last executing test programs: 18.107971994s ago: executing program 0 (id=2961): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000a00)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x23}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) r2 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffc}, 0x0, 0x100000000, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0) r5 = perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x1a, 0x1, 0x0, 0xfc, 0x0, 0x0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0x0) (async) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x404800, 0x0) ioctl$TUNSETSTEERINGEBPF(r6, 0x800454e0, &(0x7f0000000ac0)=r1) (async) r7 = socket$kcm(0x2, 0x3, 0x84) perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x1, 0x0, 0x3, 0x0, 0x0, 0xef, 0x1af1ed, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0, 0x1}, 0x109901, 0x20000001, 0x6, 0x0, 0x3, 0x4, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) (async) sendmsg$inet(r7, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000007000000890704ac14140f0011000000000000000000000001000000fc000000000000001400000000000000010000000200000004000000000000001c000000000000000000000008"], 0x68}, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000240)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b646edef69853362ac34071", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async) recvmsg(r8, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) (async) recvmsg$kcm(r8, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x0) (async) ioctl$PERF_EVENT_IOC_DISABLE(r5, 0x2401, 0x1) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x7f}, 0x38) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x2400, 0x5) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, &(0x7f00000001c0)="1869fc289852b222023976eb26ff47c26ab68af90359a3bd345c7caeb4918c0a52a19bb57a9cf8e90ea5f834c05f633a9276c572d3891bf50080f7e7fa8226056433443d8e53007163f2f68b56c81dec8c0ab6521b5e7a12d06db4d5f68942ced7e08fc502d04c056d03787a8fc2f7f8a8821b429c3bc98fb082093c384aecfd67683e635472a440500f17e6ce0e212b3296094e916bca2d296089d1273e9d90b1fc9d417f998f827cc00987349b3cfe39d986c95bcb3fb1a1129e68d7312bf7be74c57b", &(0x7f00000004c0)=""/240}, 0x20) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) (rerun: 32) 17.488106433s ago: executing program 0 (id=2964): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) 13.132859974s ago: executing program 0 (id=2990): r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0xa, 0x40}, 0x50) close(0x3) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB="02cf000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000810e5ace142d000000000000005c814afe0000000cf2a81a06f73712fdf034005d8bb6140a61866694d803bc314dae07b33a"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x14, &(0x7f00000012c0)=ANY=[@ANYRES32=r1, @ANYRESHEX], &(0x7f0000001140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) r4 = socket$kcm(0x2, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(r4, 0x0, 0xb00) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6402}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000015006b03000000d86e6c1d000a847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x7, &(0x7f0000000180), 0x43) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000d800ba9d00000000010000008500000041000000850000007d00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x3100, 0x0, &(0x7f0000000140), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xffffff9d, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 12.949286948s ago: executing program 3 (id=2992): sendmsg$inet(0xffffffffffffffff, 0x0, 0x4004004) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f90924fc60040011000a7403004700000037153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400000000000}, 0x0, 0x0, 0x0, 0x0, 0xf60}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, @perf_config_ext, 0x100080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0xc, 0x10, &(0x7f0000000e40)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r3, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="61df712bc884fed5722780b605a7", 0x0, 0x2f00, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b4861ea30df81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca25b3659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf5f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730af36bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d26ce7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652cecbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b204007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000000000000000c87bd5b7cb8c5ae18218963f6d71cfa8b8afb7a4ade932aa3c4701a1c3284cf6b08a4c265dbf4c96cf1ccbcf8f43fd0abf415e581956070f52673a4fa63fb36788bbbcdc0cb1519e8e8fdd9c1463230ce4ccfa63d7069135d9804765a62bd12c2cf388b09c3a0bbd296a4ce6e523145bb6"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4) socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xffffebff, 0x3, 0x2, 0x9, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={0xffffffffffffffff, 0x0, &(0x7f0000000000)=""/48}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x3, 0x1, 0x0, 0x0) r5 = bpf$ITER_CREATE(0xb, 0x0, 0x0) close(r5) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) syz_clone(0x48002000, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x7, 0x3, 0x2, 0x0, 0x0, 0x210e, 0x30008, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7c, 0x2, @perf_config_ext={0x800000000000f, 0x2}, 0x14505, 0x32, 0xcb9, 0x3, 0x0, 0xb, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x18) 11.746492395s ago: executing program 0 (id=2998): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) getpid() perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1400, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000240)=r0, 0x4) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x200000000000002, 0x300) close(0xffffffffffffffff) socket$kcm(0x11, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x10, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="850000000e000000720a00ff000000006600006400000000950000000000000018100000", @ANYRES32, @ANYBLOB="00000000000000000000185808c45bbfc18278b90cb141410594a01ecf68a0cc7ac17cb2e7dd7f95816109bdd84f5d035e38fcbd613fcc7e401ad8cfc6d48fa52d397f676d8816c267e8db4760b521f42e9275ebe3f53bfaed8ef019b40da10b0500a352d2e3e5f06dfe297e1703171f38391939cc12c0cee8a00f00000004512abb827dd22d000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) 10.737462616s ago: executing program 0 (id=2999): perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x898d, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000080)={0x1, 0x41, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xfffffffffffffff8, 0x1}, 0x12640, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_clone(0x108000, 0x0, 0x0, 0x0, 0x0, 0x0) 10.580057599s ago: executing program 0 (id=3000): ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) socket$kcm(0x2, 0x5, 0x84) socketpair(0x1, 0x3, 0x0, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b4861ea30df81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca25b3659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf5f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730af36bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d26ce7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652cecbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b204007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000000000000000c87bd5b7cb8c5ae18218963f6d71cfa8b8afb7a4ade932aa3c4701a1c3284cf6b08a4c265dbf4c96cf1ccbcf8f43fd0abf415e581956070f52673a4fa63fb36788bbbcdc0cb1519e8e8fdd9c1463230ce4ccfa63d7069135d9804765a62bd12c2cf388b09c3a0bbd296a4ce6e523145bb6"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000280000000400"], 0x48) perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000440)={r2, 0x0, 0x0}, 0x20) 8.243340037s ago: executing program 2 (id=3008): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) 6.236119218s ago: executing program 1 (id=3012): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x20000000, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) 5.763915947s ago: executing program 1 (id=3014): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xfffffffe, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000300)='%+9llu \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r1}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x300}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.522523496s ago: executing program 1 (id=3016): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002536702500000000690000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r0}, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x2, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x1, 0xffffffffffffffff, 0xb) 5.3456837s ago: executing program 3 (id=3017): r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async, rerun: 32) r1 = socket$kcm(0xa, 0x2, 0x73) (rerun: 32) sendmsg$kcm(r1, &(0x7f0000001280)={&(0x7f00000010c0)=@in6={0xa, 0x0, 0x0, @local, 0x5}, 0x80, 0x0}, 0x4c810) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async, rerun: 32) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) (rerun: 32) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x10}) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x80800, 0x0) (async, rerun: 64) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000340)={r1}) (async, rerun: 64) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{}, {0x25}, {0x6}]}) (async, rerun: 64) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="0000008000100000000a00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (rerun: 64) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r5, @ANYRES32, @ANYBLOB="05"], 0x10) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r6, 0x20, &(0x7f00000001c0)={&(0x7f00000012c0)=""/4096, 0x1000, 0x0, &(0x7f0000000280)=""/73, 0x49}}, 0x10) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a00)={r3, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b40)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1d62, 0x0, 0x0, 0x0, 0xc}, [@ldst={0x3, 0x0, 0x1, 0x4, 0x0, 0x6, 0x10}]}, &(0x7f0000000840)='GPL\x00', 0x37b25ee8, 0x48, &(0x7f0000000940)=""/72, 0x41100, 0xac, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000009c0)={0x1, 0x7, 0x81, 0x8000}, 0x10, 0x2e88b, r4, 0x0, &(0x7f0000000b00)=[r3, r7, r4, r5, r5], 0x0, 0x10, 0x7}, 0x94) (async, rerun: 32) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[], 0x10) (async, rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000ec0)={r4, 0xe0, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000c00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, &(0x7f0000000c40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000c80)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x21, &(0x7f0000000cc0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000d00), &(0x7f0000000d40), 0x8, 0x4e, 0x8, 0x8, &(0x7f0000000d80)}}, 0x10) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000f00)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0x4, '\x00', r8, r6, 0x1, 0x0, 0x2}, 0x50) r9 = socket$kcm(0x2, 0x200000000000001, 0x0) setsockopt$sock_attach_bpf(r9, 0x1, 0x21, &(0x7f0000000240), 0x4) sendmsg$inet(r9, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x3}}, 0x10, 0x0}, 0x200088d0) (async) r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)={0xffffffffffffffff}, 0x4) (async) r11 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000007c0)=@generic={&(0x7f0000000740)='./file0\x00'}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r11) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r10, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0xa, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcf, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0xbc, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10) 4.956250272s ago: executing program 1 (id=3019): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xad85, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x5}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0x1, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_tracing={0x1a, 0x12, &(0x7f0000000500)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @map_idx={0x18, 0x5, 0x5, 0x0, 0xf}, @generic={0x4, 0x5, 0x7, 0xfff, 0xc27}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x3}], &(0x7f00000005c0)='GPL\x00', 0x8, 0xda, &(0x7f0000000600)=""/218, 0x41100, 0x0, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000740)={0x4, 0xd, 0x0, 0x9}, 0x10, 0x1687e, 0xffffffffffffffff, 0x0, &(0x7f0000000780)=[0x1, 0xffffffffffffffff], 0x0, 0x10, 0x5}, 0x94) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000880)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x400, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x4}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0xd, 0x2e, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x35d}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fff}}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x4}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0xfffffff9, 0xca, &(0x7f0000000300)=""/202, 0x41100, 0x7419669113acdbf0, '\x00', r3, @sock_ops=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x1, 0x6, 0xb, 0xe7c}, 0x10, 0xffffffffffffffff, r4, 0x8, &(0x7f0000000900)=[r5], &(0x7f0000000940)=[{0x0, 0x3, 0x2, 0x2}, {0x4, 0x3, 0xb, 0x7}, {0x5, 0x4, 0x1, 0xb}, {0x3, 0x5, 0xe, 0x2}, {0x0, 0x2, 0x1, 0x8}, {0x1, 0x3, 0xc, 0xa}, {0x3, 0x4, 0xf, 0xb}, {0x0, 0x5, 0x0, 0x1}], 0x10, 0x1}, 0x94) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000cc0)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@enum64={0x7, 0x1, 0x0, 0x13, 0x0, 0x7, [{0x4, 0x3, 0x65}]}]}, {0x0, [0x2e, 0x30, 0x0]}}, &(0x7f0000000c00)=""/166, 0x35, 0xa6, 0x1, 0xa9}, 0x28) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x18, 0x1d, &(0x7f0000000a80)=@raw=[@map_val={0x18, 0xb, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x8}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @ldst={0x2, 0x3, 0x0, 0x6, 0x3, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @alu={0x7, 0x0, 0xd, 0xb, 0x0, 0xffffffffffffffff, 0x10}, @map_fd={0x18, 0x0, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0x78}], &(0x7f0000000b80)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2, '\x00', r3, 0x0, r7, 0x8, &(0x7f0000000d00)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000d40)={0x2, 0xc, 0x0, 0xfe}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000d80)=[{0x1, 0x3, 0x4, 0xc}], 0x10, 0x14000000}, 0x94) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000e80), 0x2, 0x0) r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000ec0)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0x7, '\x00', r3, r7, 0x2, 0x4, 0x4}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001280)={&(0x7f0000000f40)="86d1b4bcbbe38213e497adf838d452df4e2907dafca34e4607796982b8c41d29124303e988aaa3e8586bd92781257095194b39ee448c50c9d4dbb78e4f64833e6d913c0504e84c4cc4b0d0602938557affea91f0ed739b1e6def3e7f10581d4a952aa50077c3726f2e6a5aad2c1f0a8347d40daa462f0cc0e8bf925c30665f1c8c0c12a9a1f05f3cb52691db93aab2883a25598ffb0b82def2bbb791ea0920d459397b577c8e935090571d7123f3a286b3323a03a3", &(0x7f0000001000)=""/187, &(0x7f00000010c0)="7a4801737d64bb6c50204207d4ae9d9c6b7d559ce71726c05400dca03132e22ade43b9b1d9ae348ab5d3a346c09a0753faa43f8817b45dca2455c1f6a9e3bbe4d4cec5c0f358d591cc2506b5520d68de197117ffea069eff2acf23f4b65e2ebfbfa117c77d96a68d3c157cf21a6204c34defccd567e8081129ff8a4b997d0355df9952b6d1489304cfb322de27c60b9a08425007401df16b68c0cfa8fac8f4a84911d55f544187383d218d40632135f28116b914bd68397b7f8e305b619dbaf4ee7baa9d946c3897080832866f217f9bb9b133c462e1b9231017a72a06e856af6b4f47360423af4c033e", &(0x7f00000011c0)="08c0bd5fcc27fdd0317f07ea9f52fde61bf519b008b3da8276d768c99af02d596a177b4a8aa5104239a2dabf91db53e0f597cd37163b69996203a3a81586fc790e812255de243c59742b9bd84688a950fc67a1ad7239a078f7de27d54753d74efa2619a5c4e6573dbc46372b1f7c62415fe9dd7751af08bb456a42228ec7ed6f533bec13550b61dcd43fffc839f20c5f07f999b49e", 0x0, r1, 0x4}, 0x38) r10 = gettid() perf_event_open(&(0x7f00000012c0)={0x5, 0x80, 0x8, 0x7, 0x6, 0x3, 0x0, 0x15, 0x4001, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xfff, 0xdd}, 0x8, 0x8000, 0x4ee, 0x8, 0x6e4b, 0x2, 0x2, 0x0, 0xe00000, 0x0, 0x1}, r10, 0xffffffffffffffff, r6, 0x2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001600)={r6, 0xe0, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000001380)=[0x0], &(0x7f00000013c0)=[0x0, 0x0], 0x0, 0xa2, &(0x7f0000001400)=[{}], 0x8, 0x10, &(0x7f0000001440), &(0x7f0000001480), 0x8, 0x32, 0x8, 0x8, &(0x7f00000014c0)}}, 0x10) r12 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001680)=@o_path={&(0x7f0000001640)='./file0\x00', 0x0, 0x4018, r6}, 0x18) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r13, &(0x7f0000001c80)={&(0x7f0000001700)=@nameseq={0x1e, 0x1, 0x2, {0x40, 0x1, 0x3}}, 0x10, &(0x7f0000001b80)=[{&(0x7f0000001740)="07a174d2f9550960593bac373b5c15d0af0d09086676949ec2f227b72b10500ab84d67deb9bd663f1d6de583a7bd46f50d3b8e09141c7a5bdb766e338b4439b04b7da8658a995ac2b68b53d3be6bbd32932fe555765ad6beb38996ca5b38d20721b7bf6b98e997a2834566c2743643bb356c613f82fc40b48760d187d2c1d92ef032d041212e64b1764b205dd2329bff1a4f9e220f8a69f4a947f0798041c9bd3fd6c7bb77093023", 0xa8}, {&(0x7f0000001800)="ca21e5ddda5faaa49ed55a50a73fc0149955c817c9adba179097676b4fbd9bf34636aac6a9b2b4f0c0ddcaa6efc901941988342b8f106ad2069af3af9ceebaaec2f5236cf202771a40e115c853c8e8ab4d98184aca0ecc1c0c15355ada47b4b624636c2cebddccb48232f74e9ef349bec59e15354f77cae6cea97b36e849f5d5f3", 0x81}, {&(0x7f00000018c0)="df239dedc985f120233746043df1cf0e57d40990ead602b4993de134b132ba3d", 0x20}, {&(0x7f0000001900)="97d832907e6ad4157f263f3f1e649aee2322499d25e9bf956c524317f6f9555aac957b9a4bbf4fdbcda7a629e5966cc72fceb122914de0985c4ed213ba1aea42675e390710b00581d1990ea5bdd14bbb2746992b263524bcdd1307f60e5f75612d428441c6ba6d6bbd5bc99466a040448bf5dafbd0dfca9e469390f627d5ad0cbde03f9b606e0de58db50eeee88b90297d4647aa7381bc3f58a3c992a88a7555cdf0f6069a52f6dd473aa374393e88b52e401f57616ba83a440f71730e4b2ac5bfdeb52f03422d5373", 0xc9}, {&(0x7f0000001a00)="9a9a9bcff194b78ec678b38d23e12f03d52a7f3895c74724136d145cf152af41a59a86b7cd19d03c6bbd82092f2c70b2d654ff803cfb800c8badbdc29009792e6244fa769c902d3cf0d8a6814dbb82550fce72a3f78a99de3ce8dbe6", 0x5c}, {&(0x7f0000001a80)="9422af47bc396652e2d9692d345f7565ec1ff3d2fbd144eb2b7e6dc34fcce8920cc3069792a8f1f893cac63b59559004ccd8500031119ea170ead9bfba86394bd9fd2f1734cdc52c1ce449ffd32d32920d4f9b0da1840df11aaf57409b2618546a24", 0x62}, {&(0x7f0000001b00)="4ede0ea34cd7ba2e435fe7a9ed02da2f4b8cd1b19e1dc9acb9d8e59250e7613d1145fa2729219b78a7681f814e99e92c54039b70ffa02bbcd499d8893dbc0541555646207ec1de2199aa320f054c4e8b90cf5f5e7d907a48a7ab165b93e594523e2fbaf6c10227c21ee6761c34a712a1f7af2e988f34a62d57c744bb7de5", 0x7e}], 0x7, &(0x7f0000001c00)="31dbe6d26274e7f476a6194011aff8ce887bdae3216446ecd0b8a487995871a105d0c685ddb1dab3538273454c3485be58730510b0317250447443f3fc62e5a8479fc4bc4ef800fea2d065c5d02f6bda8277", 0x52, 0x20048011}, 0x2004c090) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001d40)={r9, 0x58, &(0x7f0000001cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r15 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=@base={0x8, 0x1, 0x9, 0x8, 0x560, r2, 0x21, '\x00', r11, r7, 0x5, 0x5, 0x2}, 0x50) r16 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001e00)={0x3, 0x4, 0x4, 0xa, 0x0, r12, 0x1, '\x00', 0x0, r7, 0x1, 0x0, 0x4}, 0x50) setsockopt$sock_attach_bpf(r13, 0x1, 0x32, &(0x7f0000001e80)=r8, 0x4) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000002000)={r0, &(0x7f0000001ec0), &(0x7f0000001f00)=""/239}, 0x20) socketpair(0x18, 0x5, 0x1000, &(0x7f0000002040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000021c0)={r0, &(0x7f0000002080)="0ae16ab98b667e4b212f3062821349aec39065658aa4cfb416656917a131383e7f49baeacbbe51861d75c6c157a48918efa9e689aad1028ea547454ca73c5c5f76e43087d71c43aa4944e9b2447d8806302ff443841551770f0de9ff37416200f5fb35bf802f3f565d8e40", &(0x7f0000002100)=""/163, 0x4}, 0x20) sendmsg$kcm(r17, &(0x7f0000003440)={&(0x7f0000002200)=@l2={0x1f, 0x8, @any, 0x0, 0x1}, 0x80, &(0x7f0000003400)=[{&(0x7f0000002280)="9ca5aff666d378204645270f353b4815f1567009651646bc8e658bfc88d6b3bdfffd8ce76a7017f3d2b93d4f948282913049903adad48655046e68d89cdec9fa256b", 