last executing test programs: 6.114673181s ago: executing program 3 (id=2190): r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x24, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYRES16=0x0, @ANYRESHEX=r2, @ANYRESHEX=r1, @ANYBLOB="34ccd3ccac36fd8eaa66ef1f9c5041deb7ffa00b773f2d84fb90234235e62a319db9214fabfcde886fa5c5c0a795169b4527be5d02858baf981fc3f95d595ed8466bbc822e05a4b15c05e5d0b6ca3b"], 0xffdd) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x104046, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x0, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1b576, 0x7, 0x9, 0x5e, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100844, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000180)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000100), 0x12) r6 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r6, 0x84, 0x84, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580), 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRESHEX=r4, @ANYBLOB="0000000000000000b705000000000000850000006d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.580682282s ago: executing program 3 (id=2194): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) socketpair$unix(0x1, 0x5, 0x0, 0x0) close(0xffffffffffffffff) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x9a) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002400)={0x0, 0x0, 0x56}, 0x28) close(0xffffffffffffffff) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) gettid() sendmsg$unix(0xffffffffffffffff, 0x0, 0x10090) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r2 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r2, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}, @ip_retopts={{0x28, 0x0, 0x7, {[@noop, @timestamp_addr={0x44, 0x14, 0x7, 0x1, 0x7, [{@rand_addr=0x64010101}, {@dev={0xac, 0x14, 0x14, 0x1d}, 0x5}]}]}}}], 0x48}, 0x200040c4) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x61, 0x0, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x1aa) r3 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = perf_event_open$cgroup(&(0x7f00000004c0)={0x2, 0x80, 0x3, 0x4, 0x7, 0x6, 0x0, 0xffff, 0x82cf0, 0xa, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5d, 0x4, @perf_config_ext={0x3, 0xd41}, 0x4000, 0x10001, 0x3, 0x4, 0xd5f4, 0xaf, 0x9, 0x0, 0x80000001, 0x0, 0x10}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xa) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f00000001c0)=0x7) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000002940)="2000000020008107090f9becdb4cb96b0200000000fbff010000000000000000", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x69, 0xfa, &(0x7f0000000100)="b86724844027b059319b679e8663b13f55fb0afa7a2463d243c1a72a49fd80dc8e66cb8e05b0c9012322d9d8ffaf7e52a191c817c8d3226fa0836ffe2640f34c7ab5bf6c621cbbe9fefbd0f41bc439db402de3445b427a1379709aab6e80781a02cbe3d43ddc437e14", &(0x7f0000000240)=""/250, 0x4, 0x0, 0x17, 0xf2, &(0x7f0000000180)="435574cbee885b874d7d872cfd94b7c4301120e7f617ce", &(0x7f0000000340)="603c1ea561ad7289b4557b889a897551508519b8b31d0426aac209c0b094f51ff54d2154b9d37c837c20f7c1ca4ca33850bf83adcfb97fe64a4e266a40d4a4612405a99be17b18092af5de6a9d8d29d7e1ed32e6d5c5a563c1c0c26928a4edc6cfe96a04703fcc40737dbbf3ca01f4454dce9b4941ce487acbc83cb5632943b2ff60453a8ce462bd89e3f285dabf3ce19affac20ff190d4462d2c0be99deeabf4b5e50388ea27c095c8b8d4908d6937d655825734872094e76bab0a8613abbab82c3d2ab2b0be4c093cc1580ffa5c82172d4e61843abb0763ae0b8829444a55beb28b6cb76ce4823d1816f6f7dec51406583", 0x5, 0x0, 0x2}, 0x50) 5.244927478s ago: executing program 3 (id=2199): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000100)}, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000004cc0)={0x1, 0x44, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0xbbd0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x12, 0x5, 0x9fd, 0x81, 0x2852, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000000}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x9, 0x4, 0x8, 0xc, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1, 0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) socket$kcm(0x2, 0x2, 0x73) 4.62703542s ago: executing program 3 (id=2201): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x7, 0x2, 0x2}}, 0x80, 0x0}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0e00009bd029ef8020ab070011000523a608463a"], 0xfe33) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0x1, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000300)={r1, &(0x7f0000000240)="6a5cb0946a77c7146fdd53338b9c35f609c350948b9b49d407cf039ad8f42cd6a603b825c2d5d96d5ac9e56f968bdbc051dc7c08009749534d91112221f94698a2cc76e613d208340ba846ee3a6cd6176e50ce065ee70e725f506fae9adaa7ef9be5d139925a6fc0adb288ac"}, 0x20) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xfffffffb}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1200}, {0x3, 0x3, 0x3, 0xa, 0x2, 0xfff0}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x8, 0x8}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0x41}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r2}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.371327835s ago: executing program 3 (id=2206): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)}, 0x0) 4.221036568s ago: executing program 3 (id=2209): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000100)}, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000004cc0)={0x1, 0x44, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0xbbd0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x12, 0x5, 0x9fd, 0x81, 0x2852, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000000}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x9, 0x4, 0x8, 0xc, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1, 0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) socket$kcm(0x2, 0x2, 0x73) 3.642302609s ago: executing program 0 (id=2220): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x7, 0x0) write$cgroup_subtree(r1, &(0x7f0000001ec0)=ANY=[@ANYBLOB="004000003a00913a74067388481f9c0e0a"], 0xfe33) close(0x3) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="d80000001800810804000000db44b904021d080010000000e8fe55a10a", 0x1d}], 0x1, 0x0, 0x0, 0x6000}, 0x6000800) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x5, 0x0, 0x1, 0x1, {0xa, 0x4e23, 0x101, @remote, 0x5}}}, 0x80, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r2, 0x0, 0x33fe0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x100904, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r3, 0x6, 0x1e, 0x0, 0xb00) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x26e1, 0x0) r5 = perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x1) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0x10, 0x2, 0x10) r7 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r8 = bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r4, @ANYBLOB="018000e790d33200"/20, @ANYRES32, @ANYRES32, @ANYBLOB="01000000000000000500"/21, @ANYRES32=r8, @ANYBLOB], 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2000) write$cgroup_subtree(r10, &(0x7f0000000300)=ANY=[], 0xfdef) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)=ANY=[@ANYRES32, @ANYRES32=r8, @ANYBLOB="330000004020000300000000", @ANYRES32=r10, @ANYBLOB, @ANYRES64=0x0], 0x20) 2.53565968s ago: executing program 0 (id=2219): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0e00000004000000040000000a"], 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[], 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94) socket$kcm(0x10, 0x2, 0x0) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$kcm(0xa, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.events\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000000)=r2, 0x4) sendmsg$kcm(r1, &(0x7f00000002c0)={&(0x7f0000000100)=@in6={0xa, 0x4e23, 0x0, @loopback={0xffffff7f00000000}}, 0x80, 0x0}, 0x0) 2.336584224s ago: executing program 0 (id=2221): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) socketpair$unix(0x1, 0x5, 0x0, 0x0) close(0xffffffffffffffff) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x9a) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002400)={&(0x7f0000000340)=ANY=[], 0x0, 0x56}, 0x28) close(0xffffffffffffffff) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) gettid() sendmsg$unix(0xffffffffffffffff, 0x0, 0x10090) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r2 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r2, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}, @ip_retopts={{0x28, 0x0, 0x7, {[@noop, @timestamp_addr={0x44, 0x14, 0x7, 0x1, 0x7, [{@rand_addr=0x64010101}, {@dev={0xac, 0x14, 0x14, 0x1d}, 0x5}]}]}}}], 0x48}, 0x200040c4) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x61, 0x0, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x1aa) r3 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = perf_event_open$cgroup(&(0x7f00000004c0)={0x2, 0x80, 0x3, 0x4, 0x7, 0x6, 0x0, 0xffff, 0x82cf0, 0xa, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5d, 0x4, @perf_config_ext={0x3, 0xd41}, 0x4000, 0x10001, 0x3, 0x4, 0xd5f4, 0xaf, 0x9, 0x0, 0x80000001, 0x0, 0x10}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xa) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f00000001c0)=0x7) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000002940)="2000000020008107090f9becdb4cb96b0200000000fbff010000000000000000", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x69, 0xfa, &(0x7f0000000100)="b86724844027b059319b679e8663b13f55fb0afa7a2463d243c1a72a49fd80dc8e66cb8e05b0c9012322d9d8ffaf7e52a191c817c8d3226fa0836ffe2640f34c7ab5bf6c621cbbe9fefbd0f41bc439db402de3445b427a1379709aab6e80781a02cbe3d43ddc437e14", &(0x7f0000000240)=""/250, 0x4, 0x0, 0x17, 0xf2, &(0x7f0000000180)="435574cbee885b874d7d872cfd94b7c4301120e7f617ce", &(0x7f0000000340)="603c1ea561ad7289b4557b889a897551508519b8b31d0426aac209c0b094f51ff54d2154b9d37c837c20f7c1ca4ca33850bf83adcfb97fe64a4e266a40d4a4612405a99be17b18092af5de6a9d8d29d7e1ed32e6d5c5a563c1c0c26928a4edc6cfe96a04703fcc40737dbbf3ca01f4454dce9b4941ce487acbc83cb5632943b2ff60453a8ce462bd89e3f285dabf3ce19affac20ff190d4462d2c0be99deeabf4b5e50388ea27c095c8b8d4908d6937d655825734872094e76bab0a8613abbab82c3d2ab2b0be4c093cc1580ffa5c82172d4e61843abb0763ae0b8829444a55beb28b6cb76ce4823d1816f6f7dec51406583", 0x5, 0x0, 0x2}, 0x50) 2.137422808s ago: executing program 2 (id=2223): r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x24, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYRES16=0x0, @ANYRESHEX=r2, @ANYRESHEX=r1, @ANYBLOB="34ccd3ccac36fd8eaa66ef1f9c5041deb7ffa00b773f2d84fb90234235e62a319db9214fabfcde886fa5c5c0a795169b4527be5d02858baf981fc3f95d595ed8466bbc822e05a4b15c05e5d0b6ca3b"], 0xffdd) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x104046, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x0, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1b576, 0x7, 0x9, 0x5e, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100844, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000180)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000100), 0x12) r6 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r6, 0x84, 0x84, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580), 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRESHEX=r4, @ANYBLOB="0000000000000000b705000000000000850000006d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.687216497s ago: executing program 2 (id=2224): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, 0x0}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r3, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xcf, &(0x7f00000001c0)=[{}], 0x8, 0x10, &(0x7f0000000200), &(0x7f0000000280), 0x8, 0x9d, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000004c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x10001, '\x00', r4, r5, 0x3, 0x1}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r6, 0x0, 0x0}, 0x10) 1.686264177s ago: executing program 0 (id=2231): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000100)}, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0x3, &(0x7f0000000600)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x12, 0x5, 0x9fd, 0x81, 0x2852, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000000}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x9, 0x4, 0x8, 0xc, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1, 0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5) socket$kcm(0x2, 0x2, 0x73) 1.685942047s ago: executing program 1 (id=2225): perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x7, 0x10400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x2000000000000}, 0x200, 0x0, 0x400, 0x0, 0x0, 0x20000, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x21, 0x2, 0xa) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1, 0xf, &(0x7f0000000140)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x16, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x88f}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x28, 0x0, &(0x7f00000000c0)="e30080670000ec67838717bd86dd", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000900)=r1, 0x4) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000280)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x4e24, 0x4, @dev, 0xf9}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0xffffffffffffff5c}, 0xfc00) 1.54901936s ago: executing program 1 (id=2226): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) 1.51127256s ago: executing program 2 (id=2227): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, @perf_config_ext, 0x0, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x90430, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2e, 0x80008, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0xf}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89a2, &(0x7f0000000080)) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080) recvmsg$kcm(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="09000000060100000080000001"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r6, &(0x7f00000004c0), 0x0}, 0x20) 1.332903474s ago: executing program 1 (id=2228): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x10, 0x7, 0x0) write$cgroup_subtree(r1, &(0x7f0000001ec0)=ANY=[@ANYBLOB="004000003a00913a74067388481f9c0e0a"], 0xfe33) close(0x3) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="d80000001800810804000000db44b904021d080010000000e8fe55a10a", 0x1d}], 0x1, 0x0, 0x0, 0x6000}, 0x6000800) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x5, 0x0, 0x1, 0x1, {0xa, 0x4e23, 0x101, @remote, 0x5}}}, 0x80, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r2, 0x0, 0x33fe0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x5}, 0x100904, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(r3, 0x6, 0x1e, 0x0, 0xb00) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x26e1, 0x0) r5 = perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x1) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0x10, 0x2, 0x10) r7 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r8 = bpf$ITER_CREATE(0x21, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="018000e790d33200"/20, @ANYRES32, @ANYRES32, @ANYBLOB="01000000000000000500"/21, @ANYRES32=r8, @ANYBLOB], 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2000) write$cgroup_subtree(r10, &(0x7f0000000300)=ANY=[], 0xfdef) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)=ANY=[@ANYRES32, @ANYRES32=r8, @ANYBLOB="330000004020000300000000", @ANYRES32=r10, @ANYBLOB, @ANYRES64=0x0], 0x20) 1.331976454s ago: executing program 0 (id=2229): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) close(0xffffffffffffffff) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x9a) r2 = socket$kcm(0x10, 0x2, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002400)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a0300"/79], 0x0, 0x56}, 0x28) sendmsg$inet(r2, 0x0, 0x0) gettid() sendmsg$unix(0xffffffffffffffff, 0x0, 0x10090) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r3 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r3, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}, @ip_retopts={{0x28, 0x0, 0x7, {[@noop, @timestamp_addr={0x44, 0x14, 0x7, 0x1, 0x7, [{@rand_addr=0x64010101}, {@dev={0xac, 0x14, 0x14, 0x1d}, 0x5}]}]}}}], 0x48}, 0x200040c4) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x61, 0x0, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x1aa) r4 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r5 = perf_event_open$cgroup(&(0x7f00000004c0)={0x2, 0x80, 0x3, 0x4, 0x7, 0x6, 0x0, 0xffff, 0x82cf0, 0xa, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5d, 0x4, @perf_config_ext={0x3, 0xd41}, 0x4000, 0x10001, 0x3, 0x4, 0xd5f4, 0xaf, 0x9, 0x0, 0x80000001, 0x0, 0x10}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0xa) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40082404, &(0x7f00000001c0)=0x7) sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000002940)="2000000020008107090f9becdb4cb96b0200000000fbff010000000000000000", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x4) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) 908.197312ms ago: executing program 0 (id=2230): bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0x10, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100"], 0x48) r0 = socket$kcm(0x29, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911040000000000000003c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x16}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62458c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f00000025c0)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e401", 0xbe8}, {&(0x7f00000006c0)="97b13f5cf9f584c87e0e637d2ff483a311bb412cb3b03c3d9e97e435f2fceb58ff0402ed7b96244b43386c222917662028d7a01206a1990722ccef1d8f39f7c8ae242e58359217b1c6161ea741445cf16b0c48eb18a6c72174dfb7cd1bd0f409dad5a432bed4afb470da3656dd30d70769e229dc91037321d618e1eff4a176ea46d5cd4d5da97f80356e46d9e8166bf2d97210b631654ece218a2a204a1786ab5a60a881a7a294cd2f92438350e6e3ec4439ebe06133ff65b1e32b809ba0482783b563ec8e5778285da5211e5821135433053a792131", 0xd6}, {&(0x7f00000007c0)="75c37714a0bada8343bceb64ccb6d95a2a37b020e0bf1f6a1de4584223a2f285aaca30a9554cd5cdc1659cb9fec462cc5c2220a7cd891ec3bad99fe3c06e15a109ec0fdb6aeeee5ef8e4bfc28e17984a3860b907d549492d47a447782b7357ea72f4b2c26512a6a33c0247b730a6182ea5a99aee25fcee07f9cb0a80595cd5f744fa6898fdffda5b34b19474b8e853467329e4aea36cfd0e00735d37beb0f895c5688259a8935194eefd3a96d55707133a08f03e14da563160a545396b93341f41c161c93687e28a", 0xc8}], 0x6, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8800, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) recvmsg$unix(r3, &(0x7f0000001140)={0x0, 0x2, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x300}, 0x40000100) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00'}, 0x10) close(0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="ee79b2fcc91c41a600e27f000001b82900000012000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x21, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$tipc(r7, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) recvmsg(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000280)=""/238, 0xee}], 