last executing test programs: 16.156304867s ago: executing program 1 (id=2298): socket$kcm(0x2, 0x3, 0x106) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0xa, 0x28428, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x5}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x2, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000e40)={&(0x7f0000000140)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001180)=[{&(0x7f0000000340)="d9", 0x1}], 0x1}, 0x4000) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x1, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$ITER_CREATE(0xb, &(0x7f00000002c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x0, 0x54, 0x0, 0x2}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x5452, 0x0) r4 = socket$kcm(0x23, 0x5, 0x0) sendmsg$kcm(r4, 0x0, 0x80) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000080) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0x40047438, 0x7f7c2739efff) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) ioctl$SIOCSIFHWADDR(r6, 0x541b, &(0x7f0000000180)={'veth0_virt_wifi\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}) r7 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x2, r1, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="d8000000200081044e81f782db44b90402000000e8fe450f55a1180015000600142603600e120900100000000401a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8cbf7a7ff4841ef52b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4d180a54f14f00004d9db22fe7c9f8775730d16a4683f1aea4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace91ed0bffd6e4edef3d93452a92954b43370e00"/216, 0xd8}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) 13.061407545s ago: executing program 1 (id=2304): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x48) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x9, 0x4022, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x70}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8946, &(0x7f0000000080)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[], 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xfffffffffffffd9e, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000003000000000000000000000018110000", @ANYRES32=r0, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00'], &(0x7f0000000180)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x0, '\x00', r5, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="010000201000"}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) r7 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8) socket$kcm(0x2, 0x1, 0x84) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b705000000000000611018ffffffffffdb050000200000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48) 12.859054022s ago: executing program 1 (id=2307): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) r0 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x3, 0x0, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x4) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, 0xffffffffffffffff) (async) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x2, 0xfffffffffffff7fd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="180200002f000000000000000100000085100000010000009500000000000000180100002020732100000000002020207b1af8ff000000003fa100000000000007010000f8ffffffb702000008000000b703000000000028850000007600000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x98, &(0x7f00000001c0)=""/152, 0x0, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x57, 0x10, 0x0, 0x4a, 0x0, 0x0, 0xfffffffffffffd43}, 0x23) (async) socket$kcm(0x10, 0x2, 0x10) (async) r3 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000100)=@ieee802154={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0102}}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000180)="27031c0016001400020000000000000006e1f0000000894f000f1102ee1680ca82973d2bd4b8", 0x26}, {&(0x7f0000000280)="7d3ed2ea1f2f23edbb324820e73b5f4b1100201a03df64a4853ed1b39e5d175223317057", 0x24}, {&(0x7f0000000340)="551d389992c228e384254107", 0xc}], 0x3}, 0x24000008) (async) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112}) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x3, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0}, 0x94) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, &(0x7f0000000280), &(0x7f0000000240)=r5}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000007000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4) (async) r7 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r7, 0x0, 0xc000) (async) r8 = socket$kcm(0x10, 0x2, 0x4) perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xa, 0x0, 0x0, 0xa, 0x0, 0x5, 0x44, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x80, 0xa7, 0x2, 0x5, 0xa5, 0x9b9b, 0x7000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000040)={0x5, 0x69, 0x0, 0x1, 0x8, 0xa, 0x0, 0x4, 0x400, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001, 0x4, @perf_bp={0x0, 0x8}, 0x11950, 0x4854, 0x3, 0x6, 0x5, 0xb5, 0x5, 0x0, 0xc8, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) (async) sendmsg$inet(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async) recvmsg$kcm(r8, &(0x7f0000002f80)={0x0, 0x0, 0x0}, 0x10000) (async) syz_clone(0x200c8000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0xa49a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0xff) 12.505941153s ago: executing program 1 (id=2311): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$kcm(0x21, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) socket$kcm(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @const={0x0, 0x0, 0x0, 0xb}, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x3e}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10}}], 0xc0}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000600, 0x0, 0x0, &(0x7f0000000900), 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 12.325513348s ago: executing program 1 (id=2314): ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000240)='v}\x00'}, 0x30) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x56, 0xfe, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf40242309766deb4e793f90000000000000000dbc856cbc664650634231454ca2d8034c4ca29e0d99c3b6615e91835a600c08f989af45438a54981be310aad92ae545b1c96", &(0x7f0000000440)=""/254, 0x2f00, 0x0, 0x103, 0x194, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c0772128257702bfe6d0971f00fea85da062cdc", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2, 0x0, 0x10000}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) close(0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x1, 0x106) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x2a, &(0x7f00000002c0)='/p\xd0\xf2\x00\x00\x00\xff\xf3\x00\x00\x00t4/c+\x8fG\xf9aK\f\a0\a\xe5\x19\xe9gJ\x95\a\xa0;\xc8X\x94\xa71R\x00'}, 0x30) r2 = socket$kcm(0xa, 0x2, 0x0) close(r2) socket$kcm(0x2, 0x2, 0x73) openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) setsockopt$sock_attach_bpf(r2, 0x0, 0x4, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x4e22, @dev}, 0x10, 0x0}, 0x400c080) 12.088453946s ago: executing program 1 (id=2324): ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000240)='v}\x00'}, 0x30) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x56, 0xfe, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf40242309766deb4e793f90000000000000000dbc856cbc664650634231454ca2d8034c4ca29e0d99c3b6615e91835a600c08f989af45438a54981be310aad92ae545b1c96", &(0x7f0000000440)=""/254, 0x2f00, 0x0, 0x103, 0x194, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c0772128257702bfe6d0971f00fea85da062cdc", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2, 0x0, 0x10000}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) close(0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x1, 0x106) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x2a, &(0x7f00000002c0)='/p\xd0\xf2\x00\x00\x00\xff\xf3\x00\x00\x00t4/c+\x8fG\xf9aK\f\a0\a\xe5\x19\xe9gJ\x95\a\xa0;\xc8X\x94\xa71R\x00'}, 0x30) r2 = socket$kcm(0xa, 0x2, 0x0) close(r2) socket$kcm(0x2, 0x2, 0x73) openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) setsockopt$sock_attach_bpf(r2, 0x0, 0x4, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x4e22, @dev}, 0x10, 0x0}, 0x400c080) 8.173890231s ago: executing program 2 (id=2345): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10}, 0x0, 0xca, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0xfffffffe, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80350, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180200000600000000000000000000008500000041000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x50) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x830, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$unix(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @rights={{0x10}}, @rights={{0x10}}], 0x40}, 0x40000062) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x18, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[@ANYRES8=r1, @ANYRES8=r5], 0x12) 7.87755983s ago: executing program 0 (id=2347): socket$kcm(0x2, 0x3, 0x106) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0xa, 0x28428, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x5}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x2, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000800)={&(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000000)="b1", 0x34000}], 0x1}, 0xc8d4) sendmsg$inet(r0, &(0x7f0000000e40)={&(0x7f0000000140)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001180)=[{&(0x7f0000000340)="d9", 0x1}], 0x1}, 0x4000) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x1, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$ITER_CREATE(0xb, &(0x7f00000002c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x0, 0x54, 0x0, 0x2}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x5452, 0x0) socket$kcm(0x23, 0x5, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000080) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0x40047438, 0x7f7c2739efff) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) r5 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x2, r1, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="d8000000200081044e81f782db44b90402000000e8fe450f55a1180015000600142603600e120900100000000401a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8cbf7a7ff4841ef52b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4d180a54f14f00004d9db22fe7c9f8775730d16a4683f1aea4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace91ed0bffd6e4edef3d93452a92954b43370e00"/216, 0xd8}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) 7.87736777s ago: executing program 2 (id=2348): r0 = socket$kcm(0x2b, 0x1, 0x0) setsockopt$sock_attach_bpf(r0, 0x0, 0x3, 0x0, 0x11e) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x7, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x19, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x4a, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)={0x1b, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x6, '\x00', r1, r2, 0x1, 0x2, 0x6}, 0x50) 7.710712665s ago: executing program 2 (id=2350): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$kcm(0x21, 0x2, 0x2) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) socket$kcm(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @const={0x0, 0x0, 0x0, 0xb}, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x3e}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10}}], 0xa0}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000600, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.667599476s ago: executing program 3 (id=2351): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$kcm(0x21, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) socket$kcm(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @const={0x0, 0x0, 0x0, 0xb}, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x3e}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10}}], 0xc0}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000600, 0xb, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.579415825s ago: executing program 0 (id=2352): r0 = socket$kcm(0x2, 0x3, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x1}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0x1000000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x15, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x8650bf77ffef8b55}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r3, 0x2000012, 0xe, 0x0, &(0x7f0000000240)="63eced8e465c1c76e716c0be4b07", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xd}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, 0x660b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x0, 0x10009, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x22, 0x3, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x80044944, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./cgroup/file0\x00', 0x0, 0x10}, 0x18) socketpair$tipc(0x1e, 0xb, 0x0, &(0x7f0000000340)) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./cgroup/file0\x00', 0x0, 0x4010, r3}, 0x18) ioctl$SIOCSIFHWADDR(r0, 0x8918, &(0x7f0000000040)={'wg1\x00', @random="0200ac7f7f00"}) socketpair(0x27, 0x2, 0x700000, &(0x7f0000000000)) 4.446965849s ago: executing program 3 (id=2353): socket$kcm(0x2, 0x3, 0x106) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0xa, 0x28428, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x5}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x2, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000800)={&(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000000)="b1", 0x34000}], 0x1}, 0xc8d4) sendmsg$inet(r0, &(0x7f0000000e40)={&(0x7f0000000140)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001180)=[{&(0x7f0000000340)="d9", 0x1}], 0x1}, 0x4000) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x1, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$ITER_CREATE(0xb, &(0x7f00000002c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x0, 0x54, 0x0, 0x2}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x5452, 0x0) socket$kcm(0x23, 0x5, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000080) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0x40047438, 0x7f7c2739efff) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) ioctl$SIOCSIFHWADDR(r5, 0x541b, &(0x7f0000000180)={'veth0_virt_wifi\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}) r6 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x2, r1, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="d8000000200081044e81f782db44b90402000000e8fe450f55a1180015000600142603600e120900100000000401a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8cbf7a7ff4841ef52b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4d180a54f14f00004d9db22fe7c9f8775730d16a4683f1aea4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace91ed0bffd6e4edef3d93452a92954b43370e00"/216, 0xd8}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) 4.446701209s ago: executing program 0 (id=2354): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e381, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0xb, 0xffffffffffffffff}, 0x8, 0x0, 0x0, 0x5, 0x6, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x400200000000003e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x891c, &(0x7f00000000c0)) (fail_nth: 1) 4.446303279s ago: executing program 2 (id=2355): socket$kcm(0x2, 0x3, 0x106) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000800)={&(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000000)="b1", 0x34000}], 0x1}, 0xc8d4) sendmsg$inet(r0, &(0x7f0000000e40)={&(0x7f0000000140)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001180)=[{&(0x7f0000000340)="d9", 0x1}], 0x1}, 0x4000) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x1, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$ITER_CREATE(0xb, &(0x7f00000002c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x0, 0x54, 0x0, 0x2}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x5452, 0x0) r4 = socket$kcm(0x23, 0x5, 0x0) sendmsg$kcm(r4, 0x0, 0x80) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000080) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0x40047438, 0x7f7c2739efff) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) ioctl$SIOCSIFHWADDR(r6, 0x541b, &(0x7f0000000180)={'veth0_virt_wifi\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}) r7 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x2, r1, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="d8000000200081044e81f782db44b90402000000e8fe450f55a1180015000600142603600e120900100000000401a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8cbf7a7ff4841ef52b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4d180a54f14f00004d9db22fe7c9f8775730d16a4683f1aea4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace91ed0bffd6e4edef3d93452a92954b43370e00"/216, 0xd8}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) 3.917676735s ago: executing program 3 (id=2356): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10}, 0x0, 0xca, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0xfffffffe, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80350, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180200000600000000000000000000008500000041000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x50) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x400000, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$unix(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @rights={{0x10}}, @rights={{0x10}}], 0x40}, 0x40000062) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x18, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[@ANYRES8=r1, @ANYRES8=r5], 0x12) 3.742825811s ago: executing program 0 (id=2357): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e381, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0xb, 0xffffffffffffffff}, 0x8, 0x0, 0x0, 0x5, 0x6, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x400200000000003e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x891c, &(0x7f00000000c0)) 3.642256615s ago: executing program 3 (id=2358): ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000240)='v}\x00'}, 0x30) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r0, 0x0, 0x5f, 0xfe, &(0x7f0000000140)="cb74445b7d4c0b24676c6c71ae37efcedaf40242309766deb4e793f90000000000000000dbc856cbc664650634231454ca2d8034c4ca29e0d99c3b6615e91835a600c08f989af45438a54981be310aad92ae545b1c961e5f3762a51fe4c736", &(0x7f0000000440)=""/254, 0x2f00, 0x0, 0x103, 0x194, &(0x7f0000000980)="ffc4438e5c3081d0e133e812196ec0ed923733aa8b5aba32c8650e7a66d6136853773dfbc6226be13039e230d511f1ac50cc7811aac0400e4c833fedf842ae2918e6fddb550729246fcf4c0a01bc64989ea3985fb362751a83991bd56e761379caa64f6148893ff25f38d5cd6dd695bbf9ca709a9960e0e6b054d5e2239bcb7c0fb2ac66dc4c8f534e439ff20ccaf0d48a98c19c92a3b437a699350f49606d21a403f8c112c46fea5486bf367a854b0f6c1e563b656e4794f6793a08bb3656c391643f6df71d0255054368a938d38503d064da82d5dbf395ad47ed3932669168d324ed0f6de8360d499042ddc7d02b6c0772128257702bfe6d0971f00fea85da062cdc", &(0x7f00000007c0)="4c87fe555ceb79157b1e507ff4d3cc053321e42ae89f596427188b4877ab8f1776c0685784f1174c6401ecc1dd6e2a77bc79238f87ad9215a92ff203a30099e77c543e702b4a4438d358616381745f24f74e585498af129c4b173b242f445b08135f7fa40eb7ba78160ff4f0c80e1b324d0c234cb7f43a3ff9e9535dc16000c797113a039f4508a09144090000009f38a90a24f173b3e68377e4272950a80cfcd3aa6850e917bc7e57370060f5e6db941d67fc98a1e98103830b821657438325578d2af822dd4fc13ea7a7eef8d9be4e715aec8fd6cadc41c8da5ce9da2b9e1559d92a1936fc2b3a00000000000000000072200e10ba6269b634f10f7098c65ba67ba65c0e2687637e131fb8d5ba6c12c09c8356853c434a44ff0878e496dcf9a4f5ca02c293279948f37ebb28843f92c87c057a3b410e04418557d5deda7ddd3bd1d384d64ec980187e8b64a0696571a49e847db79349c9b3c3fab5f1f977bde4d802d9026ae0c11744eb1525c5195fd215d7a432497f35c2f2cfcd2b6336b26dfef0cb968c910ea2af5cdd4d58cc08535d5514", 