0x42}, {&(0x7f0000002300)="bb274d6ab4e54c0ddde34d194dc24a2c43eaf04e5133a0be2adcdeaf4b41d18c2b314d6e1facccc55fb3238d9e2fade58de6df2207856ca097b396b13fb42e4f5fb6b354c370d5479f86508c91d9d5813bd162ccbfdb773ca60f9c6fdbc950a64a79c4f454efd6c5e22ffd3ef6023d04f8d4a1663927b90be143e8d8d070a144a81315af62d8d00c9429e8f18c9c670c66184adaedd35913784c76ed15af40c2882e1ab78bc6dab9339330f93ffad39ac1102900e6fe707d0bd20cf2c166c2f33ae1f4a529aaca5a420dc45fb0ca85f296248861fb552a53e598970980c8b54fdb", 0xe1}, {&(0x7f0000002400)="b325b91c419cccfadade5beaf3651011ccb5589dea7d45c2b7636f97bdd8a11e48e1a13703939c47a7ea1e255be82c62caf1520ca6f4569cbe6decc02f2dc9e2f268694eac63548de5dbfe95fc89a53e882e70f6e28aec039606b3efc74e614b98bebbeefbf86286dd1f71b3cc64a5c9716573361cba36361b3d88f14e59af57482aaa1753fcb16e145a2a31b2e445e7fd4e052a71939a071f60bcc86b7620c3956a893c1e2bf2ac6936d62ce877c82c15ccf0713dcc68683b468632cab89f674fb394b1b801646697fb38eb938bbdc0ffd11282f690f3a6de7081abb605bb7245d0b0b5fa93d83c22b6a946098c5904b212aa029ca50db95be6890521d57be5ef3cf6fdf6f373777756e1a6abac8877172a2317f7f024e75f78de1064998fb14168a9231ad8073d9a6dd516395b59a107a7e22dc7453041f69e50f29d7c2e7189d9268d55bbe6ad0dc7d20207ebbb2e6deef040026a635119cd466eacf05b5e7cd8c3f27873ba3694d0e188761c52cfb3705b99b7f51dcdc501002cda1ace5aafbd72501a69d484f96569cbdc3ea8018ae8e9d4f331acfdb0e6e65563ff536494c91365de94213936cd464aaf4a982849020b21efb4dc3260978635e29ccc8b9deb138ff78e58f94111c8c2042d845f42c6ef3bc15570402fe7a28264587f11afd597f4b1f4cee9a91b74797f586cf49affdb91f9e36ca8adc4fa515a1e3bbcdc821f3e2c85979955c3f3f01e6cb068b849506e4a6de18826b81869d4c664143df2e357ab28ea63e13312a0218d9976afb2e5b5f527cbc8a35c6010f82e01824cd202253a8ba5e00b7c91e71626dd2ac7b42c0b26edc46675c216ae08f38b6f53270a31ddcf643d3074b739d4bd012814d576ad6fbe35729a04689e60173a9ab155a85e2d543cc5b8e3275c14067d994c02ca1844710692f1e52699f9a5209a69f436963747bf92d9af7be2df083edc9304c0f6efca98b83feabd0d98109530e604f10719523aba52d24a539988663df0102230492ec47336c902161cb385cd89ecde423873c3859a59185467aa3f7c60b50008884cfbee4965e4dfefa01c025f233bfabceb90d6df83f0e3c9224a5188ccf45c0a94edd2dfdcf6bea8bdd3ff1b4dfb086faed378845ea3abf4928664e55075dae79ecec8d362dec8a6dc00de466067e049cd63ed7f4da3699c5132b495f6d49eca474401c79582b3bd910ccd66bdb123ff99643cbc5668c25b916aa299773e022201b6c4b50e851bd3646e4390bef8908676fcd0df6f1aa2f9b9b9424293836fa45d95336409d6c4d843780672729020d42a1e1359c4e82e85b4d38d895a3439009a99d85f1f1e27d23a67bab456f63969aa002d892072332aeae049a1429ea9fc372000bb53fe256d68e316fb63603c9a1db2bed9a095df55c5b510b573c1d174e470746c80af7c54ba0fd346731bde9daa8532bb90b0942a88c865046a452bae991ef16e65b8d38095aee73c9c5cecea628d2fe4a89ffaeb2d1c16c50b89bc5de0ef026027e0080473a3363a7c4526ceb68878e448dc5e2112d09ade22f260c4b57610b1799efd87d80d0f37b435002361e19ac4bb86a01f6dfac516b72bfb91e0228af5d5c03d88c0a6a8957dceea2a0c6497f7c8aea6a96cda1ef57673edb8513f9f2c408012d0fa3c061444b8befa493ea1aff5f0ecebb56e3fbb9f7eb60d989194d67072f122102427b4938b110864d8c94d1658f2e5d4637b8f2b0466f89f1c9b31f2bed24b6484919e49a1ccfd39fcd8e3e2af132cea012f18c57ba5ada0b0a3a3003a8e8476601e04ec09f81933764923e7638e849296a2d807690aa93663c41d799d48a5bfb8af6af6715e7de95470c3b9b8515be6d29ff75ecca51aafd6c4f8e7bfbbae71fba603a44ec12f21668a5c787c48b243f003eb3a85cd72caa4d1dec928ccfe3d1430be191caf4c548b5594a15d6820d22996dc2b113f951134c177ba792f5ef26c151212bf9baa6458a7e99881b5cf0f248cf80a57b689f9d538fad6915582a94b207e5d57bcbb1c3ebeedcfa91c6402aed1fde9e383063f4b063632a8ad7ef782d4fd6dc37e4f72d54dea3e33ce838db3bd9ef395ae12be288ed7d3322b565317f43988bc8addf46ffb0b4b94b88c04a7c72422b9452a926d60e1b9a78757a5f173a2a8e54fd0ccb40a678c2ebf435804e97939250993b20cd668410f36c9ec4c4bf9cf40d3b4aa63ece58facc73285085af1089f6e969de90fc3c1de25b93ffcce02589b66c3cc6daf658ec614816381b01ac475c2a6a096d20b0cf4d002c217367706182378f7fd60618e5e5254c7a2199b0344cb486a45fabb4c75ddfdcfb966323817fca22240186916b5655c7b0932219cce1d7c9a67b8cecaa1852973455e093d31266d1171ba81d634b2675344294370bd1b72322cef388bcd31f47112e58632ea06e4e7d90fc1bcd3c71a78bc998b2869545e72fdca22ab7cbc8e2935493a6ddec0bb775620568679dc9831720c6aad7574db1d949c3c8b5e64b3c80bbc0cdde0b48f68331c56d1a6933dc5e5ac13215ef3e861608a7ada7e51d0677fb97d044a2d6e6c7c5aedc134f40a2c67dc76fe353972d14594dea462f72cb716a7a492d59ca89275cdf272d50a10ba6f15937efd4907747011b09f1d4a8ae182859c23bd8ff61de9b9ba6e9a79639865ef3de111c159dbbc1ad9ffd603120d760d0f0d62c1b49ddb09b3739dd1c3d06eb1c5fede31ab79e739ff28d163d658220cd66f5dfe3ee324c4314a1254c8197731988e0ba4f012e34f83a9a333ef7b8402435f1f0a6ffe88c19195f4ed041e08ee1198727f1819a851ca3aeb31ba868ecfab4bc414b9b719e663a3604ccbb2b52e53922467b990b051f6e8dbfc85e451f069c269319019db816be5a7c267619a08a5ef60e6f3da6f6a4ffe7e258ac099e21ad6a0ae66beae4bc9aea902de84251eac13b35dec97fb532d1fed8b482221a1643288132de2cd50e0725ceefcd37e3bca5dd8ff2f15f3578799fa2cb0022e12bd79cdce15bc7ed89edf5f60a28ecafbbfc22d504203f352fbcaa46465b0e35fbe7eb4c66bbdc8a2a986c709891b676716ae7bf85f9ead9eca91995710c09e710a6065a2fe19284cc7c53c52c757083cd04c31049ed4b62fd0261b1416e050ee38b1b2849ced7245dde1fcf7fa92941f05882a6874b5f8430d0672f2bcbd853a27289414a25832116780a048adc3b9af6b7a6840ae2070e7b005298ac01111be6c84b891782a4a31282b9a4350c90e946127dddc64bd09140d38179c337947213a90f645cdcdea312622c5989e4759250b832bfe206388d1f6466a372b13cd5f8b8bd36ed543b752daa7fb86bcba2e8b4edaa66330c27e09db3ed70fb7078f8b18aa116868633249282e2c37f195af42341c6db62f7547f8b31c3030c82247480009f09bbdbe5de0142fbeaf91cd8c5a5df4b82797b151a6460c7ef3c0a0c30bfaeb4b248bd46c9f11a09ca91280d532ef07aa6d166f2ad9ebe410c7344adda5608ddb2821888e709e6ba07ead7cd08ed049730c5f58084b44b4e50f04709fa42c6749df054fbeabb7aad836c22a6f4a39055a408d8991313939e476a0cfd08f1ec978a724d3e4a132c359f1a33743aa4d7728a9a35b7acedbcb5e8abfd4cb51f480314ddaec7e9ba901261bbb3c6858b9ac0f0e5e751eb56c12537f1f2d170571cf97e4b63a4aec75579236eae14221f2aff28cfe8594ae3ab6a4816a0eab984db80b367d0c43eaee83003e715210357a79900543d8cd8148a753b7f78b77c918d4cad374dec111a75c1e0eb4ed40f45bb367dc33b8128a0001bb07d1b26ff18ce508e50a64013219a3fa7ac73fdb8d69d3ea7b3a7e2bf3390ccc4cab409293acbdd6bf2a9447c9b84b45b356ff469c678dde1e2b15db8a3a43d0062f91db8e0d8410dfc927fbb1d20bbd6e2a6bd8b652a85fa97db2ee893d5001e8f6619c79ab9fa75859b6d658f7768cabcea90ba0dc50ce167cda03b5c84ed770d2f4267b5bfffbc59716a058afd8c2591d53f4d1d91ee9a602d2308ba21cf3e2d941768f814dc1b266908786360c5a0143d9dc837fd91046042622fbf19ee15348fba0aea5ab416bb749b7bcd9d5f9f44b78a30cc02b9470f387205123062034b8b9734ac571be5ed32d09f4a30d3ff2ff51b1824c43d3eb37fdb0b75711934a22824dcb7f2e213c1fea0aec32fc8777c2003ebdcb334938a8886edc70f0b3b28256caf4377b3b53de6cc854226643bee25b82c6af19730535718dfae5e87b0ed59e4746a658299cdc88f6efb9f9f361d3bbeb3883c5aca8901bce42bd50fe7d0eee77d3a19eccea7dea520029dafa1369cc948b81550cbec88490c23d083ec0f5ab4e6b2eb879f09f0a4ba12169cd85eca282f6c5cf0b5b1d9f62e50d95e7c6c9bdf7213823feeef6c17ee7357a52b60d498bb095db8d4f3cf8c2c1bf1a82fad01368fb4df7803419e9c854be4b90858a8ba5ee25ce54e5c632179387375fb8c917ca978df1786f5c7122ca524922db7020122cf7d5801cd4f1e37506f78d5f1f17562252e428892682e9250fea487e2c64a3407b72bb20c2b49845a3d67ef2856e998c76d769c745ec735d60702f2504928c456dc8807e2bacee11fb761e3b4959249b9b7aede8e4f682345704f730fc1593a2fa0d345c55ee13f6f07501c41342ad781e8baab60d924de8e6b8cbc5bde97be0a78c190669a9dd8b0cf627a654fb5f4049571537520f4d480d83bb94c03b48b6f90dd6a4057a9485e5f16ffc16c7318f7bd5afd583195134f0ca031232a2734ac998cc7ca1e54bbb3837634918a9c2374f3d34e7061250ba384cc550a3dcb4454c1b0efd0f1c9f91a396bc6279b00701ee2193ecfb678bc76c4a907d0cbee8a3b676987b428dfdc5e6462bfb1ce7b0937ab887e7ad5b78198160f8d138fc9bd6fc632a2caf487edbc3f03d9079cd1249ebbddd736a7970711a9ccbc96a287a59b70b475d4f653d966380a5e8de78dd52b72c2654ac34a0921f3b681d8dfadc71df6e6625e594aeda46ea4e19b249e112d11c4a54475fdb45f378ecc3c5520078ab68c4533f7b6fbdd8996b4d1c88deb35ce3dff87332fe00f150b40901d7c20f59bd5d4ba8df0a3331899190330782ee0e22a9b22cfc694e7fd85343b80200b454277d40f0515b0f84ef481100aa7615e996834a66f3e57496324bcc15ac35448d5cfbfc6b96d48ec2760cbbfcf248e2fdc50bad075abec1fa701ba805fca7ccd0fa7db18b5d4c985c53115a3a04df21c7b4648e3cc075333f38fd3944a897456e0708c4df6f1c3833045bc9e4a1f8e8cd7d984316789d3d265475c81b1ebb381740a2a4a6810cf8a97a5594e034c0074a307ba4cf712f90df855c1509f0a5d4273749fa4690aaa689ac9b8735e41d2f5507f78ca7cfb9bec58e687b7d568a5c858d3c0c08e0a57e1b716a72315ede77501530093fb2d8cf2e08bf70e0a9cd4c7bdd620ba46143f9760f8bfe6325725e8947a541422b14613728b98da6c6aa7cfc437ffea140f35ac3809d6786657a1f40ffdd8bd23e3941c84fb505fb7c8b1ea1039decf4437ff16bbdd8a0c874ed7e9ca3934e0cb8dfe1117e0bccf744a842f0d36a11289ce0a3b2696c3270368b22a27fcf00cadc923d625f6643fdae4fa9ba93300674877cad6aa38115e307e0e683a2ee0ed62f2a5584f955ffa699e64404dc7aa760b60940d3e2b7ef78231faa5aab2c9d0c3149784239f76253c9d8767de3abbd32cc3716d60b8179fcb9841f", 0x1000}], 0x3}, 0x40) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000004780)={r7, 0x20, &(0x7f0000004740)={&(0x7f0000003640)=""/241, 0xf1, 0x0, &(0x7f0000003740)=""/4096, 0x1000}}, 0x10) r19 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000047c0)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0x5, '\x00', r14, r7, 0x3, 0x0, 0x3}, 0x50) r20 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000004840)={0x1b, 0x0, 0x0, 0x81, 0x0, r1, 0x1, '\x00', r3, r7, 0x0, 0x0, 0x5}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000004a80)={0x16, 0x27, &(0x7f0000003480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0xffffffcd}, {{0x18, 0x1, 0x1, 0x0, r15}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r15}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ldst={0x2, 0x3, 0x3, 0x0, 0x8, 0x30, 0xfffffffffffffff0}, @exit, @btf_id={0x18, 0x2, 0x3, 0x0, 0x1}, @ldst={0x3, 0x1, 0x6, 0x7, 0x2, 0x8, 0x10}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffd}, @generic={0x0, 0x0, 0x7, 0xc17, 0x1}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0xe3ea}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000035c0)='syzkaller\x00', 0xdc4, 0x0, 0x0, 0xe61820ef7b0f2ad2, 0x6, '\x00', 0x0, @fallback=0x35, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003600)={0x0, 0x1, 0x8, 0x6}, 0x10, r18, r8, 0x1, &(0x7f0000004a00)=[r19, r20, 0xffffffffffffffff, 0xffffffffffffffff, r12, r16, 0xffffffffffffffff, r1, 0x1, 0x1], &(0x7f0000004a40)=[{0x2, 0x3, 0x1, 0x3}], 0x10, 0x9}, 0x94) 4.797335834s ago: executing program 3 (id=3020): socket$kcm(0x10, 0x7, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x2) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) write$cgroup_int(r2, &(0x7f00000001c0), 0xfffffdef) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) write$cgroup_int(r6, &(0x7f00000001c0), 0xfffffdef) r7 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r7, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='G', 0x1}], 0x1}, 0x480c0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400000000000}, 0x0, 0x0, 0x0, 0x0, 0xf60}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) socket$kcm(0x11, 0x200000000000002, 0x300) r8 = perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8003fffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000040)='syzkaller\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r10) recvmsg$unix(r9, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r11 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r11, 0x29, 0x5, 0x0, 0x0) 4.526237336s ago: executing program 1 (id=3021): r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0xa, 0x40}, 0x50) close(0x3) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB="02cf000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000810e5ace142d000000000000005c814afe0000000cf2a81a06f73712fdf034005d8bb6140a61866694d803bc314dae07b33a"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x14, &(0x7f00000012c0)=ANY=[@ANYRES32=r1, @ANYRESHEX], &(0x7f0000001140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) r4 = socket$kcm(0x2, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(r4, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}, @ip_tos_u8={{0x11, 0x29, 0x3e}}, @ip_ttl={{0x14}}], 0x48}, 0xb00) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x6402}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000015006b03000000d86e6c1d000a847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x7, &(0x7f0000000180), 0x43) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000d800ba9d00000000010000008500000041000000850000007d00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x3100, 0x0, &(0x7f0000000140), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xffffff9d, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.503310318s ago: executing program 2 (id=3022): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x3b}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 4.192267852s ago: executing program 2 (id=3023): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk={@lld}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r2}, 0x8) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) close(r1) socket$kcm(0x29, 0x2, 0x0) 3.663662775s ago: executing program 3 (id=3024): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r0}, &(0x7f0000001c00), &(0x7f0000001c40)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x3b}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 3.552944604s ago: executing program 3 (id=3025): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk={@lld}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x22) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="0763707573751400000000000009"], 0x17) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x20, &(0x7f0000000240)={&(0x7f0000000200)=""/36, 0x24, 0x0, &(0x7f0000000540)=""/4096, 0x1000}}, 0x10) r4 = socket$kcm(0x11, 0x3, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000002040)={&(0x7f0000001cc0), 0x6e, &(0x7f0000001a40)=[{&(0x7f0000001d40)=""/79, 0x4f}, {&(0x7f0000001dc0)=""/237, 0xed}, {&(0x7f0000001ec0)=""/144, 0x90}], 0x3, &(0x7f0000001f80)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb8}, 0x40000000) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89fd, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f00000008c0)=ANY=[@ANYRES8=r6], &(0x7f0000000880)='GPL\x00', 0x105, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) recvmsg$unix(r6, &(0x7f0000000840)={&(0x7f0000000000), 0x6e, &(0x7f0000000780)=[{&(0x7f0000000080)=""/167, 0xa7}, {&(0x7f00000001c0)=""/34, 0x22}, {&(0x7f0000000200)=""/157, 0x9d}, {&(0x7f00000002c0)=""/144, 0x90}, {&(0x7f0000000380)=""/81, 0x51}, {&(0x7f0000000400)=""/85, 0x55}, {&(0x7f0000000480)=""/108, 0x6c}, {&(0x7f0000000640)=""/147, 0x93}, {&(0x7f0000000700)=""/125, 0x7d}], 0x9, &(0x7f0000000500)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}, 0x40) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_procs(r7, &(0x7f0000000140)='cgroup.threads\x00', 0x2, 0x0) close(r8) recvmsg$unix(r5, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f00000015c0)=""/171, 0xab}, {&(0x7f0000001680)=""/179, 0xb3}, {&(0x7f0000001740)=""/106, 0x6a}, {&(0x7f00000017c0)=""/203, 0xcb}, {&(0x7f00000018c0)=""/216, 0xd8}, {&(0x7f00000019c0)}, {&(0x7f00000019c0)=""/34, 0x22}], 0x7, &(0x7f0000001a80)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x150}, 0x10040) perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xffff, 0x81}, 0x100c, 0x0, 0x0, 0x9, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x21, 0x0, 0x0) socket$kcm(0x2a, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040a1d080211000000040000a118000200ff0200000000000008000f0100810401a80016ea1f000840042e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000080bb9ad809d5e1cace81b341139fe3cd4032e8edb12d1d2eb0c0ed0bff", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) sendmsg$kcm(r4, &(0x7f0000000fc0)={&(0x7f0000001340)=@hci={0x1f, 0x8100, 0x31}, 0x80, &(0x7f0000001000)=[{&(0x7f0000001040)="b8b2cc1e00c1dba49dbb66ca3a66", 0xe}], 0x1}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000400000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f00000000c0)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.977721251s ago: executing program 3 (id=3026): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.466650972s ago: executing program 1 (id=3027): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0) 788.159206ms ago: executing program 4 (id=3030): r0 = socket$kcm(0x2, 0x3, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000ff010000000000000000009b0200130000f8000000"], &(0x7f00000006c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r3, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0xf00, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x103}}], 0x18}, 0x0) recvmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x12160) ioctl$SIOCSIFHWADDR(r1, 0x8937, &(0x7f0000000000)={'veth0_vlan\x00', @random="0100002010ff"}) ioctl$SIOCSIFHWADDR(r0, 0x891c, &(0x7f0000000040)={'ip6_vti0\x00', @random="02000400"}) 765.469378ms ago: executing program 2 (id=3031): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="364000001a00913a09b51bcb3cc5a05f0a"], 0xfe33) r2 = socket$kcm(0xa, 0x5, 0x0) socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8916, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r3, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000000380)="b9ff0300600d698cff9e14f086dd6fe7f9c7", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r4) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYRES64], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22ffef) r7 = socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(r7, &(0x7f0000001180)={&(0x7f0000001300)={0xa, 0x0, @empty=0x48000000}, 0x10, &(0x7f0000001080)=[{0x0}, {&(0x7f0000001040)}], 0x2, &(0x7f00000010c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0xd5}}, @ip_tos_u8={{0x11, 0x29, 0x3}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x64010102, @empty}}}], 0x50}, 0x40) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x20004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}, 0x30, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000100)={[{0x2b, 'hugetlb'}, {0x2d, 'blkio'}]}, 0x10) 572.068904ms ago: executing program 4 (id=3032): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x3b}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 452.534503ms ago: executing program 4 (id=3033): socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x40, 0x0, 0x0, 0x0, 0x10005d31, 0x20, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={0x0}, 0x4402, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3}, 0x0, 0xfffffffffffdffff, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x6, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x25, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f0080047e0ffff00004000632f77fb8035140cac14140c07029f", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0xd, &(0x7f0000000000), 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000001c0)="2e00000010608188040f46ecdb4cb9cca7480ef40f000000e3bd6efb010509000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) 328.376834ms ago: executing program 2 (id=3034): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r0}, &(0x7f0000001c00), &(0x7f0000001c40)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x3b}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 242.52037ms ago: executing program 4 (id=3035): socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0}, 0x801, 0x0, 0x2df, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, 0x0}, 0x3000c085) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="85100000040000009500000000000000180000000000000000000000000000009500000000"], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000200)="f4000900062b2c25fe80070000e4c8030000000f230466ccf5ff7a000000ad6e911b51818463b40065b841c4342c7557035896e741c884657ef8db2a2a75e614eb217dfed12e8fdbd7db1bba8511659add8b97972142b0e29b3eb9ef1bba558320ed1c74305eb8eb708ab7a6323ce90e1d33bfee42f7fb5f92ee0a2642960b7237272f2ce178934d99daf94f4b1d6dbe9ec3ba9b0c271836dc7e08b2dddacc9cba464573c503c2c4d318dffe2f7ec8e43e2fcb46f9f6f91dfae9d62bce0288db0b5d1a0f1e9fbebbb94c2331b79ede57d9f37e5c32f771c76eb9a60544461b5a40d4eb6ff2640fe70662ad0dbca6f68d83", 0xf1}], 0x1}, 0x0) 238.622181ms ago: executing program 2 (id=3036): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='inet_sock_set_state\x00', r3}, 0x10) r4 = socket$kcm(0x2, 0x1, 