last executing test programs: 14.951172046s ago: executing program 2 (id=7256): bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x0, 0x0}, 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x1a, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/24], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1b, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r0, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000fc04000000000000000000008500000041000000850000009e00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) perf_event_open(&(0x7f00000007c0)={0x2, 0x80, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x800}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x33, 0x3}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x4000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x10, &(0x7f0000000040), 0x4) sendmsg(r2, &(0x7f0000002d00)={0x0, 0x0, 0x0}, 0x40844) sendmsg$unix(r2, &(0x7f0000000640)={&(0x7f00000005c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001680)=[{0x0, 0x80000}], 0x1}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000000006c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x56}, 0x94) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f00000004000000080000000c"], 0x50) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)) perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0xfffffe51) 13.340651966s ago: executing program 2 (id=7262): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbf93, 0x0, @perf_config_ext={0x80000000000, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0xb) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x4, 0x8}, 0xc) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000014c0)=@base={0x19, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={0x1, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000700)=[0x0], 0x0, 0x31, &(0x7f0000000740)=[{}, {}], 0x10, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0x9b, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000045000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000a00)=@o_path={&(0x7f00000009c0)='./file0\x00', 0x0, 0x4000, r0}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000a40), &(0x7f0000000a80)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x8, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000003c0)='GPL\x00', 0x9, 0x10, &(0x7f0000000400)=""/16, 0x41100, 0x40, '\x00', r3, @cgroup_skb=0x1, r0, 0x8, &(0x7f0000000500)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0xc, 0xffffffc0, 0x2}, 0x10, r4, r6, 0x1, &(0x7f0000000b00)=[0x1, r7, r8], &(0x7f0000000b40)=[{0x3, 0x2, 0xe, 0x7}], 0x10, 0x7fffffff}, 0x94) socketpair$unix(0x1, 0x5, 0x0, 0x0) socketpair(0x1e, 0x20000000000001, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r9, 0x8922, &(0x7f0000001f40)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1C\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\xf5\a\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'5\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\x06\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5\xdcZ\xb9\xd7Z\x88\x9b\xdff[\x90\xfa\x9a{b\xf4Dq') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000007044f16c01b1fbfd000000000000008af65f0df9928941994cc8c173fac5688671085a86d143c59fed0e57feb97f422c51d8e63b4ed9e295df3ccd1a55752dfc2f32f14b6c8f0e7413c3e9caaad30dcb412d0f54623f388bb2c63d2b1f7d83cd0cc021867bb4aee9967a6ee83e1b18fd8beca7d7eddcd96634"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x80) 13.068258585s ago: executing program 2 (id=7265): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3a, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='\t\x00\x00\x00\f\x00\x00\x00B\x00\x00\x00@'], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x200, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x3, r1}, 0x38) 12.197476212s ago: executing program 2 (id=7268): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf896a13f650a3b4f737945a9a179a6ceb93adadb8dd841258d0f04b", 0x0, 0x0, 0x0, 0x4000}, 0x38) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x6, 0xd3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="2b63707520808281688c2c8d1761e0"], 0x5) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) openat$cgroup_int(r2, &(0x7f0000000180)='cpu.weight\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r3, &(0x7f00000002c0)='hugetlb.1GB.rsvd.failcnt\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='-cpu'], 0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x6, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x5, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000340), 0x8}, 0x10, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000280)={'wg2\x00'}) 9.776487397s ago: executing program 3 (id=7272): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x19, 0x4, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x82100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000200000020000000000000ef87f0c8eb1eddcb43c5c3bf6e982cc3b0c082f1323709be2972e8cac069b70751ed0f5cd223e2013d718923c666a045cfe26704c54f11cfccc226e0f7522d3e0323db53b0df3c9d9678"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0x9e}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x9, 0x2, 0x8, 0x40, 0xc0, 0x1, 0x3}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r1}, 0x38) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r1}, 0x38) 9.614463162s ago: executing program 3 (id=7273): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000000810076000000030000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000004"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000700000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x80) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0xfffffef3, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x5562, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 8.743186939s ago: executing program 3 (id=7274): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1b, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x41000, 0x1c, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0xc, 0x0, 0x0, 0x54200, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond_slave_0\x00', 0x800}) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ffc40bffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400210000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000592000009500000000000000a3028cb5af6c8f5d76781dcb7729f0170720596bb3b4d821d976f5843061cc2e3afbae82d7932d192321fa3b3042f100"/172], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0xa002a0, 0x10, 0xfffffffffffffe3a, &(0x7f0000000000)="5ae02efc441a80536af0d1d905c723fa", &(0x7f0000000040)=""/24, 0x6411, 0x0, 0xffffff80, 0x0, &(0x7f0000000000), &(0x7f0000000440)="cf599d2d8c35284f5437c01648acd9c7bc1d381c23f84c5f9912d1dd53868fadcd2a9b6fc17cac4cdc519828972022060000dbae05c84fb25f39fafdc5a9f86fa54df9a25e89d910cdd3a4c709ce5c3cf02d81318a41d30927ea4562908747892931ce5e7b53f8d3ead7c6c1716878f93414b6991dd49a75b7a3621988a0b4edf3bcdbd91597ae45", 0x0, 0x0, 0xd}, 0x28) close(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8946, 0x0) 8.552749865s ago: executing program 3 (id=7275): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x18000000000002a0, 0x2, 0x0, &(0x7f0000000540)="d2df", 0x0, 0x95b4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180900000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) syz_clone(0x40042700, 0x0, 0x0, 0x0, 0x0, 0x0) 7.586497715s ago: executing program 2 (id=7276): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002060207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xfffffeff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x6ea) r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305828, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12506, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000000000001, 0x8}, 0x7602, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r2, 0x0, 0x0}, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 7.549783686s ago: executing program 0 (id=7279): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x401c5820, &(0x7f0000000000)=0x18) 7.350551872s ago: executing program 0 (id=7280): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001f80)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000002b000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f17e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b534dfd8e012e79578e51bc53099e90f4580d660551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b6fbce3f897226c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a0806000000020000000000230048f941b13d924bcf334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c063f7130856f756436303767d2e24f29e5dad9796edb697a6ea1182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c50500721fc7aa2a583726c64c0fb6ca996d278fb00bba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a411f450f173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75ee93f9959e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef660200a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749feaecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f54d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cd2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ed65af3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8989d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501ae03002af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0b2e9f3bb90613508c00a292a0c5b87a4f8ff35eba73ce9ebf77d0c842063a7b42c757d828678d38e6a868eaead4f19cdeb7cfc100ceabb4a3999cce5d36ecfe80def20f7187bab75515226f4d9b30e0567612210d492468781999ce795522b726bdf37b15e9afde32a7052cc909eb08cca312c557bff04cf1fbb0dcfe8ac00"/2832], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff4f}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="88002300"/14, 0x0, 0x3400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.289798984s ago: executing program 0 (id=7281): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x68aa63a0}, [@call={0x85, 0x0, 0x0, 0x9e}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 7.224025206s ago: executing program 0 (id=7282): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x9e}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x34}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000001800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000040850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000800000000000000faffffff8500000008"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x6fa6c04eee5c85fd, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) syz_clone(0xc0126080, 0x0, 0x0, 0x0, 0x0, 0x0) 6.905782606s ago: executing program 1 (id=7283): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000001850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="07000000040000001800000003"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000005, 0x80100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x11540, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') 6.664719724s ago: executing program 1 (id=7284): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe7}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETFILTEREBPF(r4, 0x800454e1, &(0x7f0000000380)=r5) write$cgroup_devices(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 2.981978478s ago: executing program 4 (id=7287): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 2.959331599s ago: executing program 1 (id=7288): ioctl$TUNSETDEBUG(0xffffffffffffffff, 0x400454c9, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x20, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000080000000850000002b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="c1dfb061cdee7a1f3fc89771a773", 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000840)='./cgroup/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) 2.854506442s ago: executing program 4 (id=7289): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000080)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7ff}, [@call={0x85, 0x0, 0x0, 0x7d}, @printk={@llu, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f0000000380)=r3) write$cgroup_devices(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 2.766208065s ago: executing program 1 (id=7290): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x401c5820, &(0x7f0000000000)=0x18) write$cgroup_type(r0, &(0x7f0000000040), 0x9) 2.716990636s ago: executing program 1 (id=7291): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) write$cgroup_devices(r0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0309004d8871ef2885634a8270e7112b00000000000000000000000000ac14140182"], 0xee8a) 2.676573987s ago: executing program 4 (id=7292): perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0xecc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x10020, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x8e20, 0xa2a}, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x6a) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0xc8, 0x0, 0x3, 0x0, 0x0, 0x6341, 0x0, 0xfffffffe, 0x0, 0xffffffffffffffff}, 0x0, 0xa, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000006d00000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r3 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r2}, 0x8) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$LINK_DETACH(0x22, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 545.467733ms ago: executing program 4 (id=7293): bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000240)={r1, 0x0, 0x0}, 0xd) 517.314534ms ago: executing program 1 (id=7294): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000081007600000003000000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000004"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000700000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a0000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x80) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0xfffffef3, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x5562, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 413.108618ms ago: executing program 4 (id=7295): bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x20025, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xb00000000000000, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x17) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000ffffff1f000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc8900000000000035090100000000009500000000000000b7020000001ac81b7baaf8ff00000000d5090000000000007baaf0ff00000000bf8300000000000007080000fffdffffbca400000000000007040000f0ffffff240200000800000018220000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000080000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 238.588043ms ago: executing program 3 (id=7296): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x2000035e, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000630120000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 130.443176ms ago: executing program 2 (id=7297): bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000000006c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x56}, 0x94) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)) write$cgroup_type(r0, &(0x7f0000000180), 0xfffffe51) 127.701216ms ago: executing program 0 (id=7307): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x37) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0xe, 0xf, &(0x7f0000000840)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x25}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r0, r2, 0x5}, 0x10) 38.439749ms ago: executing program 4 (id=7298): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x9, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x4, &(0x7f0000001900)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000022c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000e2a379b2d77d23276f04bfb2bc711f599f553be71eeb69e52b98a9"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x24, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x14}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0xa, 0x0, 0x2, 0xd55}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfff8}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x3}, {0x46, 0x8, 0xfff0, 0x76}}, @printk={@lu, {0x3, 0x3, 0x3, 0x4, 0x9}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}}], {{0x7, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 177.02µs ago: executing program 0 (id=7299): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe7}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETFILTEREBPF(r4, 0x800454e1, &(0x7f0000000380)=r5) write$cgroup_devices(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="1e030600bc5cb60128876360864666702c1ffe80000000000000", @ANYRESDEC], 0xffdd) 0s ago: executing program 3 (id=7300): bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) gettid() bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) gettid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0) syz_clone(0x44a41380, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001340)) syz_clone(0x8800000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001100), 