0x1}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x8001, '\x00', 0x0, r6, 0x4, 0x4, 0x3}, 0x50) 697.204406ms ago: executing program 2 (id=2232): r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x23, &(0x7f0000000040), 0xcf) close(r0) 362.185652ms ago: executing program 1 (id=2233): r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x24, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYRES16=0x0, @ANYRESHEX=r2, @ANYRESHEX=r1, @ANYBLOB="34ccd3ccac36fd8eaa66ef1f9c5041deb7ffa00b773f2d84fb90234235e62a319db9214fabfcde886fa5c5c0a795169b4527be5d02858baf981fc3f95d595ed8466bbc822e05a4b15c05e5d0b6ca3b"], 0xffdd) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x104046, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"}) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x0, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1b576, 0x7, 0x9, 0x5e, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100844, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000180)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000100), 0x12) r6 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r6, 0x84, 0x84, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580), 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRESHEX=r4, @ANYBLOB="0000000000000000b705000000000000850000006d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007c5e0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 361.932962ms ago: executing program 2 (id=2234): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0e00000004000000040000000a"], 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[], 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180200"/13], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94) socket$kcm(0x10, 0x2, 0x0) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$kcm(0xa, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.events\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000000)=r2, 0x4) sendmsg$kcm(r1, &(0x7f00000002c0)={&(0x7f0000000100)=@in6={0xa, 0x4e23, 0x0, @loopback={0xffffff7f00000000}}, 0x80, 0x0}, 0x0) 262.165704ms ago: executing program 2 (id=2235): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180), 0x4) sendmsg$inet(r1, 0x0, 0x20000000) close(0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x2340, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8943, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8cffffffffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (fail_nth: 6) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x2000002, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 91.126148ms ago: executing program 1 (id=2236): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1}, 0x0) 0s ago: executing program 1 (id=2237): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180), 0x4) sendmsg$unix(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)="5f217a67a9dd7f94166589a6da67a2c76a17f4e979e6133c8266202b83a875162f3483d2fe73573346b83f86e1b946", 0x2f}, {&(0x7f0000000280)="bca5d1b92f005ff8f66499433b6579c700de462c0ef2b4849c6af925b64f596edcf3", 0x22}], 0x2, 0x0, 0x0, 0x4}, 0x4008840) sendmsg$inet(r1, 0x0, 0x20000000) close(0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x2340, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8943, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8cffffffffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x2000002, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) kernel console output (not intermixed with test programs): ngine/Google Compute Engine, BIOS Google 07/12/2025 [ 192.525814][ T8341] Call Trace: [ 192.529106][ T8341] [ 192.532080][ T8341] dump_stack_lvl+0x16c/0x230 [ 192.536772][ T8341] ? show_regs_print_info+0x20/0x20 [ 192.542002][ T8341] ? load_image+0x3b0/0x3b0 [ 192.546518][ T8341] ? __lock_acquire+0x7c80/0x7c80 [ 192.551646][ T8341] ? snprintf+0xdb/0x120 [ 192.555904][ T8341] should_fail_ex+0x39d/0x4d0 [ 192.560621][ T8341] _copy_to_user+0x2f/0xa0 [ 192.565157][ T8341] simple_read_from_buffer+0xe7/0x150 [ 192.570582][ T8341] proc_fail_nth_read+0x1e3/0x250 [ 192.575623][ T8341] ? proc_fault_inject_write+0x340/0x340 [ 192.581356][ T8341] ? fsnotify_perm+0x271/0x5e0 [ 192.586145][ T8341] ? proc_fault_inject_write+0x340/0x340 [ 192.591793][ T8341] vfs_read+0x27e/0x920 [ 192.596005][ T8341] ? kernel_read+0x1e0/0x1e0 [ 192.600609][ T8341] ? __fget_files+0x28/0x4d0 [ 192.605210][ T8341] ? __fget_files+0x44a/0x4d0 [ 192.609988][ T8341] ? __fdget_pos+0x2a3/0x330 [ 192.614685][ T8341] ? ksys_read+0x75/0x250 [ 192.619057][ T8341] ksys_read+0x147/0x250 [ 192.623348][ T8341] ? vfs_write+0x940/0x940 [ 192.627870][ T8341] ? lockdep_hardirqs_on+0x98/0x150 [ 192.633095][ T8341] do_syscall_64+0x55/0xb0 [ 192.637606][ T8341] ? clear_bhb_loop+0x40/0x90 [ 192.642298][ T8341] ? clear_bhb_loop+0x40/0x90 [ 192.647068][ T8341] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 192.652975][ T8341] RIP: 0033:0x7fb7adb8d5fc [ 192.657398][ T8341] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 192.677276][ T8341] RSP: 002b:00007fb7ae9b8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 192.685706][ T8341] RAX: ffffffffffffffda RBX: 00007fb7addc5fa0 RCX: 00007fb7adb8d5fc [ 192.693683][ T8341] RDX: 000000000000000f RSI: 00007fb7ae9b80a0 RDI: 0000000000000004 [ 192.701845][ T8341] RBP: 00007fb7ae9b8090 R08: 0000000000000000 R09: 0000000000000000 [ 192.709818][ T8341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.717979][ T8341] R13: 00007fb7addc6038 R14: 00007fb7addc5fa0 R15: 00007ffc40e0bfc8 [ 192.725975][ T8341] [ 192.803256][ T8346] netlink: 60 bytes leftover after parsing attributes in process `syz.3.860'. [ 192.813317][ T8346] netlink: 60 bytes leftover after parsing attributes in process `syz.3.860'. [ 192.824883][ T8343] netlink: 60 bytes leftover after parsing attributes in process `syz.3.860'. [ 192.841626][ T8346] netlink: 60 bytes leftover after parsing attributes in process `syz.3.860'. [ 193.188263][ T8359] netlink: 60 bytes leftover after parsing attributes in process `syz.0.865'. [ 193.207362][ T8359] netlink: 60 bytes leftover after parsing attributes in process `syz.0.865'. [ 193.226797][ T8356] netlink: 60 bytes leftover after parsing attributes in process `syz.0.865'. [ 193.239043][ T8359] netlink: 60 bytes leftover after parsing attributes in process `syz.0.865'. [ 194.342643][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.349423][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.603642][ T8418] validate_nla: 5 callbacks suppressed [ 195.603660][ T8418] netlink: 'syz.1.889': attribute type 4 has an invalid length. [ 195.803401][ T8423] netlink: 'syz.3.891': attribute type 4 has an invalid length. [ 195.848947][ T8423] .`: renamed from bond0 (while UP) [ 196.400234][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 196.406425][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 196.415921][ T5795] Bluetooth: hci2: command 0x0406 tx timeout [ 196.422612][ T5793] Bluetooth: hci0: command 0x0406 tx timeout [ 197.016475][ T8460] netlink: 'syz.3.906': attribute type 4 has an invalid length. [ 197.051012][ T8460] __nla_validate_parse: 4 callbacks suppressed [ 197.051031][ T8460] netlink: 152 bytes leftover after parsing attributes in process `syz.3.906'. [ 197.219158][ T8465] netlink: 'syz.2.908': attribute type 4 has an invalid length. [ 197.251606][ T8465] netlink: 152 bytes leftover after parsing attributes in process `syz.2.908'. [ 197.290714][ T8465] .`: renamed from bond0 (while UP) [ 197.364784][ T8470] netlink: 'syz.3.910': attribute type 4 has an invalid length. [ 197.373432][ T8470] netlink: 152 bytes leftover after parsing attributes in process `syz.3.910'. [ 198.316643][ T8475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.912'. [ 198.352117][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 198.723970][ T8491] netlink: 'syz.1.918': attribute type 4 has an invalid length. [ 198.783698][ T8491] netlink: 152 bytes leftover after parsing attributes in process `syz.1.918'. [ 198.939229][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.919'. [ 199.000392][ T8499] netlink: 'syz.1.921': attribute type 4 has an invalid length. [ 199.008400][ T8499] netlink: 152 bytes leftover after parsing attributes in process `syz.1.921'. [ 199.430047][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.2.924'. [ 199.750377][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 201.141247][ T8520] netlink: 'syz.0.929': attribute type 4 has an invalid length. [ 201.195282][ T8520] netlink: 152 bytes leftover after parsing attributes in process `syz.0.929'. [ 201.209649][ T8522] netlink: 'syz.3.930': attribute type 33 has an invalid length. [ 201.407370][ T8531] netlink: 'syz.0.933': attribute type 4 has an invalid length. [ 201.417526][ T8531] netlink: 152 bytes leftover after parsing attributes in process `syz.0.933'. [ 201.984933][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 202.130861][ T8548] netlink: 'syz.2.941': attribute type 4 has an invalid length. [ 202.145899][ T8548] __nla_validate_parse: 6 callbacks suppressed [ 202.145915][ T8548] netlink: 152 bytes leftover after parsing attributes in process `syz.2.941'. [ 202.535760][ T8556] netlink: 'syz.2.944': attribute type 21 has an invalid length. [ 202.919464][ T8556] netlink: 'syz.2.944': attribute type 1 has an invalid length. [ 203.526307][ T8563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.946'. [ 203.686397][ T8571] pimreg: tun_chr_ioctl cmd 1074025677 [ 203.694354][ T8571] pimreg: linktype set to 780 [ 203.730529][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 204.217835][ T8584] netlink: 'syz.3.956': attribute type 29 has an invalid length. [ 204.247746][ T8584] netlink: 'syz.3.956': attribute type 29 has an invalid length. [ 204.260998][ T8584] netlink: 'syz.3.956': attribute type 29 has an invalid length. [ 204.269688][ T8584] netlink: 'syz.3.956': attribute type 29 has an invalid length. [ 204.581528][ T8598] netlink: 14 bytes leftover after parsing attributes in process `syz.1.960'. [ 204.689677][ T8598] hsr_slave_0: left promiscuous mode [ 204.703483][ T8598] hsr_slave_1: left promiscuous mode [ 204.814377][ T8596] netlink: 4 bytes leftover after parsing attributes in process `syz.3.959'. [ 205.350689][ T8609] netlink: 152 bytes leftover after parsing attributes in process `syz.2.965'. [ 205.619918][ T8619] syz.2.970[8619] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 205.620452][ T8619] syz.2.970[8619] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 205.738125][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 205.758662][ T8621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.971'. [ 206.364991][ T8641] validate_nla: 2 callbacks suppressed [ 206.365011][ T8641] netlink: 'syz.1.978': attribute type 4 has an invalid length. [ 206.379016][ T8641] netlink: 152 bytes leftover after parsing attributes in process `syz.1.978'. [ 206.596363][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 206.682043][ T8650] netlink: 4 bytes leftover after parsing attributes in process `syz.0.982'. [ 207.076639][ T8658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.986'. [ 207.169484][ T8662] netlink: 'syz.2.987': attribute type 4 has an invalid length. [ 207.178461][ T8662] netlink: 152 bytes leftover after parsing attributes in process `syz.2.987'. [ 207.413124][ T8668] syz.3.990[8668] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.413405][ T8668] syz.3.990[8668] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 207.611383][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 207.645209][ T8671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.992'. [ 207.743336][ T8679] netlink: 'syz.2.994': attribute type 21 has an invalid length. [ 208.126211][ T8690] netlink: 'syz.1.997': attribute type 4 has an invalid length. [ 208.134070][ T8690] netlink: 152 bytes leftover after parsing attributes in process `syz.1.997'. [ 208.210694][ T8692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.998'. [ 208.647963][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 209.000634][ T8712] netlink: 'syz.0.1006': attribute type 4 has an invalid length. [ 209.016092][ T8712] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1006'. [ 209.035412][ T8708] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1004'. [ 209.345969][ T8720] syz.1.1009[8720] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.347325][ T8720] syz.1.1009[8720] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.481761][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1008'. [ 209.602745][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 209.631382][ T8727] netlink: 'syz.0.1011': attribute type 21 has an invalid length. [ 209.875929][ T8733] wg2: left promiscuous mode [ 209.881320][ T8733] wg2: left allmulticast mode [ 209.901215][ T8733] wg2: entered promiscuous mode [ 209.907029][ T8733] wg2: entered allmulticast mode [ 210.059782][ T8741] netlink: 'syz.2.1015': attribute type 4 has an invalid length. [ 210.068857][ T8741] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1015'. [ 210.574309][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 210.579605][ T8755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1021'. [ 210.951628][ T8765] netlink: 'syz.3.1025': attribute type 4 has an invalid length. [ 210.959988][ T8765] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1025'. [ 211.153397][ T8771] netlink: 'syz.2.1027': attribute type 21 has an invalid length. [ 211.165765][ T8771] netlink: 'syz.2.1027': attribute type 39 has an invalid length. [ 211.670409][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 212.003445][ T8791] validate_nla: 1 callbacks suppressed [ 212.003459][ T8791] netlink: 'syz.2.1034': attribute type 4 has an invalid length. [ 212.237786][ T8798] netlink: 'syz.3.1037': attribute type 21 has an invalid length. [ 212.249612][ T8798] netlink: 'syz.3.1037': attribute type 39 has an invalid length. [ 212.581760][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 212.812952][ T8813] netlink: 'syz.3.1044': attribute type 4 has an invalid length. [ 212.829158][ T8813] __nla_validate_parse: 1 callbacks suppressed [ 212.829173][ T8813] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1044'. [ 213.004016][ T8819] netlink: 'syz.2.1045': attribute type 21 has an invalid length. [ 213.018924][ T8820] netlink: 'syz.0.1047': attribute type 21 has an invalid length. [ 213.064807][ T8820] netlink: 'syz.0.1047': attribute type 39 has an invalid length. [ 213.468490][ T5104] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 213.527620][ T8836] netlink: 'syz.1.1052': attribute type 8 has an invalid length. [ 213.538077][ T8837] netlink: 'syz.1.1052': attribute type 8 has an invalid length. [ 213.542961][ T8836] netlink: 161460 bytes leftover after parsing attributes in process `syz.1.1052'. [ 213.565815][ T8837] netlink: 161460 bytes leftover after parsing attributes in process `syz.1.1052'. [ 213.630022][ T5104] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 213.749928][ T8841] netlink: 'syz.3.1054': attribute type 4 has an invalid length. [ 213.757065][ T5104] Bluetooth: hci1: command 0x0406 tx timeout [ 213.771926][ T8841] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1054'. [ 214.243933][ T5788] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 214.343178][ T5788] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 214.398439][ T8861] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1063'. [ 214.791702][ T5788] Bluetooth: hci3: command 0x0406 tx timeout [ 215.382849][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 215.424835][ T8890] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1073'. [ 215.655277][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 215.875754][ T8905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1078'. [ 216.156223][ T8915] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1082'. [ 216.249389][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 216.635446][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 217.472847][ T8952] validate_nla: 13 callbacks suppressed [ 217.472866][ T8952] netlink: 'syz.3.1097': attribute type 21 has an invalid length. [ 217.502791][ T8952] netlink: 'syz.3.1097': attribute type 39 has an invalid length. [ 217.541851][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 217.808612][ T8959] netlink: 'syz.0.1100': attribute type 21 has an invalid length. [ 218.331599][ T8956] netlink: 'syz.3.1099': attribute type 3 has an invalid length. [ 218.351421][ T8956] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1099'. [ 218.404945][ T8971] netlink: 'syz.2.1103': attribute type 3 has an invalid length. [ 218.413182][ T8971] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1103'. [ 218.675877][ T8979] netlink: 'syz.2.1107': attribute type 21 has an invalid length. [ 218.733230][ T8979] netlink: 'syz.2.1107': attribute type 39 has an invalid length. [ 218.770496][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 218.992473][ T8991] netlink: 'syz.3.1112': attribute type 10 has an invalid length. [ 219.153406][ T8991] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 219.176944][ T8991] team0: Port device wlan1 added [ 219.210950][ T8990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.375527][ T8991] syz.3.1112 (8991) used greatest stack depth: 19944 bytes left [ 219.490774][ T9001] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1115'. [ 219.980922][ T9005] netlink: 'syz.0.1116': attribute type 21 has an invalid length. [ 220.499107][ T5788] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 221.498159][ T9024] netlink: 'syz.3.1119': attribute type 39 has an invalid length. [ 221.750602][ T5788] Bluetooth: hci0: command 0x0406 tx timeout [ 221.837683][ T9031] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1124'. [ 222.207162][ T9044] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1127'. [ 222.278986][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 223.087940][ T9057] validate_nla: 2 callbacks suppressed [ 223.087960][ T9057] netlink: 'syz.0.1133': attribute type 3 has an invalid length. [ 223.118582][ T9057] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1133'. [ 223.315089][ T9061] netlink: 'syz.0.1135': attribute type 29 has an invalid length. [ 223.342953][ T9061] netlink: 'syz.0.1135': attribute type 29 has an invalid length. [ 223.442499][ T9064] netlink: 'syz.2.1142': attribute type 21 has an invalid length. [ 223.481106][ T9065] netlink: 'syz.0.1135': attribute type 29 has an invalid length. [ 223.530326][ T9064] netlink: 'syz.2.1142': attribute type 39 has an invalid length. [ 223.586583][ T9061] netlink: 'syz.0.1135': attribute type 29 has an invalid length. [ 223.664425][ T9066] netlink: 'syz.0.1135': attribute type 29 has an invalid length. [ 224.062114][ T9072] netlink: 'syz.2.1138': attribute type 4 has an invalid length. [ 224.092052][ T9072] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1138'. [ 224.838767][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 225.038162][ T9088] netlink: 'syz.0.1145': attribute type 21 has an invalid length. [ 225.823861][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 