering): left allmulticast mode [ 540.160818][ T11] team0 (unregistering): Port device team_slave_1 removed [ 540.210799][ T11] team_slave_0 (unregistering): left promiscuous mode [ 540.217654][ T11] team_slave_0 (unregistering): left allmulticast mode [ 540.227408][ T11] team0 (unregistering): Port device team_slave_0 removed [ 540.279483][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 540.292207][ T11] bond_slave_1 (unregistering): left promiscuous mode [ 540.299264][ T11] bond_slave_1 (unregistering): left allmulticast mode [ 540.347825][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 540.357644][ T11] bond_slave_0 (unregistering): left promiscuous mode [ 540.367730][ T11] bond_slave_0 (unregistering): left allmulticast mode [ 540.628114][ T11] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 540.638126][ T11] batadv0 (unregistering): left allmulticast mode [ 540.715131][ T11] bond0 (unregistering): left promiscuous mode [ 540.722393][ T11] bond0 (unregistering): left allmulticast mode [ 540.732350][ T11] team0 (unregistering): Port device bond0 removed [ 540.765812][ T11] bond0 (unregistering): Released all slaves [ 540.813525][T13773] netlink: 'syz.1.2451': attribute type 2 has an invalid length. [ 540.823479][T13773] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2451'. [ 540.834829][T13782] netlink: 'syz.4.2445': attribute type 10 has an invalid length. [ 540.890927][T13782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 540.923802][T13782] team0: Port device bond0 added [ 541.211544][T13801] netlink: 'syz.4.2452': attribute type 6 has an invalid length. [ 541.417670][T13803] netlink: 'syz.2.2450': attribute type 153 has an invalid length. [ 541.442244][T13803] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.2450'. [ 542.442639][T13822] FAULT_INJECTION: forcing a failure. [ 542.442639][T13822] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 542.487187][T13822] CPU: 1 PID: 13822 Comm: syz.2.2455 Not tainted syzkaller #0 [ 542.494741][T13822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 542.504972][T13822] Call Trace: [ 542.508383][T13822] [ 542.511436][T13822] dump_stack_lvl+0x18c/0x250 [ 542.516167][T13822] ? show_regs_print_info+0x20/0x20 [ 542.521505][T13822] ? load_image+0x400/0x400 [ 542.526149][T13822] ? __might_fault+0xaa/0x120 [ 542.530882][T13822] ? __lock_acquire+0x7d40/0x7d40 [ 542.536048][T13822] should_fail_ex+0x39d/0x4d0 [ 542.541159][T13822] _copy_from_iter+0x1d9/0x12e0 [ 542.546242][T13822] ? __virt_addr_valid+0x18c/0x540 [ 542.551591][T13822] ? __lock_acquire+0x7d40/0x7d40 [ 542.556666][T13822] ? sock_alloc_send_pskb+0x8a1/0x9a0 [ 542.562102][T13822] ? copyout_mc+0x70/0x70 [ 542.566683][T13822] ? __virt_addr_valid+0x18c/0x540 [ 542.571945][T13822] ? __virt_addr_valid+0x18c/0x540 [ 542.577202][T13822] ? __virt_addr_valid+0x469/0x540 [ 542.582459][T13822] ? __check_object_size+0x506/0xa20 [ 542.587904][T13822] skb_copy_datagram_from_iter+0xf4/0x6e0 [ 542.593706][T13822] ? dev_get_by_index+0x22/0x2d0 [ 542.598701][T13822] ? skb_put+0x11b/0x210 [ 542.602999][T13822] packet_sendmsg+0x3566/0x4d70 [ 542.608117][T13822] ? verify_lock_unused+0x140/0x140 [ 542.613364][T13822] ? mark_lock+0x94/0x320 [ 542.617834][T13822] ? __lock_acquire+0x1273/0x7d40 [ 542.622937][T13822] ? verify_lock_unused+0x140/0x140 [ 542.628198][T13822] ? aa_sk_perm+0x83c/0x970 [ 542.633048][T13822] ? packet_getsockopt+0xad0/0xad0 [ 542.638228][T13822] ? aa_sock_msg_perm+0x94/0x150 [ 542.643225][T13822] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 542.648731][T13822] ? security_socket_sendmsg+0x80/0xa0 [ 542.654498][T13822] ? packet_getsockopt+0xad0/0xad0 [ 542.659664][T13822] ____sys_sendmsg+0x5ba/0x960 [ 542.664658][T13822] ? __lock_acquire+0x7d40/0x7d40 [ 542.669857][T13822] ? __asan_memset+0x22/0x40 [ 542.674496][T13822] ? __sys_sendmsg_sock+0x30/0x30 [ 