0x0, 0x80}, 0x48014) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x208480, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) kernel console output (not intermixed with test programs): face batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1165.624506][ T4290] Bluetooth: hci5: command 0x041b tx timeout [ 1165.704508][T23339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1166.643716][T23409] netlink: 'syz.3.6148': attribute type 10 has an invalid length. [ 1167.501890][T23409] team0 (unregistering): Port device team_slave_1 removed [ 1167.699244][T23339] device hsr_slave_0 entered promiscuous mode [ 1167.706713][ T4290] Bluetooth: hci5: command 0x040f tx timeout [ 1167.852274][T23339] device hsr_slave_1 entered promiscuous mode [ 1167.862510][T23339] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1167.934248][T23339] Cannot create hsr debugfs directory [ 1168.516299][T23424] netlink: 184 bytes leftover after parsing attributes in process `syz.2.6151'. [ 1169.784295][ T4290] Bluetooth: hci5: command 0x0419 tx timeout [ 1171.324307][T23483] netlink: 184 bytes leftover after parsing attributes in process `syz.2.6164'. [ 1171.702927][T23339] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1171.839822][T23339] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1172.090419][ T11] device hsr_slave_0 left promiscuous mode [ 1172.135845][ T11] device hsr_slave_1 left promiscuous mode [ 1172.200802][ T11] bridge0: port 3(dummy0) entered disabled state [ 1172.243049][ T11] device bridge_slave_1 left promiscuous mode [ 1172.264741][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1172.360243][ T11] device bridge_slave_0 left promiscuous mode [ 1172.385711][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1172.637724][ T11] device veth1_vlan left promiscuous mode [ 1172.650182][ T11] device veth0_vlan left promiscuous mode [ 1173.359054][ T11] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 1174.337937][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1174.448323][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1174.798130][ T11] bond0 (unregistering): Released all slaves [ 1174.898879][T23339] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1174.911120][T23339] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1175.297608][T23339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1175.360856][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1175.385433][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1175.449965][T23339] 8021q: adding VLAN 0 to HW filter on device team0 [ 1175.523940][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1175.538324][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1175.571088][ T4350] bridge0: port 1(bridge_slave_0) entered blocking state [ 1175.578390][ T4350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1175.685060][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1175.706308][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1175.749735][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1175.789947][ T4350] bridge0: port 2(bridge_slave_1) entered blocking state [ 1175.797228][ T4350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1175.847470][T23529] netlink: 184 bytes leftover after parsing attributes in process `syz.4.6178'. [ 1175.883449][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1175.936682][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1175.968877][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1176.010174][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1176.086091][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1176.131667][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1176.165481][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1176.226883][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1176.257407][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1176.305323][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1176.345009][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1176.366756][T23339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1177.309090][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.315587][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.556762][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1177.566918][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1177.589243][T23339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1177.623266][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1177.643513][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1177.708485][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1177.727104][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1177.749076][T23339] device veth0_vlan entered promiscuous mode [ 1177.758566][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1177.777440][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1177.818604][T23339] device veth1_vlan entered promiscuous mode [ 1177.898201][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1177.918513][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1177.942271][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1177.969448][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1177.997013][T23339] device veth0_macvtap entered promiscuous mode [ 1178.010241][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1178.041855][T23339] device veth1_macvtap entered promiscuous mode [ 1178.117385][T23339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1178.144303][T23339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1178.164469][T23339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1178.184463][T23339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1178.204685][T23339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1178.224247][T23339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1178.246798][T23339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1178.274982][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1178.290143][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1178.313389][T23339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1178.334352][T23339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1178.356449][T23339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1178.384343][T23339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1178.404684][T23339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1178.428447][T23339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1178.446466][T23339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1178.455635][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1178.475832][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1178.499465][T23339] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.524284][T23339] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.533060][T23339] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.565555][T23339] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.973570][ T4300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1179.009273][ T4300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1179.124771][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1179.837871][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1179.859783][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1179.881379][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1180.950109][T22238] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1180.961468][T22238] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1180.970008][T22238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1180.978167][T22238] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1180.987211][T22238] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1180.996985][T22238] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1181.672138][T23596] chnl_net:caif_netlink_parms(): no params data found [ 1181.860085][T23596] bridge0: port 1(bridge_slave_0) entered blocking state [ 1181.903760][T23596] bridge0: port 1(bridge_slave_0) entered disabled state [ 1181.933105][T23596] device bridge_slave_0 entered promiscuous mode [ 1181.976895][T23596] bridge0: port 2(bridge_slave_1) entered blocking state [ 1181.998668][T23596] bridge0: port 2(bridge_slave_1) entered disabled state [ 1182.015691][T23596] device bridge_slave_1 entered promiscuous mode [ 1182.075294][T23596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1182.087734][T23596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1182.136002][T23596] team0: Port device team_slave_0 added [ 1182.166538][T23596] team0: Port device team_slave_1 added [ 1182.211654][T23596] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1182.224461][T23596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1182.270932][T23596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1182.304896][T23596] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1182.312083][T23596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1182.358769][T23596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1183.164017][T22238] Bluetooth: hci3: command 0x0409 tx timeout [ 1183.287126][T23596] device hsr_slave_0 entered promiscuous mode [ 1183.354921][T23596] device hsr_slave_1 entered promiscuous mode [ 1183.372237][T23596] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1183.434282][T23596] Cannot create hsr debugfs directory [ 1183.575942][T13772] device syz_tun left promiscuous mode [ 1183.599854][T13772] bridge0: port 2(syz_tun) entered disabled state [ 1183.916206][ T56] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.259987][ T56] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.410143][T23628] netlink: 'syz.4.6197': attribute type 13 has an invalid length. [ 1184.438940][T23628] netlink: 14581 bytes leftover after parsing attributes in process `syz.4.6197'. [ 1184.648950][ T56] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.857838][ T56] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1185.225000][T22238] Bluetooth: hci3: command 0x041b tx timeout [ 1185.903497][ T56] tipc: Left network mode [ 1187.304334][ T4290] Bluetooth: hci3: command 0x040f tx timeout [ 1188.923503][T23706] netlink: 'syz.4.6211': attribute type 12 has an invalid length. [ 1188.947703][T23706] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6211'. [ 1188.968206][T23711] sctp: [Deprecated]: syz.3.6214 (pid 23711) Use of int in maxseg socket option. [ 1188.968206][T23711] Use struct sctp_assoc_value instead [ 1189.394422][T22238] Bluetooth: hci3: command 0x0419 tx timeout [ 1191.004797][T23739] bridge0: port 2(bridge_slave_1) entered disabled state [ 1191.053500][T23739] bridge0: port 1(bridge_slave_0) entered disabled state [ 1191.899985][T23596] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1192.432494][T23596] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1192.509259][T23596] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1192.719598][T23596] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1193.465666][T23596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1193.533993][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1193.542852][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1193.587300][T23596] 8021q: adding VLAN 0 to HW filter on device team0 [ 1193.670878][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1193.693315][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1193.740776][ T4350] bridge0: port 1(bridge_slave_0) entered blocking state [ 1193.747997][ T4350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1193.781408][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1193.811666][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1193.848112][ T4350] bridge0: port 2(bridge_slave_1) entered blocking state [ 1193.855323][ T4350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1193.905645][T23776] netlink: 'syz.0.6228': attribute type 25 has an invalid length. [ 1193.944833][T23776] netlink: 'syz.0.6228': attribute type 28 has an invalid length. [ 1193.968664][T23780] delete_channel: no stack [ 1193.973851][T23780] delete_channel: no stack [ 1194.010551][T23780] netlink: 196 bytes leftover after parsing attributes in process `syz.4.6229'. [ 1194.014443][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1194.031308][T23783] sctp: [Deprecated]: syz.1.6231 (pid 23783) Use of int in maxseg socket option. [ 1194.031308][T23783] Use struct sctp_assoc_value instead [ 1194.055419][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1194.057209][T23780] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1194.139689][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1194.174541][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1194.213927][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1194.271586][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1194.329725][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1194.340274][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1194.391775][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1194.428924][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1195.133923][T23596] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1195.553338][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1195.577720][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1195.766520][T23799] netlink: 'syz.3.6235': attribute type 10 has an invalid length. [ 1195.790539][T23799] netlink: 168 bytes leftover after parsing attributes in process `syz.3.6235'. [ 1196.014854][T23803] netlink: 144 bytes leftover after parsing attributes in process `syz.4.6236'. [ 1198.823898][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1198.863000][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1198.913018][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1198.941232][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1198.969978][ T56] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 1198.998373][ T56] batman_adv: batadv0: Removing interface: veth1_vlan [ 1199.045088][ T56] device bridge_slave_0 left promiscuous mode [ 1199.051376][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 1199.126585][ T56] device veth0_vlan left promiscuous mode [ 1200.026076][ T56] team0 (unregistering): Port device team_slave_1 removed [ 1200.133362][ T56] team0 (unregistering): Port device bridge_slave_1 removed [ 1200.503259][T23596] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1200.521975][T23833] netlink: 'syz.4.6241': attribute type 25 has an invalid length. [ 1200.533477][T23833] netlink: 'syz.4.6241': attribute type 28 has an invalid length. [ 1200.577262][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1200.597054][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1200.635637][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1200.650605][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1200.746178][T23842] sctp: [Deprecated]: syz.3.6243 (pid 23842) Use of int in maxseg socket option. [ 1200.746178][T23842] Use struct sctp_assoc_value instead [ 1200.787325][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1200.809409][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1200.851479][T23596] device veth0_vlan entered promiscuous mode [ 1200.869468][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1200.905795][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1200.949750][T23596] device veth1_vlan entered promiscuous mode [ 1201.088194][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1201.114917][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1201.146574][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1201.175363][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1201.204877][T23596] device veth0_macvtap entered promiscuous mode [ 1201.225313][T23596] device veth1_macvtap entered promiscuous mode [ 1201.281027][T23596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1201.314247][T23596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.324134][T23596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1201.369900][T23596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.381330][T23596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1201.398768][T23596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.420002][T23596] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1201.430749][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1201.458084][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1201.470653][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1201.487257][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1201.510661][T23596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1201.536600][T23596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.565078][T23596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1201.575945][T23596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.594375][T23596] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1201.614321][T23596] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.626222][T23596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1201.637985][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1201.657703][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1201.689048][T23596] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.703673][T23596] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.712906][T23596] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.723521][T23596] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1203.895047][T19702] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1203.903095][T19702] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1204.027938][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1204.147235][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1204.199379][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1204.255039][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1204.311595][T23861] netlink: 