0x2, 0x0, 0x10000}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) close(0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x1, 0x106) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x2a, &(0x7f00000002c0)='/p\xd0\xf2\x00\x00\x00\xff\xf3\x00\x00\x00t4/c+\x8fG\xf9aK\f\a0\a\xe5\x19\xe9gJ\x95\a\xa0;\xc8X\x94\xa71R\x00'}, 0x30) r2 = socket$kcm(0xa, 0x2, 0x0) close(r2) socket$kcm(0x2, 0x2, 0x73) openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) setsockopt$sock_attach_bpf(r2, 0x0, 0x4, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x4e22, @dev}, 0x10, 0x0}, 0x400c080) 3.426844021s ago: executing program 2 (id=2359): r0 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10}, 0x8, 0x8000000000ca, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0xffffff7e, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) r1 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r1, &(0x7f0000000240)={&(0x7f0000000000)=@in6={0xa, 0x41, 0x0, @loopback, 0x2}, 0x80, 0x0}, 0xe07e872424dfefca) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x0, 0x10000, 0x0, 0x5, 0x9, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, r0, 0xa) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002500)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc786b409ac930c90ff90f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d85893f229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09e3187a10d905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5de0900000000000000cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367638cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e1217c1342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c67df4c6505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a2d4f12e8e717eaaa2a6d14fee0c15f36c203dbc7c06128bec84231d43e152ef19ce027436fb4ebb9fce431b913f4817597a6f53d1626f9d1cb7b36fb18ac19547a9b20ede70c81a75686cea85dcd34408128da7cab045541bc6b9a0a79f63f2e7646356e04b977c9f47467537015240b974184be9c54b7c628ae4d97ebdb06070344468994afbaac71e5ffac2c61d9af66f9de2760a38e968a781528531c1c936a02065be48f"], &(0x7f0000000340)='syzkaller\x00'}, 0x94) r3 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0xf, &(0x7f00000002c0), 0x161) sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x31, &(0x7f0000000640), 0x4) close(r3) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0}, 0x50) recvmsg$kcm(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000100)=""/199, 0xc7}], 0x1}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, @perf_bp={0x0, 0x2}, 0x884, 0x0, 0x0, 0x0, 0x800000010000, 0x800000, 0x9, 0x0, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0xa1, &(0x7f0000001240)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 3.330360374s ago: executing program 3 (id=2360): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$kcm(0x21, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) socket$kcm(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @const={0x0, 0x0, 0x0, 0xb}, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x3e}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10}}], 0xc0}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000600, 0xb, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.274694116s ago: executing program 0 (id=2361): socket$kcm(0x2, 0x3, 0x106) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0xa, 0x28428, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x5}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x2, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000800)={&(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000000)="b1", 0x34000}], 0x1}, 0xc8d4) sendmsg$inet(r0, &(0x7f0000000e40)={&(0x7f0000000140)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001180)=[{&(0x7f0000000340)="d9", 0x1}], 0x1}, 0x4000) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x1, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$ITER_CREATE(0xb, &(0x7f00000002c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x0, 0x54, 0x0, 0x2}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x5452, 0x0) socket$kcm(0x23, 0x5, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000080) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0x40047438, 0x7f7c2739efff) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) r5 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x2, r1, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="d8000000200081044e81f782db44b90402000000e8fe450f55a1180015000600142603600e120900100000000401a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8cbf7a7ff4841ef52b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4d180a54f14f00004d9db22fe7c9f8775730d16a4683f1aea4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace91ed0bffd6e4edef3d93452a92954b43370e00"/216, 0xd8}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) 3.174685239s ago: executing program 3 (id=2362): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x48) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x9, 0x4022, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x70}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8946, &(0x7f0000000080)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[], 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xfffffffffffffd9e, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000003000000000000000000000018110000", @ANYRES32=r0, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00'], &(0x7f0000000180)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41000, 0x0, '\x00', r5, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="010000201000"}) 3.15431373s ago: executing program 2 (id=2363): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) socket$kcm(0x11, 0x2, 0x300) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @const={0x0, 0x0, 0x0, 0xb}, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x3e}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10}}], 0xa0}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x81000600, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 0 (id=2364): socket$kcm(0x2, 0x3, 0x106) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0xa, 0x28428, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x5}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x2, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000800)={&(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000000)="b1", 0x34000}], 0x1}, 0xc8d4) sendmsg$inet(r0, &(0x7f0000000e40)={&(0x7f0000000140)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000001180)=[{&(0x7f0000000340)="d9", 0x1}], 0x1}, 0x4000) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0xa, 0x1, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$ITER_CREATE(0xb, &(0x7f00000002c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x0, 0x54, 0x0, 0x2}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x5452, 0x0) socket$kcm(0x23, 0x5, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000080) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0x40047438, 0x7f7c2739efff) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) ioctl$SIOCSIFHWADDR(r5, 0x541b, &(0x7f0000000180)={'veth0_virt_wifi\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}) r6 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x2, r1, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="d8000000200081044e81f782db44b90402000000e8fe450f55a1180015000600142603600e120900100000000401a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8cbf7a7ff4841ef52b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4d180a54f14f00004d9db22fe7c9f8775730d16a4683f1aea4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace91ed0bffd6e4edef3d93452a92954b43370e00"/216, 0xd8}], 0x1}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) kernel console output (not intermixed with test programs): x90 [ 219.326740][ T8114] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 219.332655][ T8114] RIP: 0033:0x7f0eb6f9ce59 [ 219.337084][ T8114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 219.356706][ T8114] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 219.365136][ T8114] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 219.373107][ T8114] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005 [ 219.381088][ T8114] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 219.389056][ T8114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.397025][ T8114] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 219.405278][ T8114] [ 219.592702][ T8123] netlink: 164 bytes leftover after parsing attributes in process `syz.2.842'. [ 219.663952][ T8122] netlink: 164 bytes leftover after parsing attributes in process `syz.2.842'. [ 219.912910][ T8135] FAULT_INJECTION: forcing a failure. [ 219.912910][ T8135] name failslab, interval 1, probability 0, space 0, times 0 [ 219.935551][ T8135] CPU: 0 PID: 8135 Comm: syz.2.847 Not tainted syzkaller #0 [ 219.942896][ T8135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 219.946394][ T8136] netlink: 'syz.0.846': attribute type 10 has an invalid length. [ 219.952956][ T8135] Call Trace: [ 219.952968][ T8135] [ 219.952976][ T8135] dump_stack_lvl+0x18c/0x250 [ 219.953005][ T8135] ? show_regs_print_info+0x20/0x20 [ 219.953024][ T8135] ? load_image+0x420/0x420 [ 219.953044][ T8135] ? __might_sleep+0xe0/0xe0 [ 219.953066][ T8135] ? __lock_acquire+0x7d40/0x7d40 [ 219.990898][ T8135] should_fail_ex+0x39d/0x4d0 [ 219.995584][ T8135] should_failslab+0x9/0x20 [ 220.000083][ T8135] slab_pre_alloc_hook+0x59/0x310 [ 220.005104][ T8135] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.010824][ T8135] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.016540][ T8135] __kmem_cache_alloc_node+0x53/0x250 [ 220.021917][ T8135] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.027630][ T8135] __kmalloc+0xa4/0x230 [ 220.031790][ T8135] tomoyo_realpath_from_path+0xe3/0x5d0 [ 220.037354][ T8135] tomoyo_path_number_perm+0x248/0x620 [ 220.042820][ T8135] ? tomoyo_path_number_perm+0x217/0x620 [ 220.048447][ T8135] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 220.053903][ T8135] ? ksys_write+0x1c4/0x260 [ 220.058426][ T8135] ? __fget_files+0x28/0x4b0 [ 220.063012][ T8135] ? __fget_files+0x28/0x4b0 [ 220.067606][ T8135] security_file_ioctl+0x70/0xa0 [ 220.072540][ T8135] __se_sys_ioctl+0x48/0x170 [ 220.077127][ T8135] do_syscall_64+0x55/0xb0 [ 220.081542][ T8135] ? clear_bhb_loop+0x40/0x90 [ 220.086212][ T8135] ? clear_bhb_loop+0x40/0x90 [ 220.090880][ T8135] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 220.096770][ T8135] RIP: 0033:0x7fa804d9ce59 [ 220.101176][ T8135] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.120781][ T8135] RSP: 002b:00007fa805d36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.129201][ T8135] RAX: ffffffffffffffda RBX: 00007fa805015fa0 RCX: 00007fa804d9ce59 [ 220.137168][ T8135] RDX: 00002000000000c0 RSI: 000000000000541b RDI: 0000000000000003 [ 220.145160][ T8135] RBP: 00007fa805d36090 R08: 0000000000000000 R09: 0000000000000000 [ 220.153124][ T8135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.161090][ T8135] R13: 00007fa805016038 R14: 00007fa805015fa0 R15: 00007ffef15a22d8 [ 220.169065][ T8135] [ 220.275682][ T8135] ERROR: Out of memory at tomoyo_realpath_from_path. [ 220.768288][ T8149] netlink: 132 bytes leftover after parsing attributes in process `syz.2.852'. [ 221.023104][ T8151] FAULT_INJECTION: forcing a failure. [ 221.023104][ T8151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.064071][ T8151] CPU: 0 PID: 8151 Comm: syz.1.853 Not tainted syzkaller #0 [ 221.071428][ T8151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 221.081504][ T8151] Call Trace: [ 221.084801][ T8151] [ 221.087747][ T8151] dump_stack_lvl+0x18c/0x250 [ 221.092453][ T8151] ? show_regs_print_info+0x20/0x20 [ 221.097678][ T8151] ? load_image+0x420/0x420 [ 221.102200][ T8151] ? __might_fault+0xaa/0x120 [ 221.106899][ T8151] ? __lock_acquire+0x7d40/0x7d40 [ 221.111951][ T8151] should_fail_ex+0x39d/0x4d0 [ 221.116662][ T8151] _copy_from_user+0x2f/0xe0 [ 221.121279][ T8151] ___sys_sendmsg+0x1c7/0x360 [ 221.125983][ T8151] ? __sys_sendmsg+0x2a0/0x2a0 [ 221.130788][ T8151] ? __lock_acquire+0x7d40/0x7d40 [ 221.135858][ T8151] __se_sys_sendmsg+0x1c2/0x2b0 [ 221.140741][ T8151] ? __x64_sys_sendmsg+0x80/0x80 [ 221.145717][ T8151] ? lockdep_hardirqs_on+0x98/0x150 [ 221.150942][ T8151] do_syscall_64+0x55/0xb0 [ 221.155371][ T8151] ? clear_bhb_loop+0x40/0x90 [ 221.160068][ T8151] ? clear_bhb_loop+0x40/0x90 [ 221.164759][ T8151] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 221.170668][ T8151] RIP: 0033:0x7ff58cf9ce59 [ 221.175079][ T8151] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.194684][ T8151] RSP: 002b:00007ff58dec9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 221.203093][ T8151] RAX: ffffffffffffffda RBX: 00007ff58d215fa0 RCX: 00007ff58cf9ce59 [ 221.211060][ T8151] RDX: 0000000000048000 RSI: 0000200000000100 RDI: 0000000000000003 [ 221.219046][ T8151] RBP: 00007ff58dec9090 R08: 0000000000000000 R09: 0000000000000000 [ 221.227010][ T8151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.234980][ T8151] R13: 00007ff58d216038 R14: 00007ff58d215fa0 R15: 00007ffc83edd7a8 [ 221.242958][ T8151] [ 221.518440][ T8162] netlink: 'syz.1.858': attribute type 10 has an invalid length. [ 221.914956][ T8178] netlink: 'syz.1.864': attribute type 10 has an invalid length. [ 222.004349][ T8178] dummy0: entered promiscuous mode [ 222.017252][ T8178] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 222.034079][ T8180] netlink: 'syz.3.865': attribute type 10 has an invalid length. [ 222.048324][ T8185] FAULT_INJECTION: forcing a failure. [ 222.048324][ T8185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.101186][ T8180] dummy0: entered promiscuous mode [ 222.107280][ T8185] CPU: 1 PID: 8185 Comm: syz.0.867 Not tainted syzkaller #0 [ 222.114637][ T8185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 222.118563][ T8180] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 222.124703][ T8185] Call Trace: [ 222.124718][ T8185] [ 222.124732][ T8185] dump_stack_lvl+0x18c/0x250 [ 222.124774][ T8185] ? show_regs_print_info+0x20/0x20 [ 222.124801][ T8185] ? load_image+0x420/0x420 [ 222.153977][ T8185] ? __might_fault+0xaa/0x120 [ 222.158711][ T8185] ? __lock_acquire+0x7d40/0x7d40 [ 222.163806][ T8185] should_fail_ex+0x39d/0x4d0 [ 222.168560][ T8185] _copy_from_user+0x2f/0xe0 [ 222.173210][ T8185] ___sys_sendmsg+0x1c7/0x360 [ 222.177962][ T8185] ? __sys_sendmsg+0x2a0/0x2a0 [ 222.182850][ T8185] ? __lock_acquire+0x7d40/0x7d40 [ 222.187997][ T8185] __se_sys_sendmsg+0x1c2/0x2b0 [ 222.192928][ T8185] ? __x64_sys_sendmsg+0x80/0x80 [ 222.197967][ T8185] ? lockdep_hardirqs_on+0x98/0x150 [ 222.203241][ T8185] do_syscall_64+0x55/0xb0 [ 222.207765][ T8185] ? clear_bhb_loop+0x40/0x90 [ 222.212489][ T8185] ? clear_bhb_loop+0x40/0x90 [ 222.217218][ T8185] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 222.223169][ T8185] RIP: 0033:0x7f6b7fd9ce59 [ 222.227629][ T8185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 222.247290][ T8185] RSP: 002b:00007f6b80c93028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 222.255765][ T8185] RAX: ffffffffffffffda RBX: 00007f6b80015fa0 RCX: 00007f6b7fd9ce59 [ 222.263780][ T8185] RDX: 0000000000008000 RSI: 0000200000000600 RDI: 0000000000000003 [ 222.271792][ T8185] RBP: 00007f6b80c93090 R08: 0000000000000000 R09: 0000000000000000 [ 222.279805][ T8185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.287805][ T8185] R13: 00007f6b80016038 R14: 00007f6b80015fa0 R15: 00007ffcedbafd28 [ 222.295861][ T8185] [ 222.377252][ T8184] bridge0: port 3(team0) entered blocking state [ 222.444517][ T8184] bridge0: port 3(team0) entered disabled state [ 222.454977][ T8184] team0: entered allmulticast mode [ 222.485920][ T8184] team_slave_0: entered allmulticast mode [ 222.517189][ T8184] team_slave_1: entered allmulticast mode [ 222.598578][ T8184] team0: entered promiscuous mode [ 222.603696][ T8184] team_slave_0: entered promiscuous mode [ 222.683593][ T8184] team_slave_1: entered promiscuous mode [ 223.415166][ T8204] netlink: 'syz.1.875': attribute type 16 has an invalid length. [ 223.423536][ T8204] netlink: 156 bytes leftover after parsing attributes in process `syz.1.875'. [ 224.017425][ T8207] netlink: 'syz.2.873': attribute type 10 has an invalid length. [ 224.300568][ T8213] netlink: 'syz.1.879': attribute type 16 has an invalid length. [ 224.321982][ T8215] FAULT_INJECTION: forcing a failure. [ 224.321982][ T8215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.335572][ T8213] netlink: 156 bytes leftover after parsing attributes in process `syz.1.879'. [ 224.385706][ T8215] CPU: 1 PID: 8215 Comm: syz.0.878 Not tainted syzkaller #0 [ 224.393087][ T8215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 224.403178][ T8215] Call Trace: [ 224.406502][ T8215] [ 224.409470][ T8215] dump_stack_lvl+0x18c/0x250 [ 224.414208][ T8215] ? show_regs_print_info+0x20/0x20 [ 224.419473][ T8215] ? load_image+0x420/0x420 [ 224.424029][ T8215] ? __might_fault+0xaa/0x120 [ 224.428761][ T8215] ? __lock_acquire+0x7d40/0x7d40 [ 224.433845][ T8215] should_fail_ex+0x39d/0x4d0 [ 224.438591][ T8215] _copy_from_user+0x2f/0xe0 [ 224.443229][ T8215] ___sys_sendmsg+0x1c7/0x360 [ 224.447973][ T8215] ? __sys_sendmsg+0x2a0/0x2a0 [ 224.452861][ T8215] ? __lock_acquire+0x7d40/0x7d40 [ 224.457975][ T8215] __se_sys_sendmsg+0x1c2/0x2b0 [ 224.462850][ T8215] ? __x64_sys_sendmsg+0x80/0x80 [ 224.467839][ T8215] ? lockdep_hardirqs_on+0x98/0x150 [ 224.473072][ T8215] do_syscall_64+0x55/0xb0 [ 224.477501][ T8215] ? clear_bhb_loop+0x40/0x90 [ 224.482186][ T8215] ? clear_bhb_loop+0x40/0x90 [ 224.486879][ T8215] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 224.492790][ T8215] RIP: 0033:0x7f6b7fd9ce59 [ 224.497222][ T8215] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 224.516843][ T8215] RSP: 002b:00007f6b80c93028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 224.525300][ T8215] RAX: ffffffffffffffda RBX: 00007f6b80015fa0 RCX: 00007f6b7fd9ce59 [ 224.533301][ T8215] RDX: 0000000000000844 RSI: 0000200000000000 RDI: 0000000000000003 [ 224.541295][ T8215] RBP: 00007f6b80c93090 R08: 0000000000000000 R09: 0000000000000000 [ 224.549283][ T8215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.557267][ T8215] R13: 00007f6b80016038 R14: 00007f6b80015fa0 R15: 00007ffcedbafd28 [ 224.565287][ T8215] [ 225.390193][ T8225] netlink: 132 bytes leftover after parsing attributes in process `syz.1.884'. [ 225.418112][ T8224] netlink: 132 bytes leftover after parsing attributes in process `syz.3.882'. [ 226.176364][ T8238] netlink: 60 bytes leftover after parsing attributes in process `syz.1.895'. [ 226.215645][ T8238] netlink: 60 bytes leftover after parsing attributes in process `syz.1.895'. [ 226.246367][ T8234] netlink: 60 bytes leftover after parsing attributes in process `syz.1.895'. [ 226.307574][ T8236] netlink: 60 bytes leftover after parsing attributes in process `syz.1.895'. [ 226.347495][ T8239] netlink: 'syz.3.887': attribute type 10 has an invalid