542.679661][T13822] ? __import_iovec+0x5f2/0x850 [ 542.684660][T13822] ? import_iovec+0x73/0xa0 [ 542.689394][T13822] ___sys_sendmsg+0x2a6/0x360 [ 542.694205][T13822] ? get_pid_task+0x20/0x1e0 [ 542.698848][T13822] ? __sys_sendmsg+0x2a0/0x2a0 [ 542.703767][T13822] ? __lock_acquire+0x7d40/0x7d40 [ 542.709039][T13822] __se_sys_sendmsg+0x1c2/0x2b0 [ 542.713949][T13822] ? __x64_sys_sendmsg+0x80/0x80 [ 542.718964][T13822] ? lockdep_hardirqs_on+0x98/0x150 [ 542.721656][T13826] netlink: 'syz.1.2458': attribute type 39 has an invalid length. [ 542.724459][T13822] do_syscall_64+0x55/0xa0 [ 542.736906][T13822] ? clear_bhb_loop+0x40/0x90 [ 542.741819][T13822] ? clear_bhb_loop+0x40/0x90 [ 542.746625][T13822] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 542.752561][T13822] RIP: 0033:0x7f29c799aeb9 [ 542.757216][T13822] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 542.777056][T13822] RSP: 002b:00007f29c8888028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 542.785639][T13822] RAX: ffffffffffffffda RBX: 00007f29c7c15fa0 RCX: 00007f29c799aeb9 [ 542.793829][T13822] RDX: 00000000000480c0 RSI: 0000200000000200 RDI: 0000000000000003 [ 542.801953][T13822] RBP: 00007f29c8888090 R08: 0000000000000000 R09: 0000000000000000 [ 542.810162][T13822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 542.818364][T13822] R13: 00007f29c7c16038 R14: 00007f29c7c15fa0 R15: 00007ffd176fea58 [ 542.826768][T13822] [ 542.877033][T13828] netlink: 'syz.1.2460': attribute type 10 has an invalid length. [ 542.901759][T13828] team0: Port device macvlan0 added [ 543.729302][T13836] bridge_slave_1: left allmulticast mode [ 543.770703][T13836] bridge_slave_1: left promiscuous mode [ 543.776643][T13836] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.806813][T13835] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2464'. [ 543.883767][T13836] bridge_slave_0: left allmulticast mode [ 543.901847][T13836] bridge_slave_0: left promiscuous mode [ 543.919008][T13836] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.438412][T13841] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2463'. [ 544.618681][T13835] net_ratelimit: 3320 callbacks suppressed [ 544.618699][T13835] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 544.882131][T13857] netlink: 'syz.4.2468': attribute type 33 has an invalid length. [ 544.940529][T13857] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2468'. [ 544.957457][T13857] `: renamed from team0 (while UP) [ 544.967534][T13860] netlink: 'syz.0.2470': attribute type 39 has an invalid length. [ 545.114693][T13862] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2471'. [ 546.352199][T13862] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 546.522055][T13866] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2473'. [ 547.173635][T13879] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2476'. [ 547.257432][T13879] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 547.273218][T13882] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 549.060942][T13897] netlink: 'syz.4.2480': attribute type 39 has an invalid length. [ 551.631452][T13926] netlink: 'syz.2.2489': attribute type 39 has an invalid length. [ 551.704293][T13920] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2487'. [ 551.932660][T13930] netlink: 'syz.0.2491': attribute type 21 has an invalid length. [ 552.633233][T13946] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2497'. [ 552.743704][T13945] bridge_slave_1: left allmulticast mode [ 552.760277][T13945] bridge_slave_1: left promiscuous mode [ 552.783793][T13945] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.102243][T13957] netlink: 15999 bytes leftover after parsing attributes in process `syz.2.2498'. [ 553.938571][T13945] bridge_slave_0: left allmulticast mode [ 553.944493][T13945] bridge_slave_0: left promiscuous mode [ 