'syz.0.6249': attribute type 21 has an invalid length. [ 1204.326405][T23861] netlink: 'syz.0.6249': attribute type 10 has an invalid length. [ 1204.344120][T23861] device veth0_vlan left promiscuous mode [ 1204.407567][T23861] device veth0_vlan entered promiscuous mode [ 1204.479443][T23861] team0: Device veth0_vlan failed to register rx_handler [ 1204.842332][T23866] netlink: 184 bytes leftover after parsing attributes in process `syz.2.6193'. [ 1205.237129][T23872] netlink: 'syz.2.6254': attribute type 25 has an invalid length. [ 1205.280132][T23872] netlink: 'syz.2.6254': attribute type 28 has an invalid length. [ 1205.551006][T23878] netlink: 'syz.3.6255': attribute type 6 has an invalid length. [ 1205.572841][T23878] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.6255'. [ 1206.020354][T23891] sctp: [Deprecated]: syz.1.6258 (pid 23891) Use of int in maxseg socket option. [ 1206.020354][T23891] Use struct sctp_assoc_value instead [ 1206.144667][ T4290] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1206.154748][ T4290] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1206.162925][ T4290] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1206.173931][ T4290] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1206.185117][ T4290] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1206.194553][ T4290] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1206.470135][T23900] netlink: 'syz.2.6261': attribute type 10 has an invalid length. [ 1206.547156][T23900] netlink: 168 bytes leftover after parsing attributes in process `syz.2.6261'. [ 1206.580540][T23908] netlink: 184 bytes leftover after parsing attributes in process `syz.3.6264'. [ 1206.604552][T23895] chnl_net:caif_netlink_parms(): no params data found [ 1206.961834][T23919] netlink: 'syz.4.6265': attribute type 25 has an invalid length. [ 1206.981523][T23919] netlink: 'syz.4.6265': attribute type 28 has an invalid length. [ 1207.026869][T23895] bridge0: port 1(bridge_slave_0) entered blocking state [ 1207.118484][T23895] bridge0: port 1(bridge_slave_0) entered disabled state [ 1207.173333][T23895] device bridge_slave_0 entered promiscuous mode [ 1207.183355][T23895] bridge0: port 2(bridge_slave_1) entered blocking state [ 1207.191065][T23895] bridge0: port 2(bridge_slave_1) entered disabled state [ 1207.200706][T23895] device bridge_slave_1 entered promiscuous mode [ 1207.253347][T23927] netlink: 'syz.4.6268': attribute type 3 has an invalid length. [ 1207.264966][T23895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1207.324493][T23895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1207.400540][T23895] team0: Port device team_slave_0 added [ 1207.429267][T23934] sctp: [Deprecated]: syz.3.6272 (pid 23934) Use of int in maxseg socket option. [ 1207.429267][T23934] Use struct sctp_assoc_value instead [ 1207.552550][T23895] team0: Port device team_slave_1 added [ 1207.583151][T23895] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1207.643698][T23895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1207.747117][T23895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1207.781175][T23895] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1207.799869][T23895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1207.882454][T23895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1208.126692][T23895] device hsr_slave_0 entered promiscuous mode [ 1208.182743][T23895] device hsr_slave_1 entered promiscuous mode [ 1208.264390][ T4290] Bluetooth: hci1: command 0x0409 tx timeout [ 1208.272130][T23895] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1208.280990][T23895] Cannot create hsr debugfs directory [ 1208.490034][T23950] netlink: 'syz.1.6277': attribute type 25 has an invalid length. [ 1208.534496][T23950] netlink: 'syz.1.6277': attribute type 28 has an invalid length. [ 1208.642224][T23952] netlink: 'syz.4.6278': attribute type 10 has an invalid length. [ 1208.684604][T23952] netlink: 168 bytes leftover after parsing attributes in process `syz.4.6278'. [ 1208.775303][T23957] FAULT_INJECTION: forcing a failure. [ 1208.775303][T23957] name failslab, interval 1, probability 0, space 0, times 0 [ 1208.874245][T23957] CPU: 1 PID: 23957 Comm: syz.2.6280 Not tainted syzkaller #0 [ 1208.881954][T23957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1208.892035][T23957] Call Trace: [ 1208.895437][T23957] [ 1208.898392][T23957] dump_stack_lvl+0x188/0x24e [ 1208.903127][T23957] ? show_regs_print_info+0x12/0x12 [ 1208.908369][T23957] ? load_image+0x400/0x400 [ 1208.912910][T23957] ? verify_lock_unused+0x140/0x140 [ 1208.918152][T23957] should_fail_ex+0x399/0x4d0 [ 1208.923029][T23957] should_failslab+0x5/0x20 [ 1208.927760][T23957] slab_pre_alloc_hook+0x59/0x310 [ 1208.932823][T23957] kmem_cache_alloc+0x56/0x2f0 [ 1208.937602][T23957] ? skb_clone+0x1e7/0x370 [ 1208.942025][T23957] skb_clone+0x1e7/0x370 [ 1208.946270][T23957] __netlink_deliver_tap+0x3ed/0x800 [ 1208.951562][T23957] ? netlink_deliver_tap+0x2e/0x1b0 [ 1208.956762][T23957] netlink_deliver_tap+0x19c/0x1b0 [ 1208.961867][T23957] netlink_unicast+0x728/0x8d0 [ 1208.966630][T23957] netlink_sendmsg+0x8ad/0xbd0 [ 1208.971395][T23957] ? netlink_getsockopt+0x550/0x550 [ 1208.976599][T23957] ? aa_sock_msg_perm+0x94/0x150 [ 1208.981543][T23957] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1208.986840][T23957] ? security_socket_sendmsg+0x7c/0xa0 [ 1208.992297][T23957] ? netlink_getsockopt+0x550/0x550 [ 1208.997490][T23957] ____sys_sendmsg+0x5be/0x970 [ 1209.002286][T23957] ? __sys_sendmsg_sock+0x30/0x30 [ 1209.007326][T23957] ? __import_iovec+0x315/0x500 [ 1209.012191][T23957] ? import_iovec+0x6f/0xa0 [ 1209.016695][T23957] ___sys_sendmsg+0x2a2/0x360 [ 1209.021377][T23957] ? __sys_sendmsg+0x290/0x290 [ 1209.026159][T23957] ? __lock_acquire+0x7d10/0x7d10 [ 1209.031199][T23957] __se_sys_sendmsg+0x1bb/0x2a0 [ 1209.036137][T23957] ? __x64_sys_sendmsg+0x80/0x80 [ 1209.041104][T23957] ? lockdep_hardirqs_on+0x94/0x140 [ 1209.046391][T23957] do_syscall_64+0x4c/0xa0 [ 1209.050801][T23957] ? clear_bhb_loop+0x60/0xb0 [ 1209.055476][T23957] ? clear_bhb_loop+0x60/0xb0 [ 1209.060155][T23957] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1209.066049][T23957] RIP: 0033:0x7f2fd499ce59 [ 1209.070456][T23957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1209.090145][T23957] RSP: 002b:00007f2fd5918028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1209.098579][T23957] RAX: ffffffffffffffda RBX: 00007f2fd4c15fa0 RCX: 00007f2fd499ce59 [ 1209.106546][T23957] RDX: 0000000004000010 RSI: 0000200000000000 RDI: 0000000000000003 [ 1209.114510][T23957] RBP: 00007f2fd5918090 R08: 0000000000000000 R09: 0000000000000000 [ 1209.122475][T23957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1209.130444][T23957] R13: 00007f2fd4c16038 R14: 00007f2fd4c15fa0 R15: 00007ffe2eaaa3b8 [ 1209.138529][T23957] [ 1209.235101][T23895] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.294625][T23961] syzkaller0: tun_chr_ioctl cmd 2148553947 [ 1209.407782][T23895] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.541510][T23895] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1209.607828][T23969] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.6284'. [ 1209.625957][T23969] bridge_slave_1: default FDB implementation only supports local addresses [ 1209.726577][T23895] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1210.000024][T23980] sctp: [Deprecated]: syz.1.6287 (pid 23980) Use of int in maxseg socket option. [ 1210.000024][T23980] Use struct sctp_assoc_value instead [ 1210.183363][T23895] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1210.344436][ T4290] Bluetooth: hci1: command 0x041b tx timeout [ 1211.171082][T23895] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1211.302876][T23895] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1211.360225][T23895] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1211.579120][T23895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1211.653861][T23895] 8021q: adding VLAN 0 to HW filter on device team0 [ 1211.748434][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1211.784988][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1211.821794][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1211.873314][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1211.895634][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 1211.902874][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1211.965367][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1212.009654][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1212.033142][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1212.063442][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 1212.070643][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1212.097535][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1212.115780][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1212.146731][T24005] netlink: 'syz.2.6295': attribute type 10 has an invalid length. [ 1212.189603][T24005] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6295'. [ 1212.235147][T24005] device ipvlan1 entered promiscuous mode [ 1212.327363][T24005] bridge0: port 3(ipvlan1) entered blocking state [ 1212.384938][T24005] bridge0: port 3(ipvlan1) entered disabled state [ 1212.424783][ T4290] Bluetooth: hci1: command 0x040f tx timeout [ 1212.473437][T24005] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1212.540150][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1212.555522][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1212.583867][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1212.612547][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1212.643702][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1212.725436][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1212.749122][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1212.783416][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1212.836312][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1214.514359][ T4290] Bluetooth: hci1: command 0x0419 tx timeout [ 1216.092583][T24035] sctp: [Deprecated]: syz.2.6303 (pid 24035) Use of int in maxseg socket option. [ 1216.092583][T24035] Use struct sctp_assoc_value instead [ 1216.320134][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1216.334578][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1216.402360][T23895] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1216.514839][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1216.523772][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1216.730952][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1216.760230][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1216.799582][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1216.825610][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1216.966773][T23895] device veth0_vlan entered promiscuous mode [ 1217.027264][T23895] device veth1_vlan entered promiscuous mode [ 1217.171231][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1217.217088][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1217.265372][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1217.329126][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1217.378340][T23895] device veth0_macvtap entered promiscuous mode [ 1217.503357][T24055] netlink: 'syz.1.6311': attribute type 10 has an invalid length. [ 1218.338681][T23895] device veth1_macvtap entered promiscuous mode [ 1218.374440][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1218.395073][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1218.739981][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.766421][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.814430][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.839602][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.854418][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.894300][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1218.922686][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1218.968932][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.015456][T23895] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1219.023441][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1219.032804][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1219.301741][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.336636][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.363357][T24088] sctp: [Deprecated]: syz.4.6319 (pid 24088) Use of int in maxseg socket option. [ 1219.363357][T24088] Use struct sctp_assoc_value instead [ 1219.364310][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.444582][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.475551][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.504353][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.534719][T23895] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1219.604478][T23895] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1219.692126][T23895] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1219.748646][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1219.768669][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1219.906283][T23895] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.946693][T23895] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.974232][T23895] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.003653][T23895] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.158428][T24098] netlink: 16054 bytes leftover after parsing attributes in process `syz.4.6321'. [ 1220.230688][T24096] netlink: 'syz.4.6321': attribute type 10 has an invalid length. [ 1220.254697][T24096] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6321'. [ 1220.291485][T24096] device ipvlan1 entered promiscuous mode [ 1220.328503][T24096] bridge0: port 3(ipvlan1) entered blocking state [ 1220.345475][T24096] bridge0: port 3(ipvlan1) entered disabled state [ 1220.372279][T24096] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1220.820533][T13595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1220.854100][T13595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1221.162231][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1221.173221][T24112] netlink: 'syz.4.6326': attribute type 10 has an invalid length. [ 1222.303970][T24125] sctp: [Deprecated]: syz.4.6330 (pid 24125) Use of int in maxseg socket option. [ 1222.303970][T24125] Use struct sctp_assoc_value instead [ 1223.632472][T13595] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1223.653771][T13595] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1223.784508][ T11] device hsr_slave_0 left promiscuous mode [ 1223.824114][ T11] device hsr_slave_1 left promiscuous mode [ 1223.838215][ T11] bridge0: port 3(dummy0) entered disabled state [ 1223.931792][ T11] device bridge_slave_1 left promiscuous mode [ 1223.944513][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1223.981920][ T11] device bridge_slave_0 left promiscuous mode [ 1223.995483][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1224.097291][ T11] device veth1_vlan left promiscuous mode [ 1224.170916][T24154] netlink: 16054 bytes leftover after parsing attributes in process `syz.1.6336'. [ 1225.797870][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1225.983843][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1226.131649][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1226.294035][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1226.780039][ T11] bond0 (unregistering): Released all slaves [ 1226.951570][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1226.973648][T24148] netlink: 'syz.1.6336': attribute type 10 has an invalid length. [ 1226.982318][T24148] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6336'. [ 1227.017098][T24148] device ipvlan1 entered promiscuous mode [ 1227.042493][T24148] bridge0: port 3(ipvlan1) entered