226.172041][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 227.920698][ T9143] FAULT_INJECTION: forcing a failure. [ 227.920698][ T9143] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.947121][ T9143] CPU: 0 PID: 9143 Comm: syz.1.1171 Not tainted syzkaller #0 [ 227.954563][ T9143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 227.964658][ T9143] Call Trace: [ 227.967966][ T9143] [ 227.970919][ T9143] dump_stack_lvl+0x16c/0x230 [ 227.975639][ T9143] ? show_regs_print_info+0x20/0x20 [ 227.980870][ T9143] ? load_image+0x3b0/0x3b0 [ 227.985408][ T9143] ? __might_fault+0xaa/0x120 [ 227.990110][ T9143] ? __lock_acquire+0x7c80/0x7c80 [ 227.995173][ T9143] should_fail_ex+0x39d/0x4d0 [ 227.999897][ T9143] _copy_from_user+0x2f/0xe0 [ 228.004623][ T9143] ___sys_sendmsg+0x159/0x290 [ 228.009357][ T9143] ? __sys_sendmsg+0x270/0x270 [ 228.014282][ T9143] ? __lock_acquire+0x7c80/0x7c80 [ 228.019396][ T9143] __se_sys_sendmsg+0x1a5/0x270 [ 228.024324][ T9143] ? __x64_sys_sendmsg+0x80/0x80 [ 228.029342][ T9143] ? lockdep_hardirqs_on+0x98/0x150 [ 228.034633][ T9143] do_syscall_64+0x55/0xb0 [ 228.039097][ T9143] ? clear_bhb_loop+0x40/0x90 [ 228.043902][ T9143] ? clear_bhb_loop+0x40/0x90 [ 228.048710][ T9143] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 228.054650][ T9143] RIP: 0033:0x7f694358ebe9 [ 228.059125][ T9143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.078874][ T9143] RSP: 002b:00007f69444d3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 228.087442][ T9143] RAX: ffffffffffffffda RBX: 00007f69437c5fa0 RCX: 00007f694358ebe9 [ 228.095467][ T9143] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 228.103481][ T9143] RBP: 00007f69444d3090 R08: 0000000000000000 R09: 0000000000000000 [ 228.112013][ T9143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.120107][ T9143] R13: 00007f69437c6038 R14: 00007f69437c5fa0 R15: 00007ffc56e44998 [ 228.128157][ T9143] [ 228.372627][ T9146] validate_nla: 3 callbacks suppressed [ 228.372639][ T9146] netlink: 'syz.1.1164': attribute type 4 has an invalid length. [ 228.386692][ T9146] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1164'. [ 228.596519][ T9151] netlink: 'syz.2.1167': attribute type 21 has an invalid length. [ 228.614267][ T9151] netlink: 'syz.2.1167': attribute type 39 has an invalid length. [ 228.728397][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 230.096004][ T9178] netlink: 'syz.1.1174': attribute type 4 has an invalid length. [ 230.130117][ T9178] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1174'. [ 230.395011][ T9184] netlink: 'syz.0.1185': attribute type 4 has an invalid length. [ 230.404477][ T9184] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1185'. [ 230.479188][ T9190] netlink: 'syz.2.1179': attribute type 29 has an invalid length. [ 230.490032][ T9190] netlink: 'syz.2.1179': attribute type 29 has an invalid length. [ 230.503860][ T9190] netlink: 'syz.2.1179': attribute type 29 has an invalid length. [ 230.514409][ T9190] netlink: 'syz.2.1179': attribute type 29 has an invalid length. [ 230.524285][ T9190] netlink: 'syz.2.1179': attribute type 29 has an invalid length. [ 230.611389][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 231.181699][ T9205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1183'. [ 231.585701][ T9218] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1189'. [ 231.675057][ T9221] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1190'. [ 231.943660][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 232.611271][ T9243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1198'. [ 232.729198][ T9246] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.1199'. [ 232.819935][ T9248] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1200'. [ 232.964042][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 233.713432][ T9274] validate_nla: 6 callbacks suppressed [ 233.713449][ T9274] netlink: 'syz.2.1212': attribute type 4 has an invalid length. [ 233.736942][ T9274] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1212'. [ 234.049592][ T9282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1210'. [ 234.102192][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 234.232109][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 234.330672][ T9291] netlink: 'syz.0.1217': attribute type 21 has an invalid length. [ 234.498412][ T9298] can: request_module (can-proto-0) failed. [ 234.638088][ T9306] netlink: 'syz.2.1221': attribute type 4 has an invalid length. [ 234.733893][ T9311] FAULT_INJECTION: forcing a failure. [ 234.733893][ T9311] name failslab, interval 1, probability 0, space 0, times 0 [ 234.746954][ T9311] CPU: 0 PID: 9311 Comm: syz.2.1223 Not tainted syzkaller #0 [ 234.754404][ T9311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 234.764546][ T9311] Call Trace: [ 234.767891][ T9311] [ 234.770887][ T9311] dump_stack_lvl+0x16c/0x230 [ 234.775661][ T9311] ? show_regs_print_info+0x20/0x20 [ 234.781336][ T9311] ? load_image+0x3b0/0x3b0 [ 234.785930][ T9311] ? __might_sleep+0xe0/0xe0 [ 234.791031][ T9311] ? __lock_acquire+0x7c80/0x7c80 [ 234.796147][ T9311] should_fail_ex+0x39d/0x4d0 [ 234.800925][ T9311] should_failslab+0x9/0x20 [ 234.805513][ T9311] slab_pre_alloc_hook+0x59/0x310 [ 234.810639][ T9311] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 234.816451][ T9311] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 234.822257][ T9311] __kmem_cache_alloc_node+0x53/0x260 [ 234.827729][ T9311] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 234.833534][ T9311] __kmalloc+0xa4/0x240 [ 234.837787][ T9311] tomoyo_realpath_from_path+0xe3/0x5d0 [ 234.843478][ T9311] tomoyo_path_number_perm+0x1ea/0x590 [ 234.849103][ T9311] ? tomoyo_path_number_perm+0x1ba/0x590 [ 234.854823][ T9311] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 234.860372][ T9311] ? ksys_write+0x1c1/0x250 [ 234.865104][ T9311] ? __fget_files+0x28/0x4d0 [ 234.869823][ T9311] security_file_ioctl+0x70/0xa0 [ 234.874862][ T9311] __se_sys_ioctl+0x48/0x170 [ 234.879547][ T9311] do_syscall_64+0x55/0xb0 [ 234.884207][ T9311] ? clear_bhb_loop+0x40/0x90 [ 234.888949][ T9311] ? clear_bhb_loop+0x40/0x90 [ 234.893713][ T9311] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 234.899705][ T9311] RIP: 0033:0x7f3b3398ebe9 [ 234.904376][ T9311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.924068][ T9311] RSP: 002b:00007f3b347b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 234.932579][ T9311] RAX: ffffffffffffffda RBX: 00007f3b33bc5fa0 RCX: 00007f3b3398ebe9 [ 234.940639][ T9311] RDX: 0000200000000180 RSI: 000000004010744d RDI: 0000000000000005 [ 234.948767][ T9311] RBP: 00007f3b347b0090 R08: 0000000000000000 R09: 0000000000000000 [ 234.956808][ T9311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.965029][ T9311] R13: 00007f3b33bc6038 R14: 00007f3b33bc5fa0 R15: 00007ffe08eae0b8 [ 234.973244][ T9311] [ 234.982091][ T9311] ERROR: Out of memory at tomoyo_realpath_from_path. [ 235.277070][ T9323] __nla_validate_parse: 1 callbacks suppressed [ 235.277089][ T9323] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1227'. [ 235.423245][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 235.538292][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 235.677428][ T9334] netlink: 'syz.1.1231': attribute type 4 has an invalid length. [ 235.695386][ T9334] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1231'. [ 235.809800][ T9340] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1233'. [ 236.026669][ T9343] netlink: 'syz.1.1234': attribute type 21 has an invalid length. [ 236.896714][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 236.973639][ T9359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1238'. [ 237.034161][ T9363] netlink: 'syz.1.1241': attribute type 21 has an invalid length. [ 237.057302][ T9363] netlink: 'syz.1.1241': attribute type 6 has an invalid length. [ 237.066170][ T9363] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1241'. [ 237.381422][ T9371] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1243'. [ 237.415977][ T9376] netlink: 'syz.0.1246': attribute type 10 has an invalid length. [ 237.759548][ T9389] netlink: 'syz.0.1249': attribute type 21 has an invalid length. [ 237.865672][ T9395] netlink: 'syz.2.1251': attribute type 3 has an invalid length. [ 237.875675][ T9395] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1251'. [ 238.257005][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 238.466513][ T9404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1255'. [ 238.960377][ T9416] netlink: 'syz.1.1259': attribute type 21 has an invalid length. [ 239.218298][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 239.357111][ T9428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1264'. [ 239.526710][ T9431] netlink: 'syz.0.1265': attribute type 21 has an invalid length. [ 239.888122][ T9441] netlink: 'syz.2.1268': attribute type 3 has an invalid length. [ 239.897143][ T9441] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1268'. [ 240.261860][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 240.719177][ T9456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1274'. [ 241.063263][ T9452] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1273'. [ 241.279729][ T9461] netlink: 'syz.2.1276': attribute type 21 has an invalid length. [ 241.297114][ T9461] netlink: 'syz.2.1276': attribute type 39 has an invalid length. [ 241.465471][ T9465] syzkaller0: entered promiscuous mode [ 241.662971][ T5796] Bluetooth: hci2: command 0x0406 tx timeout [ 242.121953][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 242.144021][ T9479] netlink: 'syz.0.1281': attribute type 21 has an invalid length. [ 242.149233][ T9478] netlink: 123072 bytes leftover after parsing attributes in process `syz.1.1283'. [ 242.193481][ T9481] netlink: 'syz.1.1283': attribute type 29 has an invalid length. [ 242.206704][ T9481] netlink: 'syz.1.1283': attribute type 29 has an invalid length. [ 242.274044][ T9478] netlink: 'syz.1.1283': attribute type 29 has an invalid length. [ 242.311441][ T9478] netlink: 'syz.1.1283': attribute type 29 has an invalid length. [ 242.685433][ T9487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1285'. [ 243.188151][ T9493] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1287'. [ 243.573093][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 243.580565][ T9505] syzkaller0: entered promiscuous mode [ 244.046145][ T9519] validate_nla: 4 callbacks suppressed [ 244.046166][ T9519] netlink: 'syz.3.1297': attribute type 3 has an invalid length. [ 244.081082][ T9519] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.1297'. [ 244.136210][ T9523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1299'. [ 244.179750][ T9525] netlink: 'syz.1.1298': attribute type 21 has an invalid length. [ 244.567443][ T9537] FAULT_INJECTION: forcing a failure. [ 244.567443][ T9537] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.582371][ T9537] CPU: 1 PID: 9537 Comm: syz.0.1302 Not tainted syzkaller #0 [ 244.589929][ T9537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.600031][ T9537] Call Trace: [ 244.603339][ T9537] [ 244.606294][ T9537] dump_stack_lvl+0x16c/0x230 [ 244.611008][ T9537] ? show_regs_print_info+0x20/0x20 [ 244.616228][ T9537] ? load_image+0x3b0/0x3b0 [ 244.620749][ T9537] ? __might_fault+0xaa/0x120 [ 244.625443][ T9537] ? __lock_acquire+0x7c80/0x7c80 [ 244.630500][ T9537] should_fail_ex+0x39d/0x4d0 [ 244.635208][ T9537] _copy_from_user+0x2f/0xe0 [ 244.639820][ T9537] update_filter+0x91/0x480 [ 244.644354][ T9537] ? mutex_lock_nested+0x20/0x20 [ 244.649319][ T9537] ? set_offload+0x1d0/0x1d0 [ 244.653946][ T9537] ? tun_get+0x1c/0x2e0 [ 244.658124][ T9537] ? tun_get+0x1c/0x2e0 [ 244.662406][ T9537] __tun_chr_ioctl+0xdf8/0x1fd0 [ 244.667460][ T9537] ? tun_flow_create+0x310/0x310 [ 244.672450][ T9537] ? bpf_lsm_file_ioctl+0x9/0x10 [ 244.677404][ T9537] ? security_file_ioctl+0x80/0xa0 [ 244.682532][ T9537] ? tun_chr_poll+0x630/0x630 [ 244.687231][ T9537] __se_sys_ioctl+0xfd/0x170 [ 244.691846][ T9537] do_syscall_64+0x55/0xb0 [ 244.696286][ T9537] ? clear_bhb_loop+0x40/0x90 [ 244.700975][ T9537] ? clear_bhb_loop+0x40/0x90 [ 244.705669][ T9537] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 244.711584][ T9537] RIP: 0033:0x7fb7adb8ebe9 [ 244.716149][ T9537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.735780][ T9537] RSP: 002b:00007fb7ae9b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 244.744302][ T9537] RAX: ffffffffffffffda RBX: 00007fb7addc5fa0 RCX: 00007fb7adb8ebe9 [ 244.752414][ T9537] RDX: 00002000000000c0 RSI: 00000000400454d1 RDI: 0000000000000003 [ 244.760406][ T9537] RBP: 00007fb7ae9b8090 R08: 0000000000000000 R09: 0000000000000000 [ 244.768389][ T9537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.776462][ T9537] R13: 00007fb7addc6038 R14: 00007fb7addc5fa0 R15: 00007ffc40e0bfc8 [ 244.784471][ T9537] [ 245.018467][ T9544] netlink: 'syz.3.1305': attribute type 58 has an invalid length. [ 245.041014][ T9544] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1305'. [ 245.338712][ T9553] syzkaller0: entered promiscuous mode [ 245.389884][ T9557] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1308'. [ 246.093209][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1312'. [ 246.131056][ T9565] netlink: 'syz.2.1313': attribute type 3 has an invalid length. [ 246.139233][ T9565] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1313'. [ 246.385581][ T9575] netlink: 'syz.0.1315': attribute type 21 has an invalid length. [ 246.491073][ T9580] netlink: 'syz.1.1318': attribute type 9 has an invalid length. [ 246.499031][ T9580] netlink: 399 bytes leftover after parsing attributes in process `syz.1.1318'. [ 246.677163][ T9585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1320'. [ 246.854254][ T9591] netlink: 'syz.3.1323': attribute type 21 has an invalid length. [ 246.873949][ T9591] netlink: 'syz.3.1323': attribute type 39 has an invalid length. [ 247.046371][ T9598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1326'. [ 247.449890][ T9609] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1330'. [ 247.574487][ T9614] netlink: 'syz.3.1333': attribute type 21 has an invalid length. [ 247.587091][ T9614] netlink: 'syz.3.1333': attribute type 39 has an invalid length. [ 247.687497][ T9616] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1334'. [ 248.051995][ T9628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1338'. [ 248.153685][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 248.377478][ T9632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1340'. [ 248.512346][ T9638] netlink: 209592 bytes leftover after parsing attributes in process `syz.0.1342'. [ 249.865582][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 250.052348][ T9668] validate_nla: 4 callbacks suppressed [ 250.052379][ T9668] netlink: 'syz.0.1352': attribute type 3 has an invalid length. [ 250.168890][ T9672] netlink: 'syz.1.1353': attribute type 21 has an invalid length. [ 250.181212][ T9672] netlink: 'syz.1.1353': attribute type 39 has an invalid length. [ 250.454568][ T9678] netlink: 'syz.2.1355': attribute type 21 has an invalid length. [ 251.471555][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 251.579326][ T9699] netlink: 'syz.2.1362': attribute type 21 has an invalid length. [ 252.176978][ T9699] netlink: 'syz.2.1362': attribute type 39 has an invalid length. [ 253.347260][ T9710] __nla_validate_parse: 4 callbacks suppressed [ 253.347283][ T9710] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1364'. [ 253.401193][ T9719] netlink: 'syz.2.1368': attribute type 3 has an invalid length. [ 253.409274][ T9719] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1368'. [ 253.556103][ T9728] netlink: 'syz.3.1372': attribute type 21 has an invalid length. [ 253.564681][ T9728] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1372'. [ 253.575275][ T9727] netlink: 'syz.0.1370': attribute type 21 has an invalid length. [ 253.739091][ T9738] netlink: 'syz.3.1373': attribute type 21 has an invalid length. [ 254.039493][ T9748] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1378'. [ 254.282028][ T9755] FAULT_INJECTION: forcing a failure. [ 254.282028][ T9755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 254.296295][ T9755] CPU: 1 PID: 9755 Comm: syz.2.1381 Not tainted syzkaller #0 [ 254.303914][ T9755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 254.314279][ T9755] Call Trace: [ 254.317585][ T9755] [ 254.320541][ T9755] dump_stack_lvl+0x16c/0x230 [ 254.325272][ T9755] ? show_regs_print_info+0x20/0x20 [ 254.330607][ T9755] ? load_image+0x3b0/0x3b0 [ 254.335132][ T9755] ? __might_fault+0xaa/0x120 [ 254.339827][ T9755] ? __lock_acquire+0x7c80/0x7c80 [ 254.344957][ T9755] should_fail_ex+0x39d/0x4d0 [ 254.349654][ T9755] _copy_from_user+0x2f/0xe0 [ 254.354259][ T9755] dev_ethtool+0xc5/0x1720 [ 254.358915][ T9755] ? ethtool_get_module_eeprom_call+0x170/0x170 [ 254.365175][ T9755] ? __lock_acquire+0x7c80/0x7c80 [ 254.370211][ T9755] ? __might_fault+0xaa/0x120 [ 254.374891][ T9755] ? full_name_hash+0x92/0xe0 [ 254.379597][ T9755] ? dev_load+0x21/0x1f0 [ 254.383940][ T9755] dev_ioctl+0x4ca/0x1170 [ 254.388282][ T9755] sock_do_ioctl+0x226/0x2f0 [ 254.392918][ T9755] ? sock_show_fdinfo+0xb0/0xb0 [ 254.397835][ T9755] sock_ioctl+0x623/0x7a0 [ 254.402200][ T9755] ? sock_poll+0x3d0/0x3d0 [ 254.406648][ T9755] ? bpf_lsm_file_ioctl+0x9/0x10 [ 254.411594][ T9755] ? security_file_ioctl+0x80/0xa0 [ 254.416820][ T9755] ? sock_poll+0x3d0/0x3d0 [ 254.421255][ T9755] __se_sys_ioctl+0xfd/0x170 [ 254.425879][ T9755] do_syscall_64+0x55/0xb0 [ 254.430395][ T9755] ? clear_bhb_loop+0x40/0x90 [ 254.435077][ T9755] ? clear_bhb_loop+0x40/0x90 [ 254.439761][ T9755] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.445670][ T9755] RIP: 0033:0x7f3b3398ebe9 [ 254.450102][ T9755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.469741][ T9755] RSP: 002b:00007f3b347b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.478168][ T9755] RAX: ffffffffffffffda RBX: 00007f3b33bc5fa0 RCX: 00007f3b3398ebe9 [ 254.486155][ T9755] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 000000000000002e [ 254.494313][ T9755] RBP: 00007f3b347b0090 R08: 0000000000000000 R09: 0000000000000000 [ 254.502331][ T9755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.510330][ T9755] R13: 00007f3b33bc6038 R14: 00007f3b33bc5fa0 R15: 00007ffe08eae0b8 [ 254.518525][ T9755] [ 254.648773][ T5796] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 254.888111][ T9770] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.1388'. [ 255.003514][ T9771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1387'. [ 255.253597][ T9778] validate_nla: 4 callbacks suppressed [ 255.253617][ T9778] netlink: 'syz.2.1391': attribute type 21 has an invalid length. [ 255.272217][ T9778] netlink: 'syz.2.1391': attribute type 39 has an invalid length. [ 255.339929][ T9781] netlink: 'syz.0.1392': attribute type 21 has an invalid length. [ 255.503119][ T5796] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 