0x0) sendmsg(r4, &(0x7f0000000240)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000200)=[{&(0x7f0000000100)="777b76c7c5642479fdd9065d2f539bf67fcb7101d22332418050f421fdba167de429a8bd242af7e64614cfc54d3c2d0cb206b095dcf9e317ec5a9b7f5a80e72aa9c1c4cfd449c1afd795c75833689f6ae0556317e4f2c78413838235f794e5c9c8c34723ba15b9c311146f061b3cc356a58127c91e390fe9c76e3f986c9ef700da1edc46b86e15d53030fcd2e9039dbc9f71dee622e82f85fafc5c700c5916b49f3583a681135a44c96301a8042fd0f320e7a9250e85ec5715bee052c097bef59b0e7742585fcbb491a93191b96ff87d10", 0xd1}], 0x1, &(0x7f0000000340)=[{0xe0, 0x10b, 0x6, "89fe9a4b48945e70d374ce2ede6a2e552d7869a4c78ab330ea80cca16c48fd7c63cc0c7a5324891d12779ef893f04182c190b5f5eee72610be7d6c75319cd6cf2a70b6c074623a88efc03e8d00228a1d0ab78f3ba57f878d7c07951827f07d1759781712cf35d500f108d2234c0ef84708a834569f7ae433a1ff777182a46154856e4d39e8bbbcc14d0b702ea404f5c7028988745f270b340c252fbf1cbd3f0aa47a50a9059765c742466dd5fac3acf1cd960df2388df7dc55b77e6d1ea085c3fe30eb1179a39fe4ff"}, {0x20, 0x10f, 0x6, "34b675a83a1bd95b048be1a6"}, {0xb0, 0x11, 0x8be, "6ca6b9ad285013ae9a4e50826ffdaff692982a4e5e1db6e71e6e1405c4507875181c63dea9b769bbb0576b345781c043ebb93881f2a7977001eb28d893d89a04fb9b31ec9df1cdf910b0baa28555a1bbce6aba9720d6f3ad2c79e3a244dcf12fd6b0819c4fffa8199af651498d87f1891f0899af6f6bde443b1234aa5c6f7e907cb13b9c7778f237343f175e1f742206f52ec4cabe841ffb1b039e5d"}], 0x1b0}, 0xc0c4) sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) bpf$MAP_CREATE(0x0, 0x0, 0x48) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r4, 0x0, 0x4014) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) r5 = socket$kcm(0x15, 0x5, 0x0) sendmsg(r5, &(0x7f0000000680)={&(0x7f0000000500)=@l2tp6={0xa, 0x0, 0x9, @private0, 0x7f, 0x2}, 0x80, 0x0}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x60, &(0x7f0000000000)=[{&(0x7f0000000300)="2000000011008188040f80ec59acbc0413a181000d0000000001000009000000", 0x20}], 0x1}, 0x40000) 156.398207ms ago: executing program 4 (id=3037): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000220000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x54, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000773117300000000008510000002000000850000007600000095000810000000009500a50500000000e2044545cfbd17576630aefe992b9b4b024760c6ca8428c2d720800b30744162c6c1d68c0859292af9d33dda349f59fe5229ba70f85aa1e78cbd0b64df7aae833db746747ad713088544922241e6faecd35737bacf2916b29ba4c624ccbd7f6eb43098cdccdb01aec0f5687be55f9c47"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 0s ago: executing program 4 (id=3038): r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21bef5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a835701bea8240399c56ce8f58df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a6669e4300d5acf12e4d0b35abf91569f605b2f6df0d861"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xb}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010011010000007d95df16a39b1a6c900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319e2e66d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) kernel console output (not intermixed with test programs): netdevsim0 added [ 346.622146][ T9344] netlink: 'syz.3.1373': attribute type 10 has an invalid length. [ 346.688022][ T9344] team0: Port device netdevsim0 removed [ 346.703364][ T9344] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 346.713202][ T9349] netlink: 'syz.1.1375': attribute type 10 has an invalid length. [ 346.721627][ T9349] team0: Device dummy0 is up. Set it down before adding it as a team port [ 346.731255][ T9354] netlink: 'syz.2.1376': attribute type 10 has an invalid length. [ 346.770212][ T9354] batman_adv: batadv0: Adding interface: team0 [ 346.789451][ T9354] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.866783][ T9354] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 346.903305][ T9356] netlink: 'syz.2.1376': attribute type 10 has an invalid length. [ 346.935026][ T9356] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1376'. [ 346.975506][ T9356] device team0 entered promiscuous mode [ 346.983638][ T9356] device team_slave_0 entered promiscuous mode [ 347.057169][ T9356] device team_slave_1 entered promiscuous mode [ 347.069207][ T9356] device netdevsim0 entered promiscuous mode [ 347.109914][ T9356] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.127711][ T9356] batman_adv: batadv0: Interface activated: team0 [ 347.185677][ T9356] batman_adv: batadv0: Interface deactivated: team0 [ 347.192398][ T9356] batman_adv: batadv0: Removing interface: team0 [ 347.446421][ T9376] netlink: 'syz.4.1383': attribute type 10 has an invalid length. [ 347.474668][ T9376] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1383'. [ 347.517537][ T9376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.842980][ T9391] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1388'. [ 347.921300][ T9386] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1389'. [ 347.958716][ T9391] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 347.966007][ T9391] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 348.188350][ T9381] netlink: 'syz.0.1386': attribute type 10 has an invalid length. [ 348.258171][ T9381] device hsr0 entered promiscuous mode [ 348.288783][ T9381] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 348.424319][ T9381] netlink: 'syz.0.1386': attribute type 28 has an invalid length. [ 348.571491][ T9400] netlink: 'syz.4.1391': attribute type 10 has an invalid length. [ 349.081713][ T9400] device netdevsim0 entered promiscuous mode [ 349.137160][ T9400] team0: Port device netdevsim0 added [ 349.164891][ T9404] netlink: 'syz.4.1391': attribute type 10 has an invalid length. [ 349.200218][ T9404] device netdevsim0 left promiscuous mode [ 349.261502][ T9404] team0: Port device netdevsim0 removed [ 349.289670][ T9404] device netdevsim0 entered promiscuous mode [ 349.296520][ T9404] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 349.319224][ T9416] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1396'. [ 349.817091][ T9437] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1399'. [ 350.881397][ T9461] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1408'. [ 350.916926][ T9461] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 350.923581][ T9461] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 351.159394][ T9457] device netdevsim0 entered promiscuous mode [ 351.194979][ T9457] team0: Port device netdevsim0 added [ 351.211012][ T9466] validate_nla: 2 callbacks suppressed [ 351.211030][ T9466] netlink: 'syz.3.1411': attribute type 4 has an invalid length. [ 351.227653][ T9466] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1411'. [ 351.346260][ T9466] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1411'. [ 351.362983][ T9466] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 351.379272][ T9467] netlink: 'syz.1.1410': attribute type 10 has an invalid length. [ 351.388137][ T9467] device netdevsim0 left promiscuous mode [ 351.413752][ T9467] team0: Port device netdevsim0 removed [ 351.447657][ T9467] device netdevsim0 entered promiscuous mode [ 351.466518][ T9467] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 351.500181][ T9471] netlink: 'syz.0.1413': attribute type 10 has an invalid length. [ 351.758586][ T9471] device hsr_slave_0 left promiscuous mode [ 359.791072][ T9525] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1428'. [ 360.270171][ T9533] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1431'. [ 363.137430][ T9563] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1442'. [ 364.885660][ T9596] netlink: 'syz.1.1464': attribute type 6 has an invalid length. [ 364.939670][ T9596] netlink: 127868 bytes leftover after parsing attributes in process `syz.1.1464'. [ 365.026422][ T5498] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 365.575049][ T9622] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 365.581621][ T9622] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 365.653399][ T9620] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1458'. [ 369.002150][ T9674] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 369.008750][ T9674] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 369.046639][ T9671] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1476'. [ 372.006735][ T9700] netlink: 194236 bytes leftover after parsing attributes in process `syz.2.1486'. [ 372.087594][ T9700] netlink: zone id is out of range [ 372.137567][ T9700] netlink: zone id is out of range [ 372.194883][ T9700] netlink: get zone limit has 8 unknown bytes [ 372.299476][ T9701] netlink: 'syz.2.1486': attribute type 10 has an invalid length. [ 372.375248][ T9701] device hsr_slave_0 left promiscuous mode [ 373.769875][ T9736] FAULT_INJECTION: forcing a failure. [ 373.769875][ T9736] name failslab, interval 1, probability 0, space 0, times 0 [ 373.805340][ T9736] CPU: 1 PID: 9736 Comm: syz.1.1498 Not tainted 6.1.148-syzkaller #0 [ 373.813492][ T9736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 373.823684][ T9736] Call Trace: [ 373.827086][ T9736] [ 373.830054][ T9736] dump_stack_lvl+0x168/0x22e [ 373.834774][ T9736] ? sctp_sendmsg+0x15ff/0x2980 [ 373.839667][ T9736] ? ___sys_sendmsg+0x21c/0x290 [ 373.844556][ T9736] ? show_regs_print_info+0x12/0x12 [ 373.849789][ T9736] ? load_image+0x3b0/0x3b0 [ 373.854478][ T9736] should_fail_ex+0x399/0x4d0 [ 373.859209][ T9736] should_failslab+0x5/0x20 [ 373.863754][ T9736] slab_pre_alloc_hook+0x59/0x310 [ 373.868801][ T9736] ? sctp_add_bind_addr+0x89/0x350 [ 373.873927][ T9736] __kmem_cache_alloc_node+0x4f/0x260 [ 373.879322][ T9736] ? sctp_add_bind_addr+0x89/0x350 [ 373.884453][ T9736] kmalloc_trace+0x26/0xe0 [ 373.888896][ T9736] sctp_add_bind_addr+0x89/0x350 [ 373.893876][ T9736] sctp_copy_local_addr_list+0x308/0x4d0 [ 373.899526][ T9736] ? sctp_copy_local_addr_list+0x98/0x4d0 [ 373.905262][ T9736] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 373.911341][ T9736] ? sctp_v4_is_any+0x31/0x50 [ 373.916047][ T9736] ? sctp_copy_one_addr+0x93/0x660 [ 373.921193][ T9736] sctp_bind_addr_copy+0xaf/0x3c0 [ 373.926230][ T9736] ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190 [ 373.932575][ T9736] sctp_connect_new_asoc+0x2d6/0x690 [ 373.937882][ T9736] ? __sctp_connect+0xd20/0xd20 [ 373.942745][ T9736] ? __local_bh_enable_ip+0x12a/0x1b0 [ 373.948165][ T9736] ? lock_sock_nested+0x66/0x100 [ 373.953121][ T9736] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 373.958680][ T9736] ? security_sctp_bind_connect+0x85/0xb0 [ 373.964417][ T9736] sctp_sendmsg+0x15ff/0x2980 [ 373.969133][ T9736] ? sctp_getsockopt+0x8a0/0x8a0 [ 373.974115][ T9736] ? aa_af_perm+0x2b0/0x2b0 [ 373.978635][ T9736] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 373.985163][ T9736] ? inet_sendmsg+0xe5/0x2f0 [ 373.989773][ T9736] ? inet_send_prepare+0x260/0x260 [ 373.994896][ T9736] ____sys_sendmsg+0x59b/0x970 [ 373.999679][ T9736] ? __sys_sendmsg_sock+0x30/0x30 [ 374.004717][ T9736] ? __import_iovec+0x315/0x500 [ 374.009596][ T9736] ? import_iovec+0x6f/0xa0 [ 374.014125][ T9736] ___sys_sendmsg+0x21c/0x290 [ 374.018822][ T9736] ? __sys_sendmsg+0x270/0x270 [ 374.023618][ T9736] ? __lock_acquire+0x7c50/0x7c50 [ 374.028676][ T9736] ? __fdget+0x17c/0x200 [ 374.032938][ T9736] __se_sys_sendmsg+0x19e/0x270 [ 374.037805][ T9736] ? __x64_sys_sendmsg+0x80/0x80 [ 374.042770][ T9736] ? lockdep_hardirqs_on+0x94/0x140 [ 374.047989][ T9736] do_syscall_64+0x4c/0xa0 [ 374.052412][ T9736] ? clear_bhb_loop+0x60/0xb0 [ 374.057104][ T9736] ? clear_bhb_loop+0x60/0xb0 [ 374.061790][ T9736] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 374.067701][ T9736] RIP: 0033:0x7f4400d8ebe9 [ 374.072139][ T9736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.091756][ T9736] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 374.100271][ T9736] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 374.108258][ T9736] RDX: 0000000000008050 RSI: 0000200000001e80 RDI: 0000000000000003 [ 374.116240][ T9736] RBP: 00007f4401c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 374.124221][ T9736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 374.132207][ T9736] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 374.140230][ T9736] [ 377.077841][ T9789] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1518'. [ 377.159197][ T9789] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 377.166305][ T9789] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 377.661881][ T9797] netlink: 194236 bytes leftover after parsing attributes in process `syz.0.1519'. [ 377.704228][ T9793] IPv6: Can't replace route, no match found [ 377.740295][ T9793] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 377.760644][ T9797] netlink: zone id is out of range [ 377.793285][ T9797] netlink: zone id is out of range [ 377.859480][ T9797] netlink: get zone limit has 8 unknown bytes [ 377.889049][ T9795] netlink: 'syz.0.1519': attribute type 10 has an invalid length. [ 377.966190][ T9793] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1520'. [ 378.219563][ T9807] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1523'. [ 378.467309][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.473772][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.121090][ T9831] netlink: 'syz.0.1531': attribute type 12 has an invalid length. [ 379.157101][ T9831] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1531'. [ 379.203422][ T9832] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1532'. [ 379.247400][ T9834] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 379.253927][ T9834] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 380.198431][ T9848] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1537'. [ 380.832284][ T9868] IPv6: Can't replace route, no match found [ 380.849075][ T9868] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 380.964270][ T9868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1543'. [ 381.065055][ T9876] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 381.220708][ T9874] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1545'. [ 381.424881][ T9879] netlink: 'syz.4.1546': attribute type 21 has an invalid length. [ 381.497373][ T9879] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1546'. [ 382.010029][ T9887] netlink: 'syz.2.1548': attribute type 9 has an invalid length. [ 382.164435][ T9891] netlink: 'syz.2.1550': attribute type 4 has an invalid length. [ 383.283054][ T9916] IPv6: Can't replace route, no match found [ 383.357806][ T9918] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 383.441822][ T9916] __nla_validate_parse: 1 callbacks suppressed [ 383.452246][ T9916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1559'. [ 383.542123][ T9922] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1560'. [ 383.625726][ T9923] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 383.632200][ T9923] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 384.646968][ T9943] FAULT_INJECTION: forcing a failure. [ 384.646968][ T9943] name failslab, interval 1, probability 0, space 0, times 0 [ 384.684033][ T9943] CPU: 1 PID: 9943 Comm: syz.1.1567 Not tainted 6.1.148-syzkaller #0 [ 384.692193][ T9943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 384.702296][ T9943] Call Trace: [ 384.705616][ T9943] [ 384.708618][ T9943] dump_stack_lvl+0x168/0x22e [ 384.713347][ T9943] ? show_regs_print_info+0x12/0x12 [ 384.718591][ T9943] ? load_image+0x3b0/0x3b0 [ 384.723162][ T9943] ? __might_sleep+0xd0/0xd0 [ 384.727804][ T9943] ? __lock_acquire+0x7c50/0x7c50 [ 384.732885][ T9943] should_fail_ex+0x399/0x4d0 [ 384.737615][ T9943] should_failslab+0x5/0x20 [ 384.742148][ T9943] slab_pre_alloc_hook+0x59/0x310 [ 384.747191][ T9943] ? bpf_prog_test_run_skb+0x22b/0x11b0 [ 384.752762][ T9943] __kmem_cache_alloc_node+0x4f/0x260 [ 384.758150][ T9943] ? bpf_prog_test_run_skb+0x22b/0x11b0 [ 384.763739][ T9943] __kmalloc+0xa0/0x240 [ 384.767921][ T9943] bpf_prog_test_run_skb+0x22b/0x11b0 [ 384.773337][ T9943] ? lockdep_hardirqs_on+0x94/0x140 [ 384.778558][ T9943] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 384.784743][ T9943] ? cpu_online+0xa0/0xa0 [ 384.789108][ T9943] bpf_prog_test_run+0x31e/0x390 [ 384.794071][ T9943] __sys_bpf+0x593/0x6d0 [ 384.798338][ T9943] ? bpf_link_show_fdinfo+0x340/0x340 [ 384.803739][ T9943] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 384.809944][ T9943] __x64_sys_bpf+0x78/0x90 [ 384.814475][ T9943] do_syscall_64+0x4c/0xa0 [ 384.818903][ T9943] ? clear_bhb_loop+0x60/0xb0 [ 384.823606][ T9943] ? clear_bhb_loop+0x60/0xb0 [ 384.828292][ T9943] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 384.834293][ T9943] RIP: 0033:0x7f4400d8ebe9 [ 384.838726][ T9943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.858350][ T9943] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 384.866775][ T9943] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 384.874756][ T9943] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 384.882737][ T9943] RBP: 00007f4401c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 384.890719][ T9943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.898707][ T9943] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 384.906720][ T9943] [ 385.157682][ T9947] netlink: 'syz.2.1569': attribute type 21 has an invalid length. [ 385.802293][ T9968] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1574'. [ 385.824772][ T9968] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 385.831881][ T9968] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 387.417012][T10010] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1592'. [ 387.441851][T10013] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 387.448380][T10013] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 388.145108][T10026] netlink: 'syz.4.1599': attribute type 10 has an invalid length. [ 388.983849][T10046] netlink: 'syz.3.1606': attribute type 21 has an invalid length. [ 390.437480][T10069] netlink: 'syz.0.1615': attribute type 10 has an invalid length. [ 391.203521][T10086] device syzkaller0 entered promiscuous mode [ 391.237415][ T5467] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 391.339638][T10075] netlink: 'syz.1.1618': attribute type 39 has an invalid length. [ 391.557658][T10101] netlink: 'syz.2.1629': attribute type 2 has an invalid length. [ 391.570233][T10101] netlink: 'syz.2.1629': attribute type 1 has an invalid length. [ 392.079634][T10116] netlink: 'syz.0.1636': attribute type 4 has an invalid length. [ 392.152557][T10116] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1636'. [ 392.180838][T10119] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.1636'. [ 392.219234][T10116] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 392.610190][T10132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1640'. [ 393.433328][T10151] device syzkaller0 entered promiscuous mode [ 393.607695][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 393.694446][T10151] netlink: 'syz.2.1646': attribute type 39 has an invalid length. [ 394.031527][T10168] netlink: 'syz.0.1655': attribute type 10 has an invalid length. [ 394.053840][T10168] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1655'. [ 394.068848][T10168] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 394.110942][T10169] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1657'. [ 394.153920][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 395.241177][T10211] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.1676'. [ 395.454127][T10211] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 395.475677][T10211] CPU: 0 PID: 10211 Comm: syz.1.1676 Not tainted 6.1.148-syzkaller #0 [ 395.483933][T10211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 395.494044][T10211] Call Trace: [ 395.497381][T10211] [ 395.500364][T10211] dump_stack_lvl+0x168/0x22e [ 395.505125][T10211] ? show_regs_print_info+0x12/0x12 [ 395.510422][T10211] ? load_image+0x3b0/0x3b0 [ 395.515035][T10211] sysfs_warn_dup+0x8a/0xa0 [ 395.519600][T10211] sysfs_do_create_link_sd+0xc0/0x110 [ 395.525059][T10211] device_add+0x7ed/0xfb0 [ 395.529474][T10211] wiphy_register+0x1e68/0x2bd0 [ 395.534425][T10211] ? cfg80211_event_work+0x40/0x40 [ 395.539576][T10211] ? minstrel_ht_alloc+0x894/0xa20 [ 395.544754][T10211] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 395.550876][T10211] ieee80211_register_hw+0x2c29/0x38c0 [ 395.556401][T10211] ? ieee80211_register_hw+0xe91/0x38c0 [ 395.561994][T10211] ? ieee80211_register_hw+0xe91/0x38c0 [ 395.567594][T10211] ? ieee80211_tasklet_handler+0x20/0x20 [ 395.573321][T10211] ? memset+0x1e/0x40 [ 