blocking state [ 1227.050109][T24148] bridge0: port 3(ipvlan1) entered disabled state [ 1227.067620][T24148] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1227.541026][T24180] sctp: [Deprecated]: syz.0.6345 (pid 24180) Use of int in maxseg socket option. [ 1227.541026][T24180] Use struct sctp_assoc_value instead [ 1228.379882][T22238] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1228.402600][T22238] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1228.420983][T22238] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1228.429179][T22238] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1228.437679][T22238] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1228.445911][T22238] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1230.046913][T24193] chnl_net:caif_netlink_parms(): no params data found [ 1230.477755][T24193] bridge0: port 1(bridge_slave_0) entered blocking state [ 1230.504147][T24193] bridge0: port 1(bridge_slave_0) entered disabled state [ 1230.505481][T22238] Bluetooth: hci4: command 0x0409 tx timeout [ 1230.513003][T24193] device bridge_slave_0 entered promiscuous mode [ 1230.687485][T24193] bridge0: port 2(bridge_slave_1) entered blocking state [ 1230.717742][T24193] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.745575][T24193] device bridge_slave_1 entered promiscuous mode [ 1231.557054][T24193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1231.588202][T24193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1231.701020][T24193] team0: Port device team_slave_0 added [ 1231.740652][T24193] team0: Port device team_slave_1 added [ 1231.876256][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1231.927120][T24193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1231.952863][T24193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1232.025009][T24193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1232.142369][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1232.225098][T24193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1232.232181][T24193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1232.314498][T24193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1232.432741][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1232.584683][T22238] Bluetooth: hci4: command 0x041b tx timeout [ 1232.595263][T24193] device hsr_slave_0 entered promiscuous mode [ 1232.612213][T24193] device hsr_slave_1 entered promiscuous mode [ 1232.629666][T24193] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1232.683155][T24193] Cannot create hsr debugfs directory [ 1232.745022][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1232.759900][T24280] netlink: 'syz.0.6381': attribute type 10 has an invalid length. [ 1232.773816][T24280] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6381'. [ 1232.785760][T24280] device ipvlan1 entered promiscuous mode [ 1232.801547][T24280] bridge0: port 3(ipvlan1) entered blocking state [ 1232.811751][T24280] bridge0: port 3(ipvlan1) entered disabled state [ 1232.826816][T24280] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1232.922235][T24280] netlink: 16054 bytes leftover after parsing attributes in process `syz.0.6381'. [ 1233.825630][T24300] netlink: 'syz.4.6388': attribute type 10 has an invalid length. [ 1234.012141][ T11] tipc: Left network mode [ 1234.664362][T22238] Bluetooth: hci4: command 0x040f tx timeout [ 1235.482824][T24193] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1235.789759][T24193] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1235.853258][T24193] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1235.889019][T24193] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1236.200408][T24356] FAULT_INJECTION: forcing a failure. [ 1236.200408][T24356] name failslab, interval 1, probability 0, space 0, times 0 [ 1236.263706][T24356] CPU: 1 PID: 24356 Comm: syz.4.6403 Not tainted syzkaller #0 [ 1236.271354][T24356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1236.281462][T24356] Call Trace: [ 1236.284774][T24356] [ 1236.287730][T24356] dump_stack_lvl+0x188/0x24e [ 1236.292585][T24356] ? show_regs_print_info+0x12/0x12 [ 1236.297912][T24356] ? load_image+0x400/0x400 [ 1236.302469][T24356] ? __might_sleep+0xd0/0xd0 [ 1236.307102][T24356] ? __lock_acquire+0x7d10/0x7d10 [ 1236.312203][T24356] ? ___sys_sendmsg+0x2a2/0x360 [ 1236.317125][T24356] should_fail_ex+0x399/0x4d0 [ 1236.321855][T24356] should_failslab+0x5/0x20 [ 1236.326388][T24356] slab_pre_alloc_hook+0x59/0x310 [ 1236.331463][T24356] kmem_cache_alloc_node+0x5a/0x320 [ 1236.336697][T24356] ? __alloc_skb+0xfc/0x7e0 [ 1236.341239][T24356] __alloc_skb+0xfc/0x7e0 [ 1236.345612][T24356] netlink_dump+0x1ee/0xd00 [ 1236.350153][T24356] ? bpf_sk_storage_diag_alloc+0x222/0x690 [ 1236.356149][T24356] ? rcu_is_watching+0x11/0xa0 [ 1236.360950][T24356] ? bpf_sk_storage_diag_alloc+0x222/0x690 [ 1236.366796][T24356] ? __kmalloc+0xe1/0x240 [ 1236.371173][T24356] ? netlink_lookup+0x200/0x200 [ 1236.376081][T24356] ? __inet_diag_dump_start+0x80c/0x970 [ 1236.381685][T24356] __netlink_dump_start+0x537/0x6f0 [ 1236.386938][T24356] inet_diag_rcv_msg_compat+0x207/0x420 [ 1236.392529][T24356] ? __inet_diag_dump+0x380/0x380 [ 1236.397601][T24356] ? sock_diag_rcv_msg+0x142/0x5f0 [ 1236.402748][T24356] ? inet_diag_rcv_msg_compat+0x420/0x420 [ 1236.408514][T24356] ? inet_diag_dump_start_compat+0x20/0x20 [ 1236.414368][T24356] ? inet_diag_dump+0x50/0x50 [ 1236.419102][T24356] ? __inet_diag_dump+0x380/0x380 [ 1236.424180][T24356] sock_diag_rcv_msg+0x3cc/0x5f0 [ 1236.429168][T24356] netlink_rcv_skb+0x1fb/0x450 [ 1236.433968][T24356] ? sock_diag_bind+0xa0/0xa0 [ 1236.438685][T24356] ? netlink_ack+0x1170/0x1170 [ 1236.443568][T24356] ? netlink_deliver_tap+0x2e/0x1b0 [ 1236.448824][T24356] sock_diag_rcv+0x26/0x40 [ 1236.453285][T24356] netlink_unicast+0x74d/0x8d0 [ 1236.458196][T24356] netlink_sendmsg+0x8ad/0xbd0 [ 1236.463004][T24356] ? netlink_getsockopt+0x550/0x550 [ 1236.468253][T24356] ? aa_sock_msg_perm+0x94/0x150 [ 1236.473238][T24356] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1236.478556][T24356] ? security_socket_sendmsg+0x7c/0xa0 [ 1236.484045][T24356] ? netlink_getsockopt+0x550/0x550 [ 1236.489273][T24356] ____sys_sendmsg+0x5be/0x970 [ 1236.494090][T24356] ? __sys_sendmsg_sock+0x30/0x30 [ 1236.499147][T24356] ? __import_iovec+0x315/0x500 [ 1236.504153][T24356] ? import_iovec+0x6f/0xa0 [ 1236.508690][T24356] ___sys_sendmsg+0x2a2/0x360 [ 1236.513409][T24356] ? __sys_sendmsg+0x290/0x290 [ 1236.518428][T24356] ? __lock_acquire+0x7d10/0x7d10 [ 1236.523536][T24356] __se_sys_sendmsg+0x1bb/0x2a0 [ 1236.528627][T24356] ? __x64_sys_sendmsg+0x80/0x80 [ 1236.533729][T24356] ? lockdep_hardirqs_on+0x94/0x140 [ 1236.539004][T24356] do_syscall_64+0x4c/0xa0 [ 1236.543476][T24356] ? clear_bhb_loop+0x60/0xb0 [ 1236.548203][T24356] ? clear_bhb_loop+0x60/0xb0 [ 1236.552939][T24356] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1236.558875][T24356] RIP: 0033:0x7fa14a39ce59 [ 1236.563329][T24356] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1236.582977][T24356] RSP: 002b:00007fa14b1c8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1236.591607][T24356] RAX: ffffffffffffffda RBX: 00007fa14a615fa0 RCX: 00007fa14a39ce59 [ 1236.599783][T24356] RDX: 0000000000000014 RSI: 0000200000000000 RDI: 0000000000000004 [ 1236.607796][T24356] RBP: 00007fa14b1c8090 R08: 0000000000000000 R09: 0000000000000000 [ 1236.615818][T24356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1236.623833][T24356] R13: 00007fa14a616038 R14: 00007fa14a615fa0 R15: 00007ffe87a252a8 [ 1236.631969][T24356] [ 1236.745488][T22238] Bluetooth: hci4: command 0x0419 tx timeout [ 1236.912640][T24362] netlink: 'syz.4.6405': attribute type 29 has an invalid length. [ 1237.000838][T24352] netlink: 'syz.2.6401': attribute type 10 has an invalid length. [ 1237.347711][T24372] netlink: 'syz.4.6405': attribute type 3 has an invalid length. [ 1237.375783][T24372] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6405'. [ 1237.662094][T24362] netlink: 'syz.4.6405': attribute type 29 has an invalid length. [ 1237.765265][T24367] netlink: 'syz.4.6405': attribute type 29 has an invalid length. [ 1237.788382][T24366] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1237.806330][T24366] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1237.858928][T24366] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1237.921315][T24366] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1238.230044][T24363] netlink: 'syz.4.6405': attribute type 29 has an invalid length. [ 1238.642559][T24193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1238.721493][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1238.735365][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1238.755992][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.759619][T24193] 8021q: adding VLAN 0 to HW filter on device team0 [ 1238.762333][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1238.825303][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1238.880518][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1238.910517][ T4300] bridge0: port 1(bridge_slave_0) entered blocking state [ 1238.917733][ T4300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1238.969294][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1239.000417][T24387] netlink: 'syz.4.6410': attribute type 21 has an invalid length. [ 1239.045013][T24387] netlink: 'syz.4.6410': attribute type 7 has an invalid length. [ 1239.077864][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1239.105077][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1239.164974][T19702] bridge0: port 2(bridge_slave_1) entered blocking state [ 1239.172230][T19702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1239.453586][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1239.495294][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1239.555810][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1239.565973][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1239.604958][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1239.631768][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1239.672837][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1239.711762][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1240.234199][T24408] netlink: 'syz.4.6417': attribute type 10 has an invalid length. [ 1240.293765][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1240.308639][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1240.350037][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1240.404050][T24193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1240.535778][T24420] sctp: [Deprecated]: syz.1.6419 (pid 24420) Use of int in maxseg socket option. [ 1240.535778][T24420] Use struct sctp_assoc_value instead [ 1242.028751][T24428] netlink: 'syz.4.6420': attribute type 13 has an invalid length. [ 1242.059722][T24428] netlink: 152 bytes leftover after parsing attributes in process `syz.4.6420'. [ 1242.119175][T24428] syz_tun: refused to change device tx_queue_len [ 1242.138167][T24428] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 1242.682607][ T11] device hsr_slave_0 left promiscuous mode [ 1242.693573][ T11] device hsr_slave_1 left promiscuous mode [ 1242.770866][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1242.784500][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1242.807304][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1242.830795][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1242.874807][ T11] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 1242.898491][ T11] batman_adv: batadv0: Removing interface: veth1_vlan [ 1242.956277][ T11] batman_adv: batadv0: Interface deactivated: vlan1 [ 1242.967929][ T11] batman_adv: batadv0: Removing interface: vlan1 [ 1243.057176][ T11] bridge0: port 3(dummy0) entered disabled state [ 1243.088639][ T11] device bridge_slave_1 left promiscuous mode [ 1243.124903][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1243.133661][ T11] device bridge_slave_0 left promiscuous mode [ 1243.149041][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1243.212367][ T11] device veth0_vlan left promiscuous mode [ 1244.751953][T24454] netlink: 'syz.4.6429': attribute type 10 has an invalid length. [ 1244.760609][T24456] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 1244.773283][T24456] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 1244.788752][T24456] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 1244.805999][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1244.836894][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1244.907679][T24193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1245.036122][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1245.094561][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1245.109726][T24469] FAULT_INJECTION: forcing a failure. [ 1245.109726][T24469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1245.123453][T24469] CPU: 1 PID: 24469 Comm: syz.1.6435 Not tainted syzkaller #0 [ 1245.130953][T24469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1245.141030][T24469] Call Trace: [ 1245.144332][T24469] [ 1245.147276][T24469] dump_stack_lvl+0x188/0x24e [ 1245.151964][T24469] ? show_regs_print_info+0x12/0x12 [ 1245.157171][T24469] ? load_image+0x400/0x400 [ 1245.161708][T24469] ? __lock_acquire+0x7d10/0x7d10 [ 1245.166759][T24469] should_fail_ex+0x399/0x4d0 [ 1245.171462][T24469] _copy_from_user+0x2c/0x170 [ 1245.176145][T24469] bpf_prog_test_run_skb+0x268/0x1890 [ 1245.181524][T24469] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1245.187706][T24469] ? lockdep_hardirqs_on+0x94/0x140 [ 1245.192944][T24469] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1245.199134][T24469] ? cpu_online+0xa0/0xa0 [ 1245.203518][T24469] bpf_prog_test_run+0x31e/0x390 [ 1245.208472][T24469] __sys_bpf+0x62b/0x780 [ 1245.212734][T24469] ? bpf_link_show_fdinfo+0x380/0x380 [ 1245.218123][T24469] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1245.224339][T24469] __x64_sys_bpf+0x78/0x90 [ 1245.228764][T24469] do_syscall_64+0x4c/0xa0 [ 1245.233189][T24469] ? clear_bhb_loop+0x60/0xb0 [ 1245.237881][T24469] ? clear_bhb_loop+0x60/0xb0 [ 1245.242565][T24469] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1245.248497][T24469] RIP: 0033:0x7f264339ce59 [ 1245.252934][T24469] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1245.272663][T24469] RSP: 002b:00007f2644188028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1245.281241][T24469] RAX: ffffffffffffffda RBX: 00007f2643615fa0 RCX: 00007f264339ce59 [ 1245.289234][T24469] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 1245.297213][T24469] RBP: 00007f2644188090 R08: 0000000000000000 R09: 0000000000000000 [ 1245.305202][T24469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1245.313182][T24469] R13: 00007f2643616038 R14: 00007f2643615fa0 R15: 00007fff7ce85778 [ 1245.321172][T24469] [ 1245.373566][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1245.395840][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1245.430001][T24193] device veth0_vlan entered promiscuous mode [ 1245.449952][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1245.468006][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1245.539276][T24193] device veth1_vlan entered promiscuous mode [ 1245.552875][T24476] sctp: [Deprecated]: syz.1.6436 (pid 24476) Use of int in maxseg socket option. [ 1245.552875][T24476] Use struct sctp_assoc_value instead [ 1245.599391][T24193] device veth0_macvtap entered promiscuous mode [ 1245.628819][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1245.671562][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1245.696538][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1245.722193][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1246.095298][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1246.136932][T24193] device veth1_macvtap entered promiscuous mode [ 1246.208610][T24193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1246.224648][T24193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1246.265474][T24193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1246.301894][T24193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1246.332810][T24193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1246.349672][T24193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1246.382026][T24193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1246.424062][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1246.443270][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1246.464833][T24193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1246.490408][T24193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1246.504016][T24193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1246.544587][T24193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1246.571177][T24193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1246.607271][T24193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1246.638437][T24193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1246.660175][T24491] netlink: 