length. [ 226.400142][ T8241] FAULT_INJECTION: forcing a failure. [ 226.400142][ T8241] name failslab, interval 1, probability 0, space 0, times 0 [ 226.439120][ T8241] CPU: 1 PID: 8241 Comm: syz.0.888 Not tainted syzkaller #0 [ 226.446500][ T8241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 226.456608][ T8241] Call Trace: [ 226.459941][ T8241] [ 226.462927][ T8241] dump_stack_lvl+0x18c/0x250 [ 226.467675][ T8241] ? show_regs_print_info+0x20/0x20 [ 226.472937][ T8241] ? load_image+0x420/0x420 [ 226.477502][ T8241] ? __might_sleep+0xe0/0xe0 [ 226.482193][ T8241] ? __lock_acquire+0x7d40/0x7d40 [ 226.487292][ T8241] should_fail_ex+0x39d/0x4d0 [ 226.492044][ T8241] should_failslab+0x9/0x20 [ 226.496590][ T8241] slab_pre_alloc_hook+0x59/0x310 [ 226.501680][ T8241] kmem_cache_alloc_node+0x60/0x320 [ 226.506930][ T8241] ? trace_call_bpf+0xc3/0x6c0 [ 226.511747][ T8241] ? __alloc_skb+0x103/0x2c0 [ 226.516407][ T8241] __alloc_skb+0x103/0x2c0 [ 226.520888][ T8241] tcp_stream_alloc_skb+0x3d/0x330 [ 226.526067][ T8241] tcp_sendmsg_locked+0xea4/0x4bd0 [ 226.531376][ T8241] ? tcp_set_state+0x680/0x680 [ 226.536229][ T8241] tcp_sendmsg+0x2f/0x50 [ 226.540522][ T8241] sock_write_iter+0x2df/0x420 [ 226.545348][ T8241] ? sock_read_iter+0x3e0/0x3e0 [ 226.550285][ T8241] ? common_file_perm+0x198/0x1f0 [ 226.555385][ T8241] vfs_write+0x46c/0x990 [ 226.559694][ T8241] ? file_end_write+0x250/0x250 [ 226.564609][ T8241] ? __fget_files+0x43d/0x4b0 [ 226.569364][ T8241] ? __fdget_pos+0x1d8/0x330 [ 226.573999][ T8241] ? ksys_write+0x75/0x260 [ 226.578496][ T8241] ksys_write+0x150/0x260 [ 226.582877][ T8241] ? __ia32_sys_read+0x90/0x90 [ 226.587704][ T8241] ? lockdep_hardirqs_on+0x98/0x150 [ 226.592975][ T8241] do_syscall_64+0x55/0xb0 [ 226.597434][ T8241] ? clear_bhb_loop+0x40/0x90 [ 226.602144][ T8241] ? clear_bhb_loop+0x40/0x90 [ 226.606868][ T8241] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 226.612819][ T8241] RIP: 0033:0x7f6b7fd9ce59 [ 226.617284][ T8241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 226.636941][ T8241] RSP: 002b:00007f6b80c93028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 226.645414][ T8241] RAX: ffffffffffffffda RBX: 00007f6b80015fa0 RCX: 00007f6b7fd9ce59 [ 226.653433][ T8241] RDX: 000000011ffffce1 RSI: 0000200000000080 RDI: 0000000000000004 [ 226.661452][ T8241] RBP: 00007f6b80c93090 R08: 0000000000000000 R09: 0000000000000000 [ 226.669475][ T8241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.677494][ T8241] R13: 00007f6b80016038 R14: 00007f6b80015fa0 R15: 00007ffcedbafd28 [ 226.685557][ T8241] [ 227.348237][ T8249] netlink: 'syz.3.891': attribute type 21 has an invalid length. [ 227.455547][ T8249] netlink: 128 bytes leftover after parsing attributes in process `syz.3.891'. [ 227.464698][ T8249] netlink: 'syz.3.891': attribute type 4 has an invalid length. [ 227.763968][ T8258] netlink: 132 bytes leftover after parsing attributes in process `syz.0.896'. [ 228.447005][ T8266] FAULT_INJECTION: forcing a failure. [ 228.447005][ T8266] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.582326][ T8266] CPU: 0 PID: 8266 Comm: syz.1.898 Not tainted syzkaller #0 [ 228.589709][ T8266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 228.599800][ T8266] Call Trace: [ 228.603121][ T8266] [ 228.606085][ T8266] dump_stack_lvl+0x18c/0x250 [ 228.610829][ T8266] ? show_regs_print_info+0x20/0x20 [ 228.616068][ T8266] ? load_image+0x420/0x420 [ 228.620628][ T8266] ? __lock_acquire+0x7d40/0x7d40 [ 228.625700][ T8266] ? snprintf+0xe9/0x140 [ 228.629998][ T8266] should_fail_ex+0x39d/0x4d0 [ 228.634734][ T8266] _copy_to_user+0x2f/0xa0 [ 228.639197][ T8266] simple_read_from_buffer+0xe7/0x150 [ 228.644628][ T8266] proc_fail_nth_read+0x1e8/0x260 [ 228.649706][ T8266] ? proc_fault_inject_write+0x360/0x360 [ 228.655391][ T8266] ? fsnotify_perm+0x271/0x5e0 [ 228.660202][ T8266] ? proc_fault_inject_write+0x360/0x360 [ 228.665884][ T8266] vfs_read+0x28b/0x970 [ 228.670107][ T8266] ? kernel_read+0x1e0/0x1e0 [ 228.674742][ T8266] ? __fget_files+0x28/0x4b0 [ 228.679366][ T8266] ? __fget_files+0x28/0x4b0 [ 228.684025][ T8266] ? __fget_files+0x43d/0x4b0 [ 228.688786][ T8266] ? __fdget_pos+0x2a3/0x330 [ 228.693421][ T8266] ? ksys_read+0x75/0x260 [ 228.697808][ T8266] ksys_read+0x150/0x260 [ 228.702105][ T8266] ? vfs_write+0x990/0x990 [ 228.706581][ T8266] ? lockdep_hardirqs_on+0x98/0x150 [ 228.711837][ T8266] do_syscall_64+0x55/0xb0 [ 228.716293][ T8266] ? clear_bhb_loop+0x40/0x90 [ 228.720997][ T8266] ? clear_bhb_loop+0x40/0x90 [ 228.725707][ T8266] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 228.731624][ T8266] RIP: 0033:0x7ff58cf5d68e [ 228.736065][ T8266] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 228.755714][ T8266] RSP: 002b:00007ff58dea7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 228.764183][ T8266] RAX: ffffffffffffffda RBX: 00007ff58dea86c0 RCX: 00007ff58cf5d68e [ 228.772206][ T8266] RDX: 000000000000000f RSI: 00007ff58dea80a0 RDI: 0000000000000007 [ 228.780229][ T8266] RBP: 00007ff58dea8090 R08: 0000000000000000 R09: 0000000000000000 [ 228.788249][ T8266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.796262][ T8266] R13: 00007ff58d216128 R14: 00007ff58d216090 R15: 00007ffc83edd7a8 [ 228.804337][ T8266] [ 229.135732][ T5780] Bluetooth: hci2: unexpected event 0x20 length: 15 > 7 [ 229.575862][ T8277] netlink: 'syz.0.902': attribute type 10 has an invalid length. [ 229.702660][ T8277] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 229.986375][ T8283] FAULT_INJECTION: forcing a failure. [ 229.986375][ T8283] name failslab, interval 1, probability 0, space 0, times 0 [ 230.055801][ T8283] CPU: 1 PID: 8283 Comm: syz.3.905 Not tainted syzkaller #0 [ 230.063183][ T8283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 230.073287][ T8283] Call Trace: [ 230.076616][ T8283] [ 230.079588][ T8283] dump_stack_lvl+0x18c/0x250 [ 230.084335][ T8283] ? show_regs_print_info+0x20/0x20 [ 230.089594][ T8283] ? load_image+0x420/0x420 [ 230.094168][ T8283] ? __might_sleep+0xe0/0xe0 [ 230.098813][ T8283] ? __lock_acquire+0x7d40/0x7d40 [ 230.103903][ T8283] should_fail_ex+0x39d/0x4d0 [ 230.108657][ T8283] should_failslab+0x9/0x20 [ 230.113210][ T8283] slab_pre_alloc_hook+0x59/0x310 [ 230.118281][ T8283] ? trace_call_bpf+0x5e9/0x6c0 [ 230.123188][ T8283] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 230.128945][ T8283] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 230.134685][ T8283] __kmem_cache_alloc_node+0x53/0x250 [ 230.140094][ T8283] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 230.145829][ T8283] __kmalloc+0xa4/0x230 [ 230.150100][ T8283] tomoyo_realpath_from_path+0xe3/0x5d0 [ 230.155712][ T8283] tomoyo_path_number_perm+0x248/0x620 [ 230.161195][ T8283] ? tomoyo_path_number_perm+0x217/0x620 [ 230.166861][ T8283] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 230.172446][ T8283] ? __fget_files+0x28/0x4b0 [ 230.177060][ T8283] ? __fget_files+0x28/0x4b0 [ 230.181703][ T8283] security_file_ioctl+0x70/0xa0 [ 230.186668][ T8283] __se_sys_ioctl+0x48/0x170 [ 230.191280][ T8283] do_syscall_64+0x55/0xb0 [ 230.195714][ T8283] ? clear_bhb_loop+0x40/0x90 [ 230.200399][ T8283] ? clear_bhb_loop+0x40/0x90 [ 230.205090][ T8283] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 230.210997][ T8283] RIP: 0033:0x7f0eb6f9ce59 [ 230.215434][ T8283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 230.235068][ T8283] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 230.243501][ T8283] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 230.251485][ T8283] RDX: 0000200000000000 RSI: 000000000000890c RDI: 0000000000000005 [ 230.259469][ T8283] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 230.267453][ T8283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.275443][ T8283] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 230.283469][ T8283] [ 230.398010][ T8283] ERROR: Out of memory at tomoyo_realpath_from_path. [ 231.029199][ T8295] netlink: 'syz.0.910': attribute type 25 has an invalid length. [ 231.050529][ T8295] netlink: 'syz.0.910': attribute type 29 has an invalid length. [ 231.558355][ T8294] bridge0: port 3(team0) entered blocking state [ 231.609253][ T8294] bridge0: port 3(team0) entered disabled state [ 231.671676][ T8294] team0: entered allmulticast mode [ 231.751598][ T8294] team_slave_0: entered allmulticast mode [ 231.822488][ T8294] team_slave_1: entered allmulticast mode [ 232.372647][ T8294] team0: entered promiscuous mode [ 232.410043][ T8294] team_slave_0: entered promiscuous mode [ 232.428921][ T8294] team_slave_1: entered promiscuous mode [ 233.314079][ T5780] Bluetooth: hci1: unexpected event 0x20 length: 15 > 7 [ 234.032016][ T8318] netlink: 17023 bytes leftover after parsing attributes in process `syz.0.917'. [ 234.120556][ T8320] FAULT_INJECTION: forcing a failure. [ 234.120556][ T8320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.256564][ T8320] CPU: 0 PID: 8320 Comm: syz.2.916 Not tainted syzkaller #0 [ 234.263934][ T8320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 234.274026][ T8320] Call Trace: [ 234.277346][ T8320] [ 234.280309][ T8320] dump_stack_lvl+0x18c/0x250 [ 234.285040][ T8320] ? show_regs_print_info+0x20/0x20 [ 234.290291][ T8320] ? load_image+0x420/0x420 [ 234.294839][ T8320] ? __might_fault+0xaa/0x120 [ 234.299559][ T8320] ? __lock_acquire+0x7d40/0x7d40 [ 234.304636][ T8320] should_fail_ex+0x39d/0x4d0 [ 234.309378][ T8320] _copy_from_user+0x2f/0xe0 [ 234.314015][ T8320] ___sys_sendmsg+0x1c7/0x360 [ 234.318750][ T8320] ? __sys_sendmsg+0x2a0/0x2a0 [ 234.323618][ T8320] ? trace_call_bpf+0xc3/0x6c0 [ 234.328510][ T8320] __se_sys_sendmsg+0x1c2/0x2b0 [ 234.333409][ T8320] ? __x64_sys_sendmsg+0x80/0x80 [ 234.338440][ T8320] ? lockdep_hardirqs_on+0x98/0x150 [ 234.343690][ T8320] do_syscall_64+0x55/0xb0 [ 234.348140][ T8320] ? clear_bhb_loop+0x40/0x90 [ 234.352849][ T8320] ? clear_bhb_loop+0x40/0x90 [ 234.357574][ T8320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 234.363510][ T8320] RIP: 0033:0x7fa804d9ce59 [ 234.367966][ T8320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 234.387614][ T8320] RSP: 002b:00007fa805d36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 234.396083][ T8320] RAX: ffffffffffffffda RBX: 00007fa805015fa0 RCX: 00007fa804d9ce59 [ 234.404092][ T8320] RDX: 0000000004004004 RSI: 0000200000000040 RDI: 0000000000000004 [ 234.412110][ T8320] RBP: 00007fa805d36090 R08: 0000000000000000 R09: 0000000000000000 [ 234.420125][ T8320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.428148][ T8320] R13: 00007fa805016038 R14: 00007fa805015fa0 R15: 00007ffef15a22d8 [ 234.436200][ T8320] [ 238.358437][ T8333] netlink: 'syz.0.920': attribute type 3 has an invalid length. [ 238.397578][ T8333] netlink: 'syz.0.920': attribute type 1 has an invalid length. [ 238.445894][ T8333] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.920'. [ 241.383585][ T5780] Bluetooth: hci1: unexpected event 0x20 length: 15 > 7 [ 242.017589][ T8361] netlink: 'syz.2.926': attribute type 10 has an invalid length. [ 243.317758][ T8368] netlink: 'syz.3.928': attribute type 21 has an invalid length. [ 243.347292][ T8368] netlink: 'syz.3.928': attribute type 1 has an invalid length. [ 243.388201][ T8368] netlink: 100 bytes leftover after parsing attributes in process `syz.3.928'. [ 243.427211][ T8374] netlink: 'syz.2.931': attribute type 25 has an invalid length. [ 243.484269][ T8374] netlink: 'syz.2.931': attribute type 29 has an invalid length. [ 249.631191][ T8403] netlink: 'syz.1.939': attribute type 10 has an invalid length. [ 250.239512][ T8414] FAULT_INJECTION: forcing a failure. [ 250.239512][ T8414] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 250.301499][ T8414] CPU: 0 PID: 8414 Comm: syz.2.943 Not tainted syzkaller #0 [ 250.308853][ T8414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 250.318934][ T8414] Call Trace: [ 250.322226][ T8414] [ 250.325167][ T8414] dump_stack_lvl+0x18c/0x250 [ 250.329868][ T8414] ? show_regs_print_info+0x20/0x20 [ 250.335077][ T8414] ? load_image+0x420/0x420 [ 250.339591][ T8414] ? __might_fault+0xaa/0x120 [ 250.344282][ T8414] ? __lock_acquire+0x7d40/0x7d40 [ 250.349318][ T8414] should_fail_ex+0x39d/0x4d0 [ 250.354024][ T8414] _copy_from_user+0x2f/0xe0 [ 250.358631][ T8414] __sys_bpf+0x23e/0x890 [ 250.362881][ T8414] ? bpf_link_show_fdinfo+0x390/0x390 [ 250.368277][ T8414] ? lock_chain_count+0x20/0x20 [ 250.373144][ T8414] __x64_sys_bpf+0x7c/0x90 [ 250.377568][ T8414] do_syscall_64+0x55/0xb0 [ 250.381990][ T8414] ? clear_bhb_loop+0x40/0x90 [ 250.386667][ T8414] ? clear_bhb_loop+0x40/0x90 [ 250.391351][ T8414] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 250.397252][ T8414] RIP: 0033:0x7fa804d9ce59 [ 250.401676][ T8414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 250.421295][ T8414] RSP: 002b:00007fa805d36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 250.429722][ T8414] RAX: ffffffffffffffda RBX: 00007fa805015fa0 RCX: 00007fa804d9ce59 [ 250.437699][ T8414] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 250.445672][ T8414] RBP: 00007fa805d36090 R08: 0000000000000000 R09: 0000000000000000 [ 250.453645][ T8414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.461626][ T8414] R13: 00007fa805016038 R14: 00007fa805015fa0 R15: 00007ffef15a22d8 [ 250.469624][ T8414] [ 250.488614][ T5780] Bluetooth: hci3: unexpected event 0x20 length: 15 > 7 [ 250.934598][ T8429] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.949'. [ 251.102830][ T8433] netlink: 'syz.0.950': attribute type 10 has an invalid length. [ 251.543350][ T8443] FAULT_INJECTION: forcing a failure. [ 251.543350][ T8443] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 251.591283][ T8443] CPU: 1 PID: 8443 Comm: syz.3.955 Not tainted syzkaller #0 [ 251.598632][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 251.608711][ T8443] Call Trace: [ 251.612008][ T8443] [ 251.614948][ T8443] dump_stack_lvl+0x18c/0x250 [ 251.619648][ T8443] ? show_regs_print_info+0x20/0x20 [ 251.624860][ T8443] ? load_image+0x420/0x420 [ 251.629378][ T8443] ? __might_fault+0xaa/0x120 [ 251.634070][ T8443] ? __lock_acquire+0x7d40/0x7d40 [ 251.639115][ T8443] should_fail_ex+0x39d/0x4d0 [ 251.643824][ T8443] _copy_from_user+0x2f/0xe0 [ 251.648438][ T8443] __sys_bpf+0x23e/0x890 [ 251.652711][ T8443] ? bpf_link_show_fdinfo+0x390/0x390 [ 251.658126][ T8443] ? lock_chain_count+0x20/0x20 [ 251.662999][ T8443] __x64_sys_bpf+0x7c/0x90 [ 251.667429][ T8443] do_syscall_64+0x55/0xb0 [ 251.671869][ T8443] ? clear_bhb_loop+0x40/0x90 [ 251.676557][ T8443] ? clear_bhb_loop+0x40/0x90 [ 251.681253][ T8443] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 251.687170][ T8443] RIP: 0033:0x7f0eb6f9ce59 [ 251.691600][ T8443] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 251.711225][ T8443] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 251.719659][ T8443] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 251.727643][ T8443] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 251.735613][ T8443] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 251.743580][ T8443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.751554][ T8443] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 251.759546][ T8443] [ 254.141234][ T5780] Bluetooth: hci0: unexpected event 0x20 length: 15 > 7 [ 255.148347][ T5780] Bluetooth: hci2: unexpected event 0x20 length: 15 > 7 [ 255.877673][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.895496][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.680930][ T8527] netlink: 177388 bytes leftover after parsing attributes in process `syz.1.986'. [ 258.555653][ T8535] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.989'. [ 261.862336][ T8565] netlink: 177388 bytes leftover after parsing attributes in process `syz.3.998'. [ 261.912391][ T8573] FAULT_INJECTION: forcing a failure. [ 261.912391][ T8573] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 261.930115][ T8573] CPU: 1 PID: 8573 Comm: syz.1.1002 Not tainted syzkaller #0 [ 261.937543][ T8573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 261.947613][ T8573] Call Trace: [ 261.950902][ T8573] [ 261.953839][ T8573] dump_stack_lvl+0x18c/0x250 [ 261.958534][ T8573] ? show_regs_print_info+0x20/0x20 [ 261.963742][ T8573] ? load_image+0x420/0x420 [ 261.968253][ T8573] ? __might_fault+0xaa/0x120 [ 261.972936][ T8573] ? __lock_acquire+0x7d40/0x7d40 [ 261.977974][ T8573] should_fail_ex+0x39d/0x4d0 [ 261.982672][ T8573] _copy_from_user+0x2f/0xe0 [ 261.987270][ T8573] ___sys_recvmsg+0x176/0x590 [ 261.991961][ T8573] ? __sys_recvmsg+0x2a0/0x2a0 [ 261.996746][ T8573] ? ksys_write+0x1c4/0x260 [ 262.001271][ T8573] ? __fget_files+0x43d/0x4b0 [ 262.005970][ T8573] __x64_sys_recvmsg+0x20c/0x2e0 [ 262.010927][ T8573] ? ___sys_recvmsg+0x590/0x590 [ 262.015796][ T8573] ? lockdep_hardirqs_on+0x98/0x150 [ 262.021007][ T8573] do_syscall_64+0x55/0xb0 [ 262.025429][ T8573] ? clear_bhb_loop+0x40/0x90 [ 262.030108][ T8573] ? clear_bhb_loop+0x40/0x90 [ 262.034785][ T8573] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 262.040684][ T8573] RIP: 0033:0x7ff58cf9ce59 [ 262.045190][ T8573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 262.064799][ T8573] RSP: 002b:00007ff58dec9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 262.073216][ T8573] RAX: ffffffffffffffda RBX: 00007ff58d215fa0 RCX: 00007ff58cf9ce59 [ 262.081189][ T8573] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 262.089162][ T8573] RBP: 00007ff58dec9090 R08: 0000000000000000 R09: 0000000000000000 [ 262.097138][ T8573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.105132][ T8573] R13: 00007ff58d216038 R14: 00007ff58d215fa0 R15: 00007ffc83edd7a8 [ 262.113126][ T8573] [ 264.985815][ T5780] Bluetooth: hci0: unexpected event 0x20 length: 15 > 7 [ 267.846583][ T8596] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.1007'. [ 268.020574][ T8612] FAULT_INJECTION: forcing a failure. [ 268.020574][ T8612] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 268.045597][ T8612] CPU: 1 PID: 8612 Comm: syz.3.1014 Not tainted syzkaller #0 [ 268.053034][ T8612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 268.063116][ T8612] Call Trace: [ 268.066422][ T8612] [ 268.069377][ T8612] dump_stack_lvl+0x18c/0x250 [ 268.074087][ T8612] ? show_regs_print_info+0x20/0x20 [ 268.079310][ T8612] ? load_image+0x420/0x420 [ 268.083842][ T8612] ? __might_fault+0xaa/0x120 [ 268.088558][ T8612] ? __lock_acquire+0x7d40/0x7d40 [ 268.093615][ T8612] should_fail_ex+0x39d/0x4d0 [ 268.098329][ T8612] _copy_from_user+0x2f/0xe0 [ 268.102950][ T8612] ___sys_sendmsg+0x1c7/0x360 [ 268.107653][ T8612] ? get_pid_task+0x20/0x1e0 [ 268.112272][ T8612] ? __sys_sendmsg+0x2a0/0x2a0 [ 268.117078][ T8612] ? __lock_acquire+0x7d40/0x7d40 [ 268.122150][ T8612] __se_sys_sendmsg+0x1c2/0x2b0 [ 268.127032][ T8612] ? __x64_sys_sendmsg+0x80/0x80 [ 268.132010][ T8612] ? lockdep_hardirqs_on+0x98/0x150 [ 268.137241][ T8612] do_syscall_64+0x55/0xb0 [ 268.141679][ T8612] ? clear_bhb_loop+0x40/0x90 [ 268.146374][ T8612] ? clear_bhb_loop+0x40/0x90 [ 268.151070][ T8612] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.156982][ T8612] RIP: 0033:0x7f0eb6f9ce59 [ 268.161398][ T8612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 268.181008][ T8612] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 268.189418][ T8612] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 268.197392][ T8612] RDX: 000000000000ff00 RSI: 0000200000001180 RDI: 