395.577370][T10211] ? __hrtimer_init+0x186/0x270 [ 395.582273][T10211] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 395.588134][T10211] hwsim_new_radio_nl+0xafa/0xce0 [ 395.593247][T10211] genl_family_rcv_msg_doit+0x22e/0x320 [ 395.598849][T10211] ? end_current_label_crit_section+0x170/0x170 [ 395.605151][T10211] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 395.611140][T10211] ? bpf_lsm_capable+0x5/0x10 [ 395.615878][T10211] ? security_capable+0x85/0xb0 [ 395.620791][T10211] genl_rcv_msg+0x5f2/0x780 [ 395.625373][T10211] ? genl_bind+0x350/0x350 [ 395.629831][T10211] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 395.636252][T10211] netlink_rcv_skb+0x1de/0x420 [ 395.641096][T10211] ? genl_bind+0x350/0x350 [ 395.645571][T10211] ? netlink_ack+0x1100/0x1100 [ 395.650431][T10211] ? down_read+0x1a8/0x2d0 [ 395.654920][T10211] genl_rcv+0x24/0x40 [ 395.658956][T10211] netlink_unicast+0x74d/0x8d0 [ 395.663798][T10211] netlink_sendmsg+0x89e/0xbc0 [ 395.668638][T10211] ? netlink_getsockopt+0x540/0x540 [ 395.673889][T10211] ? aa_sock_msg_perm+0x94/0x150 [ 395.678876][T10211] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 395.684197][T10211] ? security_socket_sendmsg+0x7c/0xa0 [ 395.689706][T10211] ? netlink_getsockopt+0x540/0x540 [ 395.694940][T10211] ____sys_sendmsg+0x59b/0x970 [ 395.699774][T10211] ? __sys_sendmsg_sock+0x30/0x30 [ 395.704828][T10211] ? __import_iovec+0x315/0x500 [ 395.709748][T10211] ? import_iovec+0x6f/0xa0 [ 395.714313][T10211] ___sys_sendmsg+0x21c/0x290 [ 395.719037][T10211] ? __sys_sendmsg+0x270/0x270 [ 395.723974][T10211] ? __fdget+0x17c/0x200 [ 395.728272][T10211] __se_sys_sendmsg+0x19e/0x270 [ 395.733169][T10211] ? __x64_sys_sendmsg+0x80/0x80 [ 395.738208][T10211] ? lockdep_hardirqs_on+0x94/0x140 [ 395.743479][T10211] do_syscall_64+0x4c/0xa0 [ 395.747936][T10211] ? clear_bhb_loop+0x60/0xb0 [ 395.752654][T10211] ? clear_bhb_loop+0x60/0xb0 [ 395.757386][T10211] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 395.763336][T10211] RIP: 0033:0x7f4400d8ebe9 [ 395.767792][T10211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.787437][T10211] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 395.795896][T10211] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 395.803901][T10211] RDX: 0000000009000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 395.811905][T10211] RBP: 00007f4400e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 395.819904][T10211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 395.827908][T10211] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 395.835969][T10211] [ 395.842278][ T7628] wlan1: Trigger new scan to find an IBSS to join [ 396.049018][T10206] device syzkaller0 entered promiscuous mode [ 396.069752][ T5467] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 396.254836][T10206] netlink: 'syz.4.1673': attribute type 39 has an invalid length. [ 396.755728][T10234] netlink: 'syz.1.1684': attribute type 10 has an invalid length. [ 396.824863][T10234] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1684'. [ 397.354652][T10247] netlink: 'syz.1.1689': attribute type 4 has an invalid length. [ 397.379162][T10247] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1689'. [ 397.677748][T10247] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 398.196398][T10269] netlink: 'syz.4.1698': attribute type 10 has an invalid length. [ 398.222763][T10269] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1698'. [ 398.260846][T10269] bridge0: port 1(team0) entered disabled state [ 398.280128][T10269] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 398.700630][T10283] netlink: 'syz.2.1703': attribute type 39 has an invalid length. [ 398.924631][T10297] FAULT_INJECTION: forcing a failure. [ 398.924631][T10297] name failslab, interval 1, probability 0, space 0, times 0 [ 398.952958][T10297] CPU: 0 PID: 10297 Comm: syz.2.1708 Not tainted 6.1.148-syzkaller #0 [ 398.961197][T10297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 398.971301][T10297] Call Trace: [ 398.974619][T10297] [ 398.977579][T10297] dump_stack_lvl+0x168/0x22e [ 398.982302][T10297] ? sctp_sendmsg+0x15ff/0x2980 [ 398.987205][T10297] ? ___sys_sendmsg+0x21c/0x290 [ 398.992103][T10297] ? show_regs_print_info+0x12/0x12 [ 398.997341][T10297] ? load_image+0x3b0/0x3b0 [ 399.001906][T10297] should_fail_ex+0x399/0x4d0 [ 399.006634][T10297] should_failslab+0x5/0x20 [ 399.011182][T10297] slab_pre_alloc_hook+0x59/0x310 [ 399.016248][T10297] ? sctp_add_bind_addr+0x89/0x350 [ 399.021397][T10297] __kmem_cache_alloc_node+0x4f/0x260 [ 399.026806][T10297] ? sctp_add_bind_addr+0x89/0x350 [ 399.031956][T10297] kmalloc_trace+0x26/0xe0 [ 399.036427][T10297] sctp_add_bind_addr+0x89/0x350 [ 399.041442][T10297] sctp_copy_local_addr_list+0x308/0x4d0 [ 399.047105][T10297] ? sctp_copy_local_addr_list+0x98/0x4d0 [ 399.052849][T10297] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 399.058941][T10297] ? sctp_v4_is_any+0x31/0x50 [ 399.063638][T10297] ? sctp_copy_one_addr+0x93/0x660 [ 399.068775][T10297] sctp_bind_addr_copy+0xaf/0x3c0 [ 399.073815][T10297] ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190 [ 399.080176][T10297] sctp_connect_new_asoc+0x2d6/0x690 [ 399.085489][T10297] ? __sctp_connect+0xd20/0xd20 [ 399.090353][T10297] ? __local_bh_enable_ip+0x12a/0x1b0 [ 399.095749][T10297] ? lock_sock_nested+0x66/0x100 [ 399.100700][T10297] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 399.106253][T10297] ? security_sctp_bind_connect+0x85/0xb0 [ 399.112030][T10297] sctp_sendmsg+0x15ff/0x2980 [ 399.116737][T10297] ? sctp_getsockopt+0x8a0/0x8a0 [ 399.121690][T10297] ? aa_af_perm+0x2b0/0x2b0 [ 399.126208][T10297] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 399.132645][T10297] ? inet_sendmsg+0xe5/0x2f0 [ 399.137250][T10297] ? inet_send_prepare+0x260/0x260 [ 399.142384][T10297] ____sys_sendmsg+0x59b/0x970 [ 399.147175][T10297] ? __sys_sendmsg_sock+0x30/0x30 [ 399.152209][T10297] ? __import_iovec+0x315/0x500 [ 399.157091][T10297] ? import_iovec+0x6f/0xa0 [ 399.161612][T10297] ___sys_sendmsg+0x21c/0x290 [ 399.166305][T10297] ? __sys_sendmsg+0x270/0x270 [ 399.171099][T10297] ? __lock_acquire+0x7c50/0x7c50 [ 399.176157][T10297] ? __fdget+0x17c/0x200 [ 399.180440][T10297] __se_sys_sendmsg+0x19e/0x270 [ 399.185313][T10297] ? __x64_sys_sendmsg+0x80/0x80 [ 399.190279][T10297] ? lockdep_hardirqs_on+0x94/0x140 [ 399.195498][T10297] do_syscall_64+0x4c/0xa0 [ 399.199924][T10297] ? clear_bhb_loop+0x60/0xb0 [ 399.204606][T10297] ? clear_bhb_loop+0x60/0xb0 [ 399.209302][T10297] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 399.215219][T10297] RIP: 0033:0x7fedb4f8ebe9 [ 399.219652][T10297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.239279][T10297] RSP: 002b:00007fedb5d40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 399.247706][T10297] RAX: ffffffffffffffda RBX: 00007fedb51b5fa0 RCX: 00007fedb4f8ebe9 [ 399.255692][T10297] RDX: 0000000000008050 RSI: 0000200000001e80 RDI: 0000000000000003 [ 399.263670][T10297] RBP: 00007fedb5d40090 R08: 0000000000000000 R09: 0000000000000000 [ 399.271651][T10297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 399.279629][T10297] R13: 00007fedb51b6038 R14: 00007fedb51b5fa0 R15: 00007ffe1fb5b468 [ 399.287628][T10297] [ 399.430921][T10306] bond0: (slave team0): Error: Slave device does not support XDP [ 399.748131][ T5498] wlan1: Trigger new scan to find an IBSS to join [ 400.282942][T10328] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1717'. [ 400.340344][T10329] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 400.346843][T10329] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 400.556495][T10327] netlink: 'syz.0.1718': attribute type 39 has an invalid length. [ 400.747653][ T5654] wlan1: Creating new IBSS network, BSSID 1a:ac:42:aa:e4:90 [ 401.778062][T10357] netlink: 'syz.1.1728': attribute type 39 has an invalid length. [ 402.229091][T10368] netlink: 'syz.2.1733': attribute type 4 has an invalid length. [ 402.245946][T10368] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1733'. [ 402.394387][T10368] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 402.605772][T10374] netlink: 'syz.3.1732': attribute type 39 has an invalid length. [ 402.761077][T10377] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 403.384754][T10399] netlink: 'syz.2.1745': attribute type 21 has an invalid length. [ 403.424755][T10399] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1745'. [ 406.606937][T10416] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1749'. [ 406.631743][T10417] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 406.638281][T10417] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 406.795528][T10413] netlink: 'syz.4.1751': attribute type 10 has an invalid length. [ 406.875092][T10413] device hsr0 entered promiscuous mode [ 406.980460][T10413] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 407.100197][T10413] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 407.117280][T10413] bond0: (slave hsr0): Error -95 calling set_mac_address [ 408.503807][T10449] device syzkaller0 left promiscuous mode [ 408.730370][T10453] netlink: 'syz.4.1762': attribute type 10 has an invalid length. [ 408.759244][T10453] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1762'. [ 409.033928][T10463] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1764'. [ 409.161665][T10469] netlink: 16399 bytes leftover after parsing attributes in process `syz.4.1767'. [ 411.448981][T10490] netlink: 'syz.2.1777': attribute type 10 has an invalid length. [ 411.460625][T10490] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1777'. [ 412.398340][T10496] netlink: 'syz.2.1779': attribute type 10 has an invalid length. [ 412.412944][T10496] device hsr0 entered promiscuous mode [ 412.424833][T10496] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 412.916068][T10510] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1783'. [ 413.942576][T10541] netlink: 'syz.3.1795': attribute type 10 has an invalid length. [ 413.963893][T10541] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1795'. [ 414.673516][T10552] netlink: 'syz.2.1800': attribute type 10 has an invalid length. [ 414.729441][T10552] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 414.761800][T10552] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 414.778656][T10552] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 414.791569][T10552] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 417.613142][T10593] netlink: 'syz.4.1812': attribute type 10 has an invalid length. [ 417.648086][T10593] wlan1: mtu less than device minimum [ 417.669346][T10593] bond0: (slave wlan1): Error -22 calling dev_set_mtu [ 417.774462][T10599] netlink: 'syz.3.1815': attribute type 10 has an invalid length. [ 418.701384][T10611] netlink: 'syz.2.1820': attribute type 10 has an invalid length. [ 418.787150][T10611] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1820'. [ 419.536843][T10637] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1828'. [ 420.018256][T10650] netlink: 'syz.3.1834': attribute type 10 has an invalid length. [ 420.045710][T10650] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1834'. [ 420.071016][T10650] device bond0 entered promiscuous mode [ 420.091586][T10650] device bond_slave_0 entered promiscuous mode [ 420.098758][T10653] FAULT_INJECTION: forcing a failure. [ 420.098758][T10653] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.113733][T10650] device bond_slave_1 entered promiscuous mode [ 420.144745][T10650] device team0 entered promiscuous mode [ 420.163541][T10653] CPU: 1 PID: 10653 Comm: syz.2.1835 Not tainted 6.1.148-syzkaller #0 [ 420.171783][T10653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 420.173270][T10650] device team_slave_0 entered promiscuous mode [ 420.181853][T10653] Call Trace: [ 420.181869][T10653] [ 420.181879][T10653] dump_stack_lvl+0x168/0x22e [ 420.181910][T10653] ? show_regs_print_info+0x12/0x12 [ 420.181931][T10653] ? load_image+0x3b0/0x3b0 [ 420.181962][T10653] ? __lock_acquire+0x7c50/0x7c50 [ 420.181990][T10653] ? cap_capable+0x195/0x230 [ 420.182025][T10653] should_fail_ex+0x399/0x4d0 [ 420.223368][T10653] _copy_from_user+0x2c/0x170 [ 420.228091][T10653] __sys_bpf+0x265/0x6d0 [ 420.232385][T10653] ? bpf_link_show_fdinfo+0x340/0x340 [ 420.237817][T10653] ? lock_chain_count+0x20/0x20 [ 420.242717][T10653] __x64_sys_bpf+0x78/0x90 [ 420.247174][T10653] do_syscall_64+0x4c/0xa0 [ 420.251668][T10653] ? clear_bhb_loop+0x60/0xb0 [ 420.256376][T10653] ? clear_bhb_loop+0x60/0xb0 [ 420.259277][T10650] device team_slave_1 entered promiscuous mode [ 420.261075][T10653] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 420.261111][T10653] RIP: 0033:0x7fedb4f8ebe9 [ 420.261132][T10653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.261152][T10653] RSP: 002b:00007fedb5d40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 420.261176][T10653] RAX: ffffffffffffffda RBX: 00007fedb51b5fa0 RCX: 00007fedb4f8ebe9 [ 420.261192][T10653] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 420.261206][T10653] RBP: 00007fedb5d40090 R08: 0000000000000000 R09: 0000000000000000 [ 420.261220][T10653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.261233][T10653] R13: 00007fedb51b6038 R14: 00007fedb51b5fa0 R15: 00007ffe1fb5b468 [ 420.261265][T10653] [ 420.502284][T10650] device netdevsim0 entered promiscuous mode [ 420.614086][T10650] 8021q: adding VLAN 0 to HW filter on device bond0 [ 420.653527][T10659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1838'. [ 421.468625][T10684] netlink: 22 bytes leftover after parsing attributes in process `syz.0.1844'. [ 421.529616][T10684] openvswitch: netlink: Flow key attr not present in new flow. [ 421.797759][T10695] device syzkaller0 entered promiscuous mode [ 421.960885][T10702] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1848'. [ 422.023576][T10703] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 422.659568][T10711] netlink: 'syz.1.1852': attribute type 10 has an invalid length. [ 422.751343][T10711] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1852'. [ 423.335804][T10733] netlink: 'syz.2.1860': attribute type 10 has an invalid length. [ 423.785515][T10748] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1864'. [ 424.007124][T10754] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 424.754246][T10771] netlink: 'syz.4.1873': attribute type 10 has an invalid length. [ 424.770589][T10771] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port [ 425.458159][T10790] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1879'. [ 425.551772][T10791] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 426.226912][T10809] netlink: 'syz.0.1885': attribute type 39 has an invalid length. [ 426.713052][T10814] netlink: 22 bytes leftover after parsing attributes in process `syz.4.1887'. [ 426.732002][T10814] openvswitch: netlink: Flow key attr not present in new flow. [ 427.868088][T10851] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1896'. [ 428.870071][T10866] netlink: 'syz.1.1900': attribute type 4 has an invalid length. [ 428.887692][T10866] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1900'. [ 428.927804][T10866] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 429.040750][T10869] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1902'. [ 429.101927][T10869] openvswitch: netlink: Flow key attr not present in new flow. [ 429.489212][T10890] netlink: 'syz.4.1909': attribute type 8 has an invalid length. [ 429.513120][T10890] netlink: 399 bytes leftover after parsing attributes in process `syz.4.1909'. [ 430.218321][T10908] FAULT_INJECTION: forcing a failure. [ 430.218321][T10908] name failslab, interval 1, probability 0, space 0, times 0 [ 430.237637][T10908] CPU: 1 PID: 10908 Comm: syz.1.1913 Not tainted 6.1.148-syzkaller #0 [ 430.245876][T10908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 430.256061][T10908] Call Trace: [ 430.259374][T10908] [ 430.262345][T10908] dump_stack_lvl+0x168/0x22e [ 430.267064][T10908] ? sctp_sendmsg+0x15ff/0x2980 [ 430.271958][T10908] ? ___sys_sendmsg+0x21c/0x290 [ 430.276858][T10908] ? show_regs_print_info+0x12/0x12 [ 430.282103][T10908] ? load_image+0x3b0/0x3b0 [ 430.286671][T10908] should_fail_ex+0x399/0x4d0 [ 430.291444][T10908] should_failslab+0x5/0x20 [ 430.296001][T10908] slab_pre_alloc_hook+0x59/0x310 [ 430.301065][T10908] ? sctp_add_bind_addr+0x89/0x350 [ 430.306218][T10908] __kmem_cache_alloc_node+0x4f/0x260 [ 430.311635][T10908] ? sctp_add_bind_addr+0x89/0x350 [ 430.316893][T10908] kmalloc_trace+0x26/0xe0 [ 430.321350][T10908] sctp_add_bind_addr+0x89/0x350 [ 430.326320][T10908] sctp_copy_local_addr_list+0x308/0x4d0 [ 430.332171][T10908] ? sctp_copy_local_addr_list+0x98/0x4d0 [ 430.337939][T10908] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 430.344056][T10908] ? sctp_v4_is_any+0x31/0x50 [ 430.348776][T10908] ? sctp_copy_one_addr+0x93/0x660 [ 430.353943][T10908] sctp_bind_addr_copy+0xaf/0x3c0 [ 430.359058][T10908] ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190 [ 430.365472][T10908] sctp_connect_new_asoc+0x2d6/0x690 [ 430.370804][T10908] ? __sctp_connect+0xd20/0xd20 [ 430.375707][T10908] ? __local_bh_enable_ip+0x12a/0x1b0 [ 430.381218][T10908] ? lock_sock_nested+0x66/0x100 [ 430.386241][T10908] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 430.391823][T10908] ? security_sctp_bind_connect+0x85/0xb0 [ 430.397602][T10908] sctp_sendmsg+0x15ff/0x2980 [ 430.402354][T10908] ? sctp_getsockopt+0x8a0/0x8a0 [ 430.407338][T10908] ? aa_af_perm+0x2b0/0x2b0 [ 430.411884][T10908] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 430.418442][T10908] ? inet_sendmsg+0xe5/0x2f0 [ 430.423079][T10908] ? inet_send_prepare+0x260/0x260 [ 430.428233][T10908] ____sys_sendmsg+0x59b/0x970 [ 430.433053][T10908] ? __sys_sendmsg_sock+0x30/0x30 [ 430.438118][T10908] ? __import_iovec+0x315/0x500 [ 430.443031][T10908] ? import_iovec+0x6f/0xa0 [ 430.447588][T10908] ___sys_sendmsg+0x21c/0x290 [ 430.452312][T10908] ? __sys_sendmsg+0x270/0x270 [ 430.457141][T10908] ? __lock_acquire+0x7c50/0x7c50 [ 430.462231][T10908] ? __fdget+0x17c/0x200 [ 430.466529][T10908] __se_sys_sendmsg+0x19e/0x270 [ 430.471467][T10908] ? __x64_sys_sendmsg+0x80/0x80 [ 430.476476][T10908] ? lockdep_hardirqs_on+0x94/0x140 [ 430.481748][T10908] do_syscall_64+0x4c/0xa0 [ 430.486207][T10908] ? clear_bhb_loop+0x60/0xb0 [ 430.490914][T10908] ? clear_bhb_loop+0x60/0xb0 [ 430.495614][T10908] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 430.501638][T10908] RIP: 0033:0x7f4400d8ebe9 [ 430.506067][T10908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.525693][T10908] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 430.534129][T10908] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 430.542123][T10908] RDX: 0000000000008050 RSI: 0000200000001e80 RDI: 0000000000000003 [ 430.550206][T10908] RBP: 00007f4401c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 430.558276][T10908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 430.566342][T10908] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 430.574337][T10908] [ 433.022555][T10940] netlink: 'syz.3.1926': attribute type 4 has an invalid length. [ 433.070725][T10940] netlink: 'syz.3.1926': attribute type 1 has an invalid length. [ 433.083774][T10940] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.1926'. [ 433.599490][T10953] netlink: 'syz.3.1930': attribute type 10 has an invalid length. [ 433.636773][T10953] device dummy0 entered promiscuous mode [ 433.659886][T10953] team0: Port device dummy0 added [ 434.104229][T10961] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 434.198566][T10961] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 434.252262][T10969] device syzkaller0 left promiscuous mode [ 434.313218][T10971] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1936'. [ 434.479278][T10973] netlink: 194236 bytes leftover after parsing attributes in process `syz.1.1937'. [ 434.515122][T10975] netlink: 'syz.0.1940': attribute type 10 has an invalid length. [ 434.528046][T10973] netlink: zone id is out of range [ 434.548314][T10973] netlink: zone id is out of range [ 434.566531][T10973] netlink: zone id is out of range [ 434.571884][T10973] netlink: get zone limit has 8 unknown bytes [ 434.896422][T10989] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1941'. [ 434.977327][T10988] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1942'. [ 