553.950953][T13945] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.174295][T13949] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 554.339569][T13955] syzkaller0: entered promiscuous mode [ 554.353542][T13955] syzkaller0: entered allmulticast mode [ 554.537595][T13965] netlink: 'syz.4.2501': attribute type 39 has an invalid length. [ 555.391665][ T5782] Bluetooth: hci0: Malformed Event: 0x13 [ 558.023681][T13969] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2502'. [ 558.039396][T13983] wg2: entered allmulticast mode [ 558.048733][T13984] wg2: entered promiscuous mode [ 558.367932][T13996] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2510'. [ 558.575665][T13996] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 558.610977][T14007] netlink: 'syz.4.2513': attribute type 39 has an invalid length. [ 559.139181][T14013] syzkaller0: entered promiscuous mode [ 559.158640][T14013] syzkaller0: entered allmulticast mode [ 561.538932][T14031] netlink: 65055 bytes leftover after parsing attributes in process `syz.0.2527'. [ 562.132969][T14034] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2519'. [ 562.566532][T14052] netlink: 'syz.4.2525': attribute type 39 has an invalid length. [ 563.346146][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.353922][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.364946][T14073] netlink: 'syz.2.2528': attribute type 4 has an invalid length. [ 564.429741][T14073] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2528'. [ 565.433324][T13179] Bluetooth: hci4: command 0x0406 tx timeout [ 565.991850][T14073] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 566.967382][T14083] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2534'. [ 567.083577][T14089] netlink: 'syz.2.2537': attribute type 39 has an invalid length. [ 567.310467][T14097] netlink: 'syz.2.2540': attribute type 153 has an invalid length. [ 567.350345][T14097] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.2540'. [ 567.536482][T14107] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2543'. [ 567.599973][T14107] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2543'. [ 567.662868][T14112] netlink: 'syz.2.2544': attribute type 39 has an invalid length. [ 567.990761][T14113] wg2: left promiscuous mode [ 568.091443][T14115] wg2: entered promiscuous mode [ 568.169791][T14118] netlink: 'syz.2.2545': attribute type 21 has an invalid length. [ 568.480283][T14123] netlink: 'syz.4.2548': attribute type 39 has an invalid length. [ 568.519104][T14125] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2549'. [ 568.824206][T14127] ±ÿ: renamed from team_slave_1 (while UP) [ 568.894139][T14131] FAULT_INJECTION: forcing a failure. [ 568.894139][T14131] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.955804][T14131] CPU: 1 PID: 14131 Comm: syz.1.2551 Not tainted syzkaller #0 [ 568.963388][T14131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 568.973943][T14131] Call Trace: [ 568.977532][T14131] [ 568.980492][T14131] dump_stack_lvl+0x18c/0x250 [ 568.985217][T14131] ? show_regs_print_info+0x20/0x20 [ 568.990442][T14131] ? load_image+0x400/0x400 [ 568.994982][T14131] ? __might_fault+0xaa/0x120 [ 568.999910][T14131] ? __lock_acquire+0x7d40/0x7d40 [ 569.005060][T14131] should_fail_ex+0x39d/0x4d0 [ 569.009938][T14131] _copy_from_user+0x2f/0xe0 [ 569.014713][T14131] generic_map_update_batch+0x59a/0x810 [ 569.020391][T14131] ? rcu_read_unlock+0xa0/0xa0 [ 569.025246][T14131] ? __fdget+0x180/0x210 [ 569.029656][T14131] ? rcu_read_unlock+0xa0/0xa0 [ 569.034494][T14131] bpf_map_do_batch+0x3d7/0x610 [ 569.039454][T14131] __sys_bpf+0x381/0x890 [ 569.043886][T14131] ? bpf_link_show_fdinfo+0x390/0x390 [ 569.049405][T14131] ? lock_chain_count+0x20/0x20 [ 569.054467][T14131] __x64_sys_bpf+0x7c/0x90 [ 569.058967][T14131] do_syscall_64+0x55/0xa0 [ 569.063552][T14131] ? clear_bhb_loop+0x40/0x90 [ 569.068380][T14131] ? clear_bhb_loop+0x40/0x90 [ 