255.674681][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.689116][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.062800][ T9803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1401'. [ 256.659031][ T5796] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 256.661228][ T9812] netlink: 'syz.1.1403': attribute type 21 has an invalid length. [ 256.680984][ T9812] netlink: 'syz.1.1403': attribute type 39 has an invalid length. [ 256.959681][ T9821] netlink: 'syz.2.1408': attribute type 3 has an invalid length. [ 256.980264][ T9821] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1408'. [ 257.218618][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 257.326112][ T9835] netlink: 'syz.3.1414': attribute type 21 has an invalid length. [ 257.345411][ T9835] netlink: 'syz.3.1414': attribute type 39 has an invalid length. [ 257.466751][ T9839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1416'. [ 257.599853][ T9843] FAULT_INJECTION: forcing a failure. [ 257.599853][ T9843] name failslab, interval 1, probability 0, space 0, times 0 [ 257.615237][ T9843] CPU: 0 PID: 9843 Comm: syz.3.1418 Not tainted syzkaller #0 [ 257.622737][ T9843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 257.632902][ T9843] Call Trace: [ 257.636214][ T9843] [ 257.639169][ T9843] dump_stack_lvl+0x16c/0x230 [ 257.643979][ T9843] ? show_regs_print_info+0x20/0x20 [ 257.649329][ T9843] ? load_image+0x3b0/0x3b0 [ 257.653900][ T9843] ? __local_bh_enable_ip+0x12e/0x1c0 [ 257.659308][ T9843] ? lockdep_hardirqs_on+0x98/0x150 [ 257.664620][ T9843] ? __local_bh_enable_ip+0x12e/0x1c0 [ 257.670121][ T9843] should_fail_ex+0x39d/0x4d0 [ 257.674940][ T9843] should_failslab+0x9/0x20 [ 257.679539][ T9843] slab_pre_alloc_hook+0x59/0x310 [ 257.684657][ T9843] ? sctp_get_port_local+0xe47/0x1610 [ 257.690291][ T9843] ? sctp_add_bind_addr+0x8c/0x360 [ 257.695466][ T9843] __kmem_cache_alloc_node+0x53/0x260 [ 257.700919][ T9843] ? sctp_add_bind_addr+0x8c/0x360 [ 257.706353][ T9843] kmalloc_trace+0x2a/0xe0 [ 257.710847][ T9843] sctp_add_bind_addr+0x8c/0x360 [ 257.715829][ T9843] ? sctp_auto_asconf_init+0x15c/0x1e0 [ 257.721359][ T9843] sctp_do_bind+0x614/0x9a0 [ 257.726055][ T9843] sctp_connect_new_asoc+0x256/0x690 [ 257.731423][ T9843] ? __sctp_connect+0xd20/0xd20 [ 257.736331][ T9843] ? __local_bh_enable_ip+0x12e/0x1c0 [ 257.741776][ T9843] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 257.747974][ T9843] ? security_sctp_bind_connect+0x89/0xb0 [ 257.753761][ T9843] sctp_sendmsg+0x155c/0x27e0 [ 257.758549][ T9843] ? sctp_getsockopt+0xb60/0xb60 [ 257.763563][ T9843] ? aa_sk_perm+0x7fc/0x930 [ 257.768148][ T9843] ? aa_af_perm+0x2b0/0x2b0 [ 257.772725][ T9843] ? sock_rps_record_flow+0x19/0x400 [ 257.778062][ T9843] ? inet_send_prepare+0x260/0x260 [ 257.783226][ T9843] ? inet_sendmsg+0xe9/0x2f0 [ 257.787875][ T9843] ? inet_send_prepare+0x260/0x260 [ 257.793036][ T9843] ____sys_sendmsg+0x5bf/0x950 [ 257.797969][ T9843] ? __asan_memset+0x22/0x40 [ 257.802618][ T9843] ? __sys_sendmsg_sock+0x30/0x30 [ 257.807687][ T9843] ? __import_iovec+0x5f2/0x860 [ 257.812631][ T9843] ? import_iovec+0x73/0xa0 [ 257.817224][ T9843] ___sys_sendmsg+0x220/0x290 [ 257.822054][ T9843] ? __sys_sendmsg+0x270/0x270 [ 257.826974][ T9843] ? __lock_acquire+0x7c80/0x7c80 [ 257.832168][ T9843] __se_sys_sendmsg+0x1a5/0x270 [ 257.837087][ T9843] ? __x64_sys_sendmsg+0x80/0x80 [ 257.842152][ T9843] ? syscall_enter_from_user_mode+0x2e/0x80 [ 257.848120][ T9843] do_syscall_64+0x55/0xb0 [ 257.852594][ T9843] ? clear_bhb_loop+0x40/0x90 [ 257.857324][ T9843] ? clear_bhb_loop+0x40/0x90 [ 257.862058][ T9843] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 257.867998][ T9843] RIP: 0033:0x7fc46458ebe9 [ 257.872468][ T9843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.892214][ T9843] RSP: 002b:00007fc4654fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 257.900946][ T9843] RAX: ffffffffffffffda RBX: 00007fc4647c5fa0 RCX: 00007fc46458ebe9 [ 257.909256][ T9843] RDX: 00000000000000fc RSI: 0000200000000600 RDI: 0000000000000006 [ 257.917296][ T9843] RBP: 00007fc4654fa090 R08: 0000000000000000 R09: 0000000000000000 [ 257.925326][ T9843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.933435][ T9843] R13: 00007fc4647c6038 R14: 00007fc4647c5fa0 R15: 00007fffafd7ee18 [ 257.941525][ T9843] [ 258.223511][ T9855] netlink: 'syz.2.1423': attribute type 21 has an invalid length. [ 258.261036][ T9855] netlink: 'syz.2.1423': attribute type 39 has an invalid length. [ 258.557641][ T9859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1425'. [ 258.938033][ T9866] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1429'. [ 258.994673][ T9870] FAULT_INJECTION: forcing a failure. [ 258.994673][ T9870] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 259.008881][ T9870] CPU: 1 PID: 9870 Comm: syz.2.1430 Not tainted syzkaller #0 [ 259.016304][ T9870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 259.026393][ T9870] Call Trace: [ 259.029689][ T9870] [ 259.032648][ T9870] dump_stack_lvl+0x16c/0x230 [ 259.037444][ T9870] ? show_regs_print_info+0x20/0x20 [ 259.042753][ T9870] ? load_image+0x3b0/0x3b0 [ 259.047286][ T9870] ? __lock_acquire+0x7c80/0x7c80 [ 259.052450][ T9870] ? snprintf+0xdb/0x120 [ 259.056726][ T9870] should_fail_ex+0x39d/0x4d0 [ 259.061454][ T9870] _copy_to_user+0x2f/0xa0 [ 259.065896][ T9870] simple_read_from_buffer+0xe7/0x150 [ 259.071302][ T9870] proc_fail_nth_read+0x1e3/0x250 [ 259.076363][ T9870] ? proc_fault_inject_write+0x340/0x340 [ 259.082029][ T9870] ? fsnotify_perm+0x271/0x5e0 [ 259.086830][ T9870] ? proc_fault_inject_write+0x340/0x340 [ 259.092491][ T9870] vfs_read+0x27e/0x920 [ 259.096774][ T9870] ? kernel_read+0x1e0/0x1e0 [ 259.101542][ T9870] ? __fget_files+0x28/0x4d0 [ 259.106281][ T9870] ? __fget_files+0x44a/0x4d0 [ 259.111017][ T9870] ? __fdget_pos+0x2a3/0x330 [ 259.115660][ T9870] ? ksys_read+0x75/0x250 [ 259.120069][ T9870] ksys_read+0x147/0x250 [ 259.124404][ T9870] ? vfs_write+0x940/0x940 [ 259.128919][ T9870] ? lockdep_hardirqs_on+0x98/0x150 [ 259.134170][ T9870] do_syscall_64+0x55/0xb0 [ 259.138616][ T9870] ? clear_bhb_loop+0x40/0x90 [ 259.143543][ T9870] ? clear_bhb_loop+0x40/0x90 [ 259.148264][ T9870] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 259.154534][ T9870] RIP: 0033:0x7f3b3398d5fc [ 259.159058][ T9870] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 259.178694][ T9870] RSP: 002b:00007f3b347b0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 259.187170][ T9870] RAX: ffffffffffffffda RBX: 00007f3b33bc5fa0 RCX: 00007f3b3398d5fc [ 259.195171][ T9870] RDX: 000000000000000f RSI: 00007f3b347b00a0 RDI: 0000000000000006 [ 259.203268][ T9870] RBP: 00007f3b347b0090 R08: 0000000000000000 R09: 0000000000000000 [ 259.211387][ T9870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.219479][ T9870] R13: 00007f3b33bc6038 R14: 00007f3b33bc5fa0 R15: 00007ffe08eae0b8 [ 259.227675][ T9870] [ 259.751513][ T9886] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1436'. [ 261.796154][ T9920] pimreg: tun_chr_ioctl cmd 1074025677 [ 261.802728][ T9920] pimreg: linktype set to 800 [ 262.281684][ T9928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1449'. [ 262.342830][ T9934] validate_nla: 4 callbacks suppressed [ 262.342847][ T9934] netlink: 'syz.1.1453': attribute type 21 has an invalid length. [ 262.357583][ T9934] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1453'. [ 262.482768][ T9938] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.1456'. [ 262.652814][ T9945] netlink: 'syz.2.1455': attribute type 21 has an invalid length. [ 263.672661][ T9966] netlink: 'syz.1.1464': attribute type 21 has an invalid length. [ 263.691769][ T9966] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1464'. [ 264.026292][ T9977] netlink: 'syz.0.1469': attribute type 10 has an invalid length. [ 264.036418][ T9977] FAULT_INJECTION: forcing a failure. [ 264.036418][ T9977] name failslab, interval 1, probability 0, space 0, times 0 [ 264.080344][ T9977] CPU: 0 PID: 9977 Comm: syz.0.1469 Not tainted syzkaller #0 [ 264.087882][ T9977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 264.097977][ T9977] Call Trace: [ 264.101376][ T9977] [ 264.104325][ T9977] dump_stack_lvl+0x16c/0x230 [ 264.109069][ T9977] ? show_regs_print_info+0x20/0x20 [ 264.114322][ T9977] ? load_image+0x3b0/0x3b0 [ 264.118915][ T9977] should_fail_ex+0x39d/0x4d0 [ 264.123632][ T9977] should_failslab+0x9/0x20 [ 264.128148][ T9977] slab_pre_alloc_hook+0x59/0x310 [ 264.133194][ T9977] kmem_cache_alloc_node+0x60/0x330 [ 264.138424][ T9977] ? __alloc_skb+0x108/0x2c0 [ 264.143036][ T9977] __alloc_skb+0x108/0x2c0 [ 264.147470][ T9977] rtmsg_ifinfo_build_skb+0x8c/0x260 [ 264.152776][ T9977] ? ieee80211_open+0x200/0x200 [ 264.157735][ T9977] rtmsg_ifinfo+0x8c/0x1a0 [ 264.162169][ T9977] __dev_notify_flags+0xf5/0x2e0 [ 264.167119][ T9977] ? __dev_change_flags+0x6a0/0x6a0 [ 264.172512][ T9977] ? __dev_change_flags+0x4bf/0x6a0 [ 264.177724][ T9977] ? dev_get_flags+0x1c0/0x1c0 [ 264.182591][ T9977] ? vprintk_emit+0x521/0x600 [ 264.187277][ T9977] dev_change_flags+0xe8/0x1a0 [ 264.192065][ T9977] do_setlink+0xc74/0x3fb0 [ 264.196505][ T9977] ? _printk+0xd0/0x110 [ 264.200666][ T9977] ? nlmsg_parse_deprecated_strict+0x110/0x110 [ 264.206832][ T9977] ? load_image+0x3b0/0x3b0 [ 264.211351][ T9977] ? __nla_validate_parse+0x22dc/0x2cd0 [ 264.216939][ T9977] ? netlink_rcv_skb+0x216/0x480 [ 264.221893][ T9977] ? netlink_unicast+0x751/0x8d0 [ 264.226929][ T9977] ? netlink_sendmsg+0x8c1/0xbe0 [ 264.231897][ T9977] ? __nla_validate+0x50/0x50 [ 264.236636][ T9977] ? validate_linkmsg+0x719/0x910 [ 264.241683][ T9977] rtnl_newlink+0x175b/0x2020 [ 264.246385][ T9977] ? rtnl_newlink+0x3d1/0x2020 [ 264.251349][ T9977] ? rtnl_setlink+0x4b0/0x4b0 [ 264.256045][ T9977] ? trace_raw_output_contention_end+0xd0/0xd0 [ 264.262219][ T9977] ? rcu_is_watching+0x15/0xb0 [ 264.267083][ T9977] ? trace_contention_end+0x39/0xe0 [ 264.272298][ T9977] ? __mutex_lock+0x304/0xcc0 [ 264.277005][ T9977] ? rtnl_setlink+0x4b0/0x4b0 [ 264.281706][ T9977] rtnetlink_rcv_msg+0x7c7/0xf10 [ 264.286661][ T9977] ? rtnetlink_rcv_msg+0x1eb/0xf10 [ 264.291785][ T9977] ? lockdep_hardirqs_on+0x98/0x150 [ 264.297458][ T9977] ? rtnetlink_bind+0x80/0x80 [ 264.302156][ T9977] ? perf_trace_preemptirq_template+0xa4/0x340 [ 264.308327][ T9977] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 264.314316][ T9977] ? lock_chain_count+0x20/0x20 [ 264.319193][ T9977] ? __local_bh_enable_ip+0x12e/0x1c0 [ 264.324570][ T9977] ? lockdep_hardirqs_on+0x98/0x150 [ 264.329780][ T9977] ? __local_bh_enable_ip+0x12e/0x1c0 [ 264.335166][ T9977] ? _local_bh_enable+0xa0/0xa0 [ 264.340204][ T9977] ? __dev_queue_xmit+0x245/0x35a0 [ 264.345322][ T9977] ? __dev_queue_xmit+0x1449/0x35a0 [ 264.350540][ T9977] ? __dev_queue_xmit+0x245/0x35a0 [ 264.355668][ T9977] ? ref_tracker_free+0x634/0x7d0 [ 264.360702][ T9977] ? __copy_skb_header+0xa7/0x550 [ 264.365743][ T9977] netlink_rcv_skb+0x216/0x480 [ 264.370523][ T9977] ? rtnetlink_bind+0x80/0x80 [ 264.375217][ T9977] ? netlink_ack+0x1110/0x1110 [ 264.380103][ T9977] ? __lock_acquire+0x7c80/0x7c80 [ 264.385228][ T9977] ? netlink_deliver_tap+0x2e/0x1b0 [ 264.390441][ T9977] netlink_unicast+0x751/0x8d0 [ 264.395224][ T9977] netlink_sendmsg+0x8c1/0xbe0 [ 264.400097][ T9977] ? netlink_getsockopt+0x580/0x580 [ 264.405481][ T9977] ? aa_sock_msg_perm+0x94/0x150 [ 264.410432][ T9977] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 264.415812][ T9977] ? security_socket_sendmsg+0x80/0xa0 [ 264.421631][ T9977] ? netlink_getsockopt+0x580/0x580 [ 264.426848][ T9977] ____sys_sendmsg+0x5bf/0x950 [ 264.431652][ T9977] ? __asan_memset+0x22/0x40 [ 264.436255][ T9977] ? __sys_sendmsg_sock+0x30/0x30 [ 264.441294][ T9977] ? __import_iovec+0x5f2/0x860 [ 264.446164][ T9977] ? import_iovec+0x73/0xa0 [ 264.450685][ T9977] ___sys_sendmsg+0x220/0x290 [ 264.455401][ T9977] ? __sys_sendmsg+0x270/0x270 [ 264.460310][ T9977] ? __lock_acquire+0x7c80/0x7c80 [ 264.465386][ T9977] __se_sys_sendmsg+0x1a5/0x270 [ 264.470536][ T9977] ? __x64_sys_sendmsg+0x80/0x80 [ 264.475498][ T9977] ? lockdep_hardirqs_on+0x98/0x150 [ 264.480887][ T9977] do_syscall_64+0x55/0xb0 [ 264.485313][ T9977] ? clear_bhb_loop+0x40/0x90 [ 264.489997][ T9977] ? clear_bhb_loop+0x40/0x90 [ 264.494683][ T9977] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 264.500613][ T9977] RIP: 0033:0x7fb7adb8ebe9 [ 264.505065][ T9977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.524887][ T9977] RSP: 002b:00007fb7ae9b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 264.533497][ T9977] RAX: ffffffffffffffda RBX: 00007fb7addc5fa0 RCX: 00007fb7adb8ebe9 [ 264.541480][ T9977] RDX: 0000000000000300 RSI: 0000200000000600 RDI: 0000000000000003 [ 264.549454][ T9977] RBP: 00007fb7ae9b8090 R08: 0000000000000000 R09: 0000000000000000 [ 264.557517][ T9977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.565498][ T9977] R13: 00007fb7addc6038 R14: 00007fb7addc5fa0 R15: 00007ffc40e0bfc8 [ 264.573512][ T9977] [ 264.607318][ T9977] wlan1: mtu less than device minimum [ 264.632828][ T9977] .`: (slave wlan1): Error -22 calling dev_set_mtu [ 264.705756][ T9985] netlink: 'syz.2.1471': attribute type 21 has an invalid length. [ 264.785282][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1473'. [ 264.943310][ T9996] netlink: 'syz.0.1476': attribute type 21 has an invalid length. [ 264.962075][ T9996] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1476'. [ 265.472223][T10008] FAULT_INJECTION: forcing a failure. [ 265.472223][T10008] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.486225][T10008] CPU: 1 PID: 10008 Comm: syz.0.1481 Not tainted syzkaller #0 [ 265.493745][T10008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 265.503815][T10008] Call Trace: [ 265.507187][T10008] [ 265.510125][T10008] dump_stack_lvl+0x16c/0x230 [ 265.514845][T10008] ? show_regs_print_info+0x20/0x20 [ 265.520067][T10008] ? load_image+0x3b0/0x3b0 [ 265.524608][T10008] ? __might_fault+0xaa/0x120 [ 265.529322][T10008] ? __lock_acquire+0x7c80/0x7c80 [ 265.534382][T10008] should_fail_ex+0x39d/0x4d0 [ 265.539085][T10008] _copy_from_user+0x2f/0xe0 [ 265.543687][T10008] __sys_bpf+0x1e9/0x800 [ 265.547953][T10008] ? bpf_link_show_fdinfo+0x350/0x350 [ 265.553349][T10008] ? lock_chain_count+0x20/0x20 [ 265.558313][T10008] __x64_sys_bpf+0x7c/0x90 [ 265.562739][T10008] do_syscall_64+0x55/0xb0 [ 265.567194][T10008] ? clear_bhb_loop+0x40/0x90 [ 265.571905][T10008] ? clear_bhb_loop+0x40/0x90 [ 265.576618][T10008] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 265.582708][T10008] RIP: 0033:0x7fb7adb8ebe9 [ 265.587132][T10008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.606749][T10008] RSP: 002b:00007fb7ae9b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 265.615196][T10008] RAX: ffffffffffffffda RBX: 00007fb7addc5fa0 RCX: 00007fb7adb8ebe9 [ 265.623291][T10008] RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000005 [ 265.631281][T10008] RBP: 00007fb7ae9b8090 R08: 0000000000000000 R09: 0000000000000000 [ 265.639354][T10008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.647356][T10008] R13: 00007fb7addc6038 R14: 00007fb7addc5fa0 R15: 00007ffc40e0bfc8 [ 265.655645][T10008] [ 265.908981][T10020] netlink: 'syz.1.1486': attribute type 21 has an invalid length. [ 265.917369][T10020] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1486'. [ 266.000482][T10021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1484'. [ 266.205442][T10023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1488'. [ 266.257303][T10030] netlink: 'syz.3.1490': attribute type 4 has an invalid length. [ 266.265898][T10030] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1490'. [ 266.533289][T10043] netlink: 'syz.1.1493': attribute type 21 has an invalid length. [ 266.651969][T10039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1494'. [ 267.247821][T10051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1497'. [ 267.497662][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 267.778117][T10073] netlink: 'syz.1.1503': attribute type 16 has an invalid length. [ 267.793885][T10073] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1503'. [ 268.129238][T10081] netlink: 'syz.3.1509': attribute type 21 has an invalid length. [ 268.434270][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 268.665451][T10101] FAULT_INJECTION: forcing a failure. [ 268.665451][T10101] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 268.687748][T10101] CPU: 1 PID: 10101 Comm: syz.2.1517 Not tainted syzkaller #0 [ 268.695320][T10101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 268.705521][T10101] Call Trace: [ 268.708846][T10101] [ 268.711836][T10101] dump_stack_lvl+0x16c/0x230 [ 268.716581][T10101] ? show_regs_print_info+0x20/0x20 [ 268.721837][T10101] ? load_image+0x3b0/0x3b0 [ 268.726415][T10101] ? __might_fault+0xaa/0x120 [ 268.731161][T10101] should_fail_ex+0x39d/0x4d0 [ 268.735997][T10101] copyin+0x1a/0x90 [ 268.739854][T10101] _copy_from_iter+0x404/0x1290 [ 268.744749][T10101] ? copyin+0x70/0x90 [ 268.748822][T10101] ? copyout_mc+0x70/0x70 [ 268.753212][T10101] ? copyout_mc+0x70/0x70 [ 268.757684][T10101] ? __virt_addr_valid+0x18c/0x540 [ 268.762860][T10101] ? page_copy_sane+0x16a/0x270 [ 268.767769][T10101] copy_page_from_iter+0x7b/0x100 [ 268.772846][T10101] skb_copy_datagram_from_iter+0x2e4/0x6e0 [ 268.778719][T10101] unix_stream_sendmsg+0x549/0xba0 [ 268.783934][T10101] ? unix_show_fdinfo+0x270/0x270 [ 268.789014][T10101] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 268.795506][T10101] ? __might_fault+0xaa/0x120 [ 268.800319][T10101] ? aa_sock_msg_perm+0x94/0x150 [ 268.805311][T10101] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 268.810661][T10101] ? security_socket_sendmsg+0x80/0xa0 [ 268.816331][T10101] ? unix_show_fdinfo+0x270/0x270 [ 268.821474][T10101] ____sys_sendmsg+0x5bf/0x950 [ 268.826350][T10101] ? __sys_sendmsg_sock+0x30/0x30 [ 268.831500][T10101] ? __import_iovec+0x3fa/0x860 [ 268.836386][T10101] ? import_iovec+0x73/0xa0 [ 268.840890][T10101] ___sys_sendmsg+0x220/0x290 [ 268.845573][T10101] ? __sys_sendmsg+0x270/0x270 [ 268.850431][T10101] ? __lock_acquire+0x7c80/0x7c80 [ 268.855470][T10101] __se_sys_sendmsg+0x1a5/0x270 [ 268.860349][T10101] ? __x64_sys_sendmsg+0x80/0x80 [ 268.865372][T10101] ? lockdep_hardirqs_on+0x98/0x150 [ 268.870602][T10101] do_syscall_64+0x55/0xb0 [ 268.875033][T10101] ? clear_bhb_loop+0x40/0x90 [ 268.879730][T10101] ? clear_bhb_loop+0x40/0x90 [ 268.884426][T10101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.890347][T10101] RIP: 0033:0x7f3b3398ebe9 [ 268.894781][T10101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.914404][T10101] RSP: 002b:00007f3b347b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 268.923147][T10101] RAX: ffffffffffffffda RBX: 00007f3b33bc5fa0 RCX: 00007f3b3398ebe9 [ 268.931160][T10101] RDX: 0000000000000000 RSI: 0000200000000b00 RDI: 0000000000000004 [ 268.939145][T10101] RBP: 00007f3b347b0090 R08: 0000000000000000 R09: 0000000000000000 [ 268.947390][T10101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.955377][T10101] R13: 00007f3b33bc6038 R14: 00007f3b33bc5fa0 R15: 00007ffe08eae0b8 [ 268.963387][T10101] [ 