434.997274][T10994] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 435.912096][T11014] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 435.967263][T11014] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 436.351888][T11029] netlink: 'syz.1.1955': attribute type 4 has an invalid length. [ 436.378259][T11029] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1955'. [ 436.464874][T11029] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1955'. [ 436.482778][T11029] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 436.769429][T11043] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1957'. [ 439.263441][T11055] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 439.303992][T11055] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 439.912959][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.920841][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.640393][T11082] FAULT_INJECTION: forcing a failure. [ 441.640393][T11082] name failslab, interval 1, probability 0, space 0, times 0 [ 441.655554][T11082] CPU: 0 PID: 11082 Comm: syz.1.1973 Not tainted 6.1.148-syzkaller #0 [ 441.663768][T11082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 441.673867][T11082] Call Trace: [ 441.677185][T11082] [ 441.680169][T11082] dump_stack_lvl+0x168/0x22e [ 441.684910][T11082] ? show_regs_print_info+0x12/0x12 [ 441.690167][T11082] ? load_image+0x3b0/0x3b0 [ 441.694739][T11082] ? __might_sleep+0xd0/0xd0 [ 441.699399][T11082] ? __lock_acquire+0x7c50/0x7c50 [ 441.704479][T11082] ? ct_irq_exit_irqson+0xfa/0x160 [ 441.709655][T11082] should_fail_ex+0x399/0x4d0 [ 441.714392][T11082] should_failslab+0x5/0x20 [ 441.718944][T11082] slab_pre_alloc_hook+0x59/0x310 [ 441.723996][T11082] ? exc_page_fault+0x88/0x100 [ 441.728780][T11082] ? sk_prot_alloc+0xe7/0x210 [ 441.733484][T11082] __kmem_cache_alloc_node+0x4f/0x260 [ 441.738877][T11082] ? exc_page_fault+0x88/0x100 [ 441.743676][T11082] ? sk_prot_alloc+0xe7/0x210 [ 441.748383][T11082] __kmalloc+0xa0/0x240 [ 441.752569][T11082] sk_prot_alloc+0xe7/0x210 [ 441.757105][T11082] ? sk_alloc+0x20/0x340 [ 441.761373][T11082] sk_alloc+0x36/0x340 [ 441.765465][T11082] ? bpf_ctx_init+0x163/0x1a0 [ 441.770182][T11082] ? bpf_prog_test_run_skb+0x267/0x11b0 [ 441.775807][T11082] bpf_prog_test_run_skb+0x350/0x11b0 [ 441.781205][T11082] ? __fget_files+0x28/0x4d0 [ 441.785824][T11082] ? __fget_files+0x44a/0x4d0 [ 441.790531][T11082] ? cpu_online+0xa0/0xa0 [ 441.794887][T11082] bpf_prog_test_run+0x31e/0x390 [ 441.799852][T11082] __sys_bpf+0x593/0x6d0 [ 441.804126][T11082] ? bpf_link_show_fdinfo+0x340/0x340 [ 441.809538][T11082] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 441.815728][T11082] __x64_sys_bpf+0x78/0x90 [ 441.820172][T11082] do_syscall_64+0x4c/0xa0 [ 441.824610][T11082] ? clear_bhb_loop+0x60/0xb0 [ 441.829304][T11082] ? clear_bhb_loop+0x60/0xb0 [ 441.834010][T11082] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 441.839943][T11082] RIP: 0033:0x7f4400d8ebe9 [ 441.844372][T11082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.864081][T11082] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 441.872535][T11082] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 441.880543][T11082] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 441.888537][T11082] RBP: 00007f4401c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 441.896565][T11082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.904681][T11082] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 441.912807][T11082] [ 442.476942][T11093] netlink: 'syz.2.1977': attribute type 4 has an invalid length. [ 442.484940][T11093] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1977'. [ 442.495264][T11093] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 443.439369][T11109] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1983'. [ 443.889275][T11115] FAULT_INJECTION: forcing a failure. [ 443.889275][T11115] name failslab, interval 1, probability 0, space 0, times 0 [ 443.915622][T11112] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1984'. [ 443.926675][T11115] CPU: 1 PID: 11115 Comm: syz.4.1985 Not tainted 6.1.148-syzkaller #0 [ 443.934889][T11115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 443.945005][T11115] Call Trace: [ 443.948296][T11115] [ 443.951257][T11115] dump_stack_lvl+0x168/0x22e [ 443.956047][T11115] ? show_regs_print_info+0x12/0x12 [ 443.961268][T11115] ? load_image+0x3b0/0x3b0 [ 443.965799][T11115] ? __might_sleep+0xd0/0xd0 [ 443.970417][T11115] ? __lock_acquire+0x7c50/0x7c50 [ 443.975466][T11115] should_fail_ex+0x399/0x4d0 [ 443.980169][T11115] should_failslab+0x5/0x20 [ 443.984695][T11115] slab_pre_alloc_hook+0x59/0x310 [ 443.989739][T11115] ? tomoyo_realpath_from_path+0xdf/0x5d0 [ 443.995499][T11115] __kmem_cache_alloc_node+0x4f/0x260 [ 444.000981][T11115] ? tomoyo_realpath_from_path+0xdf/0x5d0 [ 444.006721][T11115] __kmalloc+0xa0/0x240 [ 444.010903][T11115] tomoyo_realpath_from_path+0xdf/0x5d0 [ 444.016482][T11115] tomoyo_path_number_perm+0x1e3/0x600 [ 444.021957][T11115] ? tomoyo_path_number_perm+0x1b6/0x600 [ 444.027610][T11115] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 444.033089][T11115] ? ksys_write+0x1bd/0x240 [ 444.037617][T11115] ? common_file_perm+0x171/0x1c0 [ 444.042700][T11115] ? __fget_files+0x28/0x4d0 [ 444.047366][T11115] security_file_ioctl+0x6c/0xa0 [ 444.052326][T11115] __se_sys_ioctl+0x48/0x170 [ 444.056948][T11115] do_syscall_64+0x4c/0xa0 [ 444.061380][T11115] ? clear_bhb_loop+0x60/0xb0 [ 444.066071][T11115] ? clear_bhb_loop+0x60/0xb0 [ 444.070761][T11115] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 444.076684][T11115] RIP: 0033:0x7fbaa9b8ebe9 [ 444.081202][T11115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.100910][T11115] RSP: 002b:00007fbaaaa00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 444.109381][T11115] RAX: ffffffffffffffda RBX: 00007fbaa9db5fa0 RCX: 00007fbaa9b8ebe9 [ 444.117372][T11115] RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000003 [ 444.125373][T11115] RBP: 00007fbaaaa00090 R08: 0000000000000000 R09: 0000000000000000 [ 444.133361][T11115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.141378][T11115] R13: 00007fbaa9db6038 R14: 00007fbaa9db5fa0 R15: 00007ffc6cd3f978 [ 444.149379][T11115] [ 444.157700][T11115] ERROR: Out of memory at tomoyo_realpath_from_path. [ 444.215562][T11112] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1984'. [ 444.295813][T11116] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1984'. [ 444.315857][T11119] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1984'. [ 444.580933][T11125] device syzkaller0 entered promiscuous mode [ 444.894429][T11133] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1990'. [ 446.098743][ T4277] Bluetooth: hci3: ISO packet for unknown connection handle 2622 [ 446.484982][T11169] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2003'. [ 446.536877][T11169] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 446.544030][T11169] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 447.278954][T11190] netlink: 'syz.4.2009': attribute type 10 has an invalid length. [ 447.299228][T11190] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port [ 447.367309][T11192] device syzkaller0 left promiscuous mode [ 447.869270][T11209] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2016'. [ 448.127715][T11210] netlink: 'syz.4.2018': attribute type 1 has an invalid length. [ 448.197950][T11210] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.2018'. [ 448.313924][T11216] netlink: 'syz.4.2018': attribute type 10 has an invalid length. [ 448.363594][T11216] team0: Device ipvlan1 failed to register rx_handler [ 448.386235][T11225] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 448.657462][T11222] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2021'. [ 451.291548][T11279] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.2038'. [ 451.324991][T11280] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2037'. [ 451.369065][T11279] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 453.951162][T11322] FAULT_INJECTION: forcing a failure. [ 453.951162][T11322] name failslab, interval 1, probability 0, space 0, times 0 [ 453.964325][T11322] CPU: 0 PID: 11322 Comm: syz.3.2054 Not tainted 6.1.148-syzkaller #0 [ 453.972540][T11322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 453.982631][T11322] Call Trace: [ 453.985935][T11322] [ 453.988902][T11322] dump_stack_lvl+0x168/0x22e [ 453.993614][T11322] ? sctp_sendmsg+0x15ff/0x2980 [ 453.998507][T11322] ? ___sys_sendmsg+0x21c/0x290 [ 454.003380][T11322] ? show_regs_print_info+0x12/0x12 [ 454.008594][T11322] ? load_image+0x3b0/0x3b0 [ 454.013128][T11322] should_fail_ex+0x399/0x4d0 [ 454.017840][T11322] should_failslab+0x5/0x20 [ 454.022374][T11322] slab_pre_alloc_hook+0x59/0x310 [ 454.027410][T11322] ? sctp_add_bind_addr+0x89/0x350 [ 454.032669][T11322] __kmem_cache_alloc_node+0x4f/0x260 [ 454.038097][T11322] ? sctp_add_bind_addr+0x89/0x350 [ 454.043236][T11322] kmalloc_trace+0x26/0xe0 [ 454.047677][T11322] sctp_add_bind_addr+0x89/0x350 [ 454.052637][T11322] sctp_copy_local_addr_list+0x308/0x4d0 [ 454.058286][T11322] ? sctp_copy_local_addr_list+0x98/0x4d0 [ 454.064022][T11322] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 454.070112][T11322] ? sctp_v4_is_any+0x31/0x50 [ 454.074800][T11322] ? sctp_copy_one_addr+0x93/0x660 [ 454.079929][T11322] sctp_bind_addr_copy+0xaf/0x3c0 [ 454.084969][T11322] ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190 [ 454.091317][T11322] sctp_connect_new_asoc+0x2d6/0x690 [ 454.096622][T11322] ? __sctp_connect+0xd20/0xd20 [ 454.101515][T11322] ? __local_bh_enable_ip+0x12a/0x1b0 [ 454.106914][T11322] ? lock_sock_nested+0x66/0x100 [ 454.111866][T11322] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 454.117431][T11322] ? security_sctp_bind_connect+0x85/0xb0 [ 454.123170][T11322] sctp_sendmsg+0x15ff/0x2980 [ 454.127872][T11322] ? sctp_getsockopt+0x8a0/0x8a0 [ 454.132824][T11322] ? aa_af_perm+0x2b0/0x2b0 [ 454.137344][T11322] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 454.143777][T11322] ? inet_sendmsg+0xe5/0x2f0 [ 454.148382][T11322] ? inet_send_prepare+0x260/0x260 [ 454.153515][T11322] ____sys_sendmsg+0x59b/0x970 [ 454.158309][T11322] ? __sys_sendmsg_sock+0x30/0x30 [ 454.163342][T11322] ? __import_iovec+0x315/0x500 [ 454.168241][T11322] ? import_iovec+0x6f/0xa0 [ 454.172798][T11322] ___sys_sendmsg+0x21c/0x290 [ 454.177494][T11322] ? __sys_sendmsg+0x270/0x270 [ 454.182289][T11322] ? __lock_acquire+0x7c50/0x7c50 [ 454.187344][T11322] ? __fdget+0x17c/0x200 [ 454.191604][T11322] __se_sys_sendmsg+0x19e/0x270 [ 454.196473][T11322] ? __x64_sys_sendmsg+0x80/0x80 [ 454.201434][T11322] ? lockdep_hardirqs_on+0x94/0x140 [ 454.206667][T11322] do_syscall_64+0x4c/0xa0 [ 454.211099][T11322] ? clear_bhb_loop+0x60/0xb0 [ 454.215788][T11322] ? clear_bhb_loop+0x60/0xb0 [ 454.220500][T11322] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 454.226420][T11322] RIP: 0033:0x7f31fbd8ebe9 [ 454.230846][T11322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.250483][T11322] RSP: 002b:00007f31fcbd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 454.258910][T11322] RAX: ffffffffffffffda RBX: 00007f31fbfb5fa0 RCX: 00007f31fbd8ebe9 [ 454.266890][T11322] RDX: 0000000000008050 RSI: 0000200000001e80 RDI: 0000000000000003 [ 454.274875][T11322] RBP: 00007f31fcbd6090 R08: 0000000000000000 R09: 0000000000000000 [ 454.282865][T11322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 454.290848][T11322] R13: 00007f31fbfb6038 R14: 00007f31fbfb5fa0 R15: 00007ffeaee90118 [ 454.298844][T11322] [ 454.711364][T11297] netlink: 'syz.4.2045': attribute type 4 has an invalid length. [ 454.723142][T11297] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2045'. [ 454.732771][T11297] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 454.929403][T11336] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2057'. [ 454.976785][T11337] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2058'. [ 457.179226][T11388] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2074'. [ 457.359466][T11394] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2075'. [ 463.172107][T11437] device ipvlan0 entered promiscuous mode [ 463.182710][T11443] netlink: 'syz.3.2090': attribute type 10 has an invalid length. [ 463.194739][T11443] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2090'. [ 463.204179][T11452] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2094'. [ 464.430657][T11472] netlink: 16399 bytes leftover after parsing attributes in process `syz.3.2100'. [ 466.082949][T11491] device syzkaller0 entered promiscuous mode [ 470.103779][T11537] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2125'. [ 470.183036][T11539] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2124'. [ 470.337010][T11545] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2127'. [ 470.379255][T11545] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 470.726893][T11557] netlink: 'syz.2.2132': attribute type 10 has an invalid length. [ 472.336194][T11584] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2141'. [ 472.367511][T11586] netlink: 'syz.2.2142': attribute type 39 has an invalid length. [ 472.628103][T11598] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 472.634637][T11598] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 472.959486][T11595] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2145'. [ 473.478968][T11621] netlink: 'syz.4.2155': attribute type 3 has an invalid length. [ 473.498823][T11621] netlink: 'syz.4.2155': attribute type 4 has an invalid length. [ 473.508085][T11621] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2155'. [ 474.519100][T11638] netlink: 'syz.0.2163': attribute type 39 has an invalid length. [ 475.523103][T11653] netlink: 'syz.0.2168': attribute type 16 has an invalid length. [ 475.568147][T11653] netlink: 'syz.0.2168': attribute type 3 has an invalid length. [ 475.596477][T11653] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2168'. [ 476.890572][T11678] netlink: 'syz.1.2177': attribute type 39 has an invalid length. [ 476.959717][T11682] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 477.250316][T11681] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2176'. [ 477.926429][T11704] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2183'. [ 478.123928][T11708] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.2185'. [ 478.199378][T11708] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 478.232953][T11708] CPU: 0 PID: 11708 Comm: syz.0.2185 Not tainted 6.1.148-syzkaller #0 [ 478.241218][T11708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 478.251343][T11708] Call Trace: [ 478.254696][T11708] [ 478.257697][T11708] dump_stack_lvl+0x168/0x22e [ 478.262551][T11708] ? show_regs_print_info+0x12/0x12 [ 478.267829][T11708] ? load_image+0x3b0/0x3b0 [ 478.272454][T11708] sysfs_warn_dup+0x8a/0xa0 [ 478.277060][T11708] sysfs_do_create_link_sd+0xc0/0x110 [ 478.282550][T11708] device_add+0x7ed/0xfb0 [ 478.287082][T11708] wiphy_register+0x1e68/0x2bd0 [ 478.292063][T11708] ? cfg80211_event_work+0x40/0x40 [ 478.297247][T11708] ? minstrel_ht_alloc+0x894/0xa20 [ 478.302459][T11708] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 478.308637][T11708] ieee80211_register_hw+0x2c29/0x38c0 [ 478.314209][T11708] ? ieee80211_register_hw+0xe91/0x38c0 [ 478.319904][T11708] ? ieee80211_register_hw+0xe91/0x38c0 [ 478.325592][T11708] ? ieee80211_tasklet_handler+0x20/0x20 [ 478.331332][T11708] ? memset+0x1e/0x40 [ 478.335396][T11708] ? __hrtimer_init+0x186/0x270 [ 478.340338][T11708] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 478.346204][T11708] hwsim_new_radio_nl+0xafa/0xce0 [ 478.351358][T11708] genl_family_rcv_msg_doit+0x22e/0x320 [ 478.356988][T11708] ? end_current_label_crit_section+0x170/0x170 [ 478.363327][T11708] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 478.369333][T11708] ? bpf_lsm_capable+0x5/0x10 [ 478.374080][T11708] ? security_capable+0x85/0xb0 [ 478.379027][T11708] genl_rcv_msg+0x5f2/0x780 [ 478.383659][T11708] ? genl_bind+0x350/0x350 [ 478.388238][T11708] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 478.394692][T11708] netlink_rcv_skb+0x1de/0x420 [ 478.399516][T11708] ? genl_bind+0x350/0x350 [ 478.404007][T11708] ? netlink_ack+0x1100/0x1100 [ 478.408893][T11708] ? down_read+0x1a8/0x2d0 [ 478.413390][T11708] genl_rcv+0x24/0x40 [ 478.417460][T11708] netlink_unicast+0x74d/0x8d0 [ 478.422387][T11708] netlink_sendmsg+0x89e/0xbc0 [ 478.427270][T11708] ? netlink_getsockopt+0x540/0x540 [ 478.432555][T11708] ? aa_sock_msg_perm+0x94/0x150 [ 478.437605][T11708] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 478.442948][T11708] ? security_socket_sendmsg+0x7c/0xa0 [ 478.448492][T11708] ? netlink_getsockopt+0x540/0x540 [ 478.453771][T11708] ____sys_sendmsg+0x59b/0x970 [ 478.458722][T11708] ? __sys_sendmsg_sock+0x30/0x30 [ 478.463840][T11708] ? __import_iovec+0x315/0x500 [ 478.468804][T11708] ? import_iovec+0x6f/0xa0 [ 478.473400][T11708] ___sys_sendmsg+0x21c/0x290 [ 478.478169][T11708] ? __sys_sendmsg+0x270/0x270 [ 478.483169][T11708] ? __fdget+0x17c/0x200 [ 478.487532][T11708] __se_sys_sendmsg+0x19e/0x270 [ 478.492471][T11708] ? __x64_sys_sendmsg+0x80/0x80 [ 478.497543][T11708] ? lockdep_hardirqs_on+0x94/0x140 [ 478.502840][T11708] do_syscall_64+0x4c/0xa0 [ 478.507320][T11708] ? clear_bhb_loop+0x60/0xb0 [ 478.512058][T11708] ? clear_bhb_loop+0x60/0xb0 [ 478.516807][T11708] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 478.522779][T11708] RIP: 0033:0x7f2cdd78ebe9 [ 478.527261][T11708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.546939][T11708] RSP: 002b:00007f2cde62f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 478.555454][T11708] RAX: ffffffffffffffda RBX: 00007f2cdd9b5fa0 RCX: 00007f2cdd78ebe9 [ 478.563583][T11708] RDX: 0000000040000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 478.571656][T11708] RBP: 00007f2cdd811e19 R08: 0000000000000000 R09: 0000000000000000 [ 478.579705][T11708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.587754][T11708] R13: 00007f2cdd9b6038 R14: 00007f2cdd9b5fa0 R15: 00007ffecc24af28 [ 478.595849][T11708] [ 479.052097][T11718] netlink: 'syz.3.2189': attribute type 3 has an invalid length. [ 479.061618][T11718] netlink: 114680 bytes leftover after parsing attributes in process `syz.3.2189'. [ 479.078066][T11722] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2189'. [ 479.091264][T11720] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 479.170586][T11727] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2191'. [ 479.377675][T11733] netlink: 'syz.3.2192': attribute type 39 has an invalid length. [ 480.134206][T11740] netlink: 'syz.1.2197': attribute type 10 has an invalid length. [ 480.159884][T11740] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2197'. [ 480.188980][T11740] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.206193][T11740] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 480.493455][T11751] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2199'. [ 480.514900][T11751] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 480.521888][T11751] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 480.738943][T11755] FAULT_INJECTION: forcing a failure. [ 480.738943][T11755] name failslab, interval 1, probability 0, space 0, times 0 [ 480.753800][T11755] CPU: 1 PID: 11755 Comm: syz.3.2203 Not tainted 6.1.148-syzkaller #0 [ 480.762014][T11755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 480.772118][T11755] Call Trace: [ 480.775430][T11755] [ 480.778388][T11755] dump_stack_lvl+0x168/0x22e [ 480.783109][T11755] ? sctp_sendmsg+0x15ff/0x2980 [ 480.787974][T11755] ? ___sys_sendmsg+0x21c/0x290 [ 480.792861][T11755] ? show_regs_print_info+0x12/0x12 [ 480.798169][T11755] ? load_image+0x3b0/0x3b0 [ 480.802759][T11755] should_fail_ex+0x399/0x4d0 [ 480.807578][T11755] should_failslab+0x5/0x20 [ 480.812130][T11755] slab_pre_alloc_hook+0x59/0x310 [ 480.817200][T11755] ? sctp_add_bind_addr+0x89/0x350 [ 480.822364][T11755] __kmem_cache_alloc_node+0x4f/0x260 [ 480.827756][T11755] ? sctp_add_bind_addr+0x89/0x350 [ 480.832981][T11755] kmalloc_trace+0x26/0xe0 [ 480.837478][T11755] sctp_add_bind_addr+0x89/0x350 [ 480.842448][T11755] sctp_copy_local_addr_list+0x308/0x4d0 [ 480.848121][T11755] ? sctp_copy_local_addr_list+0x98/0x4d0 [ 