'syz.2.6441': attribute type 10 has an invalid length. [ 1246.709425][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1246.732781][T19702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1246.758760][T24193] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.774358][T24193] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.793428][T24193] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1246.813719][T24193] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1247.000338][T13595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1247.020218][T13595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1247.070638][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1247.141629][ T4350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1247.187651][ T4350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1247.216868][T24512] sctp: [Deprecated]: syz.4.6448 (pid 24512) Use of int in maxseg socket option. [ 1247.216868][T24512] Use struct sctp_assoc_value instead [ 1247.241586][T13595] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1249.161035][T24534] netlink: 'syz.3.6455': attribute type 10 has an invalid length. [ 1249.699278][T24549] syz.0.6460[24549] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1249.699383][T24549] syz.0.6460[24549] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1249.904067][T24552] sctp: [Deprecated]: syz.2.6461 (pid 24552) Use of int in maxseg socket option. [ 1249.904067][T24552] Use struct sctp_assoc_value instead [ 1251.043126][T24532] netlink: 'syz.4.6454': attribute type 10 has an invalid length. [ 1251.393797][T24567] FAULT_INJECTION: forcing a failure. [ 1251.393797][T24567] name failslab, interval 1, probability 0, space 0, times 0 [ 1251.441465][T24567] CPU: 1 PID: 24567 Comm: syz.0.6468 Not tainted syzkaller #0 [ 1251.448990][T24567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1251.459067][T24567] Call Trace: [ 1251.462367][T24567] [ 1251.465324][T24567] dump_stack_lvl+0x188/0x24e [ 1251.470023][T24567] ? show_regs_print_info+0x12/0x12 [ 1251.475235][T24567] ? load_image+0x400/0x400 [ 1251.479752][T24567] ? __might_sleep+0xd0/0xd0 [ 1251.484354][T24567] ? __lock_acquire+0x7d10/0x7d10 [ 1251.489399][T24567] should_fail_ex+0x399/0x4d0 [ 1251.494096][T24567] should_failslab+0x5/0x20 [ 1251.498607][T24567] slab_pre_alloc_hook+0x59/0x310 [ 1251.503641][T24567] ? sk_prot_alloc+0xe7/0x210 [ 1251.508333][T24567] __kmem_cache_alloc_node+0x4f/0x260 [ 1251.513728][T24567] ? sk_prot_alloc+0xe7/0x210 [ 1251.518436][T24567] __kmalloc+0xa0/0x240 [ 1251.522614][T24567] sk_prot_alloc+0xe7/0x210 [ 1251.527135][T24567] ? sk_alloc+0x20/0x340 [ 1251.531398][T24567] sk_alloc+0x36/0x340 [ 1251.535488][T24567] ? bpf_ctx_init+0x163/0x1a0 [ 1251.540182][T24567] ? bpf_prog_test_run_skb+0x275/0x1890 [ 1251.545744][T24567] bpf_prog_test_run_skb+0x371/0x1890 [ 1251.551138][T24567] ? __fget_files+0x28/0x4b0 [ 1251.555759][T24567] ? cpu_online+0xa0/0xa0 [ 1251.560108][T24567] bpf_prog_test_run+0x31e/0x390 [ 1251.565067][T24567] __sys_bpf+0x62b/0x780 [ 1251.569330][T24567] ? bpf_link_show_fdinfo+0x380/0x380 [ 1251.574728][T24567] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1251.580909][T24567] __x64_sys_bpf+0x78/0x90 [ 1251.585340][T24567] do_syscall_64+0x4c/0xa0 [ 1251.589769][T24567] ? clear_bhb_loop+0x60/0xb0 [ 1251.594463][T24567] ? clear_bhb_loop+0x60/0xb0 [ 1251.599158][T24567] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1251.605070][T24567] RIP: 0033:0x7f9231d9ce59 [ 1251.609501][T24567] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1251.629151][T24567] RSP: 002b:00007f9232c7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1251.637597][T24567] RAX: ffffffffffffffda RBX: 00007f9232015fa0 RCX: 00007f9231d9ce59 [ 1251.645599][T24567] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 1251.653593][T24567] RBP: 00007f9232c7e090 R08: 0000000000000000 R09: 0000000000000000 [ 1251.661577][T24567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1251.669569][T24567] R13: 00007f9232016038 R14: 00007f9232015fa0 R15: 00007ffd8286e268 [ 1251.677574][T24567] [ 1252.232808][T24580] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 1252.304934][T24580] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 1252.392516][T24580] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 1252.973603][T24592] netlink: 'syz.2.6475': attribute type 10 has an invalid length. [ 1252.997354][T24594] sctp: [Deprecated]: syz.4.6476 (pid 24594) Use of int in maxseg socket option. [ 1252.997354][T24594] Use struct sctp_assoc_value instead [ 1253.468637][T24596] netlink: 'syz.1.6474': attribute type 10 has an invalid length. [ 1253.793298][T24615] FAULT_INJECTION: forcing a failure. [ 1253.793298][T24615] name failslab, interval 1, probability 0, space 0, times 0 [ 1253.859040][T24615] CPU: 0 PID: 24615 Comm: syz.3.6483 Not tainted syzkaller #0 [ 1253.866575][T24615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1253.876744][T24615] Call Trace: [ 1253.880041][T24615] [ 1253.882987][T24615] dump_stack_lvl+0x188/0x24e [ 1253.887688][T24615] ? show_regs_print_info+0x12/0x12 [ 1253.893004][T24615] ? load_image+0x400/0x400 [ 1253.897535][T24615] ? __lock_acquire+0x7d10/0x7d10 [ 1253.902583][T24615] should_fail_ex+0x399/0x4d0 [ 1253.907268][T24615] should_failslab+0x5/0x20 [ 1253.911768][T24615] slab_pre_alloc_hook+0x59/0x310 [ 1253.916786][T24615] ? verify_lock_unused+0x140/0x140 [ 1253.921986][T24615] ? bpf_test_init+0x9f/0x140 [ 1253.926671][T24615] __kmem_cache_alloc_node+0x4f/0x260 [ 1253.932041][T24615] ? bpf_test_init+0x9f/0x140 [ 1253.936726][T24615] __kmalloc+0xa0/0x240 [ 1253.940898][T24615] bpf_test_init+0x9f/0x140 [ 1253.945418][T24615] bpf_prog_test_run_xdp+0x484/0xf10 [ 1253.950716][T24615] ? dev_put+0x80/0x80 [ 1253.954787][T24615] ? dev_put+0x80/0x80 [ 1253.958851][T24615] bpf_prog_test_run+0x31e/0x390 [ 1253.963792][T24615] __sys_bpf+0x62b/0x780 [ 1253.968039][T24615] ? bpf_link_show_fdinfo+0x380/0x380 [ 1253.973418][T24615] ? lock_chain_count+0x20/0x20 [ 1253.978305][T24615] __x64_sys_bpf+0x78/0x90 [ 1253.982736][T24615] do_syscall_64+0x4c/0xa0 [ 1253.987145][T24615] ? clear_bhb_loop+0x60/0xb0 [ 1253.991817][T24615] ? clear_bhb_loop+0x60/0xb0 [ 1253.996493][T24615] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1254.002383][T24615] RIP: 0033:0x7f0d28b9ce59 [ 1254.006793][T24615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1254.026501][T24615] RSP: 002b:00007f0d29a85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1254.035016][T24615] RAX: ffffffffffffffda RBX: 00007f0d28e15fa0 RCX: 00007f0d28b9ce59 [ 1254.043068][T24615] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 1254.051030][T24615] RBP: 00007f0d29a85090 R08: 0000000000000000 R09: 0000000000000000 [ 1254.058995][T24615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1254.067132][T24615] R13: 00007f0d28e16038 R14: 00007f0d28e15fa0 R15: 00007fff95af42e8 [ 1254.075126][T24615] [ 1254.249785][T24629] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.6486'. [ 1254.511230][T24632] netlink: 'syz.2.6488': attribute type 10 has an invalid length. [ 1254.556886][T24632] device macvlan0 entered promiscuous mode [ 1254.652898][T24632] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 1254.943842][T24637] netlink: 'syz.3.6489': attribute type 10 has an invalid length. [ 1255.134370][T24636] netlink: 'syz.1.6490': attribute type 13 has an invalid length. [ 1255.234783][T24636] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.6490'. [ 1255.255081][T24645] sctp: [Deprecated]: syz.4.6492 (pid 24645) Use of int in maxseg socket option. [ 1255.255081][T24645] Use struct sctp_assoc_value instead [ 1256.622208][T24662] netlink: 'syz.4.6498': attribute type 10 has an invalid length. [ 1256.636827][T24662] netlink: 2 bytes leftover after parsing attributes in process `syz.4.6498'. [ 1256.669160][T24662] device hsr0 entered promiscuous mode [ 1256.684701][T24662] bridge0: port 3(hsr0) entered blocking state [ 1256.700858][T24662] bridge0: port 3(hsr0) entered disabled state [ 1256.816907][T24660] netlink: 'syz.3.6496': attribute type 13 has an invalid length. [ 1256.923764][T24660] netlink: 14581 bytes leftover after parsing attributes in process `syz.3.6496'. [ 1258.199659][T24685] netlink: 'syz.0.6505': attribute type 10 has an invalid length. [ 1258.571344][T24696] FAULT_INJECTION: forcing a failure. [ 1258.571344][T24696] name failslab, interval 1, probability 0, space 0, times 0 [ 1258.681243][T24696] CPU: 0 PID: 24696 Comm: syz.2.6511 Not tainted syzkaller #0 [ 1258.688806][T24696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1258.698903][T24696] Call Trace: [ 1258.702221][T24696] [ 1258.705194][T24696] dump_stack_lvl+0x188/0x24e [ 1258.709924][T24696] ? show_regs_print_info+0x12/0x12 [ 1258.715167][T24696] ? load_image+0x400/0x400 [ 1258.719726][T24696] ? __lock_acquire+0x7d10/0x7d10 [ 1258.724810][T24696] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1258.730853][T24696] should_fail_ex+0x399/0x4d0 [ 1258.735586][T24696] should_failslab+0x5/0x20 [ 1258.740146][T24696] slab_pre_alloc_hook+0x59/0x310 [ 1258.745223][T24696] ? lockdep_hardirqs_on+0x94/0x140 [ 1258.750463][T24696] ? bpf_test_init+0x9f/0x140 [ 1258.755186][T24696] __kmem_cache_alloc_node+0x4f/0x260 [ 1258.760614][T24696] ? bpf_test_init+0x9f/0x140 [ 1258.765339][T24696] __kmalloc+0xa0/0x240 [ 1258.769552][T24696] bpf_test_init+0x9f/0x140 [ 1258.774126][T24696] bpf_prog_test_run_xdp+0x484/0xf10 [ 1258.779497][T24696] ? dev_put+0x80/0x80 [ 1258.783650][T24696] ? dev_put+0x80/0x80 [ 1258.787757][T24696] bpf_prog_test_run+0x31e/0x390 [ 1258.792741][T24696] __sys_bpf+0x62b/0x780 [ 1258.797028][T24696] ? bpf_link_show_fdinfo+0x380/0x380 [ 1258.802483][T24696] ? lock_chain_count+0x20/0x20 [ 1258.807367][T24696] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1258.813413][T24696] __x64_sys_bpf+0x78/0x90 [ 1258.817875][T24696] do_syscall_64+0x4c/0xa0 [ 1258.822319][T24696] ? clear_bhb_loop+0x60/0xb0 [ 1258.827029][T24696] ? clear_bhb_loop+0x60/0xb0 [ 1258.831748][T24696] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1258.837675][T24696] RIP: 0033:0x7f2fd499ce59 [ 1258.842129][T24696] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1258.861777][T24696] RSP: 002b:00007f2fd5918028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1258.870236][T24696] RAX: ffffffffffffffda RBX: 00007f2fd4c15fa0 RCX: 00007f2fd499ce59 [ 1258.878244][T24696] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 1258.886252][T24696] RBP: 00007f2fd5918090 R08: 0000000000000000 R09: 0000000000000000 [ 1258.894292][T24696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.902382][T24696] R13: 00007f2fd4c16038 R14: 00007f2fd4c15fa0 R15: 00007ffe2eaaa3b8 [ 1258.910452][T24696] [ 1259.214690][T24692] netlink: 184 bytes leftover after parsing attributes in process `syz.4.6508'. [ 1259.223927][T24698] netlink: 'syz.3.6509': attribute type 13 has an invalid length. [ 1259.285491][T24698] netlink: 14581 bytes leftover after parsing attributes in process `syz.3.6509'. [ 1259.620362][T24706] netlink: 'syz.4.6514': attribute type 10 has an invalid length. [ 1259.683120][T24706] device macvlan0 entered promiscuous mode [ 1259.797558][T24706] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 1259.850929][T24709] netlink: 'syz.0.6513': attribute type 2 has an invalid length. [ 1259.921589][T24716] netlink: 'syz.1.6516': attribute type 13 has an invalid length. [ 1259.987389][T24716] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.6516'. [ 1261.419584][T24736] syzkaller1: tun_chr_ioctl cmd 1074025678 [ 1261.441099][T24736] syzkaller1: group set to 778 [ 1261.460083][T24739] netlink: 184 bytes leftover after parsing attributes in process `syz.4.6524'. [ 1261.669606][T24742] netlink: 'syz.1.6525': attribute type 10 has an invalid length. [ 1262.565589][T24772] netlink: 'syz.4.6536': attribute type 13 has an invalid length. [ 1262.632299][T24772] netlink: 14581 bytes leftover after parsing attributes in process `syz.4.6536'. [ 1263.041791][T24779] netlink: 184 bytes leftover after parsing attributes in process `syz.0.6537'. [ 1263.585290][T24791] netlink: 'syz.1.6541': attribute type 10 has an invalid length. [ 1263.747002][T24795] netlink: 'syz.3.6540': attribute type 9 has an invalid length. [ 1263.856896][T24795] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.6540'. [ 1265.703530][T24823] netlink: 16399 bytes leftover after parsing attributes in process `syz.0.6550'. [ 1265.803740][T24826] netlink: 134268 bytes leftover after parsing attributes in process `syz.0.6550'. [ 1266.027119][T24831] netlink: 184 bytes leftover after parsing attributes in process `syz.2.6552'. [ 1266.444461][ T4290] Bluetooth: hci2: command 0x0406 tx timeout [ 1266.476486][T24832] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.484104][T24832] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.644637][T24836] netlink: 'syz.2.6555': attribute type 10 has an invalid length. [ 1266.663304][T24840] netlink: 'syz.4.6554': attribute type 13 has an invalid length. [ 1266.680056][T24840] netlink: 14581 bytes leftover after parsing attributes in process `syz.4.6554'. [ 1266.737178][T24838] netlink: 'syz.3.6553': attribute type 10 has an invalid length. [ 1267.131395][T24848] netlink: 'syz.2.6567': attribute type 10 has an invalid length. [ 1268.515834][T24882] netlink: 'syz.3.6569': attribute type 29 has an invalid length. [ 1268.524006][T24882] netlink: 'syz.3.6569': attribute type 29 has an invalid length. [ 1268.839255][T24887] netlink: 'syz.4.6568': attribute type 10 has an invalid length. [ 1269.130329][T24898] netlink: 'syz.2.6571': attribute type 25 has an invalid length. [ 1269.159402][T24898] netlink: 'syz.2.6571': attribute type 29 has an invalid length. [ 1269.196059][T24895] netlink: 16399 bytes leftover after parsing attributes in process `syz.3.6570'. [ 1269.229095][T24900] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6571'. [ 1269.304009][T24895] netlink: 134268 bytes leftover after parsing attributes in process `syz.3.6570'. [ 1269.363570][T24903] netlink: 'syz.4.6572': attribute type 10 has an invalid length. [ 1269.562135][T24909] netlink: 'syz.2.6576': attribute type 13 has an invalid length. [ 1269.604297][T24909] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6576'. [ 1270.596105][T24933] netlink: 184 bytes leftover after parsing attributes in process `syz.0.6584'. [ 1271.419536][T24943] netlink: 'syz.0.6588': attribute type 10 has an invalid length. [ 1272.130409][T24963] netlink: 'syz.2.6596': attribute type 13 has an invalid length. [ 1272.277096][T24963] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6596'. [ 1272.851700][T24951] netlink: 134268 bytes leftover after parsing attributes in process `syz.1.6591'. [ 1272.920980][T24971] netlink: 184 bytes leftover after parsing attributes in process `syz.4.6598'. [ 1273.212393][T24979] netlink: 212168 bytes leftover after parsing attributes in process `syz.3.6602'. [ 1273.628400][T24984] netlink: 'syz.4.6603': attribute type 10 has an invalid length. [ 1274.169954][T24999] netlink: 'syz.2.6611': attribute type 13 has an invalid length. [ 1274.201603][T24999] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6611'. [ 1275.056552][T25014] netlink: 184 bytes leftover after parsing attributes in process `syz.1.6613'. [ 1275.272044][T25016] netlink: 16399 bytes leftover after parsing attributes in process `syz.4.6615'. [ 1275.327602][T25025] netlink: 'syz.2.6618': attribute type 10 has an invalid length. [ 1275.349223][T25016] netlink: 134268 bytes leftover after parsing attributes in process `syz.4.6615'. [ 1276.444796][T25053] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1276.541131][T25053] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1276.634119][T25053] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1276.643474][T25053] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1277.173834][T25056] netlink: 'syz.3.6629': attribute type 13 has an invalid length. [ 1277.217042][T25056] netlink: 14581 bytes leftover after parsing attributes in process `syz.3.6629'. [ 1277.334401][T25062] netlink: 184 bytes leftover after parsing attributes in process `syz.0.6630'. [ 1277.511679][T25064] netlink: 'syz.1.6631': attribute type 10 has an invalid length. [ 1277.824046][T25077] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.6636'. [ 1277.891839][T25079] sctp: [Deprecated]: syz.1.6637 (pid 25079) Use of int in maxseg socket option. [ 1277.891839][T25079] Use struct sctp_assoc_value instead [ 1277.916343][T25081] FAULT_INJECTION: forcing a failure. [ 1277.916343][T25081] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1277.952856][T25081] CPU: 1 PID: 25081 Comm: syz.2.6638 Not tainted syzkaller #0 [ 