269.060016][T10104] netlink: 'syz.0.1518': attribute type 4 has an invalid length. [ 269.068217][T10104] __nla_validate_parse: 2 callbacks suppressed [ 269.068233][T10104] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1518'. [ 269.310243][T10109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1520'. [ 269.397225][T10111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1521'. [ 269.807969][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 269.852586][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 269.993667][T10125] FAULT_INJECTION: forcing a failure. [ 269.993667][T10125] name failslab, interval 1, probability 0, space 0, times 0 [ 270.036209][T10126] netlink: 'syz.1.1528': attribute type 21 has an invalid length. [ 270.044455][T10125] CPU: 0 PID: 10125 Comm: syz.3.1527 Not tainted syzkaller #0 [ 270.052060][T10125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 270.062158][T10125] Call Trace: [ 270.065465][T10125] [ 270.068420][T10125] dump_stack_lvl+0x16c/0x230 [ 270.073138][T10125] ? show_regs_print_info+0x20/0x20 [ 270.078377][T10125] ? load_image+0x3b0/0x3b0 [ 270.082914][T10125] ? __might_sleep+0xe0/0xe0 [ 270.087624][T10125] ? __lock_acquire+0x7c80/0x7c80 [ 270.092677][T10125] should_fail_ex+0x39d/0x4d0 [ 270.097401][T10125] should_failslab+0x9/0x20 [ 270.101934][T10125] slab_pre_alloc_hook+0x59/0x310 [ 270.107010][T10125] ? kvmalloc_node+0x70/0x180 [ 270.111727][T10125] ? kvmalloc_node+0x70/0x180 [ 270.116521][T10125] __kmem_cache_alloc_node+0x53/0x260 [ 270.122013][T10125] ? kvmalloc_node+0x70/0x180 [ 270.126719][T10125] __kmalloc_node+0xa4/0x230 [ 270.131347][T10125] kvmalloc_node+0x70/0x180 [ 270.135896][T10125] page_pool_create+0x1f7/0x5e0 [ 270.140799][T10125] bpf_test_run_xdp_live+0x1c1/0x1a20 [ 270.146221][T10125] ? verify_lock_unused+0x140/0x140 [ 270.151547][T10125] ? kasan_set_track+0x5f/0x70 [ 270.156515][T10125] ? kasan_set_track+0x4e/0x70 [ 270.161915][T10125] ? __kasan_kmalloc+0x8f/0xa0 [ 270.166710][T10125] ? __kmalloc+0xb4/0x240 [ 270.171137][T10125] ? bpf_prog_test_run_xdp+0x382/0xfa0 [ 270.176718][T10125] ? bpf_prog_test_run+0x321/0x390 [ 270.181881][T10125] ? __sys_bpf+0x440/0x800 [ 270.186414][T10125] ? __x64_sys_bpf+0x7c/0x90 [ 270.191022][T10125] ? do_syscall_64+0x55/0xb0 [ 270.195651][T10125] ? xdp_convert_md_to_buff+0x330/0x330 [ 270.201254][T10125] ? __lock_acquire+0x7c80/0x7c80 [ 270.206394][T10125] ? __virt_addr_valid+0x18c/0x540 [ 270.211539][T10125] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 270.217826][T10125] ? _copy_from_user+0xa5/0xe0 [ 270.222702][T10125] ? bpf_test_init+0x134/0x150 [ 270.227494][T10125] ? xdp_convert_md_to_buff+0x5b/0x330 [ 270.232995][T10125] bpf_prog_test_run_xdp+0x76c/0xfa0 [ 270.238429][T10125] ? dev_put+0x80/0x80 [ 270.242565][T10125] ? dev_put+0x80/0x80 [ 270.246668][T10125] bpf_prog_test_run+0x321/0x390 [ 270.251633][T10125] __sys_bpf+0x440/0x800 [ 270.255899][T10125] ? bpf_link_show_fdinfo+0x350/0x350 [ 270.261320][T10125] ? lock_chain_count+0x20/0x20 [ 270.266209][T10125] __x64_sys_bpf+0x7c/0x90 [ 270.270666][T10125] do_syscall_64+0x55/0xb0 [ 270.275107][T10125] ? clear_bhb_loop+0x40/0x90 [ 270.279890][T10125] ? clear_bhb_loop+0x40/0x90 [ 270.284588][T10125] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 270.290535][T10125] RIP: 0033:0x7fc46458ebe9 [ 270.294995][T10125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.314643][T10125] RSP: 002b:00007fc4654fa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 270.323071][T10125] RAX: ffffffffffffffda RBX: 00007fc4647c5fa0 RCX: 00007fc46458ebe9 [ 270.331103][T10125] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a [ 270.339180][T10125] RBP: 00007fc4654fa090 R08: 0000000000000000 R09: 0000000000000000 [ 270.347175][T10125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.355158][T10125] R13: 00007fc4647c6038 R14: 00007fc4647c5fa0 R15: 00007fffafd7ee18 [ 270.363155][T10125] [ 270.392335][T10130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1530'. [ 270.405407][T10125] page_pool_create() gave up with errno -12 [ 270.642197][T10138] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1531'. [ 270.761731][T10143] netlink: 'syz.2.1532': attribute type 4 has an invalid length. [ 270.792245][T10143] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1532'. [ 270.945849][T10147] netlink: 'syz.0.1534': attribute type 21 has an invalid length. [ 270.994572][T10147] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1534'. [ 271.131050][T10156] netlink: 'syz.0.1537': attribute type 3 has an invalid length. [ 271.139569][T10156] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.1537'. [ 271.178343][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 271.444591][T10167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1540'. [ 271.718274][T10169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1541'. [ 271.733528][T10172] netlink: 'syz.1.1542': attribute type 4 has an invalid length. [ 271.878160][T10175] netlink: 'syz.3.1543': attribute type 21 has an invalid length. [ 272.159495][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 272.981084][T10208] netlink: 'syz.0.1556': attribute type 3 has an invalid length. [ 273.103334][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 273.440351][T10221] netlink: 'syz.1.1561': attribute type 21 has an invalid length. [ 273.696925][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 273.698702][T10219] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 274.112531][T10236] __nla_validate_parse: 7 callbacks suppressed [ 274.112552][T10236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1566'. [ 274.280263][ T5796] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 274.406642][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 274.571050][T10252] netlink: 'syz.1.1573': attribute type 3 has an invalid length. [ 274.636067][T10252] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1573'. [ 275.230353][T10259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1575'. [ 275.445513][T10262] FAULT_INJECTION: forcing a failure. [ 275.445513][T10262] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 275.459035][T10262] CPU: 0 PID: 10262 Comm: syz.0.1576 Not tainted syzkaller #0 [ 275.466546][T10262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 275.476655][T10262] Call Trace: [ 275.479974][T10262] [ 275.482942][T10262] dump_stack_lvl+0x16c/0x230 [ 275.487670][T10262] ? show_regs_print_info+0x20/0x20 [ 275.492916][T10262] ? load_image+0x3b0/0x3b0 [ 275.497556][T10262] ? __lock_acquire+0x7c80/0x7c80 [ 275.502705][T10262] ? snprintf+0xdb/0x120 [ 275.507018][T10262] should_fail_ex+0x39d/0x4d0 [ 275.511769][T10262] _copy_to_user+0x2f/0xa0 [ 275.516241][T10262] simple_read_from_buffer+0xe7/0x150 [ 275.521773][T10262] proc_fail_nth_read+0x1e3/0x250 [ 275.526836][T10262] ? proc_fault_inject_write+0x340/0x340 [ 275.532478][T10262] ? fsnotify_perm+0x271/0x5e0 [ 275.537244][T10262] ? proc_fault_inject_write+0x340/0x340 [ 275.542861][T10262] vfs_read+0x27e/0x920 [ 275.547179][T10262] ? kernel_read+0x1e0/0x1e0 [ 275.551757][T10262] ? __fget_files+0x28/0x4d0 [ 275.556340][T10262] ? __fget_files+0x44a/0x4d0 [ 275.561012][T10262] ? __fdget_pos+0x2a3/0x330 [ 275.565588][T10262] ? ksys_read+0x75/0x250 [ 275.569944][T10262] ksys_read+0x147/0x250 [ 275.574304][T10262] ? vfs_write+0x940/0x940 [ 275.576182][T10269] netlink: 'syz.1.1577': attribute type 21 has an invalid length. [ 275.578959][T10262] ? lockdep_hardirqs_on+0x98/0x150 [ 275.579023][T10262] do_syscall_64+0x55/0xb0 [ 275.579046][T10262] ? clear_bhb_loop+0x40/0x90 [ 275.579064][T10262] ? clear_bhb_loop+0x40/0x90 [ 275.579085][T10262] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 275.579113][T10262] RIP: 0033:0x7fb7adb8d5fc [ 275.579134][T10262] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 275.579152][T10262] RSP: 002b:00007fb7ae9b8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 275.579177][T10262] RAX: ffffffffffffffda RBX: 00007fb7addc5fa0 RCX: 00007fb7adb8d5fc [ 275.652552][T10262] RDX: 000000000000000f RSI: 00007fb7ae9b80a0 RDI: 0000000000000009 [ 275.660651][T10262] RBP: 00007fb7ae9b8090 R08: 0000000000000000 R09: 0000000000000000 [ 275.668758][T10262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 275.676859][T10262] R13: 00007fb7addc6038 R14: 00007fb7addc5fa0 R15: 00007ffc40e0bfc8 [ 275.685013][T10262] [ 275.895477][ T5796] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 275.932747][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 276.064426][T10284] netlink: 'syz.0.1585': attribute type 3 has an invalid length. [ 276.079481][T10284] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.1585'. [ 276.152258][T10288] netlink: 'syz.3.1586': attribute type 10 has an invalid length. [ 276.161853][T10288] team0: left allmulticast mode [ 276.167045][T10288] team_slave_0: left allmulticast mode [ 276.174256][T10288] team_slave_1: left allmulticast mode [ 276.180502][T10288] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 276.225555][T10288] wlan1: mtu less than device minimum [ 276.234307][T10288] team0: Device wlan1 failed to change mtu [ 276.253130][T10288] .`: (slave team0): Error -22 calling dev_set_mtu [ 276.325581][T10288] syz.3.1586 (10288) used greatest stack depth: 17576 bytes left [ 276.343358][T10292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1587'. [ 276.515098][T10296] netlink: 3990 bytes leftover after parsing attributes in process `syz.3.1588'. [ 276.593500][T10296] netlink: 'syz.3.1588': attribute type 3 has an invalid length. [ 276.609126][T10296] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1588'. [ 276.786505][ T5796] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 276.920919][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 277.074080][T10312] netlink: 'syz.0.1596': attribute type 10 has an invalid length. [ 277.205006][T10319] netlink: 'syz.1.1597': attribute type 21 has an invalid length. [ 278.047559][T10334] netlink: 'syz.3.1604': attribute type 3 has an invalid length. [ 278.056172][T10334] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.1604'. [ 278.064435][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 278.337780][T10344] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1608'. [ 278.719055][T10355] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1610'. [ 279.059217][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 279.083745][T10363] netlink: 'syz.3.1616': attribute type 4 has an invalid length. [ 279.164486][T10366] netlink: 'syz.0.1614': attribute type 21 has an invalid length. [ 279.299185][T10373] netlink: 'syz.1.1620': attribute type 21 has an invalid length. [ 279.320645][T10373] __nla_validate_parse: 2 callbacks suppressed [ 279.320663][T10373] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1620'. [ 279.489329][T10381] netlink: 'syz.1.1624': attribute type 3 has an invalid length. [ 279.512335][T10381] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1624'. [ 279.590800][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 279.698467][T10391] netlink: 'syz.2.1627': attribute type 4 has an invalid length. [ 279.713842][T10391] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1627'. [ 279.723530][T10385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1625'. [ 280.167604][ T5796] Bluetooth: hci0: unexpected event 0x12 length: 15 > 8 [ 280.315568][T10405] netlink: 'syz.3.1632': attribute type 21 has an invalid length. [ 280.333492][T10405] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1632'. [ 280.571604][T10413] netlink: 'syz.3.1636': attribute type 4 has an invalid length. [ 280.587932][T10413] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1636'. [ 280.681677][T10418] netlink: 'syz.1.1638': attribute type 21 has an invalid length. [ 280.693156][T10417] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1637'. [ 280.917636][T10425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1639'. [ 281.059730][T10434] netlink: 'syz.3.1644': attribute type 21 has an invalid length. [ 281.067908][T10434] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1644'. [ 281.262539][T10440] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1647'. [ 281.573317][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 282.323495][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 283.075351][T10489] validate_nla: 7 callbacks suppressed [ 283.075371][T10489] netlink: 'syz.3.1668': attribute type 4 has an invalid length. [ 283.600568][T10507] netlink: 'syz.3.1674': attribute type 21 has an invalid length. [ 283.651783][T10510] netlink: 'syz.2.1676': attribute type 21 has an invalid length. [ 283.828554][T10516] netlink: 'syz.1.1678': attribute type 4 has an invalid length. [ 284.306374][T10535] netlink: 'syz.2.1687': attribute type 21 has an invalid length. [ 284.430943][T10539] netlink: 'syz.1.1689': attribute type 4 has an invalid length. [ 284.450310][T10539] __nla_validate_parse: 14 callbacks suppressed [ 284.450329][T10539] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1689'. [ 284.598005][T10545] netlink: 'syz.0.1698': attribute type 21 has an invalid length. [ 284.639008][T10542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1690'. [ 284.755520][T10552] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1692'. [ 285.154322][T10557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1694'. [ 285.469808][T10573] netlink: 'syz.3.1701': attribute type 4 has an invalid length. [ 285.478966][T10573] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1701'. [ 285.610389][T10575] netlink: 'syz.1.1702': attribute type 21 has an invalid length. [ 285.625643][T10575] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1702'. [ 285.699066][T10583] netlink: 'syz.0.1706': attribute type 21 has an invalid length. [ 285.984241][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1707'. [ 286.330688][T10604] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1714'. [ 286.354074][T10601] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1713'. [ 286.458899][T10609] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1716'. [ 287.883961][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 288.003078][ T5796] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 288.355868][T10678] validate_nla: 12 callbacks suppressed [ 288.355909][T10678] netlink: 'syz.3.1744': attribute type 4 has an invalid length. [ 288.648096][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 288.800907][T10690] netlink: 'syz.3.1749': attribute type 4 has an invalid length. [ 288.802019][ T5796] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 288.954231][T10695] netlink: 'syz.1.1752': attribute type 21 has an invalid length. [ 289.034491][T10693] netlink: 'syz.2.1751': attribute type 12 has an invalid length. [ 289.247868][T10702] netlink: 'syz.0.1754': attribute type 4 has an invalid length. [ 289.611967][T10709] __nla_validate_parse: 14 callbacks suppressed [ 289.611993][T10709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1757'. [ 289.752696][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 290.111501][T10729] netlink: 'syz.0.1764': attribute type 21 has an invalid length. [ 290.179705][T10728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1765'. [ 290.258674][T10731] netlink: 'syz.1.1766': attribute type 3 has an invalid length. [ 290.293150][T10736] netlink: 'syz.2.1767': attribute type 39 has an invalid length. [ 290.300367][T10731] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1766'. [ 290.521551][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 290.587475][T10745] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1768'. [ 291.120270][T10761] netlink: 'syz.3.1777': attribute type 39 has an invalid length. [ 291.195718][T10759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1776'. [ 291.212533][T10763] netlink: 'syz.0.1778': attribute type 21 has an invalid length. [ 291.490574][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 291.683712][T10782] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1784'. [ 291.730521][T10785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1783'. [ 292.050381][T10792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1788'. [ 292.237796][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 292.386815][T10807] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1794'. [ 292.413839][T10808] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1792'. [ 293.409203][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 293.502179][T10836] validate_nla: 5 callbacks suppressed [ 293.502199][T10836] netlink: 'syz.0.1804': attribute type 13 has an invalid length. [ 293.529918][T10836] .`: entered promiscuous mode [ 293.540414][T10836] bond_slave_1: entered promiscuous mode [ 293.574186][T10836] .`: entered allmulticast mode [ 293.579130][T10836] bond_slave_1: entered allmulticast mode [ 293.592320][T10836] 8021q: adding VLAN 0 to HW filter on device .