480.853852][T11755] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 480.859941][T11755] ? sctp_v4_is_any+0x31/0x50 [ 480.864650][T11755] ? sctp_copy_one_addr+0x93/0x660 [ 480.869797][T11755] sctp_bind_addr_copy+0xaf/0x3c0 [ 480.874851][T11755] ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190 [ 480.881203][T11755] sctp_connect_new_asoc+0x2d6/0x690 [ 480.886520][T11755] ? __sctp_connect+0xd20/0xd20 [ 480.891471][T11755] ? __local_bh_enable_ip+0x12a/0x1b0 [ 480.896868][T11755] ? lock_sock_nested+0x66/0x100 [ 480.901818][T11755] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 480.907379][T11755] ? security_sctp_bind_connect+0x85/0xb0 [ 480.913134][T11755] sctp_sendmsg+0x15ff/0x2980 [ 480.917843][T11755] ? sctp_getsockopt+0x8a0/0x8a0 [ 480.922813][T11755] ? aa_af_perm+0x2b0/0x2b0 [ 480.927332][T11755] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 480.933787][T11755] ? inet_sendmsg+0xe5/0x2f0 [ 480.938407][T11755] ? inet_send_prepare+0x260/0x260 [ 480.943545][T11755] ____sys_sendmsg+0x59b/0x970 [ 480.948340][T11755] ? __sys_sendmsg_sock+0x30/0x30 [ 480.953386][T11755] ? __import_iovec+0x315/0x500 [ 480.958285][T11755] ? import_iovec+0x6f/0xa0 [ 480.962818][T11755] ___sys_sendmsg+0x21c/0x290 [ 480.967519][T11755] ? __sys_sendmsg+0x270/0x270 [ 480.972316][T11755] ? __lock_acquire+0x7c50/0x7c50 [ 480.977410][T11755] ? __fdget+0x17c/0x200 [ 480.981674][T11755] __se_sys_sendmsg+0x19e/0x270 [ 480.986541][T11755] ? ct_nmi_exit+0x145/0x1c0 [ 480.991154][T11755] ? __x64_sys_sendmsg+0x80/0x80 [ 480.996123][T11755] ? lockdep_hardirqs_on+0x94/0x140 [ 481.001521][T11755] do_syscall_64+0x4c/0xa0 [ 481.005951][T11755] ? clear_bhb_loop+0x60/0xb0 [ 481.010639][T11755] ? clear_bhb_loop+0x60/0xb0 [ 481.015330][T11755] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 481.021247][T11755] RIP: 0033:0x7f31fbd8ebe9 [ 481.025669][T11755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 481.045315][T11755] RSP: 002b:00007f31fcbd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 481.053830][T11755] RAX: ffffffffffffffda RBX: 00007f31fbfb5fa0 RCX: 00007f31fbd8ebe9 [ 481.061814][T11755] RDX: 0000000000008050 RSI: 0000200000001e80 RDI: 0000000000000003 [ 481.069813][T11755] RBP: 00007f31fcbd6090 R08: 0000000000000000 R09: 0000000000000000 [ 481.077796][T11755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 481.085779][T11755] R13: 00007f31fbfb6038 R14: 00007f31fbfb5fa0 R15: 00007ffeaee90118 [ 481.093773][T11755] [ 481.395703][T11763] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2205'. [ 481.862758][T11778] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2210'. [ 482.751143][T11792] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2213'. [ 486.220810][T11885] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.2246'. [ 486.912599][T11893] netlink: 'syz.2.2257': attribute type 10 has an invalid length. [ 486.943569][T11893] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2257'. [ 487.350921][T11909] netlink: 'syz.3.2253': attribute type 4 has an invalid length. [ 487.395992][T11909] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2253'. [ 487.446294][T11909] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2253'. [ 487.471322][T11909] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 489.784993][T11970] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2275'. [ 489.981209][T11977] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2276'. [ 491.410098][T12009] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 491.417424][T12009] IPv6: NLM_F_CREATE should be set when creating new route [ 491.424690][T12009] IPv6: NLM_F_CREATE should be set when creating new route [ 491.432009][T12009] IPv6: NLM_F_CREATE should be set when creating new route [ 491.540962][T12015] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2291'. [ 493.209089][T12046] netlink: 'syz.0.2302': attribute type 21 has an invalid length. [ 494.128078][T12069] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2308'. [ 494.146025][T12072] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 494.365644][T12076] FAULT_INJECTION: forcing a failure. [ 494.365644][T12076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 494.393637][T12076] CPU: 0 PID: 12076 Comm: syz.4.2309 Not tainted 6.1.148-syzkaller #0 [ 494.401878][T12076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 494.411974][T12076] Call Trace: [ 494.415273][T12076] [ 494.418226][T12076] dump_stack_lvl+0x168/0x22e [ 494.422933][T12076] ? show_regs_print_info+0x12/0x12 [ 494.428159][T12076] ? load_image+0x3b0/0x3b0 [ 494.432723][T12076] ? perf_trace_lock+0x2ec/0x370 [ 494.437686][T12076] ? __lock_acquire+0x7c50/0x7c50 [ 494.442829][T12076] should_fail_ex+0x399/0x4d0 [ 494.447543][T12076] _copy_from_iter+0x1c5/0x10c0 [ 494.452439][T12076] ? copyout_mc+0x110/0x110 [ 494.456972][T12076] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 494.463071][T12076] ? lock_chain_count+0x20/0x20 [ 494.467944][T12076] ? _raw_spin_lock_irq+0xab/0xe0 [ 494.472992][T12076] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 494.478388][T12076] ? page_copy_sane+0x4e/0x390 [ 494.483198][T12076] copy_page_from_iter+0x77/0x100 [ 494.488251][T12076] pipe_write+0x88f/0x1b00 [ 494.492697][T12076] ? pipe_write+0xdc1/0x1b00 [ 494.497341][T12076] ? pipe_read+0x1200/0x1200 [ 494.501962][T12076] ? wake_bit_function+0x200/0x200 [ 494.507102][T12076] ? common_file_perm+0x171/0x1c0 [ 494.512167][T12076] ? fsnotify_perm+0x5a/0x550 [ 494.516872][T12076] vfs_write+0x44c/0x960 [ 494.521145][T12076] ? file_end_write+0x250/0x250 [ 494.526024][T12076] ? __fget_files+0x44a/0x4d0 [ 494.530742][T12076] ? __fdget_pos+0x1d4/0x360 [ 494.535352][T12076] ? ksys_write+0x71/0x240 [ 494.539812][T12076] ksys_write+0x143/0x240 [ 494.544175][T12076] ? __ia32_sys_read+0x80/0x80 [ 494.548970][T12076] ? lockdep_hardirqs_on+0x94/0x140 [ 494.554200][T12076] do_syscall_64+0x4c/0xa0 [ 494.558638][T12076] ? clear_bhb_loop+0x60/0xb0 [ 494.563331][T12076] ? clear_bhb_loop+0x60/0xb0 [ 494.568029][T12076] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 494.573988][T12076] RIP: 0033:0x7fbaa9b8ebe9 [ 494.578465][T12076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 494.598108][T12076] RSP: 002b:00007fbaaa9df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 494.606551][T12076] RAX: ffffffffffffffda RBX: 00007fbaa9db6090 RCX: 00007fbaa9b8ebe9 [ 494.614546][T12076] RDX: 0000000000000008 RSI: 0000200000000600 RDI: 0000000000000000 [ 494.622534][T12076] RBP: 00007fbaaa9df090 R08: 0000000000000000 R09: 0000000000000000 [ 494.630532][T12076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 494.638540][T12076] R13: 00007fbaa9db6128 R14: 00007fbaa9db6090 R15: 00007ffc6cd3f978 [ 494.646561][T12076] [ 495.230708][T12095] netlink: 'syz.1.2315': attribute type 8 has an invalid length. [ 495.275367][T12095] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2315'. [ 496.178871][T12113] FAULT_INJECTION: forcing a failure. [ 496.178871][T12113] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 496.243186][T12114] FAULT_INJECTION: forcing a failure. [ 496.243186][T12114] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 496.323937][T12114] CPU: 0 PID: 12114 Comm: syz.3.2324 Not tainted 6.1.148-syzkaller #0 [ 496.332174][T12114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 496.342261][T12114] Call Trace: [ 496.345589][T12114] [ 496.348550][T12114] dump_stack_lvl+0x168/0x22e [ 496.353365][T12114] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 496.359574][T12114] ? show_regs_print_info+0x12/0x12 [ 496.364885][T12114] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 496.371102][T12114] should_fail_ex+0x399/0x4d0 [ 496.375825][T12114] _copy_from_user+0x2c/0x170 [ 496.380536][T12114] generic_map_update_batch+0x4c5/0x850 [ 496.386146][T12114] ? rcu_read_unlock+0xa0/0xa0 [ 496.390946][T12114] ? __fdget+0x17c/0x200 [ 496.395226][T12114] ? rcu_read_unlock+0xa0/0xa0 [ 496.400017][T12114] bpf_map_do_batch+0x466/0x600 [ 496.404897][T12114] __sys_bpf+0x65f/0x6d0 [ 496.409205][T12114] ? bpf_link_show_fdinfo+0x340/0x340 [ 496.414620][T12114] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 496.420821][T12114] __x64_sys_bpf+0x78/0x90 [ 496.425310][T12114] do_syscall_64+0x4c/0xa0 [ 496.429783][T12114] ? clear_bhb_loop+0x60/0xb0 [ 496.434566][T12114] ? clear_bhb_loop+0x60/0xb0 [ 496.439263][T12114] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 496.445192][T12114] RIP: 0033:0x7f31fbd8ebe9 [ 496.449658][T12114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.469557][T12114] RSP: 002b:00007f31fcbd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 496.477997][T12114] RAX: ffffffffffffffda RBX: 00007f31fbfb5fa0 RCX: 00007f31fbd8ebe9 [ 496.486006][T12114] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 496.494099][T12114] RBP: 00007f31fcbd6090 R08: 0000000000000000 R09: 0000000000000000 [ 496.502119][T12114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 496.510132][T12114] R13: 00007f31fbfb6038 R14: 00007f31fbfb5fa0 R15: 00007ffeaee90118 [ 496.518147][T12114] [ 496.521198][T12113] CPU: 1 PID: 12113 Comm: syz.1.2323 Not tainted 6.1.148-syzkaller #0 [ 496.529400][T12113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 496.539498][T12113] Call Trace: [ 496.542808][T12113] [ 496.545771][T12113] dump_stack_lvl+0x168/0x22e [ 496.550493][T12113] ? show_regs_print_info+0x12/0x12 [ 496.555739][T12113] ? load_image+0x3b0/0x3b0 [ 496.560298][T12113] ? __lock_acquire+0x7c50/0x7c50 [ 496.565465][T12113] should_fail_ex+0x399/0x4d0 [ 496.570203][T12113] _copy_from_user+0x2c/0x170 [ 496.574926][T12113] __tun_chr_ioctl+0x1ff/0x1e10 [ 496.579834][T12113] ? tun_flow_create+0x310/0x310 [ 496.584850][T12113] ? bpf_lsm_file_ioctl+0x5/0x10 [ 496.589841][T12113] ? security_file_ioctl+0x7c/0xa0 [ 496.595005][T12113] ? tun_chr_poll+0x630/0x630 [ 496.599745][T12113] __se_sys_ioctl+0xfa/0x170 [ 496.604418][T12113] do_syscall_64+0x4c/0xa0 [ 496.608880][T12113] ? clear_bhb_loop+0x60/0xb0 [ 496.613779][T12113] ? clear_bhb_loop+0x60/0xb0 [ 496.618502][T12113] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 496.624440][T12113] RIP: 0033:0x7f4400d8ebe9 [ 496.628871][T12113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.648504][T12113] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 496.656936][T12113] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 496.664943][T12113] RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000003 [ 496.672943][T12113] RBP: 00007f4401c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 496.680937][T12113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 496.688925][T12113] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 496.696924][T12113] [ 496.793301][T12119] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2325'. [ 496.817772][T12119] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 497.003122][T12124] netlink: 'syz.1.2327': attribute type 10 has an invalid length. [ 497.124971][T12124] device wlan1 entered promiscuous mode [ 497.187452][T12124] team0: Port device wlan1 added [ 497.862920][T12146] netlink: 'syz.2.2334': attribute type 7 has an invalid length. [ 498.708927][T12172] netlink: 'syz.4.2344': attribute type 10 has an invalid length. [ 498.729719][T12172] team0: Device hsr_slave_0 is up. Set it down before adding it as a team port [ 501.369822][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.376373][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.980696][T12223] netlink: 'syz.1.2363': attribute type 7 has an invalid length. [ 504.944250][T12254] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 504.950912][T12254] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 504.969982][T12252] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2373'. [ 509.442278][T12329] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2400'. [ 509.483098][T12331] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 509.736259][T12340] netlink: 'syz.1.2403': attribute type 10 has an invalid length. [ 509.782627][T12343] netlink: 'syz.2.2405': attribute type 3 has an invalid length. [ 509.797503][T12343] netlink: 13435 bytes leftover after parsing attributes in process `syz.2.2405'. [ 510.091914][T12352] netlink: 'syz.1.2409': attribute type 10 has an invalid length. [ 510.104919][T12352] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2409'. [ 510.192244][T12352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.921773][T12372] netlink: 'syz.4.2417': attribute type 4 has an invalid length. [ 510.950023][T12372] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2417'. [ 511.004954][T12372] netlink: 6 bytes leftover after parsing attributes in process `syz.4.2417'. [ 511.034805][T12372] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 512.184729][T12416] sctp: [Deprecated]: syz.0.2428 (pid 12416) Use of struct sctp_assoc_value in delayed_ack socket option. [ 512.184729][T12416] Use struct sctp_sack_info instead [ 512.715495][T12435] syz.4.2435[12435] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 512.715598][T12435] syz.4.2435[12435] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 512.973052][T12443] netlink: 'syz.3.2439': attribute type 10 has an invalid length. [ 513.054513][T12443] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 514.251291][T12472] netlink: 'syz.1.2450': attribute type 1 has an invalid length. [ 514.295511][T12472] netlink: 131740 bytes leftover after parsing attributes in process `syz.1.2450'. [ 515.081322][T12502] netlink: 'syz.4.2463': attribute type 9 has an invalid length. [ 515.125719][T12502] netlink: 126588 bytes leftover after parsing attributes in process `syz.4.2463'. [ 515.299611][T12512] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2465'. [ 515.534070][T12521] netlink: 'syz.1.2471': attribute type 10 has an invalid length. [ 515.563369][T12521] team0: Device ipvlan1 failed to register rx_handler [ 516.128181][T12535] device pim6reg1 entered promiscuous mode [ 516.139023][T12537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2477'. [ 516.162317][T12535] netlink: 198580 bytes leftover after parsing attributes in process `syz.1.2474'. [ 516.313813][T12542] netlink: 199100 bytes leftover after parsing attributes in process `syz.4.2479'. [ 516.673269][T12547] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2481'. [ 517.333020][T12554] Â: renamed from pim6reg1 [ 518.091967][T12562] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 518.099817][T12562] IPv6: NLM_F_CREATE should be set when creating new route [ 518.107317][T12562] IPv6: NLM_F_CREATE should be set when creating new route [ 518.114947][T12562] IPv6: NLM_F_CREATE should be set when creating new route [ 518.484797][T12575] FAULT_INJECTION: forcing a failure. [ 518.484797][T12575] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 518.542061][T12575] CPU: 1 PID: 12575 Comm: syz.3.2491 Not tainted 6.1.148-syzkaller #0 [ 518.550422][T12575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 518.560544][T12575] Call Trace: [ 518.563849][T12575] [ 518.566805][T12575] dump_stack_lvl+0x168/0x22e [ 518.571563][T12575] ? show_regs_print_info+0x12/0x12 [ 518.576807][T12575] ? load_image+0x3b0/0x3b0 [ 518.581340][T12575] ? __lock_acquire+0x7c50/0x7c50 [ 518.586385][T12575] ? snprintf+0xd7/0x120 [ 518.590662][T12575] should_fail_ex+0x399/0x4d0 [ 518.595374][T12575] _copy_to_user+0x2c/0x130 [ 518.599902][T12575] simple_read_from_buffer+0xe3/0x150 [ 518.605306][T12575] proc_fail_nth_read+0x19a/0x210 [ 518.610361][T12575] ? proc_fault_inject_write+0x2f0/0x2f0 [ 518.616017][T12575] ? fsnotify_perm+0x248/0x550 [ 518.620797][T12575] ? proc_fault_inject_write+0x2f0/0x2f0 [ 518.626447][T12575] vfs_read+0x2c0/0x920 [ 518.630629][T12575] ? kernel_read+0x1e0/0x1e0 [ 518.635244][T12575] ? __fget_files+0x28/0x4d0 [ 518.639855][T12575] ? __fget_files+0x44a/0x4d0 [ 518.644558][T12575] ? __fdget_pos+0x2ae/0x360 [ 518.649178][T12575] ? ksys_read+0x71/0x240 [ 518.653571][T12575] ksys_read+0x143/0x240 [ 518.657845][T12575] ? vfs_write+0x960/0x960 [ 518.662297][T12575] ? lockdep_hardirqs_on+0x94/0x140 [ 518.667520][T12575] do_syscall_64+0x4c/0xa0 [ 518.671955][T12575] ? clear_bhb_loop+0x60/0xb0 [ 518.676654][T12575] ? clear_bhb_loop+0x60/0xb0 [ 518.681363][T12575] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 518.687283][T12575] RIP: 0033:0x7f31fbd8d5fc [ 518.691714][T12575] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 518.711425][T12575] RSP: 002b:00007f31fcbb5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 518.719954][T12575] RAX: ffffffffffffffda RBX: 00007f31fbfb6090 RCX: 00007f31fbd8d5fc [ 518.727942][T12575] RDX: 000000000000000f RSI: 00007f31fcbb50a0 RDI: 000000000000000a [ 518.735922][T12575] RBP: 00007f31fcbb5090 R08: 0000000000000000 R09: 0000000000000000 [ 518.743904][T12575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 518.751881][T12575] R13: 00007f31fbfb6128 R14: 00007f31fbfb6090 R15: 00007ffeaee90118 [ 518.759878][T12575] [ 519.062703][T12593] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2496'. [ 519.264760][T12600] FAULT_INJECTION: forcing a failure. [ 519.264760][T12600] name failslab, interval 1, probability 0, space 0, times 0 [ 519.295324][T12600] CPU: 1 PID: 12600 Comm: syz.3.2500 Not tainted 6.1.148-syzkaller #0 [ 519.303552][T12600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 519.313637][T12600] Call Trace: [ 519.316944][T12600] [ 519.319908][T12600] dump_stack_lvl+0x168/0x22e [ 519.324634][T12600] ? show_regs_print_info+0x12/0x12 [ 519.329869][T12600] ? load_image+0x3b0/0x3b0 [ 519.334434][T12600] should_fail_ex+0x399/0x4d0 [ 519.339184][T12600] should_failslab+0x5/0x20 [ 519.343729][T12600] slab_pre_alloc_hook+0x59/0x310 [ 519.348765][T12600] kmem_cache_alloc+0x56/0x2f0 [ 519.353534][T12600] ? skb_clone+0x1e7/0x370 [ 519.357968][T12600] skb_clone+0x1e7/0x370 [ 519.362228][T12600] bpf_clone_redirect+0xa9/0x3c0 [ 519.367181][T12600] ? lock_chain_count+0x20/0x20 [ 519.372059][T12600] bpf_prog_208b094576c80b22+0x56/0x5b [ 519.377538][T12600] ? __kprobes_text_end+0x1f71f0/0x1f71f0 [ 519.383279][T12600] ? lockdep_hardirqs_on+0x94/0x140 [ 519.388496][T12600] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 519.394672][T12600] ? seqcount_lockdep_reader_access+0x172/0x1c0 [ 519.400922][T12600] ? seqcount_lockdep_reader_access+0x17b/0x1c0 [ 519.407185][T12600] ? ktime_get_real_ts64+0x420/0x420 [ 519.412488][T12600] ? read_lock_is_recursive+0x10/0x10 [ 519.417894][T12600] bpf_test_run+0x4a9/0x7d0 [ 519.422441][T12600] ? convert___skb_to_skb+0x580/0x580 [ 519.427845][T12600] ? eth_get_headlen+0x1f0/0x1f0 [ 519.432819][T12600] ? __build_skb+0x257/0x3c0 [ 519.437458][T12600] ? convert___skb_to_skb+0x3d/0x580 [ 519.442788][T12600] bpf_prog_test_run_skb+0xa40/0x11b0 [ 519.448195][T12600] ? cpu_online+0xa0/0xa0 [ 519.452561][T12600] bpf_prog_test_run+0x31e/0x390 [ 519.457522][T12600] __sys_bpf+0x593/0x6d0 [ 519.461779][T12600] ? bpf_link_show_fdinfo+0x340/0x340 [ 519.467178][T12600] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 519.473368][T12600] __x64_sys_bpf+0x78/0x90 [ 519.477800][T12600] do_syscall_64+0x4c/0xa0 [ 519.482230][T12600] ? clear_bhb_loop+0x60/0xb0 [ 519.487003][T12600] ? clear_bhb_loop+0x60/0xb0 [ 519.491694][T12600] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 519.497607][T12600] RIP: 0033:0x7f31fbd8ebe9 [ 519.502032][T12600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 519.521909][T12600] RSP: 002b:00007f31fcbd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 519.530421][T12600] RAX: ffffffffffffffda RBX: 00007f31fbfb5fa0 RCX: 00007f31fbd8ebe9 [ 519.538404][T12600] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 519.546382][T12600] RBP: 00007f31fcbd6090 R08: 0000000000000000 R09: 0000000000000000 [ 519.554360][T12600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 519.562337][T12600] R13: 00007f31fbfb6038 R14: 00007f31fbfb5fa0 R15: 00007ffeaee90118 [ 519.570334][T12600] [ 520.568156][T12619] netlink: 160 bytes leftover after parsing attributes in process `syz.0.2507'. [ 520.632297][T12618] device syzkaller0 entered promiscuous mode [ 520.803698][T12631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2512'. [ 521.106442][T12642] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2514'. [ 522.115022][T12674] netlink: 'syz.0.2527': attribute type 10 has an invalid length. [ 522.607977][T12687] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2531'. [ 