1277.960387][T25081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1277.970469][T25081] Call Trace: [ 1277.973764][T25081] [ 1277.976719][T25081] dump_stack_lvl+0x188/0x24e [ 1277.981444][T25081] ? show_regs_print_info+0x12/0x12 [ 1277.986693][T25081] ? load_image+0x400/0x400 [ 1277.991398][T25081] ? __lock_acquire+0x7d10/0x7d10 [ 1277.996470][T25081] ? snprintf+0xe5/0x140 [ 1278.000720][T25081] should_fail_ex+0x399/0x4d0 [ 1278.005406][T25081] _copy_to_user+0x2c/0x130 [ 1278.010001][T25081] simple_read_from_buffer+0xe3/0x150 [ 1278.015493][T25081] proc_fail_nth_read+0x1a6/0x220 [ 1278.020518][T25081] ? proc_fault_inject_write+0x310/0x310 [ 1278.026167][T25081] ? fsnotify_perm+0x248/0x550 [ 1278.030933][T25081] ? proc_fault_inject_write+0x310/0x310 [ 1278.036572][T25081] vfs_read+0x2de/0xa00 [ 1278.040771][T25081] ? kernel_read+0x1e0/0x1e0 [ 1278.045553][T25081] ? __fget_files+0x28/0x4b0 [ 1278.050143][T25081] ? __fget_files+0x28/0x4b0 [ 1278.054731][T25081] ? __fget_files+0x43d/0x4b0 [ 1278.059430][T25081] ? __fdget_pos+0x2ae/0x360 [ 1278.064014][T25081] ? ksys_read+0x71/0x250 [ 1278.068349][T25081] ksys_read+0x14c/0x250 [ 1278.072600][T25081] ? vfs_write+0xa30/0xa30 [ 1278.077016][T25081] ? lockdep_hardirqs_on+0x94/0x140 [ 1278.082217][T25081] do_syscall_64+0x4c/0xa0 [ 1278.086627][T25081] ? clear_bhb_loop+0x60/0xb0 [ 1278.091299][T25081] ? clear_bhb_loop+0x60/0xb0 [ 1278.095973][T25081] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1278.101870][T25081] RIP: 0033:0x7f2fd495d68e [ 1278.106280][T25081] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1278.125901][T25081] RSP: 002b:00007f2fd5917fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1278.134836][T25081] RAX: ffffffffffffffda RBX: 00007f2fd59186c0 RCX: 00007f2fd495d68e [ 1278.142804][T25081] RDX: 000000000000000f RSI: 00007f2fd59180a0 RDI: 0000000000000004 [ 1278.150786][T25081] RBP: 00007f2fd5918090 R08: 0000000000000000 R09: 0000000000000000 [ 1278.158750][T25081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1278.166714][T25081] R13: 00007f2fd4c16038 R14: 00007f2fd4c15fa0 R15: 00007ffe2eaaa3b8 [ 1278.174698][T25081] [ 1279.070044][T25104] netlink: 'syz.1.6647': attribute type 13 has an invalid length. [ 1279.091298][T25104] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.6647'. [ 1279.263647][T25105] device vcan0 entered promiscuous mode [ 1279.303962][T25105] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1279.932924][T25113] netlink: 129384 bytes leftover after parsing attributes in process `syz.2.6651'. [ 1280.164023][T25122] sctp: [Deprecated]: syz.2.6653 (pid 25122) Use of int in maxseg socket option. [ 1280.164023][T25122] Use struct sctp_assoc_value instead [ 1280.195716][T25124] netlink: 'syz.4.6655': attribute type 11 has an invalid length. [ 1280.249340][T25129] netlink: 'syz.4.6655': attribute type 13 has an invalid length. [ 1280.293408][T25129] netlink: 120 bytes leftover after parsing attributes in process `syz.4.6655'. [ 1281.667159][T25158] netlink: 'syz.2.6664': attribute type 13 has an invalid length. [ 1281.677165][T25158] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6664'. [ 1282.249831][T25167] sctp: [Deprecated]: syz.1.6668 (pid 25167) Use of int in maxseg socket option. [ 1282.249831][T25167] Use struct sctp_assoc_value instead [ 1282.570676][T25171] netlink: 'syz.4.6670': attribute type 10 has an invalid length. [ 1283.735869][ T4290] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 1283.738571][T25197] netlink: 'syz.4.6677': attribute type 3 has an invalid length. [ 1283.797035][T25197] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.6677'. [ 1283.850812][T25200] FAULT_INJECTION: forcing a failure. [ 1283.850812][T25200] name failslab, interval 1, probability 0, space 0, times 0 [ 1283.947762][T25200] CPU: 0 PID: 25200 Comm: syz.0.6678 Not tainted syzkaller #0 [ 1283.955289][T25200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1283.965366][T25200] Call Trace: [ 1283.968674][T25200] [ 1283.971616][T25200] dump_stack_lvl+0x188/0x24e [ 1283.976321][T25200] ? show_regs_print_info+0x12/0x12 [ 1283.981544][T25200] ? load_image+0x400/0x400 [ 1283.986093][T25200] should_fail_ex+0x399/0x4d0 [ 1283.990800][T25200] should_failslab+0x5/0x20 [ 1283.995325][T25200] slab_pre_alloc_hook+0x59/0x310 [ 1284.000368][T25200] ? verify_lock_unused+0x140/0x140 [ 1284.005594][T25200] kmem_cache_alloc+0x56/0x2f0 [ 1284.010366][T25200] ? skb_clone+0x1e7/0x370 [ 1284.014782][T25200] skb_clone+0x1e7/0x370 [ 1284.019022][T25200] bpf_clone_redirect+0x163/0x4a0 [ 1284.024060][T25200] bpf_prog_bf17f61a12bc632f+0x56/0x5b [ 1284.029606][T25200] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1284.035588][T25200] ? lock_chain_count+0x20/0x20 [ 1284.040445][T25200] ? seqcount_lockdep_reader_access+0x127/0x1d0 [ 1284.046687][T25200] ? lockdep_hardirqs_on+0x94/0x140 [ 1284.051885][T25200] ? ktime_get+0x7b/0x270 [ 1284.056216][T25200] ? seqcount_lockdep_reader_access+0x18d/0x1d0 [ 1284.062455][T25200] ? ktime_get_real_ts64+0x440/0x440 [ 1284.067748][T25200] ? read_lock_is_recursive+0x10/0x10 [ 1284.073127][T25200] ? __cant_sleep+0x220/0x220 [ 1284.077802][T25200] ? ktime_get+0x247/0x270 [ 1284.082223][T25200] bpf_test_run+0x2b6/0x830 [ 1284.086761][T25200] ? dst_hold+0xb0/0xb0 [ 1284.092569][T25200] ? eth_get_headlen+0x200/0x200 [ 1284.097537][T25200] bpf_prog_test_run_skb+0xd88/0x1890 [ 1284.102946][T25200] ? cpu_online+0xa0/0xa0 [ 1284.107380][T25200] bpf_prog_test_run+0x31e/0x390 [ 1284.112331][T25200] __sys_bpf+0x62b/0x780 [ 1284.116578][T25200] ? bpf_link_show_fdinfo+0x380/0x380 [ 1284.121962][T25200] ? lock_chain_count+0x20/0x20 [ 1284.126822][T25200] __x64_sys_bpf+0x78/0x90 [ 1284.131240][T25200] do_syscall_64+0x4c/0xa0 [ 1284.135654][T25200] ? clear_bhb_loop+0x60/0xb0 [ 1284.140329][T25200] ? clear_bhb_loop+0x60/0xb0 [ 1284.145006][T25200] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1284.150900][T25200] RIP: 0033:0x7f9231d9ce59 [ 1284.155315][T25200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1284.174928][T25200] RSP: 002b:00007f9232c7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1284.183340][T25200] RAX: ffffffffffffffda RBX: 00007f9232015fa0 RCX: 00007f9231d9ce59 [ 1284.191308][T25200] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 1284.199280][T25200] RBP: 00007f9232c7e090 R08: 0000000000000000 R09: 0000000000000000 [ 1284.207250][T25200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1284.215220][T25200] R13: 00007f9232016038 R14: 00007f9232015fa0 R15: 00007ffd8286e268 [ 1284.223200][T25200] [ 1284.318903][T25210] netlink: 'syz.2.6682': attribute type 13 has an invalid length. [ 1284.367907][T25210] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6682'. [ 1284.907542][T25217] sctp: [Deprecated]: syz.4.6683 (pid 25217) Use of int in maxseg socket option. [ 1284.907542][T25217] Use struct sctp_assoc_value instead [ 1285.784356][ T4290] Bluetooth: hci2: command 0x0409 tx timeout [ 1286.904315][ T4290] Bluetooth: hci5: command 0x0406 tx timeout [ 1286.928566][T25250] FAULT_INJECTION: forcing a failure. [ 1286.928566][T25250] name failslab, interval 1, probability 0, space 0, times 0 [ 1286.942142][T25250] CPU: 0 PID: 25250 Comm: syz.2.6695 Not tainted syzkaller #0 [ 1286.949646][T25250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1286.959748][T25250] Call Trace: [ 1286.963047][T25250] [ 1286.965996][T25250] dump_stack_lvl+0x188/0x24e [ 1286.970716][T25250] ? show_regs_print_info+0x12/0x12 [ 1286.976040][T25250] ? load_image+0x400/0x400 [ 1286.980591][T25250] ? kasan_set_track+0x60/0x70 [ 1286.985394][T25250] ? kasan_set_track+0x4b/0x70 [ 1286.990198][T25250] ? __kasan_slab_alloc+0x6b/0x80 [ 1286.995264][T25250] ? slab_post_alloc_hook+0x4b/0x480 [ 1287.000620][T25250] should_fail_ex+0x399/0x4d0 [ 1287.005318][T25250] should_failslab+0x5/0x20 [ 1287.009922][T25250] slab_pre_alloc_hook+0x59/0x310 [ 1287.014945][T25250] ? ref_tracker_alloc+0x14e/0x4b0 [ 1287.020066][T25250] __kmem_cache_alloc_node+0x4f/0x260 [ 1287.025437][T25250] ? ref_tracker_alloc+0x14e/0x4b0 [ 1287.030557][T25250] kmalloc_trace+0x26/0xe0 [ 1287.034981][T25250] ref_tracker_alloc+0x14e/0x4b0 [ 1287.039928][T25250] ? ref_tracker_dir_print+0x150/0x150 [ 1287.045399][T25250] ? __kasan_slab_alloc+0x6b/0x80 [ 1287.050436][T25250] ? slab_post_alloc_hook+0x67/0x480 [ 1287.055719][T25250] ? slab_pre_alloc_hook+0x59/0x310 [ 1287.060916][T25250] dst_init+0xda/0x410 [ 1287.064984][T25250] dst_alloc+0x12a/0x160 [ 1287.069225][T25250] ip_route_output_key_hash_rcu+0x14a4/0x23f0 [ 1287.075294][T25250] ? ip_route_output_key_hash+0x139/0x330 [ 1287.081033][T25250] ip_route_output_key_hash+0x1ef/0x330 [ 1287.086872][T25250] ? kfree+0x30/0x190 [ 1287.090872][T25250] ? ip_route_input_rcu+0x3160/0x3160 [ 1287.096288][T25250] ? ip_cmsg_send+0x9a5/0xa50 [ 1287.100979][T25250] ip_route_output_flow+0x26/0x150 [ 1287.106089][T25250] ? security_sk_classify_flow+0x77/0x90 [ 1287.111757][T25250] raw_sendmsg+0x116d/0x1b20 [ 1287.116370][T25250] ? compat_raw_ioctl+0x60/0x60 [ 1287.121227][T25250] ? __might_fault+0xa6/0x120 [ 1287.125911][T25250] ? tomoyo_socket_sendmsg_permission+0x212/0x2f0 [ 1287.132348][T25250] ? sock_rps_record_flow+0x19/0x3f0 [ 1287.137628][T25250] ? inet_sendmsg+0x78/0x2f0 [ 1287.142208][T25250] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1287.147497][T25250] ? security_socket_sendmsg+0x7c/0xa0 [ 1287.153765][T25250] ? inet_send_prepare+0x260/0x260 [ 1287.158890][T25250] ____sys_sendmsg+0x5be/0x970 [ 1287.163658][T25250] ? __sys_sendmsg_sock+0x30/0x30 [ 1287.168675][T25250] ? __import_iovec+0x315/0x500 [ 1287.173530][T25250] ? import_iovec+0x6f/0xa0 [ 1287.178025][T25250] ___sys_sendmsg+0x2a2/0x360 [ 1287.182964][T25250] ? __sys_sendmsg+0x290/0x290 [ 1287.187739][T25250] ? __lock_acquire+0x7d10/0x7d10 [ 1287.192777][T25250] __se_sys_sendmsg+0x1bb/0x2a0 [ 1287.197627][T25250] ? __x64_sys_sendmsg+0x80/0x80 [ 1287.202567][T25250] ? lockdep_hardirqs_on+0x94/0x140 [ 1287.207886][T25250] do_syscall_64+0x4c/0xa0 [ 1287.212310][T25250] ? clear_bhb_loop+0x60/0xb0 [ 1287.216993][T25250] ? clear_bhb_loop+0x60/0xb0 [ 1287.221952][T25250] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1287.227841][T25250] RIP: 0033:0x7f2fd499ce59 [ 1287.232356][T25250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1287.251971][T25250] RSP: 002b:00007f2fd5918028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1287.260383][T25250] RAX: ffffffffffffffda RBX: 00007f2fd4c15fa0 RCX: 00007f2fd499ce59 [ 1287.268501][T25250] RDX: 0000000020001850 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1287.276652][T25250] RBP: 00007f2fd5918090 R08: 0000000000000000 R09: 0000000000000000 [ 1287.284616][T25250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1287.292585][T25250] R13: 00007f2fd4c16038 R14: 00007f2fd4c15fa0 R15: 00007ffe2eaaa3b8 [ 1287.300567][T25250] [ 1287.779306][T25258] netlink: 'syz.0.6697': attribute type 13 has an invalid length. [ 1287.834770][T25258] netlink: 14581 bytes leftover after parsing attributes in process `syz.0.6697'. [ 1289.349933][T25292] FAULT_INJECTION: forcing a failure. [ 1289.349933][T25292] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1289.417015][T25292] CPU: 0 PID: 25292 Comm: syz.3.6712 Not tainted syzkaller #0 [ 1289.424551][T25292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1289.434630][T25292] Call Trace: [ 1289.437926][T25292] [ 1289.440860][T25292] dump_stack_lvl+0x188/0x24e [ 1289.446404][T25292] ? show_regs_print_info+0x12/0x12 [ 1289.451600][T25292] ? load_image+0x400/0x400 [ 1289.456111][T25292] ? __lock_acquire+0x7d10/0x7d10 [ 1289.461140][T25292] should_fail_ex+0x399/0x4d0 [ 1289.465848][T25292] _copy_from_user+0x2c/0x170 [ 1289.470644][T25292] __sys_bpf+0x2ea/0x780 [ 1289.474892][T25292] ? bpf_link_show_fdinfo+0x380/0x380 [ 1289.480274][T25292] ? lock_chain_count+0x20/0x20 [ 1289.485164][T25292] __x64_sys_bpf+0x78/0x90 [ 1289.489580][T25292] do_syscall_64+0x4c/0xa0 [ 1289.494015][T25292] ? clear_bhb_loop+0x60/0xb0 [ 1289.498700][T25292] ? clear_bhb_loop+0x60/0xb0 [ 1289.503386][T25292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1289.509280][T25292] RIP: 0033:0x7f0d28b9ce59 [ 1289.513695][T25292] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1289.533327][T25292] RSP: 002b:00007f0d29a85028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1289.541741][T25292] RAX: ffffffffffffffda RBX: 00007f0d28e15fa0 RCX: 00007f0d28b9ce59 [ 1289.549710][T25292] RDX: 0000000000000050 RSI: 0000200000000c80 RDI: 000000000000000a [ 1289.557681][T25292] RBP: 00007f0d29a85090 R08: 0000000000000000 R09: 0000000000000000 [ 1289.565662][T25292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1289.573636][T25292] R13: 00007f0d28e16038 R14: 00007f0d28e15fa0 R15: 00007fff95af42e8 [ 1289.581712][T25292] [ 1290.371357][T25313] netlink: 'syz.2.6719': attribute type 13 has an invalid length. [ 1290.494283][T25313] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6719'. [ 1291.515423][T25332] netlink: 4068 bytes leftover after parsing attributes in process `syz.0.6723'. [ 1293.157948][T25371] netlink: 'syz.4.6738': attribute type 13 has an invalid length. [ 1293.176818][T25371] netlink: 14581 bytes leftover after parsing attributes in process `syz.4.6738'. [ 1294.543218][T25403] FAULT_INJECTION: forcing a failure. [ 1294.543218][T25403] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1294.584069][T25403] CPU: 0 PID: 25403 Comm: syz.1.6748 Not tainted syzkaller #0 [ 1294.591600][T25403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1294.601684][T25403] Call Trace: [ 1294.604996][T25403] [ 1294.607953][T25403] dump_stack_lvl+0x188/0x24e [ 1294.612667][T25403] ? show_regs_print_info+0x12/0x12 [ 1294.617994][T25403] ? load_image+0x400/0x400 [ 1294.622539][T25403] ? __lock_acquire+0x7d10/0x7d10 [ 1294.627601][T25403] ? snprintf+0xe5/0x140 [ 1294.631872][T25403] should_fail_ex+0x399/0x4d0 [ 1294.636578][T25403] _copy_to_user+0x2c/0x130 [ 1294.641104][T25403] simple_read_from_buffer+0xe3/0x150 [ 1294.646490][T25403] proc_fail_nth_read+0x1a6/0x220 [ 1294.651522][T25403] ? proc_fault_inject_write+0x310/0x310 [ 1294.657244][T25403] ? fsnotify_perm+0x248/0x550 [ 1294.662014][T25403] ? proc_fault_inject_write+0x310/0x310 [ 1294.667646][T25403] vfs_read+0x2de/0xa00 [ 1294.671810][T25403] ? kernel_read+0x1e0/0x1e0 [ 1294.676399][T25403] ? __fget_files+0x28/0x4b0 [ 1294.680991][T25403] ? __fget_files+0x28/0x4b0 [ 1294.685582][T25403] ? __fget_files+0x43d/0x4b0 [ 1294.690357][T25403] ? __fdget_pos+0x2ae/0x360 [ 1294.694944][T25403] ? ksys_read+0x71/0x250 [ 1294.699277][T25403] ksys_read+0x14c/0x250 [ 1294.703522][T25403] ? vfs_write+0xa30/0xa30 [ 1294.707942][T25403] ? lockdep_hardirqs_on+0x94/0x140 [ 1294.713146][T25403] do_syscall_64+0x4c/0xa0 [ 1294.717558][T25403] ? clear_bhb_loop+0x60/0xb0 [ 1294.722240][T25403] ? clear_bhb_loop+0x60/0xb0 [ 1294.726942][T25403] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1294.732856][T25403] RIP: 0033:0x7f264335d68e [ 1294.737272][T25403] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1294.756882][T25403] RSP: 002b:00007f2644187fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1294.765294][T25403] RAX: ffffffffffffffda RBX: 00007f26441886c0 RCX: 00007f264335d68e [ 1294.773267][T25403] RDX: 000000000000000f RSI: 00007f26441880a0 RDI: 0000000000000005 [ 1294.781239][T25403] RBP: 00007f2644188090 R08: 0000000000000000 R09: 0000000000000000 [ 1294.789208][T25403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1294.797186][T25403] R13: 00007f2643616038 R14: 00007f2643615fa0 R15: 00007fff7ce85778 [ 1294.805167][T25403] [ 1295.532238][T25417] netlink: 'syz.1.6753': attribute type 13 has an invalid length. [ 1295.580687][T25417] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.6753'. [ 1296.605687][T25436] FAULT_INJECTION: forcing a failure. [ 1296.605687][T25436] name failslab, interval 1, probability 0, space 0, times 0 [ 1296.693141][T25436] CPU: 1 PID: 25436 Comm: syz.0.6757 Not tainted syzkaller #0 [ 1296.700667][T25436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1296.710751][T25436] Call Trace: [ 1296.714047][T25436] [ 1296.716995][T25436] dump_stack_lvl+0x188/0x24e [ 1296.721697][T25436] ? show_regs_print_info+0x12/0x12 [ 1296.726927][T25436] ? load_image+0x400/0x400 [ 1296.731467][T25436] ? __might_sleep+0xd0/0xd0 [ 1296.736097][T25436] ? __lock_acquire+0x7d10/0x7d10 [ 1296.741163][T25436] should_fail_ex+0x399/0x4d0 [ 1296.745875][T25436] should_failslab+0x5/0x20 [ 1296.750408][T25436] slab_pre_alloc_hook+0x59/0x310 [ 1296.755464][T25436] ? tomoyo_encode+0x27e/0x540 [ 1296.760260][T25436] __kmem_cache_alloc_node+0x4f/0x260 [ 1296.765666][T25436] ? tomoyo_encode+0x27e/0x540 [ 1296.770464][T25436] __kmalloc+0xa0/0x240 [ 1296.774698][T25436] tomoyo_encode+0x27e/0x540 [ 1296.779336][T25436] tomoyo_realpath_from_path+0x58e/0x5d0 [ 1296.785021][T25436] ? tomoyo_path_number_perm+0x205/0x650 [ 1296.790704][T25436] tomoyo_path_number_perm+0x22f/0x650 [ 1296.796205][T25436] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1296.801788][T25436] ? ksys_write+0x1c0/0x250 [ 1296.806414][T25436] ? common_file_perm+0x171/0x1c0 [ 1296.811510][T25436] ? __fget_files+0x28/0x4b0 [ 1296.816138][T25436] ? __fget_files+0x28/0x4b0 [ 1296.820814][T25436] security_file_ioctl+0x6c/0xa0 [ 1296.825789][T25436] __se_sys_ioctl+0x48/0x170 [ 1296.830513][T25436] do_syscall_64+0x4c/0xa0 [ 1296.834959][T25436] ? clear_bhb_loop+0x60/0xb0 [ 1296.839659][T25436] ? clear_bhb_loop+0x60/0xb0 [ 1296.844365][T25436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1296.850294][T25436] RIP: 0033:0x7f9231d9ce59 [ 1296.854715][T25436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1296.874413][T25436] RSP: 002b:00007f9232c7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1296.882848][T25436] RAX: ffffffffffffffda RBX: 00007f9232015fa0 RCX: 00007f9231d9ce59 [ 1296.890818][T25436] RDX: 0000000000000001 RSI: 0000000000002401 RDI: 0000000000000004 [ 1296.898873][T25436] RBP: 00007f9232c7e090 R08: 0000000000000000 R09: 0000000000000000 [ 1296.906889][T25436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1296.914866][T25436] R13: 00007f9232016038 R14: 00007f9232015fa0 R15: 00007ffd8286e268 [ 1296.922850][T25436] [ 1296.961035][T25446] netlink: 26 bytes leftover after parsing attributes in process `syz.3.6760'. [ 1297.284903][T25436] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1300.191139][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.198200][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1302.898556][T25462] netlink: 'syz.0.6766': attribute type 6 has an invalid length. [ 1302.914373][T25472] netlink: 'syz.4.6768': attribute type 13 has an invalid length. [ 1302.922237][T25472] netlink: 14581 bytes leftover after parsing attributes in process `syz.4.6768'. [ 1303.687282][T25503] netlink: 'syz.0.6777': attribute type 19 has an invalid length. [ 1303.714568][T25503] netlink: 156 bytes leftover after parsing attributes in process `syz.0.6777'. [ 1303.873939][T25510] netlink: 'syz.1.6781': attribute type 6 has an invalid length. [ 1304.627157][T25523] netlink: 'syz.2.6783': attribute type 13 has an invalid length. [ 1304.646147][T25523] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6783'. [ 1307.389355][T22238] Bluetooth: hci3: command 0x0406 tx timeout [ 1308.759488][T25562] netlink: 'syz.2.6796': attribute type 6 has an invalid length. [ 1308.821900][T25569] netlink: 'syz.0.6806': attribute type 22 has an invalid length. [ 1308.904216][T25569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6806'. [ 1309.409331][T25573] netlink: 'syz.4.6799': attribute type 13 has an invalid length. [ 1309.472606][T25573] netlink: 14581 bytes leftover after parsing attributes in process `syz.4.6799'. [ 1313.284942][T25612] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.6809'. [ 1313.929976][T25629] netlink: 'syz.1.6814': attribute type 22 has an invalid length. [ 1314.031419][T25629] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6814'. [ 1314.140741][T25627] netlink: 'syz.2.6815': attribute type 13 has an invalid length. [ 1314.166765][T25627] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6815'. [ 1314.447618][T25634] netlink: 'syz.4.6813': attribute type 6 has an invalid length. [ 1318.908217][T25678] netlink: 'syz.4.6829': attribute type 22 has an invalid length. [ 1318.929949][T25678] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6829'. [ 1320.673275][T25693] netlink: 'syz.1.6832': attribute type 13 has an invalid length. [ 1320.707038][T25693] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.6832'. [ 1322.645548][T25721] netlink: 'syz.4.6843': attribute type 10 has an invalid length. [ 1323.925682][T25749] FAULT_INJECTION: forcing a failure. [ 1323.925682][T25749] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1323.938891][T25749] CPU: 1 PID: 25749 Comm: syz.0.6853 Not tainted syzkaller #0 [ 1323.946566][T25749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1323.956683][T25749] Call Trace: [ 1323.959978][T25749] [ 1323.962947][T25749] dump_stack_lvl+0x188/0x24e [ 1323.967660][T25749] ? show_regs_print_info+0x12/0x12 [ 1323.972885][T25749] ? load_image+0x400/0x400 [ 1323.977400][T25749] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1323.983405][T25749] ? lock_chain_count+0x20/0x20 [ 1323.988256][T25749] ? _raw_spin_lock_irq+0xb7/0xf0 [ 1323.993291][T25749] should_fail_ex+0x399/0x4d0 [ 1323.997980][T25749] copy_page_from_iter_atomic+0x21e/0x1280 [ 1324.003803][T25749] ? pipe_zero+0x140/0x140 [ 1324.008224][T25749] ? PageHeadHuge+0x8f/0x1c0 [ 1324.012853][T25749] ? shmem_write_begin+0x1b4/0x3f0 [ 1324.018012][T25749] generic_perform_write+0x34f/0x5c0 [ 1324.023346][T25749] ? generic_file_direct_write+0x330/0x330 [ 1324.029199][T25749] ? __file_remove_privs+0x5f0/0x5f0 [ 1324.034513][T25749] ? rwsem_write_trylock+0x135/0x1c0 [ 1324.039918][T25749] ? clear_nonspinnable+0x60/0x60 [ 1324.045028][T25749] ? generic_write_checks_count+0x3d9/0x4c0 [ 1324.050926][T25749] __generic_file_write_iter+0x148/0x2a0 [ 1324.056634][T25749] generic_file_write_iter+0xab/0x2e0 [ 1324.062294][T25749] vfs_write+0x4b1/0xa30 [ 1324.066552][T25749] ? file_end_write+0x250/0x250 [ 1324.071407][T25749] ? __fget_files+0x43d/0x4b0 [ 1324.076092][T25749] ? __fdget_pos+0x2ae/0x360 [ 1324.080683][T25749] ? ksys_write+0x71/0x250 [ 1324.085107][T25749] ksys_write+0x14c/0x250 [ 1324.089439][T25749] ? __ia32_sys_read+0x80/0x80 [ 1324.094228][T25749] ? lockdep_hardirqs_on+0x94/0x140 [ 1324.099451][T25749] do_syscall_64+0x4c/0xa0 [ 1324.103878][T25749] ? clear_bhb_loop+0x60/0xb0 [ 1324.108557][T25749] ? clear_bhb_loop+0x60/0xb0 [ 1324.113244][T25749] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1324.119140][T25749] RIP: 0033:0x7f9231d9ce59 [ 1324.123593][T25749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1324.143304][T25749] RSP: 002b:00007f9232c7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1324.152353][T25749] RAX: ffffffffffffffda RBX: 00007f9232015fa0 RCX: 00007f9231d9ce59 [ 1324.160362][T25749] RDX: 00000000002a979d RSI: 0000200000000000 RDI: 0000000000000006 [ 1324.168350][T25749] RBP: 00007f9232c7e090 R08: 0000000000000000 R09: 0000000000000000 [ 1324.176341][T25749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1324.184314][T25749] R13: 00007f9232016038 R14: 00007f9232015fa0 R15: 00007ffd8286e268 [ 1324.192300][T25749] [ 1327.108239][T25776] netlink: 'syz.2.6858': attribute type 10 has an invalid length. [ 1327.182384][T25783] netlink: 'syz.1.6864': attribute type 11 has an invalid length. [ 1327.358733][T25783] netlink: 176 bytes leftover after parsing attributes in process `syz.1.6864'. [ 1327.410024][T25784] netlink: 'syz.4.6863': attribute type 1 has an invalid length. [ 1327.425318][T25784] netlink: 127868 bytes leftover after parsing attributes in process `syz.4.6863'. [ 1331.216272][T25802] netlink: 'syz.2.6867': attribute type 10 has an invalid length. [ 1331.832567][T25825] netlink: 'syz.4.6876': attribute type 3 has an invalid length. [ 1331.903129][T25825] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6876'. [ 1332.127831][T25831] netlink: 'syz.1.6878': attribute type 10 has an invalid length. [ 1332.157972][T25836] netlink: 'syz.0.6877': attribute type 11 has an invalid length. [ 1332.185720][T25836] netlink: 176 bytes leftover after parsing attributes in process `syz.0.6877'. [ 1333.020927][ T4290] Bluetooth: hci1: command 0x0406 tx timeout [ 1334.527926][T25873] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6891'. [ 1334.627872][T25873] device hsr_slave_0 left promiscuous mode [ 1334.729833][T25873] device hsr_slave_1 left promiscuous mode [ 1335.096605][T25873] bridge0: port 3(hsr0) entered disabled state [ 1335.209695][T25892] FAULT_INJECTION: forcing a failure. [ 1335.209695][T25892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1335.259393][T25892] CPU: 0 PID: 25892 Comm: syz.1.6897 Not tainted syzkaller #0 [ 1335.266931][T25892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1335.277010][T25892] Call Trace: [ 1335.280296][T25892] [ 1335.283231][T25892] dump_stack_lvl+0x188/0x24e [ 1335.287934][T25892] ? show_regs_print_info+0x12/0x12 [ 1335.293161][T25892] ? load_image+0x400/0x400 [ 1335.297699][T25892] ? __lock_acquire+0x7d10/0x7d10 [ 1335.302762][T25892] should_fail_ex+0x399/0x4d0 [ 1335.307470][T25892] _copy_from_user+0x2c/0x170 [ 1335.312182][T25892] __sys_bpf+0x2ea/0x780 [ 1335.316469][T25892] ? bpf_link_show_fdinfo+0x380/0x380 [ 1335.321881][T25892] ? lock_chain_count+0x20/0x20 [ 1335.326746][T25892] __x64_sys_bpf+0x78/0x90 [ 1335.331165][T25892] do_syscall_64+0x4c/0xa0 [ 1335.335574][T25892] ? clear_bhb_loop+0x60/0xb0 [ 1335.340250][T25892] ? clear_bhb_loop+0x60/0xb0 [ 1335.344925][T25892] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1335.350814][T25892] RIP: 0033:0x7f264339ce59 [ 1335.355222][T25892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1335.374832][T25892] RSP: 002b:00007f2644188028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1335.383274][T25892] RAX: ffffffffffffffda RBX: 00007f2643615fa0 RCX: 00007f264339ce59 [ 1335.391283][T25892] RDX: 0000000000000050 RSI: 0000200000000300 RDI: 000000000000000a [ 1335.399250][T25892] RBP: 00007f2644188090 R08: 0000000000000000 R09: 0000000000000000 [ 1335.407222][T25892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1335.415191][T25892] R13: 00007f2643616038 R14: 00007f2643615fa0 R15: 00007fff7ce85778 [ 1335.423168][T25892] [ 1335.718680][T25899] netlink: 'syz.4.6901': attribute type 10 has an invalid length. [ 1336.813483][T25921] netlink: 'syz.3.6907': attribute type 21 has an invalid length. [ 1337.109618][T25928] netlink: 'syz.4.6908': attribute type 13 has an invalid length. [ 1337.189741][T25928] netlink: 14581 bytes leftover after parsing attributes in process `syz.4.6908'. [ 1337.836276][T25931] netlink: 'syz.0.6910': attribute type 13 has an invalid length. [ 1337.895418][T25931] netlink: 14581 bytes leftover after parsing attributes in process `syz.0.6910'. [ 1338.489514][T25943] netlink: 'syz.2.6913': attribute type 10 has an invalid length. [ 1338.535263][T25943] netlink: 2 bytes leftover after parsing attributes in process `syz.2.6913'. [ 1338.588406][T25943] device bond0 entered promiscuous mode [ 1338.604589][T25943] device bond_slave_0 entered promiscuous mode [ 1338.624584][T25943] device bond_slave_1 entered promiscuous mode [ 1338.655256][T25943] bridge0: port 3(bond0) entered blocking state [ 1338.675883][T25943] bridge0: port 3(bond0) entered disabled state [ 1338.696348][T25943] bridge0: port 3(bond0) entered blocking state [ 1338.702762][T25943] bridge0: port 3(bond0) entered forwarding state [ 1338.747377][T25950] netlink: 'syz.3.6916': attribute type 10 has an invalid length. [ 1340.924314][T25956] netlink: 'syz.2.6917': attribute type 10 has an invalid length. [ 1340.954815][T25956] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6917'. [ 1340.970840][T25956] device dummy0 entered promiscuous mode [ 1340.981686][T25956] bridge0: port 4(dummy0) entered blocking state [ 1340.994465][T25956] bridge0: port 4(dummy0) entered disabled state [ 1341.006422][T25956] bridge0: port 4(dummy0) entered blocking state [ 1341.012971][T25956] bridge0: port 4(dummy0) entered forwarding state [ 1341.633482][T25975] netlink: 'syz.2.6924': attribute type 13 has an invalid length. [ 1341.705651][T25975] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.6924'. [ 1342.058993][T25986] netlink: 14 bytes leftover after parsing attributes in process `syz.0.6926'. [ 1342.158832][T25986] device hsr_slave_0 left promiscuous mode [ 1342.214845][T25986] device hsr_slave_1 left promiscuous mode [ 1342.776683][T25988] netlink: 'syz.3.6928': attribute type 10 has an invalid length. [ 1342.808740][T25988] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6928'. [ 1342.851130][T25988] device dummy0 entered promiscuous mode [ 1342.928659][T25988] bridge0: port 3(dummy0) entered blocking state [ 1343.015511][T25988] bridge0: port 3(dummy0) entered disabled state [ 1343.090814][T25988] bridge0: port 3(dummy0) entered blocking state [ 1343.097632][T25988] bridge0: port 3(dummy0) entered forwarding state [ 1343.618095][T26009] netlink: 144 bytes leftover after parsing attributes in process `syz.3.6935'. [ 1344.430748][T26029] netlink: 'syz.1.6939': attribute type 13 has an invalid length. [ 1344.557025][T26029] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.6939'. [ 1345.222477][T26038] netlink: 'syz.2.6945': attribute type 3 has an invalid length. [ 1345.244707][T26038] netlink: 13435 bytes leftover after parsing attributes in process `syz.2.6945'. [ 1345.283119][T26040] netlink: 'syz.3.6947': attribute type 3 has an invalid length. [ 1345.291366][T26040] netlink: 16066 bytes leftover after parsing attributes in process `syz.3.6947'. [ 1348.503594][T26091] FAULT_INJECTION: forcing a failure. [ 1348.503594][T26091] name failslab, interval 1, probability 0, space 0, times 0 [ 1348.541878][T26091] CPU: 0 PID: 26091 Comm: syz.2.6964 Not tainted syzkaller #0 [ 1348.549407][T26091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1348.559575][T26091] Call Trace: [ 1348.562871][T26091] [ 1348.565820][T26091] dump_stack_lvl+0x188/0x24e [ 1348.570520][T26091] ? show_regs_print_info+0x12/0x12 [ 1348.575769][T26091] ? load_image+0x400/0x400 [ 1348.580300][T26091] ? __lock_acquire+0x7d10/0x7d10 [ 1348.585349][T26091] should_fail_ex+0x399/0x4d0 [ 1348.590047][T26091] should_failslab+0x5/0x20 [ 1348.594566][T26091] slab_pre_alloc_hook+0x59/0x310 [ 1348.599586][T26091] ? verify_lock_unused+0x140/0x140 [ 1348.604870][T26091] ? bpf_test_init+0x9f/0x140 [ 1348.609545][T26091] __kmem_cache_alloc_node+0x4f/0x260 [ 1348.614912][T26091] ? bpf_test_init+0x9f/0x140 [ 1348.619582][T26091] __kmalloc+0xa0/0x240 [ 1348.623739][T26091] bpf_test_init+0x9f/0x140 [ 1348.628243][T26091] bpf_prog_test_run_xdp+0x484/0xf10 [ 1348.633544][T26091] ? dev_put+0x80/0x80 [ 1348.637620][T26091] ? dev_put+0x80/0x80 [ 1348.641685][T26091] bpf_prog_test_run+0x31e/0x390 [ 1348.646621][T26091] __sys_bpf+0x62b/0x780 [ 1348.650866][T26091] ? bpf_link_show_fdinfo+0x380/0x380 [ 1348.656255][T26091] ? lock_chain_count+0x20/0x20 [ 1348.661106][T26091] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1348.667090][T26091] __x64_sys_bpf+0x78/0x90 [ 1348.671504][T26091] do_syscall_64+0x4c/0xa0 [ 1348.675925][T26091] ? clear_bhb_loop+0x60/0xb0 [ 1348.680966][T26091] ? clear_bhb_loop+0x60/0xb0 [ 1348.685647][T26091] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1348.691574][T26091] RIP: 0033:0x7f2fd499ce59 [ 1348.696077][T26091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1348.716056][T26091] RSP: 002b:00007f2fd5918028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1348.724553][T26091] RAX: ffffffffffffffda RBX: 00007f2fd4c15fa0 RCX: 00007f2fd499ce59 [ 1348.732522][T26091] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 1348.740574][T26091] RBP: 00007f2fd5918090 R08: 0000000000000000 R09: 0000000000000000 [ 1348.748539][T26091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1348.756508][T26091] R13: 00007f2fd4c16038 R14: 00007f2fd4c15fa0 R15: 00007ffe2eaaa3b8 [ 1348.764577][T26091] [ 1348.975530][T26092] netlink: 'syz.0.6962': attribute type 13 has an invalid length. [ 1348.998354][T26092] netlink: 14581 bytes leftover after parsing attributes in process `syz.0.6962'. [ 1350.206178][T26126] netlink: 'syz.3.6974': attribute type 9 has an invalid length. [ 1350.240739][T26127] FAULT_INJECTION: forcing a failure. [ 1350.240739][T26127] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1350.285748][T26126] netlink: 399 bytes leftover after parsing attributes in process `syz.3.6974'. [ 1350.298249][T26127] CPU: 1 PID: 26127 Comm: syz.0.6975 Not tainted syzkaller #0 [ 1350.305934][T26127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1350.316020][T26127] Call Trace: [ 1350.319330][T26127] [ 1350.322288][T26127] dump_stack_lvl+0x188/0x24e [ 1350.326993][T26127] ? show_regs_print_info+0x12/0x12 [ 1350.332218][T26127] ? load_image+0x400/0x400 [ 1350.336746][T26127] ? __lock_acquire+0x7d10/0x7d10 [ 1350.341817][T26127] should_fail_ex+0x399/0x4d0 [ 1350.346526][T26127] _copy_from_user+0x2c/0x170 [ 1350.351237][T26127] __sys_bpf+0x2ea/0x780 [ 1350.355517][T26127] ? bpf_link_show_fdinfo+0x380/0x380 [ 1350.360944][T26127] ? lock_chain_count+0x20/0x20 [ 1350.365820][T26127] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1350.371890][T26127] __x64_sys_bpf+0x78/0x90 [ 1350.376347][T26127] do_syscall_64+0x4c/0xa0 [ 1350.380799][T26127] ? clear_bhb_loop+0x60/0xb0 [ 1350.385609][T26127] ? clear_bhb_loop+0x60/0xb0 [ 1350.390326][T26127] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1350.396260][T26127] RIP: 0033:0x7f9231d9ce59 [ 1350.400705][T26127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1350.420357][T26127] RSP: 002b:00007f9232c7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1350.428806][T26127] RAX: ffffffffffffffda RBX: 00007f9232015fa0 RCX: 00007f9231d9ce59 [ 1350.436811][T26127] RDX: 0000000000000050 RSI: 0000200000000900 RDI: 000000000000000a [ 1350.444810][T26127] RBP: 00007f9232c7e090 R08: 0000000000000000 R09: 0000000000000000 [ 1350.452810][T26127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1350.460807][T26127] R13: 00007f9232016038 R14: 00007f9232015fa0 R15: 00007ffd8286e268 [ 1350.468905][T26127] [ 1350.740543][T26135] netlink: 'syz.2.6978': attribute type 3 has an invalid length. [ 1350.812306][T26135] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.6978'. [ 1350.877906][T26140] netlink: 'syz.0.6979': attribute type 9 has an invalid length. [ 1350.896602][T26140] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.6979'. [ 1350.975771][T26140] netlink: 'syz.0.6979': attribute type 11 has an invalid length. [ 1351.004467][T26140] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.6979'. [ 1351.056503][T26144] netlink: 'syz.0.6979': attribute type 11 has an invalid length. [ 1351.094509][T26144] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.6979'. [ 1351.141885][T26139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1351.538231][T26152] netlink: 'syz.2.6983': attribute type 27 has an invalid length. [ 1351.578000][T26146] netlink: 'syz.3.6981': attribute type 13 has an invalid length. [ 1351.608084][T26152] netlink: 164 bytes leftover after parsing attributes in process `syz.2.6983'. [ 1351.626197][T26146] netlink: 14581 bytes leftover after parsing attributes in process `syz.3.6981'. [ 1351.727986][T26158] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6984'. [ 1351.758578][T26158] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6984'. [ 1351.801578][T26155] syzkaller0: tun_chr_ioctl cmd 2147767519 [ 1351.903565][T22238] Bluetooth: hci5: unexpected subevent 0x01 length: 150 > 18 [ 1352.008380][T26163] netlink: 'syz.0.6985': attribute type 25 has an invalid length. [ 1352.028527][T26163] netlink: 'syz.0.6985': attribute type 29 has an invalid length. [ 1352.048900][T26163] FAULT_INJECTION: forcing a failure. [ 1352.048900][T26163] name failslab, interval 1, probability 0, space 0, times 0 [ 1352.062264][T26163] CPU: 1 PID: 26163 Comm: syz.0.6985 Not tainted syzkaller #0 [ 1352.069761][T26163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1352.079816][T26163] Call Trace: [ 1352.083093][T26163] [ 1352.086021][T26163] dump_stack_lvl+0x188/0x24e [ 1352.090702][T26163] ? show_regs_print_info+0x12/0x12 [ 1352.095895][T26163] ? load_image+0x400/0x400 [ 1352.100394][T26163] ? __wake_up+0x12e/0x1a0 [ 1352.104813][T26163] ? __wake_up_bit+0x210/0x210 [ 1352.109606][T26163] should_fail_ex+0x399/0x4d0 [ 1352.114393][T26163] should_failslab+0x5/0x20 [ 1352.118907][T26163] slab_pre_alloc_hook+0x59/0x310 [ 1352.123964][T26163] ? netlink_broadcast+0x1060/0x10d0 [ 1352.129252][T26163] ? switchdev_deferred_enqueue+0x2d/0x240 [ 1352.135149][T26163] __kmem_cache_alloc_node+0x4f/0x260 [ 1352.140527][T26163] ? switchdev_deferred_enqueue+0x2d/0x240 [ 1352.146349][T26163] ? switchdev_deferred_enqueue+0x240/0x240 [ 1352.152255][T26163] __kmalloc+0xa0/0x240 [ 1352.156424][T26163] switchdev_deferred_enqueue+0x2d/0x240 [ 1352.162060][T26163] switchdev_port_attr_set+0xf5/0x2d0 [ 1352.167443][T26163] ? switchdev_deferred_process+0x290/0x290 [ 1352.173338][T26163] ? br_mdb_notify+0x980/0x980 [ 1352.178188][T26163] ? mark_lock+0x94/0x320 [ 1352.182527][T26163] br_multicast_add_router+0x4ee/0x550 [ 1352.187993][T26163] ? in_dev_get+0x280/0x280 [ 1352.192514][T26163] ? br_multicast_mark_router+0x309/0x5a0 [ 1352.198243][T26163] br_multicast_mark_router+0x3ac/0x5a0 [ 1352.203795][T26163] ? br_multicast_add_router+0x550/0x550 [ 1352.209448][T26163] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1352.215616][T26163] br_multicast_set_port_router+0x435/0xcd0 [ 1352.221520][T26163] ? rcu_is_watching+0x11/0xa0 [ 1352.226300][T26163] ? br_multicast_set_router+0x3f0/0x3f0 [ 1352.231937][T26163] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1352.238104][T26163] ? lockdep_hardirqs_on+0x94/0x140 [ 1352.243300][T26163] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1352.249576][T26163] ? br_multicast_set_port_router+0x1/0xcd0 [ 1352.255501][T26163] br_setport+0xae0/0x1110 [ 1352.259972][T26163] br_setlink+0x526/0x880 [ 1352.264299][T26163] ? perf_trace_run_bpf_submit+0xf3/0x1c0 [ 1352.270030][T26163] ? br_vlan_info+0x460/0x460 [ 1352.274771][T26163] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1352.280932][T26163] ? br_vlan_info+0x460/0x460 [ 1352.285793][T26163] rtnl_bridge_setlink+0x4ba/0x720 [ 1352.290914][T26163] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 1352.296024][T26163] ? rtnetlink_rcv_msg+0x226/0xfc0 [ 1352.301145][T26163] ? rtnl_bridge_dellink+0x680/0x680 [ 1352.306426][T26163] rtnetlink_rcv_msg+0x87c/0xfc0 [ 1352.311368][T26163] ? rtnetlink_bind+0x80/0x80 [ 1352.316125][T26163] ? __local_bh_enable_ip+0x136/0x1c0 [ 1352.321511][T26163] ? lockdep_hardirqs_on+0x94/0x140 [ 1352.326712][T26163] ? __local_bh_enable_ip+0x136/0x1c0 [ 1352.332082][T26163] ? _local_bh_enable+0xa0/0xa0 [ 1352.336935][T26163] ? __dev_queue_xmit+0x26b/0x37c0 [ 1352.342050][T26163] ? __dev_queue_xmit+0x26b/0x37c0 [ 1352.347168][T26163] ? __dev_queue_xmit+0x1cd2/0x37c0 [ 1352.352379][T26163] ? __dev_queue_xmit+0x26b/0x37c0 [ 1352.357537][T26163] ? perf_trace_lock+0xf8/0x390 [ 1352.362388][T26163] ? __copy_skb_header+0x3ba/0x4f0 [ 1352.367508][T26163] ? trace_event_raw_event_lock+0x250/0x250 [ 1352.373406][T26163] ? __skb_clone+0x480/0x790 [ 1352.378006][T26163] netlink_rcv_skb+0x1fb/0x450 [ 1352.382772][T26163] ? rtnetlink_bind+0x80/0x80 [ 1352.387451][T26163] ? netlink_ack+0x1170/0x1170 [ 1352.392220][T26163] ? netlink_deliver_tap+0x2e/0x1b0 [ 1352.397419][T26163] netlink_unicast+0x74d/0x8d0 [ 1352.402200][T26163] netlink_sendmsg+0x8ad/0xbd0 [ 1352.406974][T26163] ? netlink_getsockopt+0x550/0x550 [ 1352.412172][T26163] ? aa_sock_msg_perm+0x94/0x150 [ 1352.417111][T26163] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1352.422483][T26163] ? security_socket_sendmsg+0x7c/0xa0 [ 1352.427965][T26163] ? netlink_getsockopt+0x550/0x550 [ 1352.433169][T26163] ____sys_sendmsg+0x5be/0x970 [ 1352.437939][T26163] ? __sys_sendmsg_sock+0x30/0x30 [ 1352.442960][T26163] ? __import_iovec+0x315/0x500 [ 1352.447817][T26163] ? import_iovec+0x6f/0xa0 [ 1352.452405][T26163] ___sys_sendmsg+0x2a2/0x360 [ 1352.457130][T26163] ? __sys_sendmsg+0x290/0x290 [ 1352.461909][T26163] ? ktime_get_real_ts64+0x440/0x440 [ 1352.467217][T26163] __se_sys_sendmsg+0x1bb/0x2a0 [ 1352.472160][T26163] ? __x64_sys_sendmsg+0x80/0x80 [ 1352.477119][T26163] ? lockdep_hardirqs_on+0x94/0x140 [ 1352.482324][T26163] do_syscall_64+0x4c/0xa0 [ 1352.486738][T26163] ? clear_bhb_loop+0x60/0xb0 [ 1352.491509][T26163] ? clear_bhb_loop+0x60/0xb0 [ 1352.496193][T26163] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1352.502087][T26163] RIP: 0033:0x7f9231d9ce59 [ 1352.506502][T26163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1352.526131][T26163] RSP: 002b:00007f9232c7e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1352.534541][T26163] RAX: ffffffffffffffda RBX: 00007f9232015fa0 RCX: 00007f9231d9ce59 [ 1352.542511][T26163] RDX: 0000000004004004 RSI: 0000200000000040 RDI: 0000000000000004 [ 1352.550479][T26163] RBP: 00007f9232c7e090 R08: 0000000000000000 R09: 0000000000000000 [ 1352.558450][T26163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1352.566417][T26163] R13: 00007f9232016038 R14: 00007f9232015fa0 R15: 00007ffd8286e268 [ 1352.574402][T26163] [ 1353.464263][T22238] Bluetooth: hci4: command 0x0406 tx timeout [ 1354.909004][T26187] netlink: 'syz.4.6988': attribute type 3 has an invalid length. [ 1354.991783][T26187] __nla_validate_parse: 1 callbacks suppressed [ 1354.991804][T26187] netlink: 13435 bytes leftover after parsing attributes in process `syz.4.6988'. [ 1355.046659][T26183] netlink: 'syz.2.6990': attribute type 2 has an invalid length. [ 1355.079585][T26183] netlink: 'syz.2.6990': attribute type 8 has an invalid length. [ 1355.155339][T26183] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6990'. [ 1355.817469][T26205] netlink: 'syz.1.6997': attribute type 13 has an invalid length. [ 1355.904349][T26205] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.6997'. [ 1357.249125][T26226] netlink: 'syz.0.7004': attribute type 25 has an invalid length. [ 1357.307520][T26226] netlink: 'syz.0.7004': attribute type 28 has an invalid length. [ 1357.556706][T26231] netlink: 'syz.1.7005': attribute type 2 has an invalid length. [ 1357.574379][T26231] netlink: 'syz.1.7005': attribute type 8 has an invalid length. [ 1357.604598][T26231] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7005'. [ 1358.256767][T26259] FAULT_INJECTION: forcing a failure. [ 1358.256767][T26259] name failslab, interval 1, probability 0, space 0, times 0 [ 1358.300195][T26259] CPU: 1 PID: 26259 Comm: syz.1.7014 Not tainted syzkaller #0 [ 1358.307726][T26259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1358.317813][T26259] Call Trace: [ 1358.321117][T26259] [ 1358.324065][T26259] dump_stack_lvl+0x188/0x24e [ 1358.328857][T26259] ? show_regs_print_info+0x12/0x12 [ 1358.334082][T26259] ? load_image+0x400/0x400 [ 1358.338624][T26259] ? __might_sleep+0xd0/0xd0 [ 1358.343247][T26259] ? __lock_acquire+0x7d10/0x7d10 [ 1358.348314][T26259] should_fail_ex+0x399/0x4d0 [ 1358.353038][T26259] should_failslab+0x5/0x20 [ 1358.357562][T26259] slab_pre_alloc_hook+0x59/0x310 [ 1358.362606][T26259] ? tomoyo_encode+0x27e/0x540 [ 1358.367407][T26259] __kmem_cache_alloc_node+0x4f/0x260 [ 1358.372800][T26259] ? tomoyo_encode+0x27e/0x540 [ 1358.377595][T26259] __kmalloc+0xa0/0x240 [ 1358.381785][T26259] tomoyo_encode+0x27e/0x540 [ 1358.386492][T26259] tomoyo_realpath_from_path+0x58e/0x5d0 [ 1358.392157][T26259] ? tomoyo_path_number_perm+0x205/0x650 [ 1358.397818][T26259] tomoyo_path_number_perm+0x22f/0x650 [ 1358.403310][T26259] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1358.408794][T26259] ? ksys_write+0x1c0/0x250 [ 1358.413311][T26259] ? common_file_perm+0x171/0x1c0 [ 1358.418487][T26259] ? __fget_files+0x28/0x4b0 [ 1358.423194][T26259] ? __fget_files+0x28/0x4b0 [ 1358.427884][T26259] security_file_ioctl+0x6c/0xa0 [ 1358.432824][T26259] __se_sys_ioctl+0x48/0x170 [ 1358.437420][T26259] do_syscall_64+0x4c/0xa0 [ 1358.441834][T26259] ? clear_bhb_loop+0x60/0xb0 [ 1358.446512][T26259] ? clear_bhb_loop+0x60/0xb0 [ 1358.451198][T26259] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1358.457119][T26259] RIP: 0033:0x7f264339ce59 [ 1358.461534][T26259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1358.481149][T26259] RSP: 002b:00007f2644188028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1358.489827][T26259] RAX: ffffffffffffffda RBX: 00007f2643615fa0 RCX: 00007f264339ce59 [ 1358.497797][T26259] RDX: 0000000000000000 RSI: 000000000000894c RDI: 0000000000000004 [ 1358.505764][T26259] RBP: 00007f2644188090 R08: 0000000000000000 R09: 0000000000000000 [ 1358.513732][T26259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1358.521699][T26259] R13: 00007f2643616038 R14: 00007f2643615fa0 R15: 00007fff7ce85778 [ 1358.529681][T26259] [ 1358.728367][T26264] netlink: 'syz.2.7015': attribute type 13 has an invalid length. [ 1358.774332][T26264] netlink: 14581 bytes leftover after parsing attributes in process `syz.2.7015'. [ 1359.113643][T26259] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1359.647183][T26277] netlink: 'syz.1.7020': attribute type 25 has an invalid length. [ 1359.668460][T26277] netlink: 'syz.1.7020': attribute type 28 has an invalid length. [ 1361.058824][T26302] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.7029'. [ 1361.299875][T26308] netlink: 'syz.1.7032': attribute type 13 has an invalid length. [ 1361.413157][T26308] netlink: 14581 bytes leftover after parsing attributes in process `syz.1.7032'. [ 1361.479148][T26309] netlink: 'syz.0.7031': attribute type 2 has an invalid length. [ 1361.494844][T26309] netlink: 'syz.0.7031': attribute type 8 has an invalid length. [ 1361.537447][T26309] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7031'. [ 1361.631196][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.637727][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 1368.293883][T26534] pimreg: tun_chr_ioctl cmd 2147767520 [ 1368.384966][T26539] netlink: 128 bytes leftover after parsing attributes in process `syz.1.7140'. [ 1368.439419][T26539] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1369.622604][T26584] device syzkaller0 entered promiscuous mode [ 1372.957595][T26593] device syzkaller0 entered promiscuous mode [ 1375.227478][T26634] bridge0: port 2(bridge_slave_1) entered disabled state [ 1375.234986][T26634] bridge0: port 1(bridge_slave_0) entered disabled state [ 1375.252276][T26635] device bridge_slave_1 left promiscuous mode [ 1375.260282][T26635] bridge0: port 2(bridge_slave_1) entered disabled state [ 1375.270082][T26635] device bridge_slave_0 left promiscuous mode [ 1375.277516][T26635] bridge0: port 1(bridge_slave_0) entered disabled state [ 1377.440876][T26680] device syzkaller0 entered promiscuous mode [ 1383.545651][T26703] device syzkaller0 entered promiscuous mode [ 1390.023596][T26790] syz.2.7225[26790] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1390.023734][T26790] syz.2.7225[26790] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1398.064592][T26885] device syzkaller0 entered promiscuous mode [ 1404.601965][T26932] device syzkaller0 entered promiscuous mode [ 1407.059224][T26968] device syzkaller0 entered promiscuous mode [ 1409.553237][T26992] device syzkaller0 entered promiscuous mode [ 1412.392992][T27015] [ 1412.395975][T27015] ============================= [ 1412.400847][T27015] WARNING: suspicious RCU usage [ 1412.405812][T27015] syzkaller #0 Not tainted [ 1412.410252][T27015] ----------------------------- [ 1412.415195][T27015] kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage! [ 1412.423720][T27015] [ 1412.423720][T27015] other info that might help us debug this: [ 1412.423720][T27015] [ 1412.434272][T27015] [ 1412.434272][T27015] rcu_scheduler_active = 2, debug_locks = 1 [ 1412.442361][T27015] 1 lock held by syz.3.7300/27015: [ 1412.447587][T27015] #0: ffffffff8cb2dfe0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 [ 1412.457880][T27015] [ 1412.457880][T27015] stack backtrace: [ 1412.463786][T27015] CPU: 1 PID: 27015 Comm: syz.3.7300 Not tainted syzkaller #0 [ 1412.471280][T27015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1412.481359][T27015] Call Trace: [ 1412.484651][T27015] [ 1412.487597][T27015] dump_stack_lvl+0x188/0x24e [ 1412.492387][T27015] ? show_regs_print_info+0x12/0x12 [ 1412.497610][T27015] ? load_image+0x400/0x400 [ 1412.502154][T27015] lockdep_rcu_suspicious+0x1dd/0x300 [ 1412.507653][T27015] get_callchain_entry+0x2a5/0x3b0 [ 1412.512836][T27015] get_perf_callchain+0xc4/0x490 [ 1412.517810][T27015] ? put_callchain_entry+0xb0/0xb0 [ 1412.523049][T27015] ? plist_add+0x3d4/0x480 [ 1412.527493][T27015] ? verify_lock_unused+0x140/0x140 [ 1412.532721][T27015] __bpf_get_stack+0x2de/0x520 [ 1412.537519][T27015] ? stack_map_get_build_id_offset+0x970/0x970 [ 1412.543700][T27015] ? __cant_sleep+0x220/0x220 [ 1412.548402][T27015] ? bpf_prog_14d9fb3786f83342+0x3d/0x41 [ 1412.554063][T27015] bpf_get_stack_raw_tp+0x189/0x1c0 [ 1412.559307][T27015] bpf_prog_14d9fb3786f83342+0x3d/0x41 [ 1412.564794][T27015] bpf_prog_run_pin_on_cpu+0x64/0x150 [ 1412.570204][T27015] bpf_prog_test_run_syscall+0x313/0x4a0 [ 1412.575878][T27015] ? sock_gen_cookie+0x60/0x60 [ 1412.580683][T27015] ? sock_gen_cookie+0x60/0x60 [ 1412.585478][T27015] bpf_prog_test_run+0x31e/0x390 [ 1412.590459][T27015] __sys_bpf+0x62b/0x780 [ 1412.594731][T27015] ? bpf_link_show_fdinfo+0x380/0x380 [ 1412.600129][T27015] ? do_sys_openat2+0xed/0x4b0 [ 1412.604939][T27015] ? lock_chain_count+0x20/0x20 [ 1412.609831][T27015] __x64_sys_bpf+0x78/0x90 [ 1412.614290][T27015] do_syscall_64+0x4c/0xa0 [ 1412.618738][T27015] ? clear_bhb_loop+0x60/0xb0 [ 1412.623541][T27015] ? clear_bhb_loop+0x60/0xb0 [ 1412.628266][T27015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1412.634198][T27015] RIP: 0033:0x7f0d28b9ce59 [ 1412.638682][T27015] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1412.658324][T27015] RSP: 002b:00007f0d29a64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1412.666770][T27015] RAX: ffffffffffffffda RBX: 00007f0d28e16090 RCX: 00007f0d28b9ce59 [ 1412.674773][T27015] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a [ 1412.682775][T27015] RBP: 00007f0d28c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1412.690775][T27015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1412.698780][T27015] R13: 00007f0d28e16128 R14: 00007f0d28e16090 R15: 00007fff95af42e8 [ 1412.706800][T27015] [ 1412.728793][T27016] device syzkaller0 entered promiscuous mode