569.073308][T14131] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 569.079275][T14131] RIP: 0033:0x7fbfd979aeb9 [ 569.083762][T14131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 569.103796][T14131] RSP: 002b:00007fbfda6b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 569.112293][T14131] RAX: ffffffffffffffda RBX: 00007fbfd9a15fa0 RCX: 00007fbfd979aeb9 [ 569.120424][T14131] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a [ 569.128464][T14131] RBP: 00007fbfda6b2090 R08: 0000000000000000 R09: 0000000000000000 [ 569.136498][T14131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 569.144519][T14131] R13: 00007fbfd9a16038 R14: 00007fbfd9a15fa0 R15: 00007ffd9fd3fc98 [ 569.152875][T14131] [ 569.236328][T14134] netlink: 'syz.0.2553': attribute type 16 has an invalid length. [ 569.249882][T14134] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2553'. [ 569.308444][T14137] netlink: 16399 bytes leftover after parsing attributes in process `syz.2.2552'. [ 569.568968][T14146] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.2556'. [ 569.901003][T14153] netlink: 'syz.1.2558': attribute type 39 has an invalid length. [ 570.103254][T14161] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2560'. [ 570.495546][T14172] wg2: entered allmulticast mode [ 570.824718][T14172] wg2: entered promiscuous mode [ 572.062239][T14180] netlink: 'syz.0.2566': attribute type 2 has an invalid length. [ 572.090218][T14180] netlink: 'syz.0.2566': attribute type 11 has an invalid length. [ 572.179671][T14180] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2566'. [ 572.258707][T14190] netlink: 'syz.1.2571': attribute type 39 has an invalid length. [ 572.656920][T14198] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2574'. [ 572.706957][T14191] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2572'. [ 573.286397][T14199] netlink: 'syz.1.2573': attribute type 153 has an invalid length. [ 573.301156][T14199] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.2573'. [ 573.551708][T14214] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2580'. [ 573.874180][T14216] netlink: 'syz.0.2581': attribute type 39 has an invalid length. [ 576.121319][T14234] netlink: 'syz.4.2585': attribute type 4 has an invalid length. [ 576.167430][T14234] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2585'. [ 576.340229][T14234] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 577.010435][T14251] netlink: 'syz.2.2592': attribute type 39 has an invalid length. [ 577.877059][T14266] netlink: 'syz.4.2597': attribute type 10 has an invalid length. [ 577.990008][T14266] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 579.269397][T14279] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2599'. [ 579.900024][T14285] netlink: 'syz.1.2602': attribute type 39 has an invalid length. [ 580.584987][T14297] netlink: 'syz.1.2607': attribute type 10 has an invalid length. [ 581.664812][T14297] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 582.585202][T14304] netlink: 'syz.0.2606': attribute type 4 has an invalid length. [ 582.719725][T14304] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2606'. [ 585.325208][T14304] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 585.670232][T14316] netlink: 'syz.4.2612': attribute type 39 has an invalid length. [ 585.934921][T14321] netlink: 'syz.4.2615': attribute type 21 has an invalid length. [ 585.979807][T14321] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2615'. [ 586.763833][T14334] netlink: 16399 bytes leftover after parsing attributes in process `syz.1.2617'. [ 586.780421][T14325] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2614'. [ 587.822111][T14343] netlink: 'syz.0.2619': attribute type 10 has an invalid length. [ 588.313509][T14343] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 596.028339][T14435] syzkaller0: entered promiscuous mode [ 596.046593][T14435] syzkaller0: entered allmulticast mode [ 604.197060][T14515] macsec0: entered promiscuous mode [ 604.205070][T14515] macsec0: entered allmulticast mode [ 604.213524][T14515] veth1_macvtap: entered allmulticast mode [ 604.693030][T14529] macsec0: entered promiscuous mode [ 604.707605][T14529] macsec0: entered allmulticast mode [ 604.723919][T14529] veth1_macvtap: entered allmulticast mode [ 607.619520][T14566] macsec0: entered promiscuous mode [ 607.660525][T14566] macsec0: entered allmulticast mode [ 607.680864][T14566] veth1_macvtap: entered allmulticast mode [ 612.179029][T14599] syzkaller0: entered promiscuous mode [ 612.188394][T14599] syzkaller0: entered allmulticast mode [ 612.204479][T14611] [ 612.207529][T14611] ============================= [ 612.212803][T14611] WARNING: suspicious RCU usage [ 612.217695][T14611] syzkaller #0 Not tainted [ 612.222465][T14611] ----------------------------- [ 612.227361][T14611] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage! [ 612.236190][T14611] [ 612.236190][T14611] other info that might help us debug this: [ 612.236190][T14611] [ 612.247097][T14611] [ 612.247097][T14611] rcu_scheduler_active = 2, debug_locks = 1 [ 612.255768][T14611] 1 lock held by syz.2.2714/14611: [ 612.261244][T14611] #0: ffffffff8d1321c0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 [ 612.271729][T14611] [ 612.271729][T14611] stack backtrace: [ 612.277784][T14611] CPU: 0 PID: 14611 Comm: syz.2.2714 Not tainted syzkaller #0 [ 612.285634][T14611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 612.295901][T14611] Call Trace: [ 612.299223][T14611] [ 612.302385][T14611] dump_stack_lvl+0x18c/0x250 [ 612.307282][T14611] ? show_regs_print_info+0x20/0x20 [ 612.312577][T14611] ? load_image+0x400/0x400 [ 612.317105][T14611] lockdep_rcu_suspicious+0x1e1/0x300 [ 612.322512][T14611] get_callchain_entry+0x2a9/0x3c0 [ 612.327756][T14611] get_perf_callchain+0xc8/0x4f0 [ 612.332722][T14611] ? put_callchain_entry+0xb0/0xb0 [ 612.337889][T14611] __bpf_get_stack+0x2e4/0x540 [ 612.342690][T14611] ? stack_map_get_build_id_offset+0x720/0x720 [ 612.348975][T14611] ? __cant_sleep+0x220/0x220 [ 612.353663][T14611] ? bpf_prog_14d9fb3786f83342+0x45/0x49 [ 612.359303][T14611] bpf_get_stack_raw_tp+0x1a9/0x210 [ 612.364538][T14611] bpf_prog_14d9fb3786f83342+0x45/0x49 [ 612.370180][T14611] bpf_prog_run_pin_on_cpu+0x64/0x150 [ 612.375579][T14611] bpf_prog_test_run_syscall+0x317/0x4a0 [ 612.381636][T14611] ? sock_gen_cookie+0x60/0x60 [ 612.386473][T14611] ? sock_gen_cookie+0x60/0x60 [ 612.391291][T14611] bpf_prog_test_run+0x321/0x390 [ 612.396345][T14611] __sys_bpf+0x49d/0x890 [ 612.400692][T14611] ? bpf_link_show_fdinfo+0x390/0x390 [ 612.406161][T14611] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 612.412072][T14611] ? lock_chain_count+0x20/0x20 [ 612.416935][T14611] __x64_sys_bpf+0x7c/0x90 [ 612.421358][T14611] do_syscall_64+0x55/0xa0 [ 612.425870][T14611] ? clear_bhb_loop+0x40/0x90 [ 612.430745][T14611] ? clear_bhb_loop+0x40/0x90 [ 612.435554][T14611] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 612.441504][T14611] RIP: 0033:0x7f29c799aeb9 [ 612.446142][T14611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 612.465882][T14611] RSP: 002b:00007f29c8888028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 612.474414][T14611] RAX: ffffffffffffffda RBX: 00007f29c7c15fa0 RCX: 00007f29c799aeb9 [ 612.482413][T14611] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a [ 612.490566][T14611] RBP: 00007f29c7a08c1f R08: 0000000000000000 R09: 0000000000000000 [ 612.498693][T14611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.506921][T14611] R13: 00007f29c7c16038 R14: 00007f29c7c15fa0 R15: 00007ffd176fea58 [ 612.515017][T14611] [ 612.541443][T14604] macsec0: entered promiscuous mode [ 612.577598][T14604] macsec0: entered allmulticast mode [ 612.591390][T14604] veth1_macvtap: entered allmulticast mode