0000000000000003 [ 268.205369][ T8612] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 268.213335][ T8612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.221302][ T8612] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 268.229278][ T8612] [ 268.431771][ T5780] Bluetooth: hci3: unexpected event 0x20 length: 15 > 7 [ 268.673744][ T8621] FAULT_INJECTION: forcing a failure. [ 268.673744][ T8621] name failslab, interval 1, probability 0, space 0, times 0 [ 268.735558][ T8621] CPU: 1 PID: 8621 Comm: syz.3.1018 Not tainted syzkaller #0 [ 268.742987][ T8621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 268.753054][ T8621] Call Trace: [ 268.756334][ T8621] [ 268.759260][ T8621] dump_stack_lvl+0x18c/0x250 [ 268.763939][ T8621] ? show_regs_print_info+0x20/0x20 [ 268.769137][ T8621] ? load_image+0x420/0x420 [ 268.773643][ T8621] ? __might_sleep+0xe0/0xe0 [ 268.778230][ T8621] ? __lock_acquire+0x7d40/0x7d40 [ 268.783254][ T8621] should_fail_ex+0x39d/0x4d0 [ 268.787935][ T8621] should_failslab+0x9/0x20 [ 268.792435][ T8621] slab_pre_alloc_hook+0x59/0x310 [ 268.797461][ T8621] ? vfs_write+0x7dd/0x990 [ 268.801875][ T8621] kmem_cache_alloc+0x5a/0x2d0 [ 268.806639][ T8621] ? getname_flags+0xbb/0x500 [ 268.811319][ T8621] getname_flags+0xbb/0x500 [ 268.815828][ T8621] do_sys_openat2+0xda/0x1d0 [ 268.820419][ T8621] ? do_sys_open+0xe0/0xe0 [ 268.824831][ T8621] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 268.830808][ T8621] ? lock_chain_count+0x20/0x20 [ 268.835655][ T8621] __x64_sys_openat+0x139/0x160 [ 268.840505][ T8621] do_syscall_64+0x55/0xb0 [ 268.844912][ T8621] ? clear_bhb_loop+0x40/0x90 [ 268.849581][ T8621] ? clear_bhb_loop+0x40/0x90 [ 268.854253][ T8621] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 268.860146][ T8621] RIP: 0033:0x7f0eb6f9ce59 [ 268.864557][ T8621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 268.884160][ T8621] RSP: 002b:00007f0eb7f07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 268.892571][ T8621] RAX: ffffffffffffffda RBX: 00007f0eb7216090 RCX: 00007f0eb6f9ce59 [ 268.900538][ T8621] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 268.908502][ T8621] RBP: 00007f0eb7f07090 R08: 0000000000000000 R09: 0000000000000000 [ 268.916466][ T8621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.924429][ T8621] R13: 00007f0eb7216128 R14: 00007f0eb7216090 R15: 00007fff24755168 [ 268.932409][ T8621] [ 271.633780][ T8639] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.1022'. [ 271.905581][ T5780] Bluetooth: hci1: unexpected event 0x20 length: 15 > 7 [ 275.628264][ T8677] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.1036'. [ 275.679019][ T8683] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1038'. [ 275.742236][ T8683] team0: Port device team_slave_0 removed [ 275.763015][ T8683] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 275.826509][ T8684] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1038'. [ 275.858444][ T8684] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 276.109510][ T8690] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1040'. [ 277.227025][ T8720] netlink: 160 bytes leftover after parsing attributes in process `syz.3.1053'. [ 277.327739][ T8725] delete_channel: no stack [ 277.554533][ T8733] FAULT_INJECTION: forcing a failure. [ 277.554533][ T8733] name failslab, interval 1, probability 0, space 0, times 0 [ 277.615575][ T8733] CPU: 1 PID: 8733 Comm: syz.3.1057 Not tainted syzkaller #0 [ 277.623025][ T8733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 277.633111][ T8733] Call Trace: [ 277.636418][ T8733] [ 277.639399][ T8733] dump_stack_lvl+0x18c/0x250 [ 277.644116][ T8733] ? show_regs_print_info+0x20/0x20 [ 277.649348][ T8733] ? load_image+0x420/0x420 [ 277.653880][ T8733] ? __might_sleep+0xe0/0xe0 [ 277.658496][ T8733] ? __lock_acquire+0x7d40/0x7d40 [ 277.663555][ T8733] should_fail_ex+0x39d/0x4d0 [ 277.668271][ T8733] should_failslab+0x9/0x20 [ 277.672803][ T8733] slab_pre_alloc_hook+0x59/0x310 [ 277.677852][ T8733] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 277.683574][ T8733] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 277.689291][ T8733] __kmem_cache_alloc_node+0x53/0x250 [ 277.694666][ T8733] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 277.700381][ T8733] __kmalloc+0xa4/0x230 [ 277.704557][ T8733] tomoyo_realpath_from_path+0xe3/0x5d0 [ 277.710122][ T8733] tomoyo_path_number_perm+0x248/0x620 [ 277.715583][ T8733] ? tomoyo_path_number_perm+0x217/0x620 [ 277.721218][ T8733] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 277.726674][ T8733] ? hrtimer_interrupt+0x597/0x9c0 [ 277.731783][ T8733] ? ktime_get+0x7f/0x280 [ 277.736133][ T8733] ? __fget_files+0x28/0x4b0 [ 277.740717][ T8733] ? __fget_files+0x28/0x4b0 [ 277.745310][ T8733] security_file_ioctl+0x70/0xa0 [ 277.750252][ T8733] __se_sys_ioctl+0x48/0x170 [ 277.754838][ T8733] do_syscall_64+0x55/0xb0 [ 277.759246][ T8733] ? clear_bhb_loop+0x40/0x90 [ 277.763914][ T8733] ? clear_bhb_loop+0x40/0x90 [ 277.768587][ T8733] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 277.774483][ T8733] RIP: 0033:0x7f0eb6f9ce59 [ 277.778895][ T8733] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 277.798494][ T8733] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 277.806902][ T8733] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 277.814869][ T8733] RDX: 0000200000000080 RSI: 00000000000089f0 RDI: 000000000000000e [ 277.822837][ T8733] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 277.830803][ T8733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.838765][ T8733] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 277.846739][ T8733] [ 277.882926][ T8733] ERROR: Out of memory at tomoyo_realpath_from_path. [ 280.418322][ T8737] netlink: 'syz.1.1058': attribute type 21 has an invalid length. [ 280.456643][ T8737] netlink: 'syz.1.1058': attribute type 6 has an invalid length. [ 280.467854][ T8737] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1058'. [ 280.815509][ T8750] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1065'. [ 281.017296][ T8759] netlink: 'syz.2.1066': attribute type 10 has an invalid length. [ 284.547905][ T8782] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1077'. [ 284.634440][ T8788] netlink: 'syz.2.1079': attribute type 10 has an invalid length. [ 284.866835][ T8798] FAULT_INJECTION: forcing a failure. [ 284.866835][ T8798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 284.925841][ T8798] CPU: 0 PID: 8798 Comm: syz.3.1081 Not tainted syzkaller #0 [ 284.933292][ T8798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 284.943375][ T8798] Call Trace: [ 284.946682][ T8798] [ 284.949638][ T8798] dump_stack_lvl+0x18c/0x250 [ 284.954350][ T8798] ? show_regs_print_info+0x20/0x20 [ 284.959584][ T8798] ? load_image+0x420/0x420 [ 284.964119][ T8798] ? __might_fault+0xaa/0x120 [ 284.968825][ T8798] ? __lock_acquire+0x7d40/0x7d40 [ 284.973888][ T8798] should_fail_ex+0x39d/0x4d0 [ 284.978604][ T8798] _copy_from_user+0x2f/0xe0 [ 284.983199][ T8798] ___sys_sendmsg+0x1c7/0x360 [ 284.987875][ T8798] ? get_pid_task+0x20/0x1e0 [ 284.992472][ T8798] ? __sys_sendmsg+0x2a0/0x2a0 [ 284.997245][ T8798] ? __lock_acquire+0x7d40/0x7d40 [ 285.002312][ T8798] __se_sys_sendmsg+0x1c2/0x2b0 [ 285.007165][ T8798] ? __x64_sys_sendmsg+0x80/0x80 [ 285.012113][ T8798] ? lockdep_hardirqs_on+0x98/0x150 [ 285.017315][ T8798] do_syscall_64+0x55/0xb0 [ 285.021740][ T8798] ? clear_bhb_loop+0x40/0x90 [ 285.026419][ T8798] ? clear_bhb_loop+0x40/0x90 [ 285.031101][ T8798] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 285.037009][ T8798] RIP: 0033:0x7f0eb6f9ce59 [ 285.041420][ T8798] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 285.061134][ T8798] RSP: 002b:00007f0eb7f07028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.069550][ T8798] RAX: ffffffffffffffda RBX: 00007f0eb7216090 RCX: 00007f0eb6f9ce59 [ 285.077528][ T8798] RDX: 0000000004004004 RSI: 0000200000000040 RDI: 0000000000000005 [ 285.085494][ T8798] RBP: 00007f0eb7f07090 R08: 0000000000000000 R09: 0000000000000000 [ 285.093458][ T8798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.101423][ T8798] R13: 00007f0eb7216128 R14: 00007f0eb7216090 R15: 00007fff24755168 [ 285.109423][ T8798] [ 285.254964][ T8802] netlink: 'syz.0.1084': attribute type 25 has an invalid length. [ 285.269075][ T8802] netlink: 'syz.0.1084': attribute type 28 has an invalid length. [ 285.931064][ T8814] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1091'. [ 286.016900][ T8818] netlink: 'syz.1.1092': attribute type 10 has an invalid length. [ 289.467514][ T8845] netlink: 'syz.1.1103': attribute type 10 has an invalid length. [ 289.574325][ T8850] FAULT_INJECTION: forcing a failure. [ 289.574325][ T8850] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 289.595575][ T8850] CPU: 0 PID: 8850 Comm: syz.2.1106 Not tainted syzkaller #0 [ 289.603019][ T8850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 289.613104][ T8850] Call Trace: [ 289.616402][ T8850] [ 289.619359][ T8850] dump_stack_lvl+0x18c/0x250 [ 289.624074][ T8850] ? show_regs_print_info+0x20/0x20 [ 289.629304][ T8850] ? load_image+0x420/0x420 [ 289.633835][ T8850] ? __might_fault+0xaa/0x120 [ 289.638541][ T8850] ? __lock_acquire+0x7d40/0x7d40 [ 289.643595][ T8850] should_fail_ex+0x39d/0x4d0 [ 289.648309][ T8850] _copy_from_user+0x2f/0xe0 [ 289.652927][ T8850] ___sys_sendmsg+0x1c7/0x360 [ 289.657622][ T8850] ? get_pid_task+0x20/0x1e0 [ 289.662237][ T8850] ? __sys_sendmsg+0x2a0/0x2a0 [ 289.667045][ T8850] ? __lock_acquire+0x7d40/0x7d40 [ 289.672128][ T8850] __se_sys_sendmsg+0x1c2/0x2b0 [ 289.677026][ T8850] ? __x64_sys_sendmsg+0x80/0x80 [ 289.682013][ T8850] ? lockdep_hardirqs_on+0x98/0x150 [ 289.687247][ T8850] do_syscall_64+0x55/0xb0 [ 289.691701][ T8850] ? clear_bhb_loop+0x40/0x90 [ 289.696401][ T8850] ? clear_bhb_loop+0x40/0x90 [ 289.701096][ T8850] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 289.707025][ T8850] RIP: 0033:0x7fa804d9ce59 [ 289.711462][ T8850] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 289.731095][ T8850] RSP: 002b:00007fa805d36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 289.739544][ T8850] RAX: ffffffffffffffda RBX: 00007fa805015fa0 RCX: 00007fa804d9ce59 [ 289.747552][ T8850] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000003 [ 289.755550][ T8850] RBP: 00007fa805d36090 R08: 0000000000000000 R09: 0000000000000000 [ 289.763545][ T8850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 289.771545][ T8850] R13: 00007fa805016038 R14: 00007fa805015fa0 R15: 00007ffef15a22d8 [ 289.779557][ T8850] [ 292.993252][ T8873] netlink: 'syz.2.1115': attribute type 10 has an invalid length. [ 293.322928][ T8880] netlink: 'syz.3.1118': attribute type 21 has an invalid length. [ 293.365778][ T8880] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1118'. [ 293.415670][ T8880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1118'. [ 296.584173][ T8901] netlink: 'syz.3.1127': attribute type 10 has an invalid length. [ 300.446622][ T8935] netlink: 'syz.1.1141': attribute type 6 has an invalid length. [ 300.474237][ T8935] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1141'. [ 317.326544][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.333134][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.463959][ T9074] netlink: 'syz.2.1200': attribute type 6 has an invalid length. [ 317.496243][ T9074] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1200'. [ 326.701784][ T9161] netlink: 'syz.2.1241': attribute type 6 has an invalid length. [ 326.718042][ T9161] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1241'. [ 329.705893][ T9185] netlink: 'syz.1.1254': attribute type 6 has an invalid length. [ 329.713874][ T9185] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1254'. [ 329.724745][ T9181] netlink: 'syz.2.1251': attribute type 10 has an invalid length. [ 332.399925][ T9205] netlink: 'syz.1.1264': attribute type 6 has an invalid length. [ 332.407985][ T9205] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1264'. [ 332.572006][ T9207] netlink: 'syz.2.1265': attribute type 10 has an invalid length. [ 335.887975][ T9232] netlink: 'syz.2.1276': attribute type 6 has an invalid length. [ 335.896917][ T9232] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1276'. [ 336.197297][ T9241] netlink: 'syz.2.1280': attribute type 10 has an invalid length. [ 339.367161][ T9259] netlink: 'syz.3.1288': attribute type 6 has an invalid length. [ 339.375531][ T9259] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1288'. [ 339.697949][ T9267] netlink: 'syz.1.1292': attribute type 10 has an invalid length. [ 343.051555][ T9294] netlink: 'syz.3.1302': attribute type 6 has an invalid length. [ 343.090798][ T9294] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1302'. [ 343.144276][ T9298] netlink: 'syz.2.1304': attribute type 10 has an invalid length. [ 346.693583][ T9324] netlink: 'syz.3.1316': attribute type 6 has an invalid length. [ 346.709725][ T9324] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1316'. [ 346.736014][ T9322] netlink: 'syz.0.1315': attribute type 10 has an invalid length. [ 346.850846][ T9329] netlink: 'syz.3.1318': attribute type 25 has an invalid length. [ 346.868867][ T9329] netlink: 'syz.3.1318': attribute type 29 has an invalid length. [ 346.900422][ T9329] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1318'. [ 350.315581][ T9341] netlink: 'syz.2.1321': attribute type 25 has an invalid length. [ 350.325610][ T9341] netlink: 'syz.2.1321': attribute type 29 has an invalid length. [ 350.345642][ T9341] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1321'. [ 350.741049][ T9359] netlink: 'syz.3.1329': attribute type 10 has an invalid length. [ 351.060958][ T9368] netlink: 'syz.0.1333': attribute type 6 has an invalid length. [ 351.073702][ T9368] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1333'. [ 354.228647][ T9379] netlink: 'syz.1.1338': attribute type 6 has an invalid length. [ 354.246508][ T9379] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1338'. [ 354.351413][ T9387] netlink: 'syz.3.1342': attribute type 10 has an invalid length. [ 354.613682][ T9395] netlink: 'syz.3.1346': attribute type 6 has an invalid length. [ 354.631193][ T9395] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1346'. [ 354.675614][ T9389] netlink: 'syz.1.1343': attribute type 6 has an invalid length. [ 354.694220][ T9389] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1343'. [ 357.210348][ T9412] netlink: 'syz.0.1354': attribute type 10 has an invalid length. [ 357.478110][ T9420] netlink: 'syz.1.1358': attribute type 6 has an invalid length. [ 357.491211][ T9420] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1358'. [ 360.782793][ T9433] netlink: 'syz.2.1361': attribute type 6 has an invalid length. [ 360.804122][ T9433] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1361'. [ 363.073166][ T9442] netlink: 'syz.3.1368': attribute type 10 has an invalid length. [ 363.289547][ T9452] netlink: 'syz.0.1371': attribute type 6 has an invalid length. [ 363.303262][ T9452] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1371'. [ 369.308419][ T9484] netlink: 'syz.0.1381': attribute type 10 has an invalid length. [ 369.449700][ T9490] netlink: 'syz.1.1383': attribute type 25 has an invalid length. [ 369.501057][ T9490] netlink: 'syz.1.1383': attribute type 29 has an invalid length. [ 369.516160][ T9490] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1383'. [ 372.219702][ T9518] netlink: 'syz.3.1393': attribute type 6 has an invalid length. [ 372.230400][ T9518] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1393'. [ 373.463408][ T9526] netlink: 'syz.3.1397': attribute type 10 has an invalid length. [ 373.871087][ T9537] netlink: 'syz.0.1401': attribute type 6 has an invalid length. [ 373.881825][ T9537] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1401'. [ 376.184384][ T9541] netlink: 'syz.2.1405': attribute type 6 has an invalid length. [ 376.206749][ T9541] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1405'. [ 376.544391][ T9553] netlink: 'syz.3.1409': attribute type 10 has an invalid length. [ 378.768475][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.774974][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.946633][ T9581] netlink: 'syz.2.1418': attribute type 6 has an invalid length. [ 379.963347][ T9581] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1418'. [ 381.997908][ T9587] netlink: 'syz.0.1421': attribute type 10 has an invalid length. [ 385.371119][ T9611] netlink: 'syz.1.1430': attribute type 6 has an invalid length. [ 385.391150][ T9611] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1430'. [ 385.682312][ T9622] netlink: 'syz.1.1436': attribute type 10 has an invalid length. [ 385.996956][ T9634] netlink: 'syz.2.1441': attribute type 6 has an invalid length. [ 386.013647][ T9634] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1441'. [ 390.557814][ T9652] netlink: 'syz.3.1450': attribute type 10 has an invalid length. [ 390.829921][ T9662] netlink: 'syz.2.1454': attribute type 6 has an invalid length. [ 390.865548][ T9662] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1454'. [ 393.967433][ T9678] netlink: 'syz.3.1463': attribute type 10 has an invalid length. [ 399.863833][ T9703] netlink: 'syz.3.1473': attribute type 10 has an invalid length. [ 402.864933][ T9735] netlink: 'syz.1.1484': attribute type 10 has an invalid length. [ 408.907857][ T9767] netlink: 'syz.2.1497': attribute type 10 has an invalid length. [ 412.334248][ T9793] netlink: 'syz.3.1508': attribute type 6 has an invalid length. [ 412.362314][ T9793] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1508'. [ 412.423361][ T9801] netlink: 'syz.2.1512': attribute type 10 has an invalid length. [ 413.014243][ T9825] netlink: 'syz.2.1523': attribute type 10 has an invalid length. [ 413.041669][ T9823] netlink: 'syz.0.1522': attribute type 6 has an invalid length. [ 413.075860][ T9823] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1522'. [ 413.603906][ T9848] netlink: 'syz.3.1533': attribute type 10 has an invalid length. [ 414.130517][ T9860] netlink: 'syz.2.1539': attribute type 6 has an invalid length. [ 414.140446][ T9860] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1539'. [ 414.405997][ T9875] netlink: 'syz.2.1545': attribute type 10 has an invalid length. [ 417.976818][ T9907] netlink: 'syz.0.1558': attribute type 10 has an invalid length. [ 420.394019][ T9923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1564'. [ 420.403331][ T9923] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1564'. [ 420.491950][ T9921] delete_channel: no stack [ 423.430403][ T9938] netlink: 'syz.0.1569': attribute type 10 has an invalid length. [ 428.114689][ T9966] FAULT_INJECTION: forcing a failure. [ 428.114689][ T9966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 428.138290][ T9966] CPU: 0 PID: 9966 Comm: syz.0.1578 Not tainted syzkaller #0 [ 428.145750][ T9966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 428.155850][ T9966] Call Trace: [ 428.159217][ T9966] [ 428.162255][ T9966] dump_stack_lvl+0x18c/0x250 [ 428.167153][ T9966] ? show_regs_print_info+0x20/0x20 [ 428.172424][ T9966] ? load_image+0x420/0x420 [ 428.176951][ T9966] ? __might_fault+0xaa/0x120 [ 428.181666][ T9966] ? __lock_acquire+0x7d40/0x7d40 [ 428.186705][ T9966] should_fail_ex+0x39d/0x4d0 [ 428.191414][ T9966] _copy_from_user+0x2f/0xe0 [ 428.196048][ T9966] __sys_bpf+0x23e/0x890 [ 428.200300][ T9966] ? bpf_link_show_fdinfo+0x390/0x390 [ 428.205688][ T9966] ? lock_chain_count+0x20/0x20 [ 428.210541][ T9966] __x64_sys_bpf+0x7c/0x90 [ 428.214950][ T9966] do_syscall_64+0x55/0xb0 [ 428.219363][ T9966] ? clear_bhb_loop+0x40/0x90 [ 428.224113][ T9966] ? clear_bhb_loop+0x40/0x90 [ 428.228783][ T9966] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 428.234724][ T9966] RIP: 0033:0x7f6b7fd9ce59 [ 428.239173][ T9966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 428.258818][ T9966] RSP: 002b:00007f6b80c93028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 428.267283][ T9966] RAX: ffffffffffffffda RBX: 00007f6b80015fa0 RCX: 00007f6b7fd9ce59 [ 428.275252][ T9966] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000012 [ 428.283215][ T9966] RBP: 00007f6b80c93090 R08: 0000000000000000 R09: 0000000000000000 [ 428.291180][ T9966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.299145][ T9966] R13: 00007f6b80016038 R14: 00007f6b80015fa0 R15: 00007ffcedbafd28 [ 428.307122][ T9966] [ 428.427963][ T9972] netlink: 'syz.1.1582': attribute type 10 has an invalid length. [ 431.360123][T10010] netlink: 'syz.0.1593': attribute type 4 has an invalid length. [ 431.372635][T10010] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1593'. [ 431.406055][T10010] .