524.577766][T12755] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.2558'. [ 524.641896][T12755] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 524.680738][T12755] CPU: 1 PID: 12755 Comm: syz.1.2558 Not tainted 6.1.148-syzkaller #0 [ 524.689000][T12755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 524.699138][T12755] Call Trace: [ 524.702481][T12755] [ 524.705472][T12755] dump_stack_lvl+0x168/0x22e [ 524.710230][T12755] ? show_regs_print_info+0x12/0x12 [ 524.715499][T12755] ? load_image+0x3b0/0x3b0 [ 524.720128][T12755] sysfs_warn_dup+0x8a/0xa0 [ 524.724705][T12755] sysfs_do_create_link_sd+0xc0/0x110 [ 524.730160][T12755] device_add+0x7ed/0xfb0 [ 524.734599][T12755] wiphy_register+0x1e68/0x2bd0 [ 524.739615][T12755] ? cfg80211_event_work+0x40/0x40 [ 524.744800][T12755] ? minstrel_ht_alloc+0x894/0xa20 [ 524.749990][T12755] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 524.756117][T12755] ieee80211_register_hw+0x2c29/0x38c0 [ 524.761639][T12755] ? ieee80211_register_hw+0xe91/0x38c0 [ 524.767227][T12755] ? ieee80211_register_hw+0xe91/0x38c0 [ 524.772830][T12755] ? ieee80211_tasklet_handler+0x20/0x20 [ 524.778563][T12755] ? memset+0x1e/0x40 [ 524.782596][T12755] ? __hrtimer_init+0x186/0x270 [ 524.787510][T12755] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 524.793330][T12755] hwsim_new_radio_nl+0xafa/0xce0 [ 524.798436][T12755] genl_family_rcv_msg_doit+0x22e/0x320 [ 524.804023][T12755] ? end_current_label_crit_section+0x170/0x170 [ 524.810327][T12755] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 524.816290][T12755] ? bpf_lsm_capable+0x5/0x10 [ 524.821006][T12755] ? security_capable+0x85/0xb0 [ 524.825952][T12755] genl_rcv_msg+0x5f2/0x780 [ 524.830527][T12755] ? genl_bind+0x350/0x350 [ 524.834979][T12755] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 524.841387][T12755] netlink_rcv_skb+0x1de/0x420 [ 524.846186][T12755] ? genl_bind+0x350/0x350 [ 524.850644][T12755] ? netlink_ack+0x1100/0x1100 [ 524.855478][T12755] ? down_read+0x1a8/0x2d0 [ 524.859940][T12755] genl_rcv+0x24/0x40 [ 524.863955][T12755] netlink_unicast+0x74d/0x8d0 [ 524.868808][T12755] netlink_sendmsg+0x89e/0xbc0 [ 524.873634][T12755] ? netlink_getsockopt+0x540/0x540 [ 524.878897][T12755] ? aa_sock_msg_perm+0x94/0x150 [ 524.883896][T12755] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 524.889209][T12755] ? security_socket_sendmsg+0x7c/0xa0 [ 524.894731][T12755] ? netlink_getsockopt+0x540/0x540 [ 524.899963][T12755] ____sys_sendmsg+0x59b/0x970 [ 524.904792][T12755] ? __sys_sendmsg_sock+0x30/0x30 [ 524.909858][T12755] ? __import_iovec+0x315/0x500 [ 524.914782][T12755] ? import_iovec+0x6f/0xa0 [ 524.919444][T12755] ___sys_sendmsg+0x21c/0x290 [ 524.924166][T12755] ? __sys_sendmsg+0x270/0x270 [ 524.929085][T12755] ? __fdget+0x17c/0x200 [ 524.933371][T12755] __se_sys_sendmsg+0x19e/0x270 [ 524.938263][T12755] ? __x64_sys_sendmsg+0x80/0x80 [ 524.943305][T12755] ? lockdep_hardirqs_on+0x94/0x140 [ 524.948590][T12755] do_syscall_64+0x4c/0xa0 [ 524.953055][T12755] ? clear_bhb_loop+0x60/0xb0 [ 524.957765][T12755] ? clear_bhb_loop+0x60/0xb0 [ 524.962499][T12755] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 524.968444][T12755] RIP: 0033:0x7f4400d8ebe9 [ 524.972909][T12755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.992574][T12755] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 525.001052][T12755] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 525.009076][T12755] RDX: 0000100000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 525.017075][T12755] RBP: 00007f4400e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 525.025094][T12755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.033092][T12755] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 525.041163][T12755] [ 525.889283][T12774] netlink: 'syz.4.2565': attribute type 22 has an invalid length. [ 525.908668][T12774] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2565'. [ 525.977665][T12774] netlink: 'syz.4.2565': attribute type 12 has an invalid length. [ 526.016167][T12774] netlink: 14585 bytes leftover after parsing attributes in process `syz.4.2565'. [ 526.020806][T12776] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.2565'. [ 526.081425][T12776] netlink: zone id is out of range [ 526.106900][T12776] netlink: zone id is out of range [ 526.125099][T12776] netlink: zone id is out of range [ 526.130472][T12776] netlink: zone id is out of range [ 526.175434][T12776] netlink: zone id is out of range [ 526.180717][T12776] netlink: zone id is out of range [ 526.231502][T12776] netlink: zone id is out of range [ 526.255414][T12776] netlink: zone id is out of range [ 526.285502][T12776] netlink: zone id is out of range [ 526.304070][T12776] netlink: zone id is out of range [ 526.320444][T12785] netlink: 'syz.0.2569': attribute type 10 has an invalid length. [ 526.341161][T12785] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2569'. [ 526.365388][T12785] device team0 entered promiscuous mode [ 526.376914][T12785] device team_slave_0 entered promiscuous mode [ 526.398956][T12785] device team_slave_1 entered promiscuous mode [ 526.685911][T12795] FAULT_INJECTION: forcing a failure. [ 526.685911][T12795] name failslab, interval 1, probability 0, space 0, times 0 [ 526.715292][T12795] CPU: 0 PID: 12795 Comm: syz.1.2573 Not tainted 6.1.148-syzkaller #0 [ 526.723572][T12795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 526.733703][T12795] Call Trace: [ 526.737010][T12795] [ 526.739965][T12795] dump_stack_lvl+0x168/0x22e [ 526.744675][T12795] ? sctp_sendmsg+0x15ff/0x2980 [ 526.749564][T12795] ? ___sys_sendmsg+0x21c/0x290 [ 526.754456][T12795] ? show_regs_print_info+0x12/0x12 [ 526.759698][T12795] ? load_image+0x3b0/0x3b0 [ 526.764258][T12795] should_fail_ex+0x399/0x4d0 [ 526.768981][T12795] should_failslab+0x5/0x20 [ 526.773524][T12795] slab_pre_alloc_hook+0x59/0x310 [ 526.778675][T12795] ? sctp_add_bind_addr+0x89/0x350 [ 526.783822][T12795] __kmem_cache_alloc_node+0x4f/0x260 [ 526.789233][T12795] ? sctp_add_bind_addr+0x89/0x350 [ 526.794381][T12795] kmalloc_trace+0x26/0xe0 [ 526.798837][T12795] sctp_add_bind_addr+0x89/0x350 [ 526.803810][T12795] sctp_copy_local_addr_list+0x308/0x4d0 [ 526.809488][T12795] ? sctp_copy_local_addr_list+0x98/0x4d0 [ 526.815247][T12795] ? sctp_do_8_2_transport_strike+0x8a0/0x8a0 [ 526.821344][T12795] ? sctp_v4_is_any+0x31/0x50 [ 526.826031][T12795] ? sctp_copy_one_addr+0x93/0x660 [ 526.831157][T12795] sctp_bind_addr_copy+0xaf/0x3c0 [ 526.836193][T12795] ? sctp_assoc_set_bind_addr_from_ep+0xa1/0x190 [ 526.842539][T12795] sctp_connect_new_asoc+0x2d6/0x690 [ 526.847839][T12795] ? __sctp_connect+0xd20/0xd20 [ 526.852701][T12795] ? __local_bh_enable_ip+0x12a/0x1b0 [ 526.858096][T12795] ? lock_sock_nested+0x66/0x100 [ 526.863050][T12795] ? bpf_lsm_sctp_bind_connect+0x5/0x10 [ 526.868607][T12795] ? security_sctp_bind_connect+0x85/0xb0 [ 526.874364][T12795] sctp_sendmsg+0x15ff/0x2980 [ 526.879081][T12795] ? sctp_getsockopt+0x8a0/0x8a0 [ 526.884057][T12795] ? aa_af_perm+0x2b0/0x2b0 [ 526.888572][T12795] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 526.895005][T12795] ? inet_sendmsg+0xe5/0x2f0 [ 526.899608][T12795] ? inet_send_prepare+0x260/0x260 [ 526.904746][T12795] ____sys_sendmsg+0x59b/0x970 [ 526.909530][T12795] ? __sys_sendmsg_sock+0x30/0x30 [ 526.914569][T12795] ? __import_iovec+0x315/0x500 [ 526.919446][T12795] ? import_iovec+0x6f/0xa0 [ 526.923980][T12795] ___sys_sendmsg+0x21c/0x290 [ 526.928680][T12795] ? __sys_sendmsg+0x270/0x270 [ 526.933492][T12795] ? __lock_acquire+0x7c50/0x7c50 [ 526.938542][T12795] ? __fdget+0x17c/0x200 [ 526.942834][T12795] __se_sys_sendmsg+0x19e/0x270 [ 526.947697][T12795] ? __x64_sys_sendmsg+0x80/0x80 [ 526.952662][T12795] ? lockdep_hardirqs_on+0x94/0x140 [ 526.957873][T12795] do_syscall_64+0x4c/0xa0 [ 526.962301][T12795] ? clear_bhb_loop+0x60/0xb0 [ 526.966983][T12795] ? clear_bhb_loop+0x60/0xb0 [ 526.971760][T12795] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 526.977758][T12795] RIP: 0033:0x7f4400d8ebe9 [ 526.982182][T12795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.001807][T12795] RSP: 002b:00007f4401c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 527.010236][T12795] RAX: ffffffffffffffda RBX: 00007f4400fb5fa0 RCX: 00007f4400d8ebe9 [ 527.018218][T12795] RDX: 0000000000008050 RSI: 0000200000001e80 RDI: 0000000000000003 [ 527.026192][T12795] RBP: 00007f4401c7d090 R08: 0000000000000000 R09: 0000000000000000 [ 527.034168][T12795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 527.042229][T12795] R13: 00007f4400fb6038 R14: 00007f4400fb5fa0 R15: 00007ffc4f5b01d8 [ 527.050221][T12795] [ 527.240730][T12801] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2575'. [ 528.095095][T12831] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2585'. [ 528.513679][T12838] netlink: 'syz.4.2588': attribute type 4 has an invalid length. [ 528.550157][T12838] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2588'. [ 529.425329][T12861] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 529.474269][T12861] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 529.550116][T12861] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 529.569466][T12861] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 529.743538][T12868] netlink: 'syz.3.2596': attribute type 1 has an invalid length. [ 529.764537][T12871] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2596'. [ 529.809732][T12870] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2596'. [ 531.066784][T12904] netlink: 'syz.3.2608': attribute type 28 has an invalid length. [ 531.968305][T12920] netlink: 'syz.3.2613': attribute type 10 has an invalid length. [ 532.026556][T12920] device dummy0 left promiscuous mode [ 532.060886][T12920] team0: Port device dummy0 removed [ 532.531364][T12933] IPv6: Can't replace route, no match found [ 532.666093][T12933] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 532.690762][T12938] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2618'. [ 533.829923][T12955] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2624'. [ 533.845576][T12955] team0: default FDB implementation only supports local addresses [ 534.112123][T12964] netlink: 'syz.1.2627': attribute type 10 has an invalid length. [ 534.139912][T12964] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2627'. [ 534.583540][T12976] netlink: 'syz.3.2632': attribute type 4 has an invalid length. [ 535.684854][T12991] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2637'. [ 535.754893][T12992] net_ratelimit: 163 callbacks suppressed [ 535.754912][T12992] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 535.767203][T12992] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 536.038816][T12999] IPv6: Can't replace route, no match found [ 536.074051][T12999] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 536.166915][T13007] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2640'. [ 536.867614][T13029] netlink: 199100 bytes leftover after parsing attributes in process `syz.2.2649'. [ 537.077072][T13035] netlink: 'syz.2.2654': attribute type 27 has an invalid length. [ 537.273748][T13035] bond0: (slave bond_slave_0): Releasing backup interface [ 537.341569][T13035] device bond_slave_0 left promiscuous mode [ 537.588837][T13045] netlink: 'syz.4.2658': attribute type 10 has an invalid length. [ 537.768771][T13054] IPv6: Can't replace route, no match found [ 537.793701][T13054] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 537.853378][T13054] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2660'. [ 538.640903][T13080] FAULT_INJECTION: forcing a failure. [ 538.640903][T13080] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 538.699518][T13080] CPU: 0 PID: 13080 Comm: syz.2.2672 Not tainted 6.1.148-syzkaller #0 [ 538.707768][T13080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 538.717862][T13080] Call Trace: [ 538.721176][T13080] [ 538.724142][T13080] dump_stack_lvl+0x168/0x22e [ 538.728869][T13080] ? show_regs_print_info+0x12/0x12 [ 538.734111][T13080] ? load_image+0x3b0/0x3b0 [ 538.738660][T13080] ? __lock_acquire+0x7c50/0x7c50 [ 538.743731][T13080] should_fail_ex+0x399/0x4d0 [ 538.748459][T13080] _copy_to_user+0x2c/0x130 [ 538.753013][T13080] generic_map_update_batch+0x6aa/0x850 [ 538.758601][T13080] ? lock_chain_count+0x20/0x20 [ 538.763520][T13080] ? rcu_read_unlock+0xa0/0xa0 [ 538.768334][T13080] ? __fdget+0x17c/0x200 [ 538.772634][T13080] ? rcu_read_unlock+0xa0/0xa0 [ 538.777450][T13080] bpf_map_do_batch+0x466/0x600 [ 538.782374][T13080] __sys_bpf+0x65f/0x6d0 [ 538.786668][T13080] ? bpf_link_show_fdinfo+0x340/0x340 [ 538.792103][T13080] ? lock_chain_count+0x20/0x20 [ 538.797013][T13080] __x64_sys_bpf+0x78/0x90 [ 538.801485][T13080] do_syscall_64+0x4c/0xa0 [ 538.805945][T13080] ? clear_bhb_loop+0x60/0xb0 [ 538.810657][T13080] ? clear_bhb_loop+0x60/0xb0 [ 538.815377][T13080] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 538.821319][T13080] RIP: 0033:0x7fedb4f8ebe9 [ 538.825775][T13080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.845778][T13080] RSP: 002b:00007fedb5d40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 538.854239][T13080] RAX: ffffffffffffffda RBX: 00007fedb51b5fa0 RCX: 00007fedb4f8ebe9 [ 538.862249][T13080] RDX: 0000000000000038 RSI: 0000200000000200 RDI: 000000000000001a [ 538.870255][T13080] RBP: 00007fedb5d40090 R08: 0000000000000000 R09: 0000000000000000 [ 538.878240][T13080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 538.886221][T13080] R13: 00007fedb51b6038 R14: 00007fedb51b5fa0 R15: 00007ffe1fb5b468 [ 538.894214][T13080] [ 538.913523][T13083] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2671'. [ 539.167649][T13090] FAULT_INJECTION: forcing a failure. [ 539.167649][T13090] name failslab, interval 1, probability 0, space 0, times 0 [ 539.180916][T13090] CPU: 0 PID: 13090 Comm: syz.2.2674 Not tainted 6.1.148-syzkaller #0 [ 539.189118][T13090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 539.199186][T13090] Call Trace: [ 539.202526][T13090] [ 539.205481][T13090] dump_stack_lvl+0x168/0x22e [ 539.210189][T13090] ? show_regs_print_info+0x12/0x12 [ 539.215422][T13090] ? load_image+0x3b0/0x3b0 [ 539.219958][T13090] should_fail_ex+0x399/0x4d0 [ 539.224660][T13090] should_failslab+0x5/0x20 [ 539.229184][T13090] slab_pre_alloc_hook+0x59/0x310 [ 539.234243][T13090] kmem_cache_alloc_node+0x5a/0x320 [ 539.239473][T13090] ? __alloc_skb+0xfc/0x7e0 [ 539.244010][T13090] __alloc_skb+0xfc/0x7e0 [ 539.248361][T13090] ? __neigh_notify+0x29/0x300 [ 539.253184][T13090] __neigh_notify+0x15c/0x300 [ 539.257898][T13090] neigh_cleanup_and_release+0xc6/0x2e0 [ 539.263482][T13090] neigh_flush_dev+0x177/0xa80 [ 539.268277][T13090] ? __neigh_ifdown+0x2c/0x3f0 [ 539.273067][T13090] __neigh_ifdown+0x39/0x3f0 [ 539.277680][T13090] ? in6_dev_get+0x1a/0x290 [ 539.282198][T13090] ? in6_dev_get+0x1a/0x290 [ 539.286718][T13090] neigh_carrier_down+0x1e/0x30 [ 539.291591][T13090] ndisc_netdev_event+0x3cb/0x4a0 [ 539.296639][T13090] raw_notifier_call_chain+0xcb/0x160 [ 539.302025][T13090] netdev_state_change+0xd2/0x140 [ 539.307064][T13090] ? netdev_features_change+0xc0/0xc0 [ 539.312454][T13090] ? full_name_hash+0x8e/0xe0 [ 539.317165][T13090] ? tun_not_capable+0x14d/0x1f0 [ 539.322142][T13090] tun_set_iff+0x999/0xed0 [ 539.326583][T13090] __tun_chr_ioctl+0x730/0x1e10 [ 539.331462][T13090] ? tun_flow_create+0x310/0x310 [ 539.336442][T13090] ? bpf_lsm_file_ioctl+0x5/0x10 [ 539.341397][T13090] ? security_file_ioctl+0x7c/0xa0 [ 539.346527][T13090] ? tun_chr_poll+0x630/0x630 [ 539.351219][T13090] __se_sys_ioctl+0xfa/0x170 [ 539.355825][T13090] do_syscall_64+0x4c/0xa0 [ 539.360247][T13090] ? clear_bhb_loop+0x60/0xb0 [ 539.364952][T13090] ? clear_bhb_loop+0x60/0xb0 [ 539.369641][T13090] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 539.375555][T13090] RIP: 0033:0x7fedb4f8ebe9 [ 539.379978][T13090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.399603][T13090] RSP: 002b:00007fedb5d40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 539.408031][T13090] RAX: ffffffffffffffda RBX: 00007fedb51b5fa0 RCX: 00007fedb4f8ebe9 [ 539.416013][T13090] RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000003 [ 539.423995][T13090] RBP: 00007fedb5d40090 R08: 0000000000000000 R09: 0000000000000000 [ 539.431973][T13090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 539.440091][T13090] R13: 00007fedb51b6038 R14: 00007fedb51b5fa0 R15: 00007ffe1fb5b468 [ 539.448095][T13090] [ 539.632608][T13092] device syzkaller0 entered promiscuous mode [ 539.966742][T13112] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2681'. [ 543.970338][T13148] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2695'. [ 544.535064][T13170] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.2704'. [ 544.618676][T13170] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 544.655395][T13170] CPU: 1 PID: 13170 Comm: syz.4.2704 Not tainted 6.1.148-syzkaller #0 [ 544.663659][T13170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 544.673782][T13170] Call Trace: [ 544.677150][T13170] [ 544.680225][T13170] dump_stack_lvl+0x168/0x22e [ 544.684982][T13170] ? show_regs_print_info+0x12/0x12 [ 544.690255][T13170] ? load_image+0x3b0/0x3b0 [ 544.694908][T13170] sysfs_warn_dup+0x8a/0xa0 [ 544.699484][T13170] sysfs_do_create_link_sd+0xc0/0x110 [ 544.705032][T13170] device_add+0x7ed/0xfb0 [ 544.709476][T13170] wiphy_register+0x1e68/0x2bd0 [ 544.714466][T13170] ? cfg80211_event_work+0x40/0x40 [ 544.719649][T13170] ? minstrel_ht_alloc+0x894/0xa20 [ 544.724891][T13170] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 544.731067][T13170] ieee80211_register_hw+0x2c29/0x38c0 [ 544.736633][T13170] ? ieee80211_register_hw+0xe91/0x38c0 [ 544.742248][T13170] ? ieee80211_register_hw+0xe91/0x38c0 [ 544.747889][T13170] ? ieee80211_tasklet_handler+0x20/0x20 [ 544.753623][T13170] ? memset+0x1e/0x40 [ 544.757681][T13170] ? __hrtimer_init+0x186/0x270 [ 544.762614][T13170] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 544.768489][T13170] hwsim_new_radio_nl+0xafa/0xce0 [ 544.773644][T13170] genl_family_rcv_msg_doit+0x22e/0x320 [ 544.779264][T13170] ? end_current_label_crit_section+0x170/0x170 [ 544.785601][T13170] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 544.791605][T13170] ? bpf_lsm_capable+0x5/0x10 [ 544.796347][T13170] ? security_capable+0x85/0xb0 [ 544.801306][T13170] genl_rcv_msg+0x5f2/0x780 [ 544.805925][T13170] ? genl_bind+0x350/0x350 [ 544.810420][T13170] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 544.816879][T13170] netlink_rcv_skb+0x1de/0x420 [ 544.821712][T13170] ? genl_bind+0x350/0x350 [ 544.826208][T13170] ? netlink_ack+0x1100/0x1100 [ 544.831167][T13170] ? down_read+0x1a8/0x2d0 [ 544.835670][T13170] genl_rcv+0x24/0x40 [ 544.839716][T13170] netlink_unicast+0x74d/0x8d0 [ 544.844596][T13170] netlink_sendmsg+0x89e/0xbc0 [ 544.849471][T13170] ? netlink_getsockopt+0x540/0x540 [ 544.854752][T13170] ? aa_sock_msg_perm+0x94/0x150 [ 544.859774][T13170] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 544.865124][T13170] ? security_socket_sendmsg+0x7c/0xa0 [ 544.870661][T13170] ? netlink_getsockopt+0x540/0x540 [ 544.875938][T13170] ____sys_sendmsg+0x59b/0x970 [ 544.880824][T13170] ? __sys_sendmsg_sock+0x30/0x30 [ 544.885914][T13170] ? __import_iovec+0x315/0x500 [ 544.890882][T13170] ? import_iovec+0x6f/0xa0 [ 544.895473][T13170] ___sys_sendmsg+0x21c/0x290 [ 544.900239][T13170] ? __sys_sendmsg+0x270/0x270 [ 544.905244][T13170] ? __fdget+0x17c/0x200 [ 544.909578][T13170] __se_sys_sendmsg+0x19e/0x270 [ 544.914525][T13170] ? __x64_sys_sendmsg+0x80/0x80 [ 544.919608][T13170] ? lockdep_hardirqs_on+0x94/0x140 [ 544.924890][T13170] do_syscall_64+0x4c/0xa0 [ 544.929365][T13170] ? clear_bhb_loop+0x60/0xb0 [ 544.934099][T13170] ? clear_bhb_loop+0x60/0xb0 [ 544.938841][T13170] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 544.944802][T13170] RIP: 0033:0x7fbaa9b8ebe9 [ 544.949303][T13170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.968978][T13170] RSP: 002b:00007fbaaaa00038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 544.977473][T13170] RAX: ffffffffffffffda RBX: 00007fbaa9db5fa0 RCX: 00007fbaa9b8ebe9 [ 544.985510][T13170] RDX: 0100000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 544.993548][T13170] RBP: 00007fbaa9c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 