` [ 293.620229][T10837] netlink: 'syz.2.1803': attribute type 21 has an invalid length. [ 293.659354][T10840] netlink: 'syz.3.1805': attribute type 3 has an invalid length. [ 294.195662][T10856] netlink: 'syz.1.1809': attribute type 12 has an invalid length. [ 294.348905][T10859] netlink: 'syz.2.1811': attribute type 39 has an invalid length. [ 294.884095][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 294.970615][T10867] netlink: 'syz.0.1814': attribute type 21 has an invalid length. [ 295.340771][T10877] netlink: 'syz.1.1817': attribute type 21 has an invalid length. [ 295.392907][T10879] __nla_validate_parse: 7 callbacks suppressed [ 295.392925][T10879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1815'. [ 295.698413][T10883] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1819'. [ 295.846460][T10891] netlink: 'syz.1.1821': attribute type 3 has an invalid length. [ 295.863181][T10891] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1821'. [ 296.356753][T10900] netlink: 'syz.2.1824': attribute type 21 has an invalid length. [ 296.407918][T10900] netlink: 'syz.2.1824': attribute type 39 has an invalid length. [ 296.417664][T10887] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1820'. [ 296.558674][T10901] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1825'. [ 296.883782][T10911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1828'. [ 296.923084][T10915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1827'. [ 297.294833][T10925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1830'. [ 297.731010][T10930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1834'. [ 297.792989][T10935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1836'. [ 299.030400][T10971] validate_nla: 4 callbacks suppressed [ 299.030422][T10971] netlink: 'syz.2.1851': attribute type 21 has an invalid length. [ 299.070863][T10974] netlink: 'syz.0.1852': attribute type 39 has an invalid length. [ 299.213303][T10981] netlink: 'syz.3.1854': attribute type 21 has an invalid length. [ 299.227316][T10981] netlink: 'syz.3.1854': attribute type 39 has an invalid length. [ 299.933745][T11000] netlink: 'syz.2.1861': attribute type 3 has an invalid length. [ 299.950637][T11002] netlink: 'syz.0.1863': attribute type 39 has an invalid length. [ 299.997457][T11004] netlink: 'syz.3.1864': attribute type 21 has an invalid length. [ 300.023722][T11004] netlink: 'syz.3.1864': attribute type 39 has an invalid length. [ 300.129910][T11007] netlink: 'syz.0.1866': attribute type 21 has an invalid length. [ 300.550883][T11018] __nla_validate_parse: 15 callbacks suppressed [ 300.550947][T11018] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1869'. [ 300.746828][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1873'. [ 300.927225][T11035] netlink: 'syz.3.1877': attribute type 21 has an invalid length. [ 300.965471][T11038] pim6reg: tun_chr_ioctl cmd 1074812118 [ 301.044764][T11038] veth0_vlan: left promiscuous mode [ 301.107680][T11038] veth0_vlan: entered promiscuous mode [ 301.135114][T11038] team0: Device veth0_vlan failed to register rx_handler [ 301.409341][T11052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1882'. [ 301.583329][T11057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1883'. [ 301.681227][T11059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1884'. [ 302.053970][T11085] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1894'. [ 302.096462][T11085] ip6tnl0: mtu greater than device maximum [ 302.268393][T11089] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1896'. [ 302.576564][T11102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1900'. [ 303.769859][T11120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1908'. [ 304.111338][T11136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1913'. [ 304.299267][T11145] validate_nla: 15 callbacks suppressed [ 304.299287][T11145] netlink: 'syz.2.1917': attribute type 3 has an invalid length. [ 304.496889][T11155] netlink: 'syz.1.1920': attribute type 21 has an invalid length. [ 304.514186][T11155] netlink: 'syz.1.1920': attribute type 39 has an invalid length. [ 304.526532][T11159] netlink: 'syz.3.1923': attribute type 39 has an invalid length. [ 304.886218][T11173] FAULT_INJECTION: forcing a failure. [ 304.886218][T11173] name failslab, interval 1, probability 0, space 0, times 0 [ 304.899878][T11173] CPU: 1 PID: 11173 Comm: syz.3.1930 Not tainted syzkaller #0 [ 304.907400][T11173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 304.917510][T11173] Call Trace: [ 304.920814][T11173] [ 304.923856][T11173] dump_stack_lvl+0x16c/0x230 [ 304.928580][T11173] ? show_regs_print_info+0x20/0x20 [ 304.933906][T11173] ? load_image+0x3b0/0x3b0 [ 304.938421][T11173] ? __might_sleep+0xe0/0xe0 [ 304.943120][T11173] ? __lock_acquire+0x7c80/0x7c80 [ 304.948160][T11173] should_fail_ex+0x39d/0x4d0 [ 304.952855][T11173] should_failslab+0x9/0x20 [ 304.957372][T11173] slab_pre_alloc_hook+0x59/0x310 [ 304.962416][T11173] kmem_cache_alloc_node+0x60/0x330 [ 304.967711][T11173] ? __alloc_skb+0x108/0x2c0 [ 304.972319][T11173] __alloc_skb+0x108/0x2c0 [ 304.976759][T11173] netlink_ack+0x376/0x1110 [ 304.981411][T11173] ? inet_diag_handler_cmd+0x1e7/0x290 [ 304.986989][T11173] ? inet_diag_unregister+0xb0/0xb0 [ 304.992209][T11173] ? netlink_dump+0xde0/0xde0 [ 304.996896][T11173] ? sock_diag_lock_handler+0x19/0x280 [ 305.002366][T11173] ? inet_diag_unregister+0xb0/0xb0 [ 305.007667][T11173] ? sock_diag_rcv_msg+0x402/0x600 [ 305.012792][T11173] netlink_rcv_skb+0x29a/0x480 [ 305.017572][T11173] ? sock_diag_bind+0xb0/0xb0 [ 305.022271][T11173] ? netlink_ack+0x1110/0x1110 [ 305.027063][T11173] ? __lock_acquire+0x7c80/0x7c80 [ 305.032106][T11173] ? netlink_deliver_tap+0x2e/0x1b0 [ 305.037316][T11173] sock_diag_rcv+0x2a/0x40 [ 305.041743][T11173] netlink_unicast+0x751/0x8d0 [ 305.046528][T11173] netlink_sendmsg+0x8c1/0xbe0 [ 305.051410][T11173] ? netlink_getsockopt+0x580/0x580 [ 305.056620][T11173] ? aa_sock_msg_perm+0x94/0x150 [ 305.061581][T11173] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 305.067056][T11173] ? security_socket_sendmsg+0x80/0xa0 [ 305.072708][T11173] ? netlink_getsockopt+0x580/0x580 [ 305.077988][T11173] ____sys_sendmsg+0x5bf/0x950 [ 305.082919][T11173] ? __asan_memset+0x22/0x40 [ 305.087521][T11173] ? __sys_sendmsg_sock+0x30/0x30 [ 305.092775][T11173] ? __import_iovec+0x5f2/0x860 [ 305.097650][T11173] ? import_iovec+0x73/0xa0 [ 305.102172][T11173] ___sys_sendmsg+0x220/0x290 [ 305.106872][T11173] ? __sys_sendmsg+0x270/0x270 [ 305.111675][T11173] ? __lock_acquire+0x7c80/0x7c80 [ 305.116832][T11173] __se_sys_sendmsg+0x1a5/0x270 [ 305.121710][T11173] ? __x64_sys_sendmsg+0x80/0x80 [ 305.126767][T11173] ? lockdep_hardirqs_on+0x98/0x150 [ 305.131989][T11173] do_syscall_64+0x55/0xb0 [ 305.136454][T11173] ? clear_bhb_loop+0x40/0x90 [ 305.141159][T11173] ? clear_bhb_loop+0x40/0x90 [ 305.145909][T11173] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 305.151827][T11173] RIP: 0033:0x7fc46458ebe9 [ 305.156255][T11173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.176057][T11173] RSP: 002b:00007fc4654fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 305.184483][T11173] RAX: ffffffffffffffda RBX: 00007fc4647c5fa0 RCX: 00007fc46458ebe9 [ 305.192468][T11173] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 305.200453][T11173] RBP: 00007fc4654fa090 R08: 0000000000000000 R09: 0000000000000000 [ 305.208431][T11173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.216586][T11173] R13: 00007fc4647c6038 R14: 00007fc4647c5fa0 R15: 00007fffafd7ee18 [ 305.224583][T11173] [ 305.279121][T11171] netlink: 'syz.1.1928': attribute type 21 has an invalid length. [ 305.381788][T11181] netlink: 'syz.2.1933': attribute type 21 has an invalid length. [ 305.395604][T11181] netlink: 'syz.2.1933': attribute type 39 has an invalid length. [ 305.517740][T11185] netlink: 'syz.3.1934': attribute type 39 has an invalid length. [ 305.859287][T11187] __nla_validate_parse: 3 callbacks suppressed [ 305.859588][T11187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1935'. [ 305.893906][T11194] netlink: 'syz.1.1938': attribute type 3 has an invalid length. [ 305.902042][T11194] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1938'. [ 305.975010][T11195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1937'. [ 306.516670][T11208] netlink: 'syz.0.1943': attribute type 21 has an invalid length. [ 307.593238][T11226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1950'. [ 307.974976][T11240] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.1955'. [ 308.127189][T11247] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.1957'. [ 309.483700][T11267] validate_nla: 8 callbacks suppressed [ 309.483719][T11267] netlink: 'syz.2.1962': attribute type 21 has an invalid length. [ 309.519194][T11267] netlink: 'syz.2.1962': attribute type 39 has an invalid length. [ 309.572113][T11268] syzkaller0: refused to change device tx_queue_len [ 309.613317][T11270] netlink: 'syz.3.1963': attribute type 39 has an invalid length. [ 309.770418][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 309.801781][T11278] netlink: 'syz.2.1967': attribute type 21 has an invalid length. [ 309.918347][T11274] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1965'. [ 310.066313][T11283] netlink: 'syz.0.1968': attribute type 3 has an invalid length. [ 310.076314][T11283] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.1968'. [ 310.318971][T11301] netlink: 'syz.2.1973': attribute type 21 has an invalid length. [ 310.334507][T11299] netlink: 'syz.3.1974': attribute type 39 has an invalid length. [ 310.342888][T11301] netlink: 'syz.2.1973': attribute type 39 has an invalid length. [ 310.509822][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 310.519305][T11309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1977'. [ 310.995556][T11317] netlink: 'syz.1.1979': attribute type 21 has an invalid length. [ 311.060708][T11320] FAULT_INJECTION: forcing a failure. [ 311.060708][T11320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.120388][T11320] CPU: 0 PID: 11320 Comm: syz.2.1980 Not tainted syzkaller #0 [ 311.128047][T11320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 311.138185][T11320] Call Trace: [ 311.141549][T11320] [ 311.144891][T11320] dump_stack_lvl+0x16c/0x230 [ 311.149659][T11320] ? show_regs_print_info+0x20/0x20 [ 311.155023][T11320] ? load_image+0x3b0/0x3b0 [ 311.159615][T11320] ? __might_fault+0xaa/0x120 [ 311.164375][T11320] ? __lock_acquire+0x7c80/0x7c80 [ 311.169503][T11320] should_fail_ex+0x39d/0x4d0 [ 311.174301][T11320] _copy_from_user+0x2f/0xe0 [ 311.178973][T11320] ___sys_sendmsg+0x159/0x290 [ 311.183749][T11320] ? __sys_sendmsg+0x270/0x270 [ 311.188771][T11320] ? __lock_acquire+0x7c80/0x7c80 [ 311.194080][T11320] __se_sys_sendmsg+0x1a5/0x270 [ 311.199122][T11320] ? __x64_sys_sendmsg+0x80/0x80 [ 311.204226][T11320] ? lockdep_hardirqs_on+0x98/0x150 [ 311.209564][T11320] do_syscall_64+0x55/0xb0 [ 311.214053][T11320] ? clear_bhb_loop+0x40/0x90 [ 311.218790][T11320] ? clear_bhb_loop+0x40/0x90 [ 311.223633][T11320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 311.229781][T11320] RIP: 0033:0x7f3b3398ebe9 [ 311.234270][T11320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.253942][T11320] RSP: 002b:00007f3b347b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.262628][T11320] RAX: ffffffffffffffda RBX: 00007f3b33bc5fa0 RCX: 00007f3b3398ebe9 [ 311.270671][T11320] RDX: 0000000000000600 RSI: 0000200000000540 RDI: 0000000000000003 [ 311.278797][T11320] RBP: 00007f3b347b0090 R08: 0000000000000000 R09: 0000000000000000 [ 311.286868][T11320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.294931][T11320] R13: 00007f3b33bc6038 R14: 00007f3b33bc5fa0 R15: 00007ffe08eae0b8 [ 311.303182][T11320] [ 311.601619][T11334] netlink: 'syz.0.1983': attribute type 2 has an invalid length. [ 311.609514][T11334] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1983'. [ 311.830640][T11341] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1987'. [ 311.954102][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 312.020433][T11346] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.1989'. [ 313.524416][T11375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1998'. [ 313.552033][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 314.058619][T11385] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.2003'. [ 314.331683][T11397] .`: (slave veth0_to_batadv): Enslaving as an active interface with an up link [ 314.521158][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 314.611171][T11409] FAULT_INJECTION: forcing a failure. [ 314.611171][T11409] name failslab, interval 1, probability 0, space 0, times 0 [ 314.631539][T11409] CPU: 0 PID: 11409 Comm: syz.1.2013 Not tainted syzkaller #0 [ 314.639071][T11409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 314.649141][T11409] Call Trace: [ 314.652437][T11409] [ 314.655384][T11409] dump_stack_lvl+0x16c/0x230 [ 314.660083][T11409] ? show_regs_print_info+0x20/0x20 [ 314.665300][T11409] ? load_image+0x3b0/0x3b0 [ 314.669851][T11409] ? __might_sleep+0xe0/0xe0 [ 314.674456][T11409] ? __lock_acquire+0x7c80/0x7c80 [ 314.679587][T11409] should_fail_ex+0x39d/0x4d0 [ 314.684376][T11409] should_failslab+0x9/0x20 [ 314.688893][T11409] slab_pre_alloc_hook+0x59/0x310 [ 314.693948][T11409] ? d_instantiate+0x6f/0x90 [ 314.698668][T11409] kmem_cache_alloc+0x5a/0x2e0 [ 314.703455][T11409] ? alloc_empty_file+0x9e/0x1d0 [ 314.708413][T11409] alloc_empty_file+0x9e/0x1d0 [ 314.713240][T11409] alloc_file+0x5c/0x600 [ 314.717618][T11409] alloc_file_pseudo+0x17e/0x200 [ 314.722595][T11409] ? alloc_empty_backing_file+0xe0/0xe0 [ 314.728431][T11409] ? __lock_acquire+0x7c80/0x7c80 [ 314.733504][T11409] ? __local_bh_enable_ip+0x12e/0x1c0 [ 314.738916][T11409] ? _local_bh_enable+0xa0/0xa0 [ 314.743797][T11409] anon_inode_getfile+0xc5/0x1a0 [ 314.748758][T11409] bpf_link_prime+0xa6/0x1d0 [ 314.753365][T11409] bpf_raw_tp_link_attach+0x33c/0x560 [ 314.758752][T11409] ? bpf_insn_prepare_dump+0x840/0x840 [ 314.764508][T11409] bpf_raw_tracepoint_open+0x197/0x210 [ 314.769985][T11409] __sys_bpf+0x364/0x800 [ 314.774242][T11409] ? bpf_link_show_fdinfo+0x350/0x350 [ 314.779637][T11409] ? lock_chain_count+0x20/0x20 [ 314.784513][T11409] __x64_sys_bpf+0x7c/0x90 [ 314.788940][T11409] do_syscall_64+0x55/0xb0 [ 314.793378][T11409] ? clear_bhb_loop+0x40/0x90 [ 314.798067][T11409] ? clear_bhb_loop+0x40/0x90 [ 314.802755][T11409] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 314.808751][T11409] RIP: 0033:0x7f694358ebe9 [ 314.813181][T11409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.833073][T11409] RSP: 002b:00007f69444d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 314.841526][T11409] RAX: ffffffffffffffda RBX: 00007f69437c5fa0 RCX: 00007f694358ebe9 [ 314.849536][T11409] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000011 [ 314.857616][T11409] RBP: 00007f69444d3090 R08: 0000000000000000 R09: 0000000000000000 [ 314.865602][T11409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.873585][T11409] R13: 00007f69437c6038 R14: 00007f69437c5fa0 R15: 00007ffc56e44998 [ 314.881587][T11409] [ 315.084448][T11414] validate_nla: 9 callbacks suppressed [ 315.084467][T11414] netlink: 'syz.1.2015': attribute type 21 has an invalid length. [ 315.150275][T11419] netlink: 'syz.2.2018': attribute type 39 has an invalid length. [ 315.432161][T11433] netlink: 'syz.0.2023': attribute type 1 has an invalid length. [ 315.442506][T11433] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.2023'. [ 315.494763][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 315.597816][T11439] netlink: 'syz.2.2025': attribute type 3 has an invalid length. [ 315.614740][T11439] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.2025'. [ 315.725969][T11446] netlink: 'syz.3.2029': attribute type 39 has an invalid length. [ 315.766722][T11448] netlink: 'syz.1.2030': attribute type 21 has an invalid length. [ 316.519110][ T5796] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 316.557332][T11472] netlink: 'syz.3.2039': attribute type 39 has an invalid length. [ 316.751741][T11479] netlink: 'syz.3.2042': attribute type 21 has an invalid length. [ 316.995879][T11489] netlink: 'syz.1.2045': attribute type 2 has an invalid length. [ 317.007405][T11489] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2045'. [ 317.049612][T11492] netlink: 'syz.0.2046': attribute type 21 has an invalid length. [ 317.077989][T11492] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2046'. [ 317.114762][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.121770][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.174064][T11495] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.2048'. [ 317.416853][T11502] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2050'. [ 317.523289][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 318.345432][T11512] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.375050][T11512] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.417531][T11512] bridge0: entered allmulticast mode [ 318.581886][T11521] bridge_slave_1: left allmulticast mode [ 318.600342][T11521] bridge_slave_1: left promiscuous mode [ 318.612103][T11521] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.637612][T11521] bridge_slave_0: left allmulticast mode [ 318.690138][T11521] bridge_slave_0: left promiscuous mode [ 318.696514][T11521] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.959362][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 319.159399][T11535] FAULT_INJECTION: forcing a failure. [ 319.159399][T11535] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.193616][T11535] CPU: 1 PID: 11535 Comm: syz.2.2063 Not tainted syzkaller #0 [ 319.201187][T11535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 319.211458][T11535] Call Trace: [ 319.214774][T11535] [ 319.217750][T11535] dump_stack_lvl+0x16c/0x230 [ 319.222494][T11535] ? show_regs_print_info+0x20/0x20 [ 319.227745][T11535] ? load_image+0x3b0/0x3b0 [ 319.232325][T11535] ? __might_fault+0xaa/0x120 [ 319.237144][T11535] ? __lock_acquire+0x7c80/0x7c80 [ 319.242313][T11535] should_fail_ex+0x39d/0x4d0 [ 319.247221][T11535] _copy_from_iter+0x1d3/0x1290 [ 319.252123][T11535] ? __lock_acquire+0x1260/0x7c80 [ 319.257195][T11535] ? copyout_mc+0x70/0x70 [ 319.261563][T11535] ? tun_get_user+0x637/0x3bf0 [ 319.266349][T11535] ? __lock_acquire+0x7c80/0x7c80 [ 319.271399][T11535] ? page_copy_sane+0x4e/0x270 [ 319.276184][T11535] copy_page_from_iter+0x7b/0x100 [ 319.281235][T11535] tun_get_user+0x1b35/0x3bf0 [ 319.285969][T11535] ? tun_get_user+0x637/0x3bf0 [ 319.290786][T11535] ? aa_file_perm+0x3e8/0xec0 [ 319.295585][T11535] ? rcu_read_unlock+0xa0/0xa0 [ 319.300373][T11535] ? tun_get+0x1c/0x2e0 [ 319.304607][T11535] ? __lock_acquire+0x7c80/0x7c80 [ 319.309736][T11535] ? tun_get+0x1c/0x2e0 [ 319.313940][T11535] tun_chr_write_iter+0x119/0x200 [ 319.319078][T11535] vfs_write+0x43b/0x940 [ 319.323432][T11535] ? file_end_write+0x250/0x250 [ 319.328382][T11535] ? __fget_files+0x44a/0x4d0 [ 319.333088][T11535] ? __fdget_pos+0x1d8/0x330 [ 319.337777][T11535] ? ksys_write+0x75/0x250 [ 319.342220][T11535] ksys_write+0x147/0x250 [ 319.346560][T11535] ? __ia32_sys_read+0x90/0x90 [ 319.351441][T11535] ? lockdep_hardirqs_on+0x98/0x150 [ 319.356679][T11535] do_syscall_64+0x55/0xb0 [ 319.361231][T11535] ? clear_bhb_loop+0x40/0x90 [ 319.365928][T11535] ? clear_bhb_loop+0x40/0x90 [ 319.370610][T11535] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 319.376609][T11535] RIP: 0033:0x7f3b3398ebe9 [ 319.381035][T11535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.400955][T11535] RSP: 002b:00007f3b347b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 319.409499][T11535] RAX: ffffffffffffffda RBX: 00007f3b33bc5fa0 RCX: 00007f3b3398ebe9 [ 319.417477][T11535] RDX: 0000000000000046 RSI: 0000200000000080 RDI: 00000000000000c8 [ 319.425464][T11535] RBP: 00007f3b347b0090 R08: 0000000000000000 R09: 0000000000000000 [ 319.433541][T11535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.441778][T11535] R13: 00007f3b33bc6038 R14: 00007f3b33bc5fa0 R15: 00007ffe08eae0b8 [ 319.449855][T11535] [ 319.492624][T11538] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.2062'. [ 319.689515][T11550] FAULT_INJECTION: forcing a failure. [ 319.689515][T11550] name failslab, interval 1, probability 0, space 0, times 0 [ 319.703471][T11550] CPU: 1 PID: 11550 Comm: syz.3.2067 Not tainted syzkaller #0 [ 319.711004][T11550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 319.721095][T11550] Call Trace: [ 319.724404][T11550] [ 319.727369][T11550] dump_stack_lvl+0x16c/0x230 [ 319.732096][T11550] ? show_regs_print_info+0x20/0x20 [ 319.737335][T11550] ? load_image+0x3b0/0x3b0 [ 319.741885][T11550] ? __might_sleep+0xe0/0xe0 [ 319.746517][T11550] ? __lock_acquire+0x7c80/0x7c80 [ 319.751665][T11550] ? stack_trace_save+0x9c/0xe0 [ 319.756557][T11550] ? stack_trace_snprint+0xf0/0xf0 [ 319.761799][T11550] should_fail_ex+0x39d/0x4d0 [ 319.766529][T11550] should_failslab+0x9/0x20 [ 319.771064][T11550] slab_pre_alloc_hook+0x59/0x310 [ 319.776120][T11550] ? kasan_set_track+0x5f/0x70 [ 319.780922][T11550] ? kasan_set_track+0x4e/0x70 [ 319.785722][T11550] ? __kasan_kmalloc+0x8f/0xa0 [ 319.790534][T11550] kmem_cache_alloc_node+0x60/0x330 [ 319.795767][T11550] ? netlink_sendmsg+0x8c1/0xbe0 [ 319.800740][T11550] ? __alloc_skb+0x108/0x2c0 [ 319.805398][T11550] __alloc_skb+0x108/0x2c0 [ 319.809869][T11550] netlink_dump+0x1cf/0xde0 [ 319.814445][T11550] ? netlink_lookup+0x200/0x200 [ 319.819376][T11550] ? __kasan_kmalloc+0x8f/0xa0 [ 319.824191][T11550] ? __inet_diag_dump_start+0x884/0x9e0 [ 319.829767][T11550] ? netlink_lookup+0x30/0x200 [ 319.834599][T11550] __netlink_dump_start+0x5f1/0x810 [ 319.839862][T11550] inet_diag_rcv_msg_compat+0x1eb/0x3c0 [ 319.845630][T11550] ? __inet_diag_dump+0x380/0x380 [ 319.850710][T11550] ? sock_diag_rcv_msg+0xd1/0x600 [ 319.855763][T11550] ? inet_diag_rcv_msg_compat+0x3c0/0x3c0 [ 319.861516][T11550] ? inet_diag_dump_start_compat+0x20/0x20 [ 319.867352][T11550] ? inet_diag_dump+0x50/0x50 [ 319.872096][T11550] ? __inet_diag_dump+0x380/0x380 [ 319.877174][T11550] sock_diag_rcv_msg+0x3d8/0x600 [ 319.882173][T11550] netlink_rcv_skb+0x216/0x480 [ 319.886977][T11550] ? sock_diag_bind+0xb0/0xb0 [ 319.891703][T11550] ? netlink_ack+0x1110/0x1110 [ 319.896715][T11550] ? __lock_acquire+0x7c80/0x7c80 [ 319.901809][T11550] ? netlink_deliver_tap+0x2e/0x1b0 [ 319.907051][T11550] sock_diag_rcv+0x2a/0x40 [ 319.911499][T11550] netlink_unicast+0x751/0x8d0 [ 319.916361][T11550] netlink_sendmsg+0x8c1/0xbe0 [ 319.921197][T11550] ? netlink_getsockopt+0x580/0x580 [ 319.926529][T11550] ? aa_sock_msg_perm+0x94/0x150 [ 319.931506][T11550] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 319.936824][T11550] ? security_socket_sendmsg+0x80/0xa0 [ 319.942321][T11550] ? netlink_getsockopt+0x580/0x580 [ 319.947552][T11550] ____sys_sendmsg+0x5bf/0x950 [ 319.952461][T11550] ? __asan_memset+0x22/0x40 [ 319.957087][T11550] ? __sys_sendmsg_sock+0x30/0x30 [ 319.962144][T11550] ? __import_iovec+0x5f2/0x860 [ 319.967069][T11550] ? import_iovec+0x73/0xa0 [ 319.971710][T11550] ___sys_sendmsg+0x220/0x290 [ 319.976527][T11550] ? __sys_sendmsg+0x270/0x270 [ 319.981392][T11550] ? __lock_acquire+0x7c80/0x7c80 [ 319.986525][T11550] __se_sys_sendmsg+0x1a5/0x270 [ 319.991453][T11550] ? __x64_sys_sendmsg+0x80/0x80 [ 319.996785][T11550] ? lockdep_hardirqs_on+0x98/0x150 [ 320.002081][T11550] do_syscall_64+0x55/0xb0 [ 320.006556][T11550] ? clear_bhb_loop+0x40/0x90 [ 320.011272][T11550] ? clear_bhb_loop+0x40/0x90 [ 320.016052][T11550] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 320.022069][T11550] RIP: 0033:0x7fc46458ebe9 [ 320.026530][T11550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.046348][T11550] RSP: 002b:00007fc4654fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 320.054948][T11550] RAX: ffffffffffffffda RBX: 00007fc4647c5fa0 RCX: 00007fc46458ebe9 [ 320.062988][T11550] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 320.071088][T11550] RBP: 00007fc4654fa090 R08: 0000000000000000 R09: 0000000000000000 [ 320.079432][T11550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.087429][T11550] R13: 00007fc4647c6038 R14: 00007fc4647c5fa0 R15: 00007fffafd7ee18 [ 320.095508][T11550] [ 320.278748][T11553] validate_nla: 4 callbacks suppressed [ 320.278767][T11553] netlink: 'syz.1.2068': attribute type 21 has an invalid length. [ 320.505822][T11564] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.544276][ T5796] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 320.545749][T11564] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2072'. [ 320.916035][T11566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2073'. [ 321.050779][T11572] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2074'. [ 322.049681][ T5796] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 322.089057][T11596] netlink: 'syz.0.2082': attribute type 21 has an invalid length. [ 322.614065][T11605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2084'. [ 322.833798][T11611] netlink: 'syz.0.2085': attribute type 10 has an invalid length. [ 322.938999][T11611] batadv_slave_0: entered promiscuous mode [ 322.960464][T11611] batadv_slave_0: entered allmulticast mode [ 322.967397][T11611] .`: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 323.115768][T11619] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2089'. [ 323.160895][T11619] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 323.411275][T11630] FAULT_INJECTION: forcing a failure. [ 323.411275][T11630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 323.449779][T11630] CPU: 0 PID: 11630 Comm: syz.0.2092 Not tainted syzkaller #0 [ 323.457407][T11630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 323.467676][T11630] Call Trace: [ 323.470991][T11630] [ 323.473973][T11630] dump_stack_lvl+0x16c/0x230 [ 323.478711][T11630] ? show_regs_print_info+0x20/0x20 [ 323.483956][T11630] ? load_image+0x3b0/0x3b0 [ 323.488492][T11630] ? __lock_acquire+0x7c80/0x7c80 [ 323.493566][T11630] should_fail_ex+0x39d/0x4d0 [ 323.498302][T11630] _copy_from_user+0x2f/0xe0 [ 323.502943][T11630] __copy_msghdr+0x3bb/0x580 [ 323.507599][T11630] ___sys_sendmsg+0x1a6/0x290 [ 323.512349][T11630] ? __sys_sendmsg+0x270/0x270 [ 323.517208][T11630] ? __lock_acquire+0x7c80/0x7c80 [ 323.522296][T11630] __se_sys_sendmsg+0x1a5/0x270 [ 323.527203][T11630] ? __x64_sys_sendmsg+0x80/0x80 [ 323.532200][T11630] ? lockdep_hardirqs_on+0x98/0x150 [ 323.537550][T11630] do_syscall_64+0x55/0xb0 [ 323.542023][T11630] ? clear_bhb_loop+0x40/0x90 [ 323.546724][T11630] ? clear_bhb_loop+0x40/0x90 [ 323.551497][T11630] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 323.557495][T11630] RIP: 0033:0x7fb7adb8ebe9 [ 323.561940][T11630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.581645][T11630] RSP: 002b:00007fb7ae9b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 323.590078][T11630] RAX: ffffffffffffffda RBX: 00007fb7addc5fa0 RCX: 00007fb7adb8ebe9 [ 323.598073][T11630] RDX: 0000000000000000 RSI: 0000200000001000 RDI: 0000000000000003 [ 323.606330][T11630] RBP: 00007fb7ae9b8090 R08: 0000000000000000 R09: 0000000000000000 [ 323.614332][T11630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.622308][T11630] R13: 00007fb7addc6038 R14: 00007fb7addc5fa0 R15: 00007ffc40e0bfc8 [ 323.630306][T11630] [ 323.749590][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 323.822917][T11632] netlink: 'syz.3.2093': attribute type 21 has an invalid length. [ 323.940642][T11641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2095'. [ 324.048681][T11644] netlink: 'syz.1.2096': attribute type 1 has an invalid length. [ 324.063564][T11644] netlink: 182644 bytes leftover after parsing attributes in process `syz.1.2096'. [ 324.237112][T11651] FAULT_INJECTION: forcing a failure. [ 324.237112][T11651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.279165][T11651] CPU: 0 PID: 11651 Comm: syz.1.2099 Not tainted syzkaller #0 [ 324.286716][T11651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 324.296817][T11651] Call Trace: [ 324.300185][T11651] [ 324.301814][T11649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2097'. [ 324.303161][T11651] dump_stack_lvl+0x16c/0x230 [ 324.303198][T11651] ? show_regs_print_info+0x20/0x20 [ 324.303223][T11651] ? load_image+0x3b0/0x3b0 [ 324.303246][T11651] ? __might_fault+0xaa/0x120 [ 324.303268][T11651] ? __lock_acquire+0x7c80/0x7c80 [ 324.303296][T11651] should_fail_ex+0x39d/0x4d0 [ 324.303330][T11651] _copy_from_user+0x2f/0xe0 [ 324.303355][T11651] ____sys_sendmsg+0x30d/0x950 [ 324.303402][T11651] ? __sys_sendmsg_sock+0x30/0x30 [ 324.303425][T11651] ? __import_iovec+0x3fa/0x860 [ 324.303463][T11651] ? import_iovec+0x73/0xa0 [ 324.303495][T11651] ___sys_sendmsg+0x220/0x290 [ 324.303525][T11651] ? __sys_sendmsg+0x270/0x270 [ 324.303580][T11651] ? __lock_acquire+0x7c80/0x7c80 [ 324.303635][T11651] __se_sys_sendmsg+0x1a5/0x270 [ 324.303666][T11651] ? __x64_sys_sendmsg+0x80/0x80 [ 324.303713][T11651] ? lockdep_hardirqs_on+0x98/0x150 [ 324.303745][T11651] do_syscall_64+0x55/0xb0 [ 324.303766][T11651] ? clear_bhb_loop+0x40/0x90 [ 324.303784][T11651] ? clear_bhb_loop+0x40/0x90 [ 324.303805][T11651] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 324.303833][T11651] RIP: 0033:0x7f694358ebe9 [ 324.303852][T11651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.303869][T11651] RSP: 002b:00007f69444d3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 324.303893][T11651] RAX: ffffffffffffffda RBX: 00007f69437c5fa0 RCX: 00007f694358ebe9 [ 324.303908][T11651] RDX: 0000000000000000 RSI: 0000200000000800 RDI: 0000000000000004 [ 324.303921][T11651] RBP: 00007f69444d3090 R08: 0000000000000000 R09: 0000000000000000 [ 324.303935][T11651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.479392][T11651] R13: 00007f69437c6038 R14: 00007f69437c5fa0 R15: 00007ffc56e44998 [ 324.487406][T11651] [ 325.230981][ T5796] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 325.307989][T11671] netlink: 'syz.0.2108': attribute type 21 has an invalid length. [ 325.717845][T11689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2113'. [ 325.850291][T11694] netlink: 'syz.0.2114': attribute type 21 has an invalid length. [ 326.384034][T11700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2116'. [ 326.720443][T11713] netlink: 'syz.0.2122': attribute type 21 has an invalid length. [ 326.927800][T11719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2124'. [ 327.058988][T11725] netlink: 'syz.1.2126': attribute type 21 has an invalid length. [ 327.286595][T11733] netlink: 'syz.0.2129': attribute type 39 has an invalid length. [ 327.731488][T11744] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2132'. [ 327.836697][T11750] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2135'. [ 327.950483][T11752] netlink: 'syz.0.2136': attribute type 21 has an invalid length. [ 327.967956][T11754] netlink: 'syz.1.2137': attribute type 21 has an invalid length. [ 328.176588][T11764] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2138'. [ 328.205089][T11764] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2138'. [ 328.223763][T11764] FAULT_INJECTION: forcing a failure. [ 328.223763][T11764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.229308][T11759] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2138'. [ 328.261492][T11764] CPU: 1 PID: 11764 Comm: syz.0.2138 Not tainted syzkaller #0 [ 328.269122][T11764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 328.279220][T11764] Call Trace: [ 328.282540][T11764] [ 328.285507][T11764] dump_stack_lvl+0x16c/0x230 [ 328.290242][T11764] ? show_regs_print_info+0x20/0x20 [ 328.296096][T11764] ? load_image+0x3b0/0x3b0 [ 328.300624][T11764] ? __might_fault+0xaa/0x120 [ 328.305410][T11764] ? __lock_acquire+0x7c80/0x7c80 [ 328.310493][T11764] should_fail_ex+0x39d/0x4d0 [ 328.315230][T11764] _copy_from_user+0x2f/0xe0 [ 328.319848][T11764] ___sys_recvmsg+0x12f/0x510 [ 328.324563][T11764] ? __sys_recvmsg+0x270/0x270 [ 328.329344][T11764] ? ksys_write+0x1c1/0x250 [ 328.334003][T11764] ? __fget_files+0x44a/0x4d0 [ 328.338702][T11764] __x64_sys_recvmsg+0x1f2/0x2c0 [ 328.343661][T11764] ? ___sys_recvmsg+0x510/0x510 [ 328.348539][T11764] ? lockdep_hardirqs_on+0x98/0x150 [ 328.353751][T11764] do_syscall_64+0x55/0xb0 [ 328.358174][T11764] ? clear_bhb_loop+0x40/0x90 [ 328.362857][T11764] ? clear_bhb_loop+0x40/0x90 [ 328.367725][T11764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 328.373732][T11764] RIP: 0033:0x7fb7adb8ebe9 [ 328.378338][T11764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.397953][T11764] RSP: 002b:00007fb7ae997038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 328.406383][T11764] RAX: ffffffffffffffda RBX: 00007fb7addc6090 RCX: 00007fb7adb8ebe9 [ 328.414372][T11764] RDX: 0000000040000002 RSI: 0000200000000e80 RDI: 0000000000000003 [ 328.422359][T11764] RBP: 00007fb7ae997090 R08: 0000000000000000 R09: 0000000000000000 [ 328.430425][T11764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.438410][T11764] R13: 00007fb7addc6128 R14: 00007fb7addc6090 R15: 00007ffc40e0bfc8 [ 328.446838][T11764] [ 328.529337][T11767] netlink: 'syz.3.2142': attribute type 39 has an invalid length. [ 328.834902][T11777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2145'. [ 328.909700][T11782] netlink: 'syz.3.2147': attribute type 21 has an invalid length. [ 328.918268][T11774] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2143'. [ 328.980430][T11774] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2143'. [ 329.041018][T11771] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2143'. [ 329.146146][T11785] syz.0.2148[11785] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 329.146305][T11785] syz.0.2148[11785] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 329.158683][T11787] netlink: 'syz.3.2149': attribute type 21 has an invalid length. [ 329.315420][T11785] syz.0.2148[11785] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 329.315600][T11785] syz.0.2148[11785] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 329.342583][T11771] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2143'. [ 330.520146][T11821] validate_nla: 1 callbacks suppressed [ 330.520164][T11821] netlink: 'syz.2.2161': attribute type 21 has an invalid length. [ 330.855246][T11837] netlink: 'syz.1.2167': attribute type 39 has an invalid length. [ 331.868129][T11865] netlink: 'syz.0.2179': attribute type 21 has an invalid length. [ 332.478221][T11882] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 332.503372][T11882] CPU: 0 PID: 11882 Comm: syz.0.2184 Not tainted syzkaller #0 [ 332.510997][T11882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 332.521443][T11882] Call Trace: [ 332.524754][T11882] [ 332.527922][T11882] dump_stack_lvl+0x16c/0x230 [ 332.532761][T11882] ? show_regs_print_info+0x20/0x20 [ 332.538035][T11882] ? load_image+0x3b0/0x3b0 [ 332.542630][T11882] sysfs_warn_dup+0x8e/0xa0 [ 332.547373][T11882] sysfs_do_create_link_sd+0xc0/0x110 [ 332.552896][T11882] device_add_class_symlinks+0x1cf/0x240 [ 332.558689][T11882] device_add+0x507/0xc20 [ 332.563173][T11882] wiphy_register+0x1e74/0x2c00 [ 332.568110][T11882] ? cfg80211_event_work+0x40/0x40 [ 332.573258][T11882] ? minstrel_ht_alloc+0x88a/0x990 [ 332.578613][T11882] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 332.584911][T11882] ieee80211_register_hw+0x2dc2/0x3ac0 [ 332.590505][T11882] ? ieee80211_tasklet_handler+0x20/0x20 [ 332.596230][T11882] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 332.602312][T11882] ? __debug_object_init+0xe8/0x430 [ 332.607564][T11882] ? __asan_memset+0x22/0x40 [ 332.612197][T11882] ? __hrtimer_init+0x186/0x270 [ 332.617115][T11882] mac80211_hwsim_new_radio+0x2a00/0x4cf0 [ 332.622923][T11882] ? mac80211_hwsim_free+0x220/0x220 [ 332.628367][T11882] ? rcu_is_watching+0x15/0xb0 [ 332.633268][T11882] ? kstrndup+0xbd/0x140 [ 332.637563][T11882] hwsim_new_radio_nl+0xd78/0x19d0 [ 332.642743][T11882] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 332.649233][T11882] ? __nla_parse+0x40/0x50 [ 332.653803][T11882] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 332.660240][T11882] genl_family_rcv_msg_doit+0x209/0x2f0 [ 332.665848][T11882] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 332.671977][T11882] ? bpf_lsm_capable+0x9/0x10 [ 332.676788][T11882] ? security_capable+0x89/0xb0 [ 332.681698][T11882] genl_rcv_msg+0x60b/0x790 [ 332.686252][T11882] ? genl_bind+0x360/0x360 [ 332.690728][T11882] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 332.697713][T11882] ? perf_trace_lock+0xf7/0x380 [ 332.702706][T11882] netlink_rcv_skb+0x216/0x480 [ 332.707510][T11882] ? genl_bind+0x360/0x360 [ 332.711970][T11882] ? netlink_ack+0x1110/0x1110 [ 332.716910][T11882] ? __lock_acquire+0x7c80/0x7c80 [ 332.721999][T11882] ? down_read+0x1ac/0x2e0 [ 332.726484][T11882] genl_rcv+0x28/0x40 [ 332.730518][T11882] netlink_unicast+0x751/0x8d0 [ 332.735338][T11882] netlink_sendmsg+0x8c1/0xbe0 [ 332.740154][T11882] ? netlink_getsockopt+0x580/0x580 [ 332.745427][T11882] ? aa_sock_msg_perm+0x94/0x150 [ 332.750445][T11882] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 332.755775][T11882] ? security_socket_sendmsg+0x80/0xa0 [ 332.761290][T11882] ? netlink_getsockopt+0x580/0x580 [ 332.766540][T11882] ____sys_sendmsg+0x5bf/0x950 [ 332.771378][T11882] ? __asan_memset+0x22/0x40 [ 332.776016][T11882] ? __sys_sendmsg_sock+0x30/0x30 [ 332.781432][T11882] ? __import_iovec+0x5f2/0x860 [ 332.786643][T11882] ? import_iovec+0x73/0xa0 [ 332.791216][T11882] ___sys_sendmsg+0x220/0x290 [ 332.795962][T11882] ? __sys_sendmsg+0x270/0x270 [ 332.800886][T11882] __se_sys_sendmsg+0x1a5/0x270 [ 332.805785][T11882] ? __x64_sys_sendmsg+0x80/0x80 [ 332.810874][T11882] ? lockdep_hardirqs_on+0x98/0x150 [ 332.816122][T11882] do_syscall_64+0x55/0xb0 [ 332.820600][T11882] ? clear_bhb_loop+0x40/0x90 [ 332.825319][T11882] ? clear_bhb_loop+0x40/0x90 [ 332.830032][T11882] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 332.835968][T11882] RIP: 0033:0x7fb7adb8ebe9 [ 332.840436][T11882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.860349][T11882] RSP: 002b:00007fb7ae9b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 332.868892][T11882] RAX: ffffffffffffffda RBX: 00007fb7addc5fa0 RCX: 00007fb7adb8ebe9 [ 332.876904][T11882] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008 [ 332.884995][T11882] RBP: 00007fb7adc11e19 R08: 0000000000000000 R09: 0000000000000000 [ 332.893001][T11882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 332.901095][T11882] R13: 00007fb7addc6038 R14: 00007fb7addc5fa0 R15: 00007ffc40e0bfc8 [ 332.909257][T11882] [ 333.340335][T11896] netlink: 'syz.2.2189': attribute type 39 has an invalid length. [ 333.488050][T11897] __nla_validate_parse: 5 callbacks suppressed [ 333.488074][T11897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2187'. [ 333.871628][T11903] netlink: 'syz.0.2193': attribute type 21 has an invalid length. [ 333.983904][T11912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2194'. [ 334.184288][T11919] netlink: 'syz.3.2199': attribute type 39 has an invalid length. [ 334.389204][T11920] bridge0: port 3(.`) entered blocking state [ 334.453933][T11920] bridge0: port 3(.`) entered disabled state [ 334.542417][T11920] .`: entered allmulticast mode [ 334.548923][T11920] bond_slave_1: entered allmulticast mode [ 334.557900][T11920] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 334.656985][T11920] .