`: renamed from bond0 (while UP) [ 433.695594][T10012] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.1594'. [ 433.777189][T10015] netlink: 'syz.0.1595': attribute type 10 has an invalid length. [ 436.112508][T10039] FAULT_INJECTION: forcing a failure. [ 436.112508][T10039] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 436.146882][T10039] CPU: 1 PID: 10039 Comm: syz.2.1603 Not tainted syzkaller #0 [ 436.154422][T10039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 436.164502][T10039] Call Trace: [ 436.167804][T10039] [ 436.170749][T10039] dump_stack_lvl+0x18c/0x250 [ 436.175462][T10039] ? show_regs_print_info+0x20/0x20 [ 436.180800][T10039] ? load_image+0x420/0x420 [ 436.185331][T10039] ? __might_fault+0xaa/0x120 [ 436.190298][T10039] ? __lock_acquire+0x7d40/0x7d40 [ 436.195355][T10039] should_fail_ex+0x39d/0x4d0 [ 436.200076][T10039] _copy_from_user+0x2f/0xe0 [ 436.204697][T10039] ___sys_sendmsg+0x1c7/0x360 [ 436.209519][T10039] ? get_pid_task+0x20/0x1e0 [ 436.214175][T10039] ? __sys_sendmsg+0x2a0/0x2a0 [ 436.218987][T10039] ? __lock_acquire+0x7d40/0x7d40 [ 436.224061][T10039] __se_sys_sendmsg+0x1c2/0x2b0 [ 436.229025][T10039] ? __x64_sys_sendmsg+0x80/0x80 [ 436.233996][T10039] ? lockdep_hardirqs_on+0x98/0x150 [ 436.239220][T10039] do_syscall_64+0x55/0xb0 [ 436.243660][T10039] ? clear_bhb_loop+0x40/0x90 [ 436.248357][T10039] ? clear_bhb_loop+0x40/0x90 [ 436.253052][T10039] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 436.258978][T10039] RIP: 0033:0x7fa804d9ce59 [ 436.263412][T10039] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 436.283044][T10039] RSP: 002b:00007fa805d36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 436.291554][T10039] RAX: ffffffffffffffda RBX: 00007fa805015fa0 RCX: 00007fa804d9ce59 [ 436.299562][T10039] RDX: 0000000060044084 RSI: 0000200000000000 RDI: 0000000000000008 [ 436.307574][T10039] RBP: 00007fa805d36090 R08: 0000000000000000 R09: 0000000000000000 [ 436.315580][T10039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.323673][T10039] R13: 00007fa805016038 R14: 00007fa805015fa0 R15: 00007ffef15a22d8 [ 436.331689][T10039] [ 436.528573][T10045] netlink: 'syz.2.1607': attribute type 10 has an invalid length. [ 440.216802][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.223406][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.031592][T10078] netlink: 'syz.2.1619': attribute type 10 has an invalid length. [ 441.137683][T10081] netlink: 189836 bytes leftover after parsing attributes in process `syz.1.1621'. [ 447.029187][T10111] netlink: 'syz.0.1633': attribute type 10 has an invalid length. [ 447.184359][T10115] netlink: 'syz.3.1634': attribute type 9 has an invalid length. [ 447.251595][T10115] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1634'. [ 447.572129][T10122] FAULT_INJECTION: forcing a failure. [ 447.572129][T10122] name failslab, interval 1, probability 0, space 0, times 0 [ 447.620068][T10122] CPU: 1 PID: 10122 Comm: syz.1.1637 Not tainted syzkaller #0 [ 447.627629][T10122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 447.637717][T10122] Call Trace: [ 447.641012][T10122] [ 447.643955][T10122] dump_stack_lvl+0x18c/0x250 [ 447.648668][T10122] ? show_regs_print_info+0x20/0x20 [ 447.653900][T10122] ? load_image+0x420/0x420 [ 447.658430][T10122] ? kasan_check_range+0x59/0x290 [ 447.663513][T10122] should_fail_ex+0x39d/0x4d0 [ 447.668214][T10122] should_failslab+0x9/0x20 [ 447.672755][T10122] slab_pre_alloc_hook+0x59/0x310 [ 447.677810][T10122] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 447.684010][T10122] kmem_cache_alloc_node+0x60/0x320 [ 447.689235][T10122] ? dup_task_struct+0x57/0x7c0 [ 447.694108][T10122] dup_task_struct+0x57/0x7c0 [ 447.698807][T10122] copy_process+0x586/0x3dc0 [ 447.703429][T10122] ? debug_object_activate+0x304/0x4f0 [ 447.708926][T10122] ? __rwlock_init+0x150/0x150 [ 447.713716][T10122] ? do_raw_spin_unlock+0x121/0x230 [ 447.718931][T10122] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 447.724950][T10122] ? __pidfd_prepare+0x140/0x140 [ 447.729913][T10122] ? ktime_get+0x7f/0x280 [ 447.734272][T10122] kernel_clone+0x24b/0x8a0 [ 447.738792][T10122] ? hrtimer_interrupt+0x597/0x9c0 [ 447.743925][T10122] ? ktime_get+0x7f/0x280 [ 447.748275][T10122] ? create_io_thread+0x190/0x190 [ 447.753316][T10122] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 447.759597][T10122] __x64_sys_clone+0x1b7/0x230 [ 447.764375][T10122] ? lapic_next_event+0x11/0x20 [ 447.769272][T10122] ? clockevents_program_event+0x230/0x310 [ 447.775096][T10122] ? __ia32_sys_vfork+0x140/0x140 [ 447.780162][T10122] do_syscall_64+0x55/0xb0 [ 447.784593][T10122] ? clear_bhb_loop+0x40/0x90 [ 447.789282][T10122] ? clear_bhb_loop+0x40/0x90 [ 447.793985][T10122] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 447.799909][T10122] RIP: 0033:0x7ff58cf9ce59 [ 447.804333][T10122] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 447.823951][T10122] RSP: 002b:00007ff58dea7fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 447.832390][T10122] RAX: ffffffffffffffda RBX: 00007ff58d216090 RCX: 00007ff58cf9ce59 [ 447.840374][T10122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 447.848356][T10122] RBP: 00007ff58dea8090 R08: 0000000000000000 R09: 0000000000000000 [ 447.856346][T10122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.864328][T10122] R13: 00007ff58d216128 R14: 00007ff58d216090 R15: 00007ffc83edd7a8 [ 447.872328][T10122] [ 448.424999][T10139] netlink: 'syz.1.1644': attribute type 10 has an invalid length. [ 451.632978][T10150] FAULT_INJECTION: forcing a failure. [ 451.632978][T10150] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 451.692362][T10150] CPU: 1 PID: 10150 Comm: syz.2.1647 Not tainted syzkaller #0 [ 451.699898][T10150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 451.709976][T10150] Call Trace: [ 451.713275][T10150] [ 451.716237][T10150] dump_stack_lvl+0x18c/0x250 [ 451.720955][T10150] ? show_regs_print_info+0x20/0x20 [ 451.726185][T10150] ? load_image+0x420/0x420 [ 451.730729][T10150] ? __might_fault+0xaa/0x120 [ 451.735436][T10150] ? __lock_acquire+0x7d40/0x7d40 [ 451.740490][T10150] should_fail_ex+0x39d/0x4d0 [ 451.745199][T10150] _copy_from_user+0x2f/0xe0 [ 451.749844][T10150] ___sys_sendmsg+0x1c7/0x360 [ 451.754552][T10150] ? ksys_write+0x1c4/0x260 [ 451.759147][T10150] ? __sys_sendmsg+0x2a0/0x2a0 [ 451.763952][T10150] ? perf_trace_preemptirq_template+0x269/0x330 [ 451.770280][T10150] __se_sys_sendmsg+0x1c2/0x2b0 [ 451.775155][T10150] ? __x64_sys_sendmsg+0x80/0x80 [ 451.780226][T10150] ? lockdep_hardirqs_on+0x98/0x150 [ 451.785454][T10150] do_syscall_64+0x55/0xb0 [ 451.789880][T10150] ? clear_bhb_loop+0x40/0x90 [ 451.794553][T10150] ? clear_bhb_loop+0x40/0x90 [ 451.799232][T10150] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 451.805193][T10150] RIP: 0033:0x7fa804d9ce59 [ 451.809606][T10150] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 451.829239][T10150] RSP: 002b:00007fa805d36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 451.837660][T10150] RAX: ffffffffffffffda RBX: 00007fa805015fa0 RCX: 00007fa804d9ce59 [ 451.845730][T10150] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000006 [ 451.853716][T10150] RBP: 00007fa805d36090 R08: 0000000000000000 R09: 0000000000000000 [ 451.861689][T10150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.869664][T10150] R13: 00007fa805016038 R14: 00007fa805015fa0 R15: 00007ffef15a22d8 [ 451.877658][T10150] [ 452.551884][T10170] netlink: 'syz.3.1654': attribute type 10 has an invalid length. [ 456.327328][T10196] netlink: 'syz.1.1666': attribute type 10 has an invalid length. [ 460.043651][T10225] FAULT_INJECTION: forcing a failure. [ 460.043651][T10225] name failslab, interval 1, probability 0, space 0, times 0 [ 460.073115][T10225] CPU: 0 PID: 10225 Comm: syz.3.1676 Not tainted syzkaller #0 [ 460.080627][T10225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 460.090681][T10225] Call Trace: [ 460.093959][T10225] [ 460.096981][T10225] dump_stack_lvl+0x18c/0x250 [ 460.101666][T10225] ? show_regs_print_info+0x20/0x20 [ 460.106859][T10225] ? load_image+0x420/0x420 [ 460.111355][T10225] ? __might_sleep+0xe0/0xe0 [ 460.115943][T10225] ? __lock_acquire+0x7d40/0x7d40 [ 460.120958][T10225] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 460.126593][T10225] should_fail_ex+0x39d/0x4d0 [ 460.131284][T10225] should_failslab+0x9/0x20 [ 460.135834][T10225] slab_pre_alloc_hook+0x59/0x310 [ 460.140866][T10225] kmem_cache_alloc+0x5a/0x2d0 [ 460.145628][T10225] ? getname_flags+0xbb/0x500 [ 460.150306][T10225] getname_flags+0xbb/0x500 [ 460.154811][T10225] __x64_sys_mkdirat+0x7c/0xa0 [ 460.159807][T10225] do_syscall_64+0x55/0xb0 [ 460.164238][T10225] ? clear_bhb_loop+0x40/0x90 [ 460.168926][T10225] ? clear_bhb_loop+0x40/0x90 [ 460.173616][T10225] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 460.179552][T10225] RIP: 0033:0x7f0eb6f9ce59 [ 460.183975][T10225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 460.203611][T10225] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 460.212032][T10225] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 460.220087][T10225] RDX: 00000000000001ff RSI: 0000200000000000 RDI: ffffffffffffff9c [ 460.228056][T10225] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 460.236023][T10225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.243992][T10225] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 460.252064][T10225] [ 460.415160][T10231] netlink: 'syz.2.1677': attribute type 10 has an invalid length. [ 465.957794][T10272] netlink: 'syz.3.1692': attribute type 10 has an invalid length. [ 466.591302][T10260] FAULT_INJECTION: forcing a failure. [ 466.591302][T10260] name failslab, interval 1, probability 0, space 0, times 0 [ 467.146294][T10260] CPU: 0 PID: 10260 Comm: syz.2.1688 Not tainted syzkaller #0 [ 467.153917][T10260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 467.163992][T10260] Call Trace: [ 467.167290][T10260] [ 467.170235][T10260] dump_stack_lvl+0x18c/0x250 [ 467.174941][T10260] ? show_regs_print_info+0x20/0x20 [ 467.180157][T10260] ? load_image+0x420/0x420 [ 467.184676][T10260] ? __lock_acquire+0x7d40/0x7d40 [ 467.189725][T10260] ? __lock_acquire+0x7d40/0x7d40 [ 467.194767][T10260] should_fail_ex+0x39d/0x4d0 [ 467.199476][T10260] should_failslab+0x9/0x20 [ 467.204010][T10260] slab_pre_alloc_hook+0x59/0x310 [ 467.209067][T10260] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 467.214729][T10260] kmem_cache_alloc_lru+0x4d/0x2d0 [ 467.219857][T10260] ? sock_alloc_inode+0x28/0xc0 [ 467.225185][T10260] sock_alloc_inode+0x28/0xc0 [ 467.229879][T10260] ? sockfs_init_fs_context+0xb0/0xb0 [ 467.235267][T10260] new_inode_pseudo+0x63/0x1d0 [ 467.240056][T10260] __sock_create+0x12d/0x940 [ 467.244675][T10260] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 467.250682][T10260] __sys_socket+0xd7/0x1a0 [ 467.255133][T10260] __x64_sys_socket+0x7a/0x90 [ 467.259829][T10260] do_syscall_64+0x55/0xb0 [ 467.264262][T10260] ? clear_bhb_loop+0x40/0x90 [ 467.268952][T10260] ? clear_bhb_loop+0x40/0x90 [ 467.273639][T10260] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 467.279549][T10260] RIP: 0033:0x7fa804d9ce59 [ 467.283987][T10260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.303887][T10260] RSP: 002b:00007fa805d15028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 467.312322][T10260] RAX: ffffffffffffffda RBX: 00007fa805016090 RCX: 00007fa804d9ce59 [ 467.320309][T10260] RDX: 0000000000000084 RSI: 0000000000000005 RDI: 0000000000000002 [ 467.328379][T10260] RBP: 00007fa805d15090 R08: 0000000000000000 R09: 0000000000000000 [ 467.336373][T10260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.344359][T10260] R13: 00007fa805016128 R14: 00007fa805016090 R15: 00007ffef15a22d8 [ 467.352362][T10260] [ 467.552805][T10260] socket: no more sockets [ 470.227356][T10294] netlink: 'syz.1.1699': attribute type 10 has an invalid length. [ 471.041224][T10294] team0: Port device ..ãc¤± added [ 471.492353][T10311] netlink: 'syz.0.1705': attribute type 6 has an invalid length. [ 471.500755][T10311] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1705'. [ 471.564231][T10317] warning: `syz.1.1708' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 474.775787][T10339] netlink: 'syz.0.1715': attribute type 10 has an invalid length. [ 476.584654][T10364] netlink: 'syz.2.1725': attribute type 10 has an invalid length. [ 476.777574][T10368] netlink: 'syz.2.1728': attribute type 6 has an invalid length. [ 476.786838][T10368] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1728'. [ 477.117744][T10385] netlink: 'syz.1.1736': attribute type 10 has an invalid length. [ 480.152808][T10396] netlink: 'syz.1.1741': attribute type 6 has an invalid length. [ 480.164008][T10396] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1741'. [ 481.114881][T10407] netlink: 'syz.0.1746': attribute type 10 has an invalid length. [ 481.677900][T10423] netlink: 'syz.1.1753': attribute type 6 has an invalid length. [ 481.692767][T10423] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1753'. [ 484.488654][T10438] netlink: 'syz.0.1759': attribute type 10 has an invalid length. [ 488.211792][T10461] netlink: 'syz.0.1769': attribute type 6 has an invalid length. [ 488.220800][T10461] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1769'. [ 488.350106][T10469] netlink: 'syz.1.1772': attribute type 10 has an invalid length. [ 491.396612][T10498] netlink: 'syz.2.1784': attribute type 10 has an invalid length. [ 491.457030][T10495] netlink: 'syz.1.1782': attribute type 6 has an invalid length. [ 491.500692][T10495] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1782'. [ 495.039904][T10531] netlink: 'syz.1.1794': attribute type 10 has an invalid length. [ 495.283458][T10540] netlink: 'syz.0.1798': attribute type 6 has an invalid length. [ 495.314268][T10540] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1798'. [ 498.021472][T10570] netlink: 'syz.0.1809': attribute type 10 has an invalid length. [ 500.603416][T10585] netlink: 'syz.1.1815': attribute type 6 has an invalid length. [ 500.626707][T10585] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1815'. [ 501.637433][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.652019][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.592597][T10599] netlink: 'syz.2.1821': attribute type 10 has an invalid length. [ 504.105771][T10615] netlink: 'syz.1.1827': attribute type 6 has an invalid length. [ 504.129168][T10615] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1827'. [ 504.304995][T10622] FAULT_INJECTION: forcing a failure. [ 504.304995][T10622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 504.323191][T10622] CPU: 0 PID: 10622 Comm: syz.0.1829 Not tainted syzkaller #0 [ 504.330711][T10622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 504.340792][T10622] Call Trace: [ 504.344098][T10622] [ 504.347043][T10622] dump_stack_lvl+0x18c/0x250 [ 504.351749][T10622] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 504.357931][T10622] ? show_regs_print_info+0x20/0x20 [ 504.363154][T10622] ? load_image+0x420/0x420 [ 504.367684][T10622] should_fail_ex+0x39d/0x4d0 [ 504.372400][T10622] _copy_from_user+0x2f/0xe0 [ 504.377017][T10622] ___sys_sendmsg+0x1c7/0x360 [ 504.381734][T10622] ? get_pid_task+0x20/0x1e0 [ 504.386349][T10622] ? __sys_sendmsg+0x2a0/0x2a0 [ 504.391157][T10622] ? __lock_acquire+0x7d40/0x7d40 [ 504.396224][T10622] __se_sys_sendmsg+0x1c2/0x2b0 [ 504.401100][T10622] ? __x64_sys_sendmsg+0x80/0x80 [ 504.406071][T10622] ? lockdep_hardirqs_on+0x98/0x150 [ 504.411302][T10622] do_syscall_64+0x55/0xb0 [ 504.415745][T10622] ? clear_bhb_loop+0x40/0x90 [ 504.420442][T10622] ? clear_bhb_loop+0x40/0x90 [ 504.425135][T10622] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 504.431057][T10622] RIP: 0033:0x7f6b7fd9ce59 [ 504.435493][T10622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 504.455127][T10622] RSP: 002b:00007f6b80c72028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 504.463565][T10622] RAX: ffffffffffffffda RBX: 00007f6b80016090 RCX: 00007f6b7fd9ce59 [ 504.471560][T10622] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 000000000000000b [ 504.479638][T10622] RBP: 00007f6b80c72090 R08: 0000000000000000 R09: 0000000000000000 [ 504.487626][T10622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 504.495615][T10622] R13: 00007f6b80016128 R14: 00007f6b80016090 R15: 00007ffcedbafd28 [ 504.503633][T10622] [ 506.461913][T10633] netlink: 'syz.2.1832': attribute type 10 has an invalid length. [ 509.756573][T10653] netlink: 'syz.0.1840': attribute type 6 has an invalid length. [ 509.775707][T10653] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1840'. [ 512.875070][T10661] netlink: 'syz.1.1845': attribute type 10 has an invalid length. [ 512.941589][T10663] netlink: 'syz.2.1846': attribute type 10 has an invalid length. [ 515.690938][T10663] mac80211_hwsim hwsim7 ..ãc¤±: entered promiscuous mode [ 515.709845][T10663] mac80211_hwsim hwsim7 ..ãc¤±: entered allmulticast mode [ 515.728804][T10663] team0: Port device ..ãc¤± added [ 516.142519][T10681] netlink: 'syz.1.1852': attribute type 6 has an invalid length. [ 516.172602][T10681] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1852'. [ 516.534646][T10693] netlink: 'syz.2.1856': attribute type 10 has an invalid length. [ 523.497656][T10724] netlink: 'syz.3.1869': attribute type 6 has an invalid length. [ 523.514673][T10724] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1869'. [ 523.551207][T10725] netlink: 'syz.2.1868': attribute type 10 has an invalid length. [ 529.622370][T10754] netlink: 'syz.0.1881': attribute type 6 has an invalid length. [ 529.655655][T10754] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1881'. [ 529.702230][T10761] netlink: 'syz.2.1883': attribute type 10 has an invalid length. [ 529.717655][T10763] FAULT_INJECTION: forcing a failure. [ 529.717655][T10763] name failslab, interval 1, probability 0, space 0, times 0 [ 529.791057][T10763] CPU: 0 PID: 10763 Comm: syz.1.1882 Not tainted syzkaller #0 [ 529.798594][T10763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 529.808936][T10763] Call Trace: [ 529.812232][T10763] [ 529.815177][T10763] dump_stack_lvl+0x18c/0x250 [ 529.819881][T10763] ? show_regs_print_info+0x20/0x20 [ 529.825097][T10763] ? load_image+0x420/0x420 [ 529.829620][T10763] ? __might_sleep+0xe0/0xe0 [ 529.834225][T10763] ? __lock_acquire+0x7d40/0x7d40 [ 529.839249][T10763] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 529.845229][T10763] should_fail_ex+0x39d/0x4d0 [ 529.849916][T10763] should_failslab+0x9/0x20 [ 529.854425][T10763] slab_pre_alloc_hook+0x59/0x310 [ 529.859452][T10763] ? lockdep_hardirqs_on+0x98/0x150 [ 529.864652][T10763] kmem_cache_alloc+0x5a/0x2d0 [ 529.869422][T10763] ? getname_flags+0xbb/0x500 [ 529.874117][T10763] getname_flags+0xbb/0x500 [ 529.878626][T10763] __x64_sys_unlink+0x3c/0x50 [ 529.883297][T10763] do_syscall_64+0x55/0xb0 [ 529.887711][T10763] ? clear_bhb_loop+0x40/0x90 [ 529.892380][T10763] ? clear_bhb_loop+0x40/0x90 [ 529.897071][T10763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 529.902970][T10763] RIP: 0033:0x7ff58cf9ce59 [ 529.907386][T10763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 529.927082][T10763] RSP: 002b:00007ff58dea8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 529.935512][T10763] RAX: ffffffffffffffda RBX: 00007ff58d216090 RCX: 00007ff58cf9ce59 [ 529.943569][T10763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 529.951541][T10763] RBP: 00007ff58dea8090 R08: 0000000000000000 R09: 0000000000000000 [ 529.959503][T10763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 529.967468][T10763] R13: 00007ff58d216128 R14: 00007ff58d216090 R15: 00007ffc83edd7a8 [ 529.975476][T10763] [ 535.251191][T10793] netlink: 'syz.2.1894': attribute type 10 has an invalid length. [ 535.320692][T10792] netlink: 'syz.3.1895': attribute type 6 has an invalid length. [ 535.330974][T10792] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1895'. [ 541.673818][T10822] netlink: 'syz.0.1905': attribute type 10 has an invalid length. [ 541.862097][T10827] netlink: 'syz.2.1906': attribute type 6 has an invalid length. [ 541.884719][T10827] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1906'. [ 546.583117][T10856] netlink: 'syz.2.1916': attribute type 10 has an invalid length. [ 547.026749][T10872] netlink: 'syz.0.1924': attribute type 6 has an invalid length. [ 547.065538][T10872] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1924'. [ 553.394176][T10897] netlink: 'syz.0.1931': attribute type 10 has an invalid length. [ 553.605110][T10904] netlink: 'syz.2.1935': attribute type 6 has an invalid length. [ 553.619434][T10904] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1935'. [ 557.000300][T10922] netlink: 'syz.0.1944': attribute type 10 has an invalid length. [ 557.281975][T10931] netlink: 'syz.0.1947': attribute type 6 has an invalid length. [ 557.300079][T10931] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1947'. [ 560.720363][T10958] netlink: 'syz.3.1955': attribute type 3 has an invalid length. [ 560.755784][T10960] netlink: 'syz.1.1956': attribute type 10 has an invalid length. [ 560.774224][T10958] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1955'. [ 561.116675][T10973] netlink: 'syz.2.1962': attribute type 6 has an invalid length. [ 561.138980][T10973] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1962'. [ 563.078761][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.098043][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.455052][T10988] netlink: 'syz.3.1967': attribute type 10 has an invalid length. [ 567.852362][T11013] netlink: 'syz.2.1976': attribute type 6 has an invalid length. [ 567.863679][T11013] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1976'. [ 568.140680][T11025] FAULT_INJECTION: forcing a failure. [ 568.140680][T11025] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.152266][T11023] netlink: 'syz.1.1981': attribute type 10 has an invalid length. [ 568.367750][T11025] CPU: 1 PID: 11025 Comm: syz.2.1982 Not tainted syzkaller #0 [ 568.375262][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 568.385343][T11025] Call Trace: [ 568.388627][T11025] [ 568.391558][T11025] dump_stack_lvl+0x18c/0x250 [ 568.396260][T11025] ? show_regs_print_info+0x20/0x20 [ 568.401457][T11025] ? load_image+0x420/0x420 [ 568.405999][T11025] ? __might_fault+0xaa/0x120 [ 568.410686][T11025] ? __lock_acquire+0x7d40/0x7d40 [ 568.415735][T11025] should_fail_ex+0x39d/0x4d0 [ 568.420436][T11025] _copy_from_user+0x2f/0xe0 [ 568.425041][T11025] ___sys_sendmsg+0x1c7/0x360 [ 568.429729][T11025] ? __sys_sendmsg+0x2a0/0x2a0 [ 568.434521][T11025] __se_sys_sendmsg+0x1c2/0x2b0 [ 568.439402][T11025] ? __x64_sys_sendmsg+0x80/0x80 [ 568.444360][T11025] ? syscall_enter_from_user_mode+0x2e/0x80 [ 568.450270][T11025] do_syscall_64+0x55/0xb0 [ 568.454684][T11025] ? clear_bhb_loop+0x40/0x90 [ 568.459358][T11025] ? clear_bhb_loop+0x40/0x90 [ 568.464037][T11025] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 568.469957][T11025] RIP: 0033:0x7fa804d9ce59 [ 568.474377][T11025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 568.493997][T11025] RSP: 002b:00007fa805d36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 568.502412][T11025] RAX: ffffffffffffffda RBX: 00007fa805015fa0 RCX: 00007fa804d9ce59 [ 568.510389][T11025] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 568.518384][T11025] RBP: 00007fa805d36090 R08: 0000000000000000 R09: 0000000000000000 [ 568.526351][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.534334][T11025] R13: 00007fa805016038 R14: 00007fa805015fa0 R15: 00007ffef15a22d8 [ 568.542329][T11025] [ 572.241934][T11053] netlink: 'syz.3.1990': attribute type 3 has an invalid length. [ 572.259013][T11053] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1990'. [ 572.300565][T11054] netlink: 'syz.0.1992': attribute type 6 has an invalid length. [ 572.309389][T11054] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1992'. [ 572.336051][T11057] netlink: 'syz.1.1993': attribute type 10 has an invalid length. [ 576.063824][T11082] netlink: 'syz.3.2006': attribute type 6 has an invalid length. [ 576.072312][T11082] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2006'. [ 576.091162][T11087] FAULT_INJECTION: forcing a failure. [ 576.091162][T11087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 576.132832][T11086] netlink: 'syz.2.2004': attribute type 10 has an invalid length. [ 576.141106][T11087] CPU: 0 PID: 11087 Comm: syz.0.2003 Not tainted syzkaller #0 [ 576.148627][T11087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 576.158712][T11087] Call Trace: [ 576.162019][T11087] [ 576.164977][T11087] dump_stack_lvl+0x18c/0x250 [ 576.169700][T11087] ? show_regs_print_info+0x20/0x20 [ 576.174922][T11087] ? load_image+0x420/0x420 [ 576.179465][T11087] ? __might_fault+0xaa/0x120 [ 576.184178][T11087] ? __lock_acquire+0x7d40/0x7d40 [ 576.189228][T11087] ? __lock_acquire+0x7d40/0x7d40 [ 576.194279][T11087] should_fail_ex+0x39d/0x4d0 [ 576.198988][T11087] _copy_from_user+0x2f/0xe0 [ 576.203605][T11087] perf_copy_attr+0x16a/0x840 [ 576.208313][T11087] __se_sys_perf_event_open+0x11b/0x1c50 [ 576.213973][T11087] ? sched_clock+0x3f/0x60 [ 576.218422][T11087] ? sched_clock_cpu+0x75/0x430 [ 576.223303][T11087] ? lapic_next_event+0x11/0x20 [ 576.228163][T11087] ? clockevents_program_event+0x230/0x310 [ 576.233970][T11087] ? __x64_sys_perf_event_open+0xc0/0xc0 [ 576.239610][T11087] ? lock_chain_count+0x20/0x20 [ 576.244463][T11087] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 576.250452][T11087] ? lockdep_hardirqs_on+0x98/0x150 [ 576.255654][T11087] ? __x64_sys_perf_event_open+0x20/0xc0 [ 576.261290][T11087] do_syscall_64+0x55/0xb0 [ 576.265719][T11087] ? clear_bhb_loop+0x40/0x90 [ 576.270393][T11087] ? clear_bhb_loop+0x40/0x90 [ 576.275066][T11087] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 576.280978][T11087] RIP: 0033:0x7f6b7fd9ce59 [ 576.285400][T11087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 576.305012][T11087] RSP: 002b:00007f6b80c72028 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 576.313427][T11087] RAX: ffffffffffffffda RBX: 00007f6b80016090 RCX: 00007f6b7fd9ce59 [ 576.321396][T11087] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 576.329363][T11087] RBP: 00007f6b80c72090 R08: 0000000000000000 R09: 0000000000000000 [ 576.337332][T11087] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 576.345300][T11087] R13: 00007f6b80016128 R14: 00007f6b80016090 R15: 00007ffcedbafd28 [ 576.353279][T11087] [ 579.184909][T11113] netlink: 'syz.0.2016': attribute type 10 has an invalid length. [ 582.368638][T11127] netlink: 'syz.2.2019': attribute type 6 has an invalid length. [ 582.377039][T11127] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2019'. [ 583.334599][T11142] netlink: 'syz.3.2025': attribute type 10 has an invalid length. [ 585.068653][T11146] netlink: 'syz.2.2029': attribute type 6 has an invalid length. [ 585.087810][T11146] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2029'. [ 588.248883][T11165] netlink: 'syz.1.2036': attribute type 10 has an invalid length. [ 588.294355][T11163] netlink: 'syz.0.2033': attribute type 10 has an invalid length. [ 590.949719][T11180] netlink: 'syz.0.2043': attribute type 6 has an invalid length. [ 590.972158][T11180] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2043'. [ 591.170054][T11186] netlink: 'syz.3.2045': attribute type 10 has an invalid length. [ 591.296851][T11190] netlink: 'syz.2.2044': attribute type 6 has an invalid length. [ 591.325502][T11190] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2044'. [ 591.431900][T11195] netlink: 'syz.3.2049': attribute type 6 has an invalid length. [ 591.440788][T11195] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2049'. [ 594.736546][T11212] netlink: 'syz.1.2055': attribute type 6 has an invalid length. [ 594.748885][T11212] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2055'. [ 596.836311][T11217] netlink: 'syz.3.2056': attribute type 6 has an invalid length. [ 596.858870][T11217] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2056'. [ 596.871988][ T5784] Bluetooth: hci1: unexpected event 0x12 length: 15 > 8 [ 597.052420][T11220] netlink: 'syz.1.2059': attribute type 6 has an invalid length. [ 597.081168][T11220] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2059'. [ 600.318951][T11236] netlink: 'syz.1.2063': attribute type 6 has an invalid length. [ 600.345799][T11236] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2063'. [ 600.544472][T11244] netlink: 'syz.3.2067': attribute type 6 has an invalid length. [ 600.556100][T11244] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2067'. [ 600.620838][ T5784] Bluetooth: hci0: unexpected event 0x12 length: 15 > 8 [ 602.981923][T11252] netlink: 'syz.2.2071': attribute type 6 has an invalid length. [ 603.002209][T11252] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2071'. [ 603.950997][T11263] netlink: 'syz.3.2082': attribute type 6 has an invalid length. [ 603.978890][T11263] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2082'. [ 604.033595][T11262] netlink: 'syz.0.2073': attribute type 6 has an invalid length. [ 604.057029][T11262] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2073'. [ 604.390188][T11275] netlink: 'syz.2.2079': attribute type 10 has an invalid length. [ 604.415676][T11271] netlink: 'syz.0.2077': attribute type 6 has an invalid length. [ 604.444994][T11271] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2077'. [ 606.653292][T11278] netlink: 'syz.2.2080': attribute type 10 has an invalid length. [ 607.714771][T11289] netlink: 'syz.1.2085': attribute type 6 has an invalid length. [ 607.723376][T11289] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2085'. [ 608.300702][T11294] netlink: 'syz.0.2088': attribute type 10 has an invalid length. [ 608.364955][T11296] netlink: 'syz.3.2087': attribute type 6 has an invalid length. [ 608.380162][T11296] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2087'. [ 609.729055][T11315] netlink: 'syz.1.2097': attribute type 10 has an invalid length. [ 609.786902][T11319] netlink: 'syz.2.2101': attribute type 10 has an invalid length. [ 609.807782][T11320] netlink: 'syz.0.2099': attribute type 6 has an invalid length. [ 609.825437][T11320] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2099'. [ 609.961059][T11323] netlink: 'syz.1.2103': attribute type 6 has an invalid length. [ 609.975067][T11323] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2103'. [ 610.255131][T11336] FAULT_INJECTION: forcing a failure. [ 610.255131][T11336] name failslab, interval 1, probability 0, space 0, times 0 [ 610.302115][T11336] CPU: 0 PID: 11336 Comm: syz.3.2107 Not tainted syzkaller #0 [ 610.309646][T11336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 610.319731][T11336] Call Trace: [ 610.323033][T11336] [ 610.325990][T11336] dump_stack_lvl+0x18c/0x250 [ 610.330700][T11336] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 610.336898][T11336] ? show_regs_print_info+0x20/0x20 [ 610.342127][T11336] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 610.348340][T11336] should_fail_ex+0x39d/0x4d0 [ 610.353056][T11336] should_failslab+0x9/0x20 [ 610.357589][T11336] slab_pre_alloc_hook+0x59/0x310 [ 610.362644][T11336] kmem_cache_alloc+0x5a/0x2d0 [ 610.367411][T11336] ? getname_flags+0xbb/0x500 [ 610.372087][T11336] getname_flags+0xbb/0x500 [ 610.376585][T11336] ? syscall_enter_from_user_mode+0x25/0x80 [ 610.382493][T11336] __x64_sys_unlink+0x3c/0x50 [ 610.387162][T11336] do_syscall_64+0x55/0xb0 [ 610.391576][T11336] ? clear_bhb_loop+0x40/0x90 [ 610.396253][T11336] ? clear_bhb_loop+0x40/0x90 [ 610.400919][T11336] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 610.406820][T11336] RIP: 0033:0x7f0eb6f9ce59 [ 610.411228][T11336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 610.430831][T11336] RSP: 002b:00007f0eb7f07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 610.439238][T11336] RAX: ffffffffffffffda RBX: 00007f0eb7216090 RCX: 00007f0eb6f9ce59 [ 610.447202][T11336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080 [ 610.455162][T11336] RBP: 00007f0eb7f07090 R08: 0000000000000000 R09: 0000000000000000 [ 610.463128][T11336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 610.471118][T11336] R13: 00007f0eb7216128 R14: 00007f0eb7216090 R15: 00007fff24755168 [ 610.479117][T11336] [ 613.507867][T11354] netlink: 'syz.3.2112': attribute type 10 has an invalid length. [ 613.657990][T11358] netlink: 'syz.3.2113': attribute type 10 has an invalid length. [ 613.769681][T11361] netlink: 'syz.0.2114': attribute type 6 has an invalid length. [ 613.778303][T11361] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2114'. [ 613.977458][T11366] pim6reg1: entered promiscuous mode [ 613.990403][T11366] pim6reg1: entered allmulticast mode [ 614.234340][T11375] netlink: 'syz.2.2121': attribute type 10 has an invalid length. [ 618.248649][T11394] netlink: 'syz.0.2128': attribute type 6 has an invalid length. [ 618.270830][T11394] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2128'. [ 618.617946][T11407] netlink: 'syz.3.2136': attribute type 10 has an invalid length. [ 619.063318][T11416] netlink: 'syz.0.2145': attribute type 6 has an invalid length. [ 619.071679][T11416] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2145'. [ 622.019420][T11428] netlink: 'syz.2.2139': attribute type 10 has an invalid length. [ 624.525708][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.534970][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.779562][T11445] netlink: 'syz.0.2147': attribute type 6 has an invalid length. [ 624.799698][T11445] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2147'. [ 625.038805][T11457] netlink: 'syz.0.2152': attribute type 10 has an invalid length. [ 627.962552][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 628.034552][T11463] netlink: 'syz.1.2154': attribute type 10 has an invalid length. [ 628.277696][T11473] netlink: 'syz.0.2156': attribute type 6 has an invalid length. [ 628.318440][T11473] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2156'. [ 630.452772][T11480] netlink: 'syz.1.2160': attribute type 6 has an invalid length. [ 630.478325][T11480] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2160'. [ 630.494833][T11485] netlink: 'syz.0.2163': attribute type 10 has an invalid length. [ 630.596160][T11487] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 630.603218][T11487] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 631.971692][T11506] netlink: 'syz.3.2168': attribute type 6 has an invalid length. [ 632.025662][T11506] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2168'. [ 632.192024][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 632.541385][T11519] netlink: 'syz.2.2173': attribute type 6 has an invalid length. [ 632.561538][T11519] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2173'. [ 632.777565][T11517] netlink: 'syz.0.2172': attribute type 1 has an invalid length. [ 632.817361][T11517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2172'. [ 632.936086][T11533] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 633.021822][T11533] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 635.925140][T11540] netlink: 'syz.1.2179': attribute type 6 has an invalid length. [ 635.935614][T11540] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2179'. [ 636.138694][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 636.222713][ T5784] Bluetooth: hci2: unexpected event 0x14 length: 15 > 6 [ 636.336180][T11549] netlink: 'syz.3.2183': attribute type 6 has an invalid length. [ 636.364383][T11549] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2183'. [ 636.668478][ T5784] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 636.858442][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 637.107826][T11567] netlink: 'syz.3.2189': attribute type 1 has an invalid length. [ 637.141916][T11567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2189'. [ 637.405224][T11579] netlink: 'syz.1.2194': attribute type 10 has an invalid length. [ 637.638534][T11585] netlink: 'syz.2.2196': attribute type 6 has an invalid length. [ 637.650063][T11585] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2196'. [ 637.692958][ T5784] Bluetooth: hci0: unexpected event 0x14 length: 15 > 6 [ 637.843809][ T5784] Bluetooth: hci2: unexpected event 0x14 length: 15 > 6 [ 638.613708][ T5784] Bluetooth: hci0: unexpected event 0x14 length: 15 > 6 [ 638.883620][T11613] netlink: 'syz.0.2209': attribute type 6 has an invalid length. [ 638.915694][T11613] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2209'. [ 639.134707][T11619] netlink: 'syz.1.2210': attribute type 1 has an invalid length. [ 639.166086][T11619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2210'. [ 639.294923][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 640.069615][T11629] mac80211_hwsim hwsim6 wlan0: left promiscuous mode [ 640.084862][T11629] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 640.302515][T11642] netlink: 'syz.0.2221': attribute type 6 has an invalid length. [ 640.321531][T11642] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2221'. [ 640.439677][ T5784] Bluetooth: hci2: unexpected event 0x14 length: 15 > 6 [ 640.441224][T11648] FAULT_INJECTION: forcing a failure. [ 640.441224][T11648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 640.463288][T11648] CPU: 