`: entered promiscuous mode [ 334.662584][T11920] bond_slave_1: entered promiscuous mode [ 334.668695][T11920] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 334.824696][T11927] netlink: 16126 bytes leftover after parsing attributes in process `syz.3.2201'. [ 335.201532][T11936] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2203'. [ 335.288617][T11944] netlink: 'syz.3.2209': attribute type 39 has an invalid length. [ 335.417703][T11948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2207'. [ 335.854695][T11957] netlink: 'syz.0.2220': attribute type 3 has an invalid length. [ 335.870239][T11957] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.2220'. [ 336.039017][T11965] netlink: 'syz.1.2215': attribute type 10 has an invalid length. [ 336.060785][T11965] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.068697][T11965] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.090439][T11965] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.097820][T11965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 336.106411][T11965] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.113708][T11965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 336.144443][T11965] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.151895][T11965] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.257936][ T5788] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 336.268726][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 336.278137][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 336.292495][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 336.308351][ T5788] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 336.319152][ T5788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 336.858225][ T6681] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.946772][T11977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2218'. [ 337.034978][ T6681] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.095248][T11969] chnl_net:caif_netlink_parms(): no params data found [ 337.186245][ T6681] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.406997][T11987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2221'. [ 337.537104][T11969] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.545089][T11969] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.555253][T11969] bridge_slave_0: entered allmulticast mode [ 337.563622][T11969] bridge_slave_0: entered promiscuous mode [ 337.587725][T11969] bridge0: port 2(bridge_slave_1) entered blocking state [ 337.600645][T11969] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.608369][T11969] bridge_slave_1: entered allmulticast mode [ 337.615960][T11969] bridge_slave_1: entered promiscuous mode [ 337.660829][T11969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 337.673789][T11969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.785793][T11969] team0: Port device team_slave_0 added [ 337.834811][T11969] team0: Port device team_slave_1 added [ 337.891740][T11998] netlink: 'syz.0.2231': attribute type 39 has an invalid length. [ 337.962382][T11969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 337.969557][T11969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 338.070963][T11969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 338.239202][T12008] netlink: 'syz.1.2228': attribute type 3 has an invalid length. [ 338.249793][T11969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 338.258109][T11969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 338.284381][T12008] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.2228'. [ 338.303165][T11969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 338.316966][T12011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2229'. [ 338.400430][ T5796] Bluetooth: hci0: command tx timeout [ 338.442746][T12005] bridge0: port 3(.`) entered blocking state [ 338.449878][T12005] bridge0: port 3(.`) entered disabled state [ 338.457871][T12005] .`: entered allmulticast mode [ 338.464689][T12005] bond_slave_1: entered allmulticast mode [ 338.471997][T12005] batadv_slave_0: entered allmulticast mode [ 338.478381][T12005] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 338.493583][T12005] .`: entered promiscuous mode [ 338.499165][T12005] bond_slave_1: entered promiscuous mode [ 338.505608][T12005] batadv_slave_0: entered promiscuous mode [ 338.512340][T12005] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 338.558224][T11969] hsr_slave_0: entered promiscuous mode [ 338.570866][T11969] hsr_slave_1: entered promiscuous mode [ 338.595576][T12016] netlink: 'syz.0.2230': attribute type 39 has an invalid length. [ 339.193374][T12027] FAULT_INJECTION: forcing a failure. [ 339.193374][T12027] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.228480][T12027] CPU: 0 PID: 12027 Comm: syz.2.2235 Not tainted syzkaller #0 [ 339.236107][T12027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 339.246379][T12027] Call Trace: [ 339.249708][T12027] [ 339.252751][T12027] dump_stack_lvl+0x16c/0x230 [ 339.257478][T12027] ? show_regs_print_info+0x20/0x20 [ 339.262723][T12027] ? load_image+0x3b0/0x3b0 [ 339.265463][T11969] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 339.267254][T12027] ? __lock_acquire+0x7c80/0x7c80 [ 339.279084][T12027] ? snprintf+0xdb/0x120 [ 339.283385][T12027] should_fail_ex+0x39d/0x4d0 [ 339.288131][T12027] _copy_to_user+0x2f/0xa0 [ 339.292935][T12027] simple_read_from_buffer+0xe7/0x150 [ 339.298541][T12027] proc_fail_nth_read+0x1e3/0x250 [ 339.303617][T12027] ? proc_fault_inject_write+0x340/0x340 [ 339.309483][T12027] ? fsnotify_perm+0x271/0x5e0 [ 339.314306][T12027] ? proc_fault_inject_write+0x340/0x340 [ 339.320082][T12027] vfs_read+0x27e/0x920 [ 339.324382][T12027] ? kernel_read+0x1e0/0x1e0 [ 339.329024][T12027] ? __fget_files+0x28/0x4d0 [ 339.333681][T12027] ? __fget_files+0x44a/0x4d0 [ 339.338425][T12027] ? __fdget_pos+0x2a3/0x330 [ 339.343053][T12027] ? ksys_read+0x75/0x250 [ 339.347427][T12027] ksys_read+0x147/0x250 [ 339.351714][T12027] ? vfs_write+0x940/0x940 [ 339.356198][T12027] ? lockdep_hardirqs_on+0x98/0x150 [ 339.361452][T12027] do_syscall_64+0x55/0xb0 [ 339.365904][T12027] ? clear_bhb_loop+0x40/0x90 [ 339.370576][T12027] ? clear_bhb_loop+0x40/0x90 [ 339.375249][T12027] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 339.381229][T12027] RIP: 0033:0x7f3b3398d5fc [ 339.385759][T12027] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 339.405658][T12027] RSP: 002b:00007f3b347b0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 339.414207][T12027] RAX: ffffffffffffffda RBX: 00007f3b33bc5fa0 RCX: 00007f3b3398d5fc [ 339.422381][T12027] RDX: 000000000000000f RSI: 00007f3b347b00a0 RDI: 0000000000000008 [ 339.430385][T12027] RBP: 00007f3b347b0090 R08: 0000000000000000 R09: 0000000000000000 [ 339.438557][T12027] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 339.446708][T12027] R13: 00007f3b33bc6038 R14: 00007f3b33bc5fa0 R15: 00007ffe08eae0b8 [ 339.454811][T12027] [ 339.513006][ T6681] [ 339.515408][ T6681] ====================================================== [ 339.522553][ T6681] WARNING: possible circular locking dependency detected [ 339.529608][ T6681] syzkaller #0 Not tainted [ 339.534138][ T6681] ------------------------------------------------------ [ 339.541273][ T6681] kworker/u4:12/6681 is trying to acquire lock: [ 339.547597][ T6681] ffff88805fbb8d00 (team->team_lock_key#2){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0 [ 339.557404][ T6681] [ 339.557404][ T6681] but task is already holding lock: [ 339.564786][ T6681] ffff88801d380768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680 [ 339.575419][ T6681] [ 339.575419][ T6681] which lock already depends on the new lock. [ 339.575419][ T6681] [ 339.585902][ T6681] [ 339.585902][ T6681] the existing dependency chain (in reverse order) is: [ 339.595082][ T6681] [ 339.595082][ T6681] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}: [ 339.602811][ T6681] __mutex_lock+0x129/0xcc0 [ 339.608110][ T6681] ieee80211_open+0x144/0x200 [ 339.613313][ T6681] __dev_open+0x2bc/0x430 [ 339.618190][ T6681] dev_open+0xab/0x170 [ 339.622851][ T6681] team_add_slave+0xae7/0x2660 [ 339.628184][ T6681] do_setlink+0xe14/0x3fb0 [ 339.633422][ T6681] rtnl_newlink+0x175b/0x2020 [ 339.638705][ T6681] rtnetlink_rcv_msg+0x7c7/0xf10 [ 339.644255][ T6681] netlink_rcv_skb+0x216/0x480 [ 339.649562][ T6681] netlink_unicast+0x751/0x8d0 [ 339.654923][ T6681] netlink_sendmsg+0x8c1/0xbe0 [ 339.660200][ T6681] ____sys_sendmsg+0x5bf/0x950 [ 339.665566][ T6681] ___sys_sendmsg+0x220/0x290 [ 339.670880][ T6681] __se_sys_sendmsg+0x1a5/0x270 [ 339.676432][ T6681] do_syscall_64+0x55/0xb0 [ 339.681366][ T6681] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 339.687915][ T6681] [ 339.687915][ T6681] -> #0 (team->team_lock_key#2){+.+.}-{3:3}: [ 339.696079][ T6681] __lock_acquire+0x2ddb/0x7c80 [ 339.701549][ T6681] lock_acquire+0x197/0x410 [ 339.706699][ T6681] __mutex_lock+0x129/0xcc0 [ 339.711722][ T6681] team_del_slave+0x32/0x1c0 [ 339.716835][ T6681] team_device_event+0x28d/0xa20 [ 339.722382][ T6681] notifier_call_chain+0x197/0x390 [ 339.728267][ T6681] unregister_netdevice_many_notify+0xf36/0x1810 [ 339.735106][ T6681] unregister_netdevice_queue+0x324/0x360 [ 339.741342][ T6681] _cfg80211_unregister_wdev+0x16b/0x580 [ 339.747554][ T6681] ieee80211_remove_interfaces+0x496/0x680 [ 339.753888][ T6681] ieee80211_unregister_hw+0x5d/0x2a0 [ 339.759781][ T6681] mac80211_hwsim_del_radio+0x274/0x450 [ 339.765836][ T6681] hwsim_exit_net+0x585/0x640 [ 339.771063][ T6681] cleanup_net+0x6f4/0xb90 [ 339.775996][ T6681] process_scheduled_works+0xa45/0x15b0 [ 339.782143][ T6681] worker_thread+0xa55/0xfc0 [ 339.787274][ T6681] kthread+0x2fa/0x390 [ 339.792045][ T6681] ret_from_fork+0x48/0x80 [ 339.797092][ T6681] ret_from_fork_asm+0x11/0x20 [ 339.802455][ T6681] [ 339.802455][ T6681] other info that might help us debug this: [ 339.802455][ T6681] [ 339.812672][ T6681] Possible unsafe locking scenario: [ 339.812672][ T6681] [ 339.820106][ T6681] CPU0 CPU1 [ 339.825814][ T6681] ---- ---- [ 339.831164][ T6681] lock(&rdev->wiphy.mtx); [ 339.835654][ T6681] lock(team->team_lock_key#2); [ 339.843122][ T6681] lock(&rdev->wiphy.mtx); [ 339.850140][ T6681] lock(team->team_lock_key#2); [ 339.855080][ T6681] [ 339.855080][ T6681] *** DEADLOCK *** [ 339.855080][ T6681] [ 339.863221][ T6681] 5 locks held by kworker/u4:12/6681: [ 339.868797][ T6681] #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 339.879687][ T6681] #1: ffffc900052cfd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 339.890208][ T6681] #2: ffffffff8dfaf510 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x136/0xb90 [ 339.899782][ T6681] #3: ffffffff8dfbc348 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0 [ 339.909604][ T6681] #4: ffff88801d380768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680 [ 339.920412][ T6681] [ 339.920412][ T6681] stack backtrace: [ 339.926324][ T6681] CPU: 1 PID: 6681 Comm: kworker/u4:12 Not tainted syzkaller #0 [ 339.933945][ T6681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 339.944215][ T6681] Workqueue: netns cleanup_net [ 339.949186][ T6681] Call Trace: [ 339.952459][ T6681] [ 339.955468][ T6681] dump_stack_lvl+0x16c/0x230 [ 339.960325][ T6681] ? load_image+0x3b0/0x3b0 [ 339.964902][ T6681] ? show_regs_print_info+0x20/0x20 [ 339.970136][ T6681] ? print_circular_bug+0x12b/0x1a0 [ 339.975347][ T6681] check_noncircular+0x2bd/0x3c0 [ 339.980280][ T6681] ? print_deadlock_bug+0x5d0/0x5d0 [ 339.985551][ T6681] ? lockdep_lock+0xe0/0x220 [ 339.990183][ T6681] ? _find_first_zero_bit+0xd3/0x100 [ 339.995459][ T6681] __lock_acquire+0x2ddb/0x7c80 [ 340.000305][ T6681] ? verify_lock_unused+0x140/0x140 [ 340.005499][ T6681] ? verify_lock_unused+0x140/0x140 [ 340.010693][ T6681] lock_acquire+0x197/0x410 [ 340.015204][ T6681] ? team_del_slave+0x32/0x1c0 [ 340.019961][ T6681] ? __might_sleep+0xe0/0xe0 [ 340.024539][ T6681] ? read_lock_is_recursive+0x20/0x20 [ 340.029994][ T6681] __mutex_lock+0x129/0xcc0 [ 340.034510][ T6681] ? team_del_slave+0x32/0x1c0 [ 340.039348][ T6681] ? __lock_acquire+0x7c80/0x7c80 [ 340.044443][ T6681] ? rcu_is_watching+0x15/0xb0 [ 340.049381][ T6681] ? trace_contention_end+0x39/0xe0 [ 340.054658][ T6681] ? __mutex_lock+0x304/0xcc0 [ 340.059410][ T6681] ? team_del_slave+0x32/0x1c0 [ 340.064244][ T6681] ? mutex_lock_nested+0x20/0x20 [ 340.069168][ T6681] ? bond_netdev_event+0xe1/0xef0 [ 340.074334][ T6681] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 340.079959][ T6681] ? bond_ipsec_offload_ok+0x410/0x410 [ 340.085527][ T6681] team_del_slave+0x32/0x1c0 [ 340.090194][ T6681] team_device_event+0x28d/0xa20 [ 340.095133][ T6681] notifier_call_chain+0x197/0x390 [ 340.100271][ T6681] unregister_netdevice_many_notify+0xf36/0x1810 [ 340.106675][ T6681] ? lock_chain_count+0x20/0x20 [ 340.111514][ T6681] ? unregister_netdevice_many+0x20/0x20 [ 340.117227][ T6681] ? kernfs_remove_by_name_ns+0x117/0x150 [ 340.122941][ T6681] ? __lock_acquire+0x7c80/0x7c80 [ 340.128064][ T6681] unregister_netdevice_queue+0x324/0x360 [ 340.133776][ T6681] ? list_netdevice+0x730/0x730 [ 340.138734][ T6681] ? kernfs_remove_by_name_ns+0x117/0x150 [ 340.144441][ T6681] _cfg80211_unregister_wdev+0x16b/0x580 [ 340.150162][ T6681] ieee80211_remove_interfaces+0x496/0x680 [ 340.155986][ T6681] ? ieee80211_do_stop+0x1db0/0x1db0 [ 340.161344][ T6681] ? rcu_is_watching+0x15/0xb0 [ 340.166278][ T6681] ieee80211_unregister_hw+0x5d/0x2a0 [ 340.171637][ T6681] mac80211_hwsim_del_radio+0x274/0x450 [ 340.177287][ T6681] ? rhashtable_remove_fast+0xbf0/0xbf0 [ 340.182822][ T6681] hwsim_exit_net+0x585/0x640 [ 340.187573][ T6681] ? hwsim_init_net+0x90/0x90 [ 340.192237][ T6681] ? __ip_vs_dev_cleanup_batch+0x238/0x250 [ 340.198035][ T6681] cleanup_net+0x6f4/0xb90 [ 340.202439][ T6681] ? ops_free_list+0x3b0/0x3b0 [ 340.207203][ T6681] ? _raw_spin_unlock_irq+0x23/0x50 [ 340.212500][ T6681] ? process_scheduled_works+0x957/0x15b0 [ 340.218211][ T6681] ? process_scheduled_works+0x957/0x15b0 [ 340.224012][ T6681] process_scheduled_works+0xa45/0x15b0 [ 340.229560][ T6681] ? assign_work+0x400/0x400 [ 340.234323][ T6681] ? assign_work+0x39e/0x400 [ 340.238951][ T6681] worker_thread+0xa55/0xfc0 [ 340.243536][ T6681] kthread+0x2fa/0x390 [ 340.247596][ T6681] ? pr_cont_work+0x560/0x560 [ 340.252272][ T6681] ? kthread_blkcg+0xd0/0xd0 [ 340.256867][ T6681] ret_from_fork+0x48/0x80 [ 340.261376][ T6681] ? kthread_blkcg+0xd0/0xd0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 340.266303][ T6681] ret_from_fork_asm+0x11/0x20 [ 340.271195][ T6681] [ 340.281034][ T6681] team0: Port device wlan1 removed [ 340.300930][T11969] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 340.361422][T11969] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 340.380965][T12035] netlink: 'syz.0.2238': attribute type 39 has an invalid length. [ 340.470854][ T5796] Bluetooth: hci0: command tx timeout [ 340.901917][ T6681] hsr_slave_0: left promiscuous mode [ 340.908527][ T6681] hsr_slave_1: left promiscuous mode [ 340.916869][ T6681] veth1_vlan: left promiscuous mode [ 340.924467][ T6681] veth0_vlan: left promiscuous mode [ 341.152243][ T6681] .` (unregistering): (slave batadv_slave_0): Releasing backup interface [ 341.181088][ T6681] .` (unregistering): (slave veth0_to_batadv): Releasing backup interface [ 341.204423][ T6681] team0 (unregistering): Port device team_slave_1 removed [ 341.226996][ T6681] team0 (unregistering): Port device team_slave_0 removed [ 341.250220][ T6681] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 341.275372][ T6681] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 341.510873][ T6681] .` (unregistering): Released all slaves [ 342.046368][ T6681] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.088174][ T6681] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.128739][ T6681] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.199507][ T6681] .`: (slave netdevsim0): Releasing backup interface [ 342.206866][ T6681] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode [ 342.215410][ T6681] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 342.224494][ T6681] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.153298][ T6681] hsr_slave_0: left promiscuous mode [ 343.158983][ T6681] hsr_slave_1: left promiscuous mode [ 343.164968][ T6681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 343.172618][ T6681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 343.180477][ T6681] bridge_slave_1: left allmulticast mode [ 343.186149][ T6681] bridge_slave_1: left promiscuous mode [ 343.192134][ T6681] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.200184][ T6681] bridge_slave_0: left allmulticast mode [ 343.205847][ T6681] bridge_slave_0: left promiscuous mode [ 343.211604][ T6681] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.221923][ T6681] .`: left allmulticast mode [ 343.226514][ T6681] bond_slave_1: left allmulticast mode [ 343.232322][ T6681] .`: left promiscuous mode [ 343.236838][ T6681] bond_slave_1: left promiscuous mode [ 343.242471][ T6681] bridge0: port 3(.`) entered disabled state [ 343.252527][ T6681] bridge_slave_1: left allmulticast mode [ 343.258214][ T6681] bridge_slave_1: left promiscuous mode [ 343.264121][ T6681] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.272890][ T6681] bridge_slave_0: left promiscuous mode [ 343.278518][ T6681] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.288199][ T6681] veth1_vlan: left promiscuous mode [ 343.293802][ T6681] veth0_vlan: left promiscuous mode [ 343.407868][ T6681] team0 (unregistering): Port device team_slave_1 removed [ 343.433337][ T6681] team0 (unregistering): Port device team_slave_0 removed [ 343.454624][ T6681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 343.483065][ T6681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 343.549340][ T6681] bond0 (unregistering): Released all slaves [ 343.648677][ T6681] geneve1 (unregistering): left allmulticast mode [ 343.655798][ T6681] team0 (unregistering): Port device geneve1 removed [ 343.744753][ T6681] team_slave_1 (unregistering): left allmulticast mode [ 343.752672][ T6681] team0 (unregistering): Port device team_slave_1 removed [ 343.773993][ T6681] team_slave_0 (unregistering): left allmulticast mode [ 343.781431][ T6681] team0 (unregistering): Port device team_slave_0 removed [ 343.804237][ T6681] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 344.068295][ T6681] .` (unregistering): Released all slaves [ 344.563747][ T6681] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.603985][ T6681] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.673340][ T6681] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.715343][ T6681] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.462870][ T6681] hsr_slave_0: left promiscuous mode [ 345.468531][ T6681] hsr_slave_1: left promiscuous mode [ 345.474411][ T6681] bridge_slave_1: left allmulticast mode [ 345.480091][ T6681] bridge_slave_1: left promiscuous mode [ 345.485726][ T6681] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.494935][ T6681] veth1_vlan: left promiscuous mode [ 345.500210][ T6681] veth0_vlan: left promiscuous mode [ 345.623250][ T6681] .` (unregistering): (slave batadv_slave_0): Releasing backup interface [ 345.632086][ T6681] batadv_slave_0 (unregistering): left promiscuous mode [ 345.639019][ T6681] batadv_slave_0 (unregistering): left allmulticast mode [ 345.649049][ T6681] team_slave_1 (unregistering): left allmulticast mode [ 345.659727][ T6681] team0 (unregistering): Port device team_slave_1 removed [ 345.670596][ T6681] team_slave_0 (unregistering): left allmulticast mode [ 345.678047][ T6681] team0 (unregistering): Port device team_slave_0 removed [ 345.701565][ T6681] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 345.710164][ T6681] bond_slave_1 (unregistering): left promiscuous mode [ 345.716933][ T6681] bond_slave_1 (unregistering): left allmulticast mode [ 345.947378][ T6681] .` (unregistering): Released all slaves