1 PID: 11648 Comm: syz.1.2223 Not tainted syzkaller #0 [ 640.470783][T11648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 640.480832][T11648] Call Trace: [ 640.484129][T11648] [ 640.487070][T11648] dump_stack_lvl+0x18c/0x250 [ 640.491765][T11648] ? show_regs_print_info+0x20/0x20 [ 640.496966][T11648] ? load_image+0x420/0x420 [ 640.501479][T11648] ? __might_fault+0xaa/0x120 [ 640.506169][T11648] ? __lock_acquire+0x7d40/0x7d40 [ 640.511193][T11648] should_fail_ex+0x39d/0x4d0 [ 640.515887][T11648] _copy_from_iter+0x1d9/0x12e0 [ 640.520765][T11648] ? copyout_mc+0x70/0x70 [ 640.525136][T11648] tun_get_user+0x1f2/0x3ca0 [ 640.529803][T11648] ? aa_file_perm+0x11b/0xee0 [ 640.534529][T11648] ? rcu_read_unlock+0xa0/0xa0 [ 640.539319][T11648] ? tun_get+0x1c/0x2e0 [ 640.543483][T11648] ? __lock_acquire+0x7d40/0x7d40 [ 640.548510][T11648] ? tun_get+0x1c/0x2e0 [ 640.552669][T11648] tun_chr_write_iter+0x119/0x200 [ 640.557697][T11648] vfs_write+0x46c/0x990 [ 640.561951][T11648] ? file_end_write+0x250/0x250 [ 640.566808][T11648] ? __fget_files+0x43d/0x4b0 [ 640.571524][T11648] ? __fdget_pos+0x1d8/0x330 [ 640.576110][T11648] ? ksys_write+0x75/0x260 [ 640.580533][T11648] ksys_write+0x150/0x260 [ 640.584861][T11648] ? __ia32_sys_read+0x90/0x90 [ 640.589624][T11648] ? lockdep_hardirqs_on+0x98/0x150 [ 640.594821][T11648] do_syscall_64+0x55/0xb0 [ 640.599231][T11648] ? clear_bhb_loop+0x40/0x90 [ 640.603897][T11648] ? clear_bhb_loop+0x40/0x90 [ 640.608565][T11648] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 640.614457][T11648] RIP: 0033:0x7ff58cf9ce59 [ 640.618870][T11648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 640.638471][T11648] RSP: 002b:00007ff58dec9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 640.646883][T11648] RAX: ffffffffffffffda RBX: 00007ff58d215fa0 RCX: 00007ff58cf9ce59 [ 640.654853][T11648] RDX: 0000000000000012 RSI: 00002000000005c0 RDI: 0000000000000003 [ 640.662817][T11648] RBP: 00007ff58dec9090 R08: 0000000000000000 R09: 0000000000000000 [ 640.670820][T11648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 640.678812][T11648] R13: 00007ff58d216038 R14: 00007ff58d215fa0 R15: 00007ffc83edd7a8 [ 640.686806][T11648] [ 640.728237][ T5784] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 640.985808][T11656] netlink: 'syz.2.2226': attribute type 6 has an invalid length. [ 641.007631][T11656] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2226'. [ 641.432179][T11669] mac80211_hwsim hwsim8 wlan0: left promiscuous mode [ 641.439884][T11669] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 641.481219][T11667] netlink: 'syz.2.2239': attribute type 6 has an invalid length. [ 641.502759][T11667] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2239'. [ 641.882150][T11679] netlink: 'syz.0.2234': attribute type 6 has an invalid length. [ 641.900783][T11679] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2234'. [ 644.668852][ T5784] Bluetooth: hci0: unexpected event 0x14 length: 15 > 6 [ 644.711175][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 644.769916][T11690] netlink: 'syz.2.2241': attribute type 1 has an invalid length. [ 645.203156][T11700] netlink: 'syz.0.2245': attribute type 6 has an invalid length. [ 645.211839][T11700] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2245'. [ 645.264860][T11703] netlink: 'syz.1.2246': attribute type 6 has an invalid length. [ 645.280901][T11703] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2246'. [ 645.576072][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 648.607562][T11721] FAULT_INJECTION: forcing a failure. [ 648.607562][T11721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 648.670173][T11721] CPU: 1 PID: 11721 Comm: syz.1.2252 Not tainted syzkaller #0 [ 648.677724][T11721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 648.687809][T11721] Call Trace: [ 648.691115][T11721] [ 648.694071][T11721] dump_stack_lvl+0x18c/0x250 [ 648.698779][T11721] ? show_regs_print_info+0x20/0x20 [ 648.704008][T11721] ? load_image+0x420/0x420 [ 648.708539][T11721] ? __might_fault+0xaa/0x120 [ 648.713242][T11721] ? __lock_acquire+0x7d40/0x7d40 [ 648.718296][T11721] should_fail_ex+0x39d/0x4d0 [ 648.723013][T11721] _copy_from_user+0x2f/0xe0 [ 648.727633][T11721] sk_setsockopt+0x2b2/0x2bc0 [ 648.732328][T11721] ? sockopt_capable+0x60/0x60 [ 648.737105][T11721] ? trace_call_bpf+0xc3/0x6c0 [ 648.741872][T11721] ? trace_call_bpf+0x5e9/0x6c0 [ 648.746732][T11721] ? aa_sk_perm+0x83c/0x970 [ 648.751257][T11721] udp_lib_setsockopt+0xf7/0x8a0 [ 648.756222][T11721] ? udp_destroy_sock+0x2c0/0x2c0 [ 648.761248][T11721] ? __fget_files+0x28/0x4b0 [ 648.765834][T11721] ? __fget_files+0x28/0x4b0 [ 648.770420][T11721] udpv6_setsockopt+0x77/0xb0 [ 648.775207][T11721] ? udp_v6_send_skb+0x1860/0x1860 [ 648.780318][T11721] ? sock_common_recvmsg+0x190/0x190 [ 648.785617][T11721] do_sock_setsockopt+0x175/0x1a0 [ 648.790643][T11721] __x64_sys_setsockopt+0x182/0x200 [ 648.795840][T11721] do_syscall_64+0x55/0xb0 [ 648.800255][T11721] ? clear_bhb_loop+0x40/0x90 [ 648.804926][T11721] ? clear_bhb_loop+0x40/0x90 [ 648.809634][T11721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 648.815526][T11721] RIP: 0033:0x7ff58cf9ce59 [ 648.819941][T11721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 648.839562][T11721] RSP: 002b:00007ff58dec9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 648.847978][T11721] RAX: ffffffffffffffda RBX: 00007ff58d215fa0 RCX: 00007ff58cf9ce59 [ 648.855945][T11721] RDX: 0000000000000041 RSI: 0000000000000001 RDI: 0000000000000005 [ 648.863917][T11721] RBP: 00007ff58dec9090 R08: 0000000000000004 R09: 0000000000000000 [ 648.871883][T11721] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 648.879851][T11721] R13: 00007ff58d216038 R14: 00007ff58d215fa0 R15: 00007ffc83edd7a8 [ 648.887834][T11721] [ 649.094495][T11731] sock: sock_timestamping_bind_phc: sock not bind to device [ 649.189157][T11736] netlink: 'syz.3.2257': attribute type 6 has an invalid length. [ 649.215879][T11736] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2257'. [ 649.275364][ T5784] Bluetooth: hci0: unexpected event 0x14 length: 15 > 6 [ 655.761570][ T5784] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 659.148105][T11795] netlink: 'syz.2.2279': attribute type 6 has an invalid length. [ 659.175754][T11795] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2279'. [ 659.270572][T11797] netlink: 'syz.1.2282': attribute type 6 has an invalid length. [ 659.279126][T11797] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2282'. [ 659.387891][ T5784] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 665.657844][T11832] netlink: 'syz.3.2292': attribute type 6 has an invalid length. [ 665.691825][T11832] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2292'. [ 665.983218][ T5784] Bluetooth: hci3: unexpected event 0x14 length: 15 > 6 [ 666.122122][T11849] netlink: 'syz.1.2298': attribute type 6 has an invalid length. [ 666.144191][T11849] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2298'. [ 669.340381][T11863] netlink: 'syz.3.2306': attribute type 6 has an invalid length. [ 669.352995][T11863] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2306'. [ 669.543282][ T5784] Bluetooth: hci1: unexpected event 0x14 length: 15 > 6 [ 669.838877][T11890] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2313'. [ 669.856975][T11890] hsr_slave_0: left promiscuous mode [ 669.872380][T11891] netlink: 'syz.3.2315': attribute type 4 has an invalid length. [ 669.891804][T11890] hsr_slave_1: left promiscuous mode [ 669.905157][T11891] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.2315'. [ 669.992827][T11888] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2313'. [ 670.253611][T11901] netlink: 'syz.2.2318': attribute type 6 has an invalid length. [ 670.265216][T11901] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2318'. [ 670.734997][T11915] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.2325'. [ 671.022439][T11921] FAULT_INJECTION: forcing a failure. [ 671.022439][T11921] name failslab, interval 1, probability 0, space 0, times 0 [ 671.050396][T11919] netlink: 'syz.0.2329': attribute type 6 has an invalid length. [ 671.059608][T11921] CPU: 1 PID: 11921 Comm: syz.3.2327 Not tainted syzkaller #0 [ 671.067097][T11921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 671.077173][T11921] Call Trace: [ 671.080564][T11921] [ 671.083506][T11921] dump_stack_lvl+0x18c/0x250 [ 671.088218][T11921] ? show_regs_print_info+0x20/0x20 [ 671.093440][T11921] ? load_image+0x420/0x420 [ 671.097964][T11921] ? __might_sleep+0xe0/0xe0 [ 671.102572][T11921] ? __lock_acquire+0x7d40/0x7d40 [ 671.107628][T11921] should_fail_ex+0x39d/0x4d0 [ 671.112338][T11921] should_failslab+0x9/0x20 [ 671.116863][T11921] slab_pre_alloc_hook+0x59/0x310 [ 671.121915][T11921] ? __get_vm_area_node+0x125/0x370 [ 671.127110][T11921] __kmem_cache_alloc_node+0x53/0x250 [ 671.132476][T11921] ? __get_vm_area_node+0x125/0x370 [ 671.137684][T11921] kmalloc_node_trace+0x26/0xe0 [ 671.142551][T11921] __get_vm_area_node+0x125/0x370 [ 671.147580][T11921] __vmalloc_node_range+0x36e/0x1330 [ 671.152870][T11921] ? netlink_sendmsg+0x602/0xbf0 [ 671.157906][T11921] ? netlink_insert+0x109f/0x13a0 [ 671.162951][T11921] ? netlink_data_ready+0x10/0x10 [ 671.167981][T11921] ? free_vm_area+0x50/0x50 [ 671.172508][T11921] ? netlink_autobind+0xda/0x300 [ 671.177493][T11921] ? netlink_sendmsg+0x602/0xbf0 [ 671.182430][T11921] vmalloc+0x79/0x90 [ 671.186321][T11921] ? netlink_sendmsg+0x602/0xbf0 [ 671.191249][T11921] netlink_sendmsg+0x602/0xbf0 [ 671.196046][T11921] ? lockdep_hardirqs_on+0x98/0x150 [ 671.201247][T11921] ? netlink_getsockopt+0x590/0x590 [ 671.206441][T11921] ? security_socket_sendmsg+0x74/0xa0 [ 671.211898][T11921] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 671.217180][T11921] ? security_socket_sendmsg+0x80/0xa0 [ 671.222632][T11921] sock_write_iter+0x2df/0x420 [ 671.227395][T11921] ? sock_read_iter+0x3e0/0x3e0 [ 671.232251][T11921] vfs_write+0x46c/0x990 [ 671.236491][T11921] ? file_end_write+0x250/0x250 [ 671.241343][T11921] ? __fget_files+0x43d/0x4b0 [ 671.246021][T11921] ? __fdget_pos+0x1d8/0x330 [ 671.250605][T11921] ? ksys_write+0x75/0x260 [ 671.255020][T11921] ksys_write+0x150/0x260 [ 671.259348][T11921] ? __ia32_sys_read+0x90/0x90 [ 671.264110][T11921] ? lockdep_hardirqs_on+0x98/0x150 [ 671.269308][T11921] do_syscall_64+0x55/0xb0 [ 671.273719][T11921] ? clear_bhb_loop+0x40/0x90 [ 671.278385][T11921] ? clear_bhb_loop+0x40/0x90 [ 671.283053][T11921] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 671.288943][T11921] RIP: 0033:0x7f0eb6f9ce59 [ 671.293349][T11921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 671.312979][T11921] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 671.321394][T11921] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 671.329358][T11921] RDX: 00000000000082d7 RSI: 0000000000000000 RDI: 0000000000000004 [ 671.337320][T11921] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 671.345314][T11921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 671.353277][T11921] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 671.361250][T11921] [ 671.367693][T11919] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2329'. [ 671.376406][T11921] syz.3.2327: vmalloc error: size 33856, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 671.412330][ T5780] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 671.422629][T11921] CPU: 0 PID: 11921 Comm: syz.3.2327 Not tainted syzkaller #0 [ 671.430126][T11921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 671.440171][T11921] Call Trace: [ 671.443440][T11921] [ 671.446359][T11921] dump_stack_lvl+0x18c/0x250 [ 671.451045][T11921] ? show_regs_print_info+0x20/0x20 [ 671.456247][T11921] ? load_image+0x420/0x420 [ 671.460754][T11921] ? __rcu_read_unlock+0x7c/0xd0 [ 671.465705][T11921] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 671.472139][T11921] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 671.478721][T11921] warn_alloc+0x246/0x340 [ 671.483048][T11921] ? __get_vm_area_node+0x125/0x370 [ 671.488241][T11921] ? zone_watermark_ok_safe+0x230/0x230 [ 671.493781][T11921] ? rcu_is_watching+0x15/0xb0 [ 671.498543][T11921] ? __get_vm_area_node+0x356/0x370 [ 671.503768][T11921] __vmalloc_node_range+0x393/0x1330 [ 671.505539][ T5780] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 671.509045][T11921] ? netlink_insert+0x109f/0x13a0 [ 671.518187][ T5780] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 671.520999][T11921] ? netlink_data_ready+0x10/0x10 [ 671.529453][ T5780] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 671.532919][T11921] ? free_vm_area+0x50/0x50 [ 671.541746][ T5780] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 671.544324][T11921] ? netlink_autobind+0xda/0x300 [ 671.551911][ T5780] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 671.556164][T11921] ? netlink_sendmsg+0x602/0xbf0 [ 671.556189][T11921] vmalloc+0x79/0x90 [ 671.556210][T11921] ? netlink_sendmsg+0x602/0xbf0 [ 671.556227][T11921] netlink_sendmsg+0x602/0xbf0 [ 671.581750][T11921] ? lockdep_hardirqs_on+0x98/0x150 [ 671.587036][T11921] ? netlink_getsockopt+0x590/0x590 [ 671.592225][T11921] ? security_socket_sendmsg+0x74/0xa0 [ 671.597680][T11921] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 671.602952][T11921] ? security_socket_sendmsg+0x80/0xa0 [ 671.608419][T11921] sock_write_iter+0x2df/0x420 [ 671.613214][T11921] ? sock_read_iter+0x3e0/0x3e0 [ 671.618115][T11921] vfs_write+0x46c/0x990 [ 671.622396][T11921] ? file_end_write+0x250/0x250 [ 671.627269][T11921] ? __fget_files+0x43d/0x4b0 [ 671.631945][T11921] ? __fdget_pos+0x1d8/0x330 [ 671.636525][T11921] ? ksys_write+0x75/0x260 [ 671.640935][T11921] ksys_write+0x150/0x260 [ 671.645261][T11921] ? __ia32_sys_read+0x90/0x90 [ 671.650041][T11921] ? lockdep_hardirqs_on+0x98/0x150 [ 671.655251][T11921] do_syscall_64+0x55/0xb0 [ 671.659682][T11921] ? clear_bhb_loop+0x40/0x90 [ 671.664347][T11921] ? clear_bhb_loop+0x40/0x90 [ 671.669007][T11921] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 671.674891][T11921] RIP: 0033:0x7f0eb6f9ce59 [ 671.679316][T11921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 671.698943][T11921] RSP: 002b:00007f0eb7f28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 671.707357][T11921] RAX: ffffffffffffffda RBX: 00007f0eb7215fa0 RCX: 00007f0eb6f9ce59 [ 671.715332][T11921] RDX: 00000000000082d7 RSI: 0000000000000000 RDI: 0000000000000004 [ 671.723304][T11921] RBP: 00007f0eb7f28090 R08: 0000000000000000 R09: 0000000000000000 [ 671.731259][T11921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 671.739218][T11921] R13: 00007f0eb7216038 R14: 00007f0eb7215fa0 R15: 00007fff24755168 [ 671.747191][T11921] [ 671.754222][T11921] Mem-Info: [ 671.760140][T11921] active_anon:8495 inactive_anon:0 isolated_anon:0 [ 671.760140][T11921] active_file:19467 inactive_file:40159 isolated_file:0 [ 671.760140][T11921] unevictable:768 dirty:449 writeback:0 [ 671.760140][T11921] slab_reclaimable:10023 slab_unreclaimable:95559 [ 671.760140][T11921] mapped:25012 shmem:1361 pagetables:488 [ 671.760140][T11921] sec_pagetables:0 bounce:0 [ 671.760140][T11921] kernel_misc_reclaimable:0 [ 671.760140][T11921] free:1340995 free_pcp:10974 free_cma:0 [ 671.812063][T11921] Node 0 active_anon:33980kB inactive_anon:0kB active_file:77868kB inactive_file:160432kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100048kB dirty:1796kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10088kB pagetables:1952kB sec_pagetables:0kB all_unreclaimable? no [ 671.860892][T11921] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 671.899344][T11921] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 671.934960][T11921] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 671.940884][T11921] Node 0 DMA32 free:1455428kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:33840kB inactive_anon:0kB active_file:77868kB inactive_file:159608kB unevictable:1536kB writepending:1796kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:25744kB local_pcp:17668kB free_cma:0kB [ 671.981060][T11921] lowmem_reserve[]: 0 0 0 0 0 [ 671.990746][T11921] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 672.018572][T11921] lowmem_reserve[]: 0 0 0 0 0 [ 672.023385][T11921] Node 1 Normal free:3892064kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19684kB local_pcp:7428kB free_cma:0kB [ 672.055940][T11921] lowmem_reserve[]: 0 0 0 0 0 [ 672.060711][T11921] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 672.073836][T11921] Node 0 DMA32: 1651*4kB (UM) 1011*8kB (UME) 1830*16kB (UME) 820*32kB (UME) 773*64kB (UME) 317*128kB (UME) 184*256kB (UM) 85*512kB (UME) 51*1024kB (UME) 10*2048kB (UM) 276*4096kB (M) = 1454084kB [ 672.094122][T11921] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 672.094775][T11922] chnl_net:caif_netlink_parms(): no params data found [ 672.108995][T11921] Node 1 Normal: 232*4kB (UME) 54*8kB (UME) 37*16kB (UME) 48*32kB (UME) 19*64kB (UME) 8*128kB (UME) 1*256kB (M) 0*512kB 1*1024kB (U) 1*2048kB (U) 948*4096kB (ME) = 3892064kB [ 672.131319][T11921] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 672.141195][T11921] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 672.150853][T11921] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 672.160792][T11921] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 672.171377][T11921] 60987 total pagecache pages [ 672.176399][T11921] 0 pages in swap cache [ 672.180587][T11921] Free swap = 124996kB [ 672.184760][T11921] Total swap = 124996kB [ 672.189533][T11921] 2097051 pages RAM [ 672.193368][T11921] 0 pages HighMem/MovableOnly [ 672.198229][T11921] 416933 pages reserved [ 672.202400][T11921] 0 pages cma reserved [ 672.340117][ T3441] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.417241][T11932] netlink: 'syz.0.2337': attribute type 6 has an invalid length. [ 672.434587][T11932] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2337'. [ 672.578686][ T3441] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.601655][T11922] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.615010][T11922] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.622675][T11922] bridge_slave_0: entered allmulticast mode [ 672.646848][T11922] bridge_slave_0: entered promiscuous mode [ 672.664079][T11942] netlink: 'syz.2.2333': attribute type 6 has an invalid length. [ 672.676232][T11942] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2333'. [ 672.717148][ T3441] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.734930][T11922] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.742253][T11922] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.753286][T11922] bridge_slave_1: entered allmulticast mode [ 672.775418][T11922] bridge_slave_1: entered promiscuous mode [ 672.870509][ T3441] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.913807][T11952] netlink: 'syz.2.2336': attribute type 153 has an invalid length. [ 672.927933][T11952] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.2336'. [ 672.931972][T11948] netlink: 'syz.3.2335': attribute type 6 has an invalid length. [ 672.954937][T11948] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2335'. [ 673.006701][T11953] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2336'. [ 673.057425][T11956] FAULT_INJECTION: forcing a failure. [ 673.057425][T11956] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.084852][T11956] CPU: 0 PID: 11956 Comm: syz.0.2339 Not tainted syzkaller #0 [ 673.087793][T11922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 673.092358][T11956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 673.092395][T11956] Call Trace: [ 673.092402][T11956] [ 673.092410][T11956] dump_stack_lvl+0x18c/0x250 [ 673.122390][T11956] ? show_regs_print_info+0x20/0x20 [ 673.127624][T11956] ? load_image+0x420/0x420 [ 673.132155][T11956] ? __might_fault+0xaa/0x120 [ 673.136868][T11956] ? __lock_acquire+0x7d40/0x7d40 [ 673.141934][T11956] should_fail_ex+0x39d/0x4d0 [ 673.146492][T11922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 673.146631][T11956] _copy_from_user+0x2f/0xe0 [ 673.160252][T11956] do_ip_setsockopt+0x3d0/0x2df0 [ 673.165248][T11956] ? ip_sock_set_pktinfo+0x30/0x30 [ 673.170379][T11956] ? __mutex_lock+0x315/0xcc0 [ 673.175087][T11956] ? __might_sleep+0xe0/0xe0 [ 673.179709][T11956] ? ksys_write+0x1c4/0x260 [ 673.184242][T11956] ? smc_setsockopt+0x18f/0xac0 [ 673.189222][T11956] ? mutex_lock_nested+0x20/0x20 [ 673.194203][T11956] ip_setsockopt+0x61/0x110 [ 673.198730][T11956] ? sock_common_recvmsg+0x190/0x190 [ 673.204046][T11956] smc_setsockopt+0x243/0xac0 [ 673.208764][T11956] ? smc_shutdown+0x9b0/0x9b0 [ 673.213462][T11956] ? __fget_files+0x28/0x4b0 [ 673.218082][T11956] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 673.223662][T11956] ? security_socket_setsockopt+0x7e/0xa0 [ 673.229409][T11956] ? smc_shutdown+0x9b0/0x9b0 [ 673.234115][T11956] do_sock_setsockopt+0x175/0x1a0 [ 673.234759][T11922] team0: Port device team_slave_0 added [ 673.239144][T11956] ? __fdget+0x180/0x210 [ 673.239170][T11956] __x64_sys_setsockopt+0x182/0x200 [ 673.239199][T11956] do_syscall_64+0x55/0xb0 [ 673.239217][T11956] ? clear_bhb_loop+0x40/0x90 [ 673.239230][T11956] ? clear_bhb_loop+0x40/0x90 [ 673.239245][T11956] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 673.239267][T11956] RIP: 0033:0x7f6b7fd9ce59 [ 673.239284][T11956] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.239297][T11956] RSP: 002b:00007f6b80c93028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 673.239316][T11956] RAX: ffffffffffffffda RBX: 00007f6b80015fa0 RCX: 00007f6b7fd9ce59 [ 673.239327][T11956] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003 [ 673.322349][T11956] RBP: 00007f6b80c93090 R08: 000000000000011e R09: 0000000000000000 [ 673.330317][T11956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 673.338292][T11956] R13: 00007f6b80016038 R14: 00007f6b80015fa0 R15: 00007ffcedbafd28 [ 673.346274][T11956] [ 673.383400][T11922] team0: Port device team_slave_1 added [ 673.477046][T11922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 673.484326][T11922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 673.550472][T11922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 673.576713][T11922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 673.586455][T11922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 673.639835][ T5780] Bluetooth: hci4: command tx timeout [ 673.672618][T11922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 673.919792][T11970] netlink: 'syz.3.2342': attribute type 6 has an invalid length. [ 673.947295][T11970] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2342'. [ 674.010511][T11972] netlink: 'syz.0.2344': attribute type 6 has an invalid length. [ 674.033090][T11972] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2344'. [ 674.297501][T11922] hsr_slave_0: entered promiscuous mode [ 674.332264][T11922] hsr_slave_1: entered promiscuous mode [ 674.454017][T11995] netlink: 'syz.0.2347': attribute type 6 has an invalid length. [ 674.473657][T11995] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2347'. [ 675.726660][ T5780] Bluetooth: hci4: command tx timeout [ 677.666779][T12009] FAULT_INJECTION: forcing a failure. [ 677.666779][T12009] name failslab, interval 1, probability 0, space 0, times 0 [ 677.680202][T12009] CPU: 1 PID: 12009 Comm: syz.0.2354 Not tainted syzkaller #0 [ 677.687732][T12009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 677.697826][T12009] Call Trace: [ 677.701143][T12009] [ 677.704105][T12009] dump_stack_lvl+0x18c/0x250 [ 677.708826][T12009] ? show_regs_print_info+0x20/0x20 [ 677.714064][T12009] ? load_image+0x420/0x420 [ 677.718611][T12009] ? __might_sleep+0xe0/0xe0 [ 677.723246][T12009] ? __lock_acquire+0x7d40/0x7d40 [ 677.728315][T12009] should_fail_ex+0x39d/0x4d0 [ 677.733022][T12009] should_failslab+0x9/0x20 [ 677.737540][T12009] slab_pre_alloc_hook+0x59/0x310 [ 677.742582][T12009] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 677.748310][T12009] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 677.754037][T12009] __kmem_cache_alloc_node+0x53/0x250 [ 677.759425][T12009] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 677.765149][T12009] __kmalloc+0xa4/0x230 [ 677.769319][T12009] tomoyo_realpath_from_path+0xe3/0x5d0 [ 677.774885][T12009] tomoyo_path_number_perm+0x248/0x620 [ 677.780347][T12009] ? tomoyo_path_number_perm+0x217/0x620 [ 677.785983][T12009] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 677.791448][T12009] ? ksys_write+0x1c4/0x260 [ 677.796021][T12009] ? __fget_files+0x28/0x4b0 [ 677.800614][T12009] ? __fget_files+0x28/0x4b0 [ 677.805231][T12009] security_file_ioctl+0x70/0xa0 [ 677.810180][T12009] __se_sys_ioctl+0x48/0x170 [ 677.814780][T12009] do_syscall_64+0x55/0xb0 [ 677.819196][T12009] ? clear_bhb_loop+0x40/0x90 [ 677.823872][T12009] ? clear_bhb_loop+0x40/0x90 [ 677.828549][T12009] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 677.834448][T12009] RIP: 0033:0x7f6b7fd9ce59 [ 677.838887][T12009] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 677.858513][T12009] RSP: 002b:00007f6b80c93028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 677.866941][T12009] RAX: ffffffffffffffda RBX: 00007f6b80015fa0 RCX: 00007f6b7fd9ce59 [ 677.874913][T12009] RDX: 00002000000000c0 RSI: 000000000000891c RDI: 0000000000000004 [ 677.882885][T12009] RBP: 00007f6b80c93090 R08: 0000000000000000 R09: 0000000000000000 [ 677.890865][T12009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 677.898838][T12009] R13: 00007f6b80016038 R14: 00007f6b80015fa0 R15: 00007ffcedbafd28 [ 677.906835][T12009] [ 677.922361][ T5780] Bluetooth: hci4: command tx timeout [ 677.950813][T12009] ERROR: Out of memory at tomoyo_realpath_from_path. [ 677.960324][T12014] netlink: 'syz.2.2355': attribute type 6 has an invalid length. [ 677.982103][T12014] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2355'. [ 678.026993][T12013] netlink: 'syz.3.2353': attribute type 6 has an invalid length. [ 678.043739][T12013] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2353'. [ 678.764183][T12041] netlink: 'syz.2.2359': attribute type 10 has an invalid length. [ 679.043989][T12046] netlink: 'syz.0.2361': attribute type 6 has an invalid length. [ 679.070570][T12046] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2361'. [ 679.955497][ T5780] Bluetooth: hci4: command tx timeout [ 682.066506][ T3441] [ 682.068886][ T3441] ====================================================== [ 682.075911][ T3441] WARNING: possible circular locking dependency detected [ 682.082953][ T3441] syzkaller #0 Not tainted [ 682.087371][ T3441] ------------------------------------------------------ [ 682.094390][ T3441] kworker/u4:6/3441 is trying to acquire lock: [ 682.100541][ T3441] ffff88802564cd80 (team->team_lock_key){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0 [ 682.109961][ T3441] [ 682.109961][ T3441] but task is already holding lock: [ 682.117316][ T3441] ffff88801db68768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690 [ 682.127786][ T3441] [ 682.127786][ T3441] which lock already depends on the new lock. [ 682.127786][ T3441] [ 682.138180][ T3441] [ 682.138180][ T3441] the existing dependency chain (in reverse order) is: [ 682.147198][ T3441] [ 682.147198][ T3441] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}: [ 682.154937][ T3441] __mutex_lock+0x136/0xcc0 [ 682.159974][ T3441] ieee80211_open+0x144/0x200 [ 682.165166][ T3441] __dev_open+0x2cb/0x430 [ 682.170083][ T3441] dev_open+0xab/0x190 [ 682.174665][ T3441] team_add_slave+0x75f/0x29a0 [ 682.179947][ T3441] do_setlink+0xdfe/0x4130 [ 682.184943][ T3441] rtnl_newlink+0x17da/0x20a0 [ 682.190155][ T3441] rtnetlink_rcv_msg+0x869/0xfa0 [ 682.195625][ T3441] netlink_rcv_skb+0x241/0x4d0 [ 682.200914][ T3441] netlink_unicast+0x751/0x8d0 [ 682.206198][ T3441] netlink_sendmsg+0x8d0/0xbf0 [ 682.211476][ T3441] ____sys_sendmsg+0x5ba/0x960 [ 682.216757][ T3441] ___sys_sendmsg+0x2a6/0x360 [ 682.221950][ T3441] __se_sys_sendmsg+0x1c2/0x2b0 [ 682.227315][ T3441] do_syscall_64+0x55/0xb0 [ 682.232248][ T3441] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 682.238662][ T3441] [ 682.238662][ T3441] -> #0 (team->team_lock_key){+.+.}-{3:3}: [ 682.246647][ T3441] __lock_acquire+0x2df1/0x7d40 [ 682.252011][ T3441] lock_acquire+0x19e/0x420 [ 682.257027][ T3441] __mutex_lock+0x136/0xcc0 [ 682.262045][ T3441] team_del_slave+0x32/0x1c0 [ 682.267146][ T3441] team_device_event+0x28d/0xa20 [ 682.272599][ T3441] notifier_call_chain+0x197/0x380 [ 682.278230][ T3441] unregister_netdevice_many_notify+0x100d/0x1900 [ 682.285160][ T3441] unregister_netdevice_queue+0x32c/0x370 [ 682.291394][ T3441] _cfg80211_unregister_wdev+0x16b/0x580 [ 682.297650][ T3441] ieee80211_remove_interfaces+0x49e/0x690 [ 682.303972][ T3441] ieee80211_unregister_hw+0x5d/0x2a0 [ 682.309908][ T3441] mac80211_hwsim_del_radio+0x289/0x480 [ 682.315989][ T3441] hwsim_exit_net+0x58d/0x650 [ 682.321179][ T3441] cleanup_net+0x70a/0xbb0 [ 682.326109][ T3441] process_scheduled_works+0xa5d/0x15d0 [ 682.332170][ T3441] worker_thread+0xa55/0xfc0 [ 682.337271][ T3441] kthread+0x2fa/0x390 [ 682.341850][ T3441] ret_from_fork+0x48/0x80 [ 682.346783][ T3441] ret_from_fork_asm+0x11/0x20 [ 682.352088][ T3441] [ 682.352088][ T3441] other info that might help us debug this: [ 682.352088][ T3441] [ 682.362303][ T3441] Possible unsafe locking scenario: [ 682.362303][ T3441] [ 682.369738][ T3441] CPU0 CPU1 [ 682.375094][ T3441] ---- ---- [ 682.380449][ T3441] lock(&rdev->wiphy.mtx); [ 682.384946][ T3441] lock(team->team_lock_key); [ 682.392223][ T3441] lock(&rdev->wiphy.mtx); [ 682.399236][ T3441] lock(team->team_lock_key); [ 682.403992][ T3441] [ 682.403992][ T3441] *** DEADLOCK *** [ 682.403992][ T3441] [ 682.412122][ T3441] 5 locks held by kworker/u4:6/3441: [ 682.417396][ T3441] #0: ffff88801a254938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 682.428271][ T3441] #1: ffffc9000cd87d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 682.438799][ T3441] #2: ffffffff8e3b9990 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0 [ 682.448192][ T3441] #3: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0 [ 682.458027][ T3441] #4: ffff88801db68768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690 [ 682.468809][ T3441] [ 682.468809][ T3441] stack backtrace: [ 682.474698][ T3441] CPU: 1 PID: 3441 Comm: kworker/u4:6 Not tainted syzkaller #0 [ 682.482245][ T3441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 682.492294][ T3441] Workqueue: netns cleanup_net [ 682.497062][ T3441] Call Trace: [ 682.500336][ T3441] [ 682.503258][ T3441] dump_stack_lvl+0x18c/0x250 [ 682.507944][ T3441] ? load_image+0x420/0x420 [ 682.512437][ T3441] ? show_regs_print_info+0x20/0x20 [ 682.517631][ T3441] ? print_circular_bug+0x12b/0x1a0 [ 682.522823][ T3441] check_noncircular+0x2fc/0x400 [ 682.527775][ T3441] ? print_deadlock_bug+0x5d0/0x5d0 [ 682.532988][ T3441] ? lockdep_lock+0xf5/0x230 [ 682.537583][ T3441] ? __lock_acquire+0x1273/0x7d40 [ 682.542603][ T3441] ? _find_first_zero_bit+0xd3/0x100 [ 682.547898][ T3441] __lock_acquire+0x2df1/0x7d40 [ 682.552748][ T3441] ? verify_lock_unused+0x140/0x140 [ 682.557941][ T3441] ? verify_lock_unused+0x140/0x140 [ 682.563137][ T3441] lock_acquire+0x19e/0x420 [ 682.567754][ T3441] ? team_del_slave+0x32/0x1c0 [ 682.572513][ T3441] ? __might_sleep+0xe0/0xe0 [ 682.577097][ T3441] ? read_lock_is_recursive+0x20/0x20 [ 682.582469][ T3441] __mutex_lock+0x136/0xcc0 [ 682.586986][ T3441] ? team_del_slave+0x32/0x1c0 [ 682.591768][ T3441] ? __lock_acquire+0x7d40/0x7d40 [ 682.596808][ T3441] ? rcu_is_watching+0x15/0xb0 [ 682.601584][ T3441] ? trace_contention_end+0x39/0xe0 [ 682.606791][ T3441] ? __mutex_lock+0x315/0xcc0 [ 682.611469][ T3441] ? team_del_slave+0x32/0x1c0 [ 682.616230][ T3441] ? mutex_lock_nested+0x20/0x20 [ 682.621161][ T3441] ? bond_netdev_event+0xeb/0xf20 [ 682.626175][ T3441] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 682.631820][ T3441] team_del_slave+0x32/0x1c0 [ 682.636402][ T3441] team_device_event+0x28d/0xa20 [ 682.641336][ T3441] notifier_call_chain+0x197/0x380 [ 682.646445][ T3441] unregister_netdevice_many_notify+0x100d/0x1900 [ 682.652883][ T3441] ? lock_chain_count+0x20/0x20 [ 682.657750][ T3441] ? unregister_netdevice_many+0x20/0x20 [ 682.663411][ T3441] ? kernfs_remove_by_name_ns+0x117/0x150 [ 682.669173][ T3441] ? __lock_acquire+0x7d40/0x7d40 [ 682.674200][ T3441] unregister_netdevice_queue+0x32c/0x370 [ 682.679917][ T3441] ? list_netdevice+0x730/0x730 [ 682.684759][ T3441] ? kernfs_remove_by_name_ns+0x117/0x150 [ 682.690485][ T3441] _cfg80211_unregister_wdev+0x16b/0x580 [ 682.696116][ T3441] ieee80211_remove_interfaces+0x49e/0x690 [ 682.701919][ T3441] ? ieee80211_do_stop+0x1e20/0x1e20 [ 682.707199][ T3441] ? rcu_is_watching+0x15/0xb0 [ 682.711967][ T3441] ieee80211_unregister_hw+0x5d/0x2a0 [ 682.717332][ T3441] mac80211_hwsim_del_radio+0x289/0x480 [ 682.722873][ T3441] ? rhashtable_remove_fast+0xc00/0xc00 [ 682.728415][ T3441] hwsim_exit_net+0x58d/0x650 [ 682.733089][ T3441] ? hwsim_init_net+0x90/0x90 [ 682.737760][ T3441] ? __ip_vs_dev_cleanup_batch+0x238/0x250 [ 682.743659][ T3441] cleanup_net+0x70a/0xbb0 [ 682.748067][ T3441] ? ops_free_list+0x3b0/0x3b0 [ 682.752827][ T3441] ? _raw_spin_unlock_irq+0x23/0x50 [ 682.758054][ T3441] ? process_scheduled_works+0x96f/0x15d0 [ 682.763766][ T3441] ? process_scheduled_works+0x96f/0x15d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 682.769479][ T3441] process_scheduled_works+0xa5d/0x15d0 [ 682.775113][ T3441] ? worker_attach_to_pool+0x380/0x380 [ 682.780595][ T3441] ? assign_work+0x3d2/0x5d0 [ 682.785193][ T3441] worker_thread+0xa55/0xfc0 [ 682.789800][ T3441] kthread+0x2fa/0x390 [ 682.793868][ T3441] ? pr_cont_work+0x560/0x560 [ 682.798548][ T3441] ? kthread_blkcg+0xd0/0xd0 [ 682.803132][ T3441] ret_from_fork+0x48/0x80 [ 682.807545][ T3441] ? kthread_blkcg+0xd0/0xd0 [ 682.812124][ T3441] ret_from_fork_asm+0x11/0x20 [ 682.816917][ T3441] [ 682.869334][ T3441] team0: Port device ..ãc¤± removed [ 682.971590][T12054] netlink: 'syz.0.2364': attribute type 6 has an invalid length. [ 683.006213][T12054] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2364'. [ 683.175735][ T3441] hsr_slave_0: left promiscuous mode [ 683.246935][ T3441] hsr_slave_1: left promiscuous mode [ 683.315398][ T3441] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 683.322855][ T3441] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 683.377183][ T3441] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 683.384633][ T3441] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 683.447259][ T3441] bridge_slave_1: left allmulticast mode [ 683.452951][ T3441] bridge_slave_1: left promiscuous mode [ 683.475990][ T3441] bridge0: port 2(bridge_slave_1) entered disabled state [ 683.555893][ T3441] bridge_slave_0: left allmulticast mode [ 683.561674][ T3441] bridge_slave_0: left promiscuous mode [ 683.598948][ T3441] bridge0: port 1(bridge_slave_0) entered disabled state [ 683.631544][ T3441] veth1_macvtap: left promiscuous mode [ 683.639036][ T3441] veth0_macvtap: left promiscuous mode [ 683.644735][ T3441] veth1_vlan: left promiscuous mode [ 683.652597][ T3441] veth0_vlan: left promiscuous mode [ 683.904257][ T3441] team0 (unregistering): Port device team_slave_1 removed [ 683.983462][ T3441] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 683.992941][ T3441] bond_slave_1 (unregistering): left promiscuous mode [ 684.036544][ T3441] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 684.047248][ T3441] bond_slave_0 (unregistering): left promiscuous mode [ 684.164103][ T3441] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 684.172818][ T3441] dummy0 (unregistering): left promiscuous mode [ 684.202551][ T3441] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 684.211453][ T3441] bridge0 (unregistering): left promiscuous mode [ 684.217942][ T3441] bond0 (unregistering): Released all slaves [ 684.859312][ T3441] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.922022][ T3441] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 684.980128][ T3441] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.029618][ T3441] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 685.843981][ T3441] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 685.851709][ T3441] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 685.865900][ T3441] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 685.873324][ T3441] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 685.893221][ T3441] bridge_slave_1: left allmulticast mode [ 685.900354][ T3441] bridge_slave_1: left promiscuous mode [ 685.906199][ T3441] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.914117][ T3441] bridge_slave_0: left allmulticast mode [ 685.919931][ T3441] bridge_slave_0: left promiscuous mode [ 685.925916][ T3441] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.936722][ T3441] hsr_slave_0: left promiscuous mode [ 685.942462][ T3441] hsr_slave_1: left promiscuous mode [ 685.950912][ T3441] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 685.961011][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.961059][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.975018][ T3441] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 685.982906][ T3441] bridge_slave_1: left allmulticast mode [ 685.988688][ T3441] bridge_slave_1: left promiscuous mode [ 685.994346][ T3441] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.006656][ T3441] bridge_slave_0: left allmulticast mode [ 686.012300][ T3441] bridge_slave_0: left promiscuous mode [ 686.018233][ T3441] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.027963][ T3441] veth1_macvtap: left promiscuous mode [ 686.033478][ T3441] veth0_macvtap: left promiscuous mode [ 686.039472][ T3441] veth1_vlan: left promiscuous mode [ 686.044794][ T3441] veth0_vlan: left promiscuous mode [ 686.201578][ T3441] team0 (unregistering): Port device team_slave_1 removed [ 686.225125][ T3441] team0 (unregistering): Port device team_slave_0 removed [ 686.251652][ T3441] .` (unregistering): (slave bond_slave_1): Releasing backup interface [ 686.284373][ T3441] .` (unregistering): (slave bond_slave_0): Releasing backup interface [ 686.359921][ T3441] .` (unregistering): (slave dummy0): Releasing backup interface [ 686.394262][ T3441] .` (unregistering): (slave bridge0): Releasing backup interface [ 686.402672][ T3441] .` (unregistering): Released all slaves [ 686.528910][ T3441] team0 (unregistering): Port device team_slave_1 removed [ 686.555654][ T3441] team0 (unregistering): Port device team_slave_0 removed [ 686.568305][ T3441] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 686.581067][ T3441] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 686.633367][ T3441] bond0 (unregistering): Released all slaves