545.001582][T13170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.009633][T13170] R13: 00007fbaa9db6038 R14: 00007fbaa9db5fa0 R15: 00007ffc6cd3f978 [ 545.017740][T13170] [ 545.071307][T13171] cgroup: fork rejected by pids controller in /syz1 [ 545.834254][T13301] netlink: 'syz.2.2715': attribute type 10 has an invalid length. [ 545.890713][T13301] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2715'. [ 545.931069][T13301] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 546.983067][ T7636] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.140354][ T7636] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.354524][ T7636] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.400668][T13337] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2728'. [ 547.494964][ T7636] bond0: (slave netdevsim0): Releasing backup interface [ 547.521382][ T7636] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.558622][ T4272] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 547.570857][ T4272] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 547.589189][ T4272] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 547.597627][ T4272] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 547.607291][ T4272] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 547.614629][ T4272] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 548.002728][T13357] IPv6: Can't replace route, no match found [ 548.062423][T13361] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 548.120044][T13357] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2733'. [ 549.170528][T13347] chnl_net:caif_netlink_parms(): no params data found [ 549.460798][T13401] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2744'. [ 549.672871][ T4277] Bluetooth: hci2: command 0x0409 tx timeout [ 549.733477][T13347] bridge0: port 1(bridge_slave_0) entered blocking state [ 549.753624][T13347] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.814892][T13347] device bridge_slave_0 entered promiscuous mode [ 549.939362][T13347] bridge0: port 2(bridge_slave_1) entered blocking state [ 549.952009][T13347] bridge0: port 2(bridge_slave_1) entered disabled state [ 549.989353][T13347] device bridge_slave_1 entered promiscuous mode [ 550.247559][ T4277] Bluetooth: hci1: unexpected event 0x2c length: 82 > 17 [ 550.316628][T13347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 550.508833][T13347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 550.814297][ T7636] device wlan1 left promiscuous mode [ 550.852000][ T7636] team0: Port device wlan1 removed [ 550.884530][T13347] team0: Port device team_slave_0 added [ 550.977232][T13347] team0: Port device team_slave_1 added [ 551.103133][T13438] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2755'. [ 551.130301][T13439] netlink: 'syz.2.2755': attribute type 21 has an invalid length. [ 551.208684][ T7636] device hsr_slave_0 left promiscuous mode [ 551.215624][ T7636] device hsr_slave_1 left promiscuous mode [ 551.222383][ T7636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 551.230167][ T7636] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 551.241615][ T7636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 551.249380][ T7636] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 551.269629][ T7636] device veth0_macvtap left promiscuous mode [ 551.276326][ T7636] device veth1_vlan left promiscuous mode [ 551.282549][ T7636] device veth0_vlan left promiscuous mode [ 551.745504][ T4277] Bluetooth: hci2: command 0x041b tx timeout [ 551.937352][ T7636] device team_slave_1 left promiscuous mode [ 551.944183][ T7636] team0 (unregistering): Port device team_slave_1 removed [ 551.980534][ T7636] device team_slave_0 left promiscuous mode [ 551.987597][ T7636] team0 (unregistering): Port device team_slave_0 removed [ 552.024685][ T7636] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.065483][ T7636] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.442103][ T7636] bond0 (unregistering): Released all slaves [ 552.504968][T13347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 552.519969][T13347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.557325][T13347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 552.629971][T13347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 552.639124][T13347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.695491][T13347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 552.909285][T13347] device hsr_slave_0 entered promiscuous mode [ 552.945518][T13347] device hsr_slave_1 entered promiscuous mode [ 552.961864][T13347] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 552.974448][T13347] Cannot create hsr debugfs directory [ 553.027896][T13457] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2760'. [ 553.500932][T13462] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2761'. [ 553.828072][ T4277] Bluetooth: hci2: command 0x040f tx timeout [ 553.859656][T13471] netlink: 'syz.0.2763': attribute type 10 has an invalid length. [ 554.307608][T13480] netlink: 'syz.4.2765': attribute type 4 has an invalid length. [ 554.671009][T13487] IPv6: Can't replace route, no match found [ 554.680963][T13347] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 554.703414][T13347] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 554.752161][T13487] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 554.791941][T13347] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 554.821366][T13487] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2767'. [ 554.843096][T13347] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 555.116606][T13510] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2772'. [ 555.218604][T13347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 555.269517][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 555.295929][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 555.324284][T13347] 8021q: adding VLAN 0 to HW filter on device team0 [ 555.389675][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 555.427441][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 555.456147][ T5498] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.463324][ T5498] bridge0: port 1(bridge_slave_0) entered forwarding state [ 555.491603][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 555.521283][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 555.537163][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 555.578659][ T5465] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.585902][ T5465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 555.645365][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 555.696216][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 555.720921][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 555.766442][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 555.907441][ T4277] Bluetooth: hci2: command 0x0419 tx timeout [ 556.018763][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 556.078492][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 556.107283][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 556.170946][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 556.198348][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 556.269812][T13347] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 556.301503][T13347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 556.365523][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 556.379272][ T5465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 556.462039][T13555] netlink: 'syz.2.2785': attribute type 9 has an invalid length. [ 556.693231][T13555] netlink: 'syz.2.2785': attribute type 3 has an invalid length. [ 556.734731][T13555] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.2785'. [ 557.094469][T13582] netlink: 'syz.4.2791': attribute type 10 has an invalid length. [ 557.297954][ T5474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 557.318486][ T5474] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 557.354497][T13347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 557.441542][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 557.495752][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 557.563578][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 557.596654][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 557.622457][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 557.645853][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 557.685931][T13603] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.2798'. [ 557.707890][T13347] device veth0_vlan entered promiscuous mode [ 557.743778][T13347] device veth1_vlan entered promiscuous mode [ 557.840097][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 557.850294][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 557.877072][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 557.915079][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 557.961957][T13347] device veth0_macvtap entered promiscuous mode [ 557.977732][T13616] netlink: 'syz.0.2802': attribute type 4 has an invalid length. [ 558.000307][T13347] device veth1_macvtap entered promiscuous mode [ 558.038969][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 558.076939][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 558.135654][T13616] netlink: 'syz.0.2802': attribute type 2 has an invalid length. [ 558.156711][T13616] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2802'. [ 558.187813][T13347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.215622][T13347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.239687][T13347] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 558.286426][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 558.309022][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 558.356597][T13347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.403504][T13347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.428685][T13347] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 558.482581][ T5467] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 558.499323][ T5467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 558.533750][T13347] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.557281][T13347] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.588816][T13347] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.615230][T13347] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.838127][ T5465] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 558.866457][ T5465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 558.890001][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 558.974474][ T5498] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.003210][ T5498] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.064370][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 559.236608][T13652] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2815'. [ 559.300556][T13661] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.2815'. [ 559.326359][T13661] netlink: zone id is out of range [ 559.331538][T13661] netlink: zone id is out of range [ 559.358068][T13664] FAULT_INJECTION: forcing a failure. [ 559.358068][T13664] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 559.373887][T13661] netlink: zone id is out of range [ 559.393501][T13661] netlink: zone id is out of range [ 559.405267][T13661] netlink: zone id is out of range [ 559.410131][T13664] CPU: 0 PID: 13664 Comm: syz.0.2818 Not tainted 6.1.148-syzkaller #0 [ 559.417931][T13661] netlink: zone id is out of range [ 559.418568][T13664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 559.430511][T13661] netlink: zone id is out of range [ 559.433738][T13664] Call Trace: [ 559.433749][T13664] [ 559.433758][T13664] dump_stack_lvl+0x168/0x22e [ 559.448948][T13661] netlink: zone id is out of range [ 559.449822][T13664] ? show_regs_print_info+0x12/0x12 [ 559.460198][T13664] ? load_image+0x3b0/0x3b0 [ 559.461741][T13661] netlink: zone id is out of range [ 559.464732][T13664] ? __lock_acquire+0x7c50/0x7c50 [ 559.464767][T13664] ? snprintf+0xd7/0x120 [ 559.479193][T13664] should_fail_ex+0x399/0x4d0 [ 559.483903][T13664] _copy_to_user+0x2c/0x130 [ 559.488506][T13664] simple_read_from_buffer+0xe3/0x150 [ 559.493902][T13664] proc_fail_nth_read+0x19a/0x210 [ 559.498958][T13664] ? proc_fault_inject_write+0x2f0/0x2f0 [ 559.504608][T13664] ? fsnotify_perm+0x248/0x550 [ 559.509389][T13664] ? proc_fault_inject_write+0x2f0/0x2f0 [ 559.515041][T13664] vfs_read+0x2c0/0x920 [ 559.519216][T13664] ? kernel_read+0x1e0/0x1e0 [ 559.523824][T13664] ? __fget_files+0x28/0x4d0 [ 559.528435][T13664] ? __fget_files+0x44a/0x4d0 [ 559.533135][T13664] ? __fdget_pos+0x2ae/0x360 [ 559.537734][T13664] ? ksys_read+0x71/0x240 [ 559.542072][T13664] ksys_read+0x143/0x240 [ 559.546332][T13664] ? vfs_write+0x960/0x960 [ 559.550762][T13664] ? syscall_enter_from_user_mode+0x2a/0x80 [ 559.556675][T13664] do_syscall_64+0x4c/0xa0 [ 559.561106][T13664] ? clear_bhb_loop+0x60/0xb0 [ 559.565796][T13664] ? clear_bhb_loop+0x60/0xb0 [ 559.570489][T13664] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 559.576397][T13664] RIP: 0033:0x7f2cdd78d5fc [ 559.580819][T13664] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 559.600455][T13664] RSP: 002b:00007f2cde62f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 559.608890][T13664] RAX: ffffffffffffffda RBX: 00007f2cdd9b5fa0 RCX: 00007f2cdd78d5fc [ 559.616877][T13664] RDX: 000000000000000f RSI: 00007f2cde62f0a0 RDI: 0000000000000006 [ 559.624866][T13664] RBP: 00007f2cde62f090 R08: 0000000000000000 R09: 0000000000000000 [ 559.632872][T13664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 559.640859][T13664] R13: 00007f2cdd9b6038 R14: 00007f2cdd9b5fa0 R15: 00007ffecc24af28 [ 559.648862][T13664] [ 559.664363][T13661] netlink: zone id is out of range [ 560.183369][T13684] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2824'. [ 560.280929][T13690] netlink: 'syz.0.2826': attribute type 9 has an invalid length. [ 560.459506][T13693] netlink: 'syz.0.2826': attribute type 3 has an invalid length. [ 560.592114][T13693] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2826'. [ 561.859258][T13738] netlink: 'syz.2.2840': attribute type 10 has an invalid length. [ 562.788636][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.795080][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.148021][T13816] netlink: 'syz.3.2868': attribute type 21 has an invalid length. [ 564.207153][T13816] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2868'. [ 564.960583][T13836] IPv6: Can't replace route, no match found [ 565.173770][T13847] netlink: 'syz.0.2883': attribute type 5 has an invalid length. [ 565.216287][T13847] pimreg: tun_chr_ioctl cmd 1074812117 [ 566.748736][T13888] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2903'. [ 566.770169][T13888] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2903'. [ 566.784794][T13888] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2903'. [ 566.815894][T13888] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2903'. [ 567.418149][T13907] netlink: 'syz.0.2911': attribute type 10 has an invalid length. [ 567.451166][T13907] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2911'. [ 567.481119][T13907] net_ratelimit: 176 callbacks suppressed [ 567.481137][T13907] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 567.822869][T13917] FAULT_INJECTION: forcing a failure. [ 567.822869][T13917] name failslab, interval 1, probability 0, space 0, times 0 [ 567.867885][T13917] CPU: 0 PID: 13917 Comm: syz.1.2917 Not tainted 6.1.148-syzkaller #0 [ 567.876120][T13917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 567.886207][T13917] Call Trace: [ 567.889506][T13917] [ 567.892478][T13917] dump_stack_lvl+0x168/0x22e [ 567.897185][T13917] ? show_regs_print_info+0x12/0x12 [ 567.902393][T13917] ? load_image+0x3b0/0x3b0 [ 567.906953][T13917] ? __might_sleep+0xd0/0xd0 [ 567.911566][T13917] ? __lock_acquire+0x7c50/0x7c50 [ 567.916616][T13917] should_fail_ex+0x399/0x4d0 [ 567.921322][T13917] should_failslab+0x5/0x20 [ 567.925841][T13917] slab_pre_alloc_hook+0x59/0x310 [ 567.930878][T13917] ? widen_string+0x3b/0x2b0 [ 567.935478][T13917] ? string+0x26d/0x2b0 [ 567.939644][T13917] ? __request_module+0x2f0/0x9a0 [ 567.944688][T13917] __kmem_cache_alloc_node+0x4f/0x260 [ 567.950077][T13917] ? __request_module+0x2f0/0x9a0 [ 567.955141][T13917] kmalloc_trace+0x26/0xe0 [ 567.959580][T13917] __request_module+0x2f0/0x9a0 [ 567.964453][T13917] ? copy_regset_to_user+0x1e0/0x1e0 [ 567.969758][T13917] ? crypto_alg_lookup+0x2cf/0x350 [ 567.974890][T13917] ? __up_read+0x27c/0x660 [ 567.979314][T13917] ? trace_contention_end+0x5f/0x170 [ 567.984615][T13917] ? up_read+0x20/0x20 [ 567.988696][T13917] ? __crypto_alg_lookup+0x4a8/0x4d0 [ 567.994003][T13917] crypto_alg_mod_lookup+0x96/0x570 [ 567.999220][T13917] crypto_has_alg+0x20/0x110 [ 568.003828][T13917] xfrm_probe_algs+0x2ad/0x350 [ 568.008608][T13917] pfkey_register+0x10f/0x880 [ 568.013307][T13917] pfkey_sendmsg+0xb97/0xff0 [ 568.017932][T13917] ? pfkey_release+0x310/0x310 [ 568.022727][T13917] ? aa_sock_msg_perm+0x94/0x150 [ 568.027686][T13917] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 568.032980][T13917] ? security_socket_sendmsg+0x7c/0xa0 [ 568.038457][T13917] ? pfkey_release+0x310/0x310 [ 568.043233][T13917] ____sys_sendmsg+0x59b/0x970 [ 568.048019][T13917] ? __sys_sendmsg_sock+0x30/0x30 [ 568.053079][T13917] ? __import_iovec+0x315/0x500 [ 568.057954][T13917] ? import_iovec+0x6f/0xa0 [ 568.062475][T13917] ___sys_sendmsg+0x21c/0x290 [ 568.067163][T13917] ? __sys_sendmsg+0x270/0x270 [ 568.071953][T13917] ? __lock_acquire+0x7c50/0x7c50 [ 568.077019][T13917] ? __fdget+0x17c/0x200 [ 568.081295][T13917] __se_sys_sendmsg+0x19e/0x270 [ 568.086194][T13917] ? __x64_sys_sendmsg+0x80/0x80 [ 568.091177][T13917] ? lockdep_hardirqs_on+0x94/0x140 [ 568.096397][T13917] do_syscall_64+0x4c/0xa0 [ 568.100832][T13917] ? clear_bhb_loop+0x60/0xb0 [ 568.105525][T13917] ? clear_bhb_loop+0x60/0xb0 [ 568.110222][T13917] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 568.116138][T13917] RIP: 0033:0x7f7ca1b8ebe9 [ 568.120563][T13917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.140183][T13917] RSP: 002b:00007f7ca2997038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 568.148617][T13917] RAX: ffffffffffffffda RBX: 00007f7ca1db5fa0 RCX: 00007f7ca1b8ebe9 [ 568.156598][T13917] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 568.164575][T13917] RBP: 00007f7ca2997090 R08: 0000000000000000 R09: 0000000000000000 [ 568.172555][T13917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.180534][T13917] R13: 00007f7ca1db6038 R14: 00007f7ca1db5fa0 R15: 00007fff0bfd4528 [ 568.188527][T13917] [ 568.230748][ T7636] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.359533][ T7636] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.413051][ T4272] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 568.423883][ T4272] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 568.432344][ T4272] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 568.442532][T13348] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 568.451912][T13348] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 568.460121][T13348] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 568.572821][ T7636] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.941340][ T7636] device netdevsim0 left promiscuous mode [ 568.993022][ T7636] team0: Port device netdevsim0 removed [ 569.008021][ T7636] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.758532][T13924] chnl_net:caif_netlink_parms(): no params data found [ 570.034889][T13983] netlink: 'syz.3.2938': attribute type 5 has an invalid length. [ 570.179788][T13924] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.191683][T13924] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.208265][T13924] device bridge_slave_0 entered promiscuous mode [ 570.277821][T13924] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.295602][T13924] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.303742][T13924] device bridge_slave_1 entered promiscuous mode [ 570.500229][T13924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 570.625476][ T4277] Bluetooth: hci1: command 0x0409 tx timeout [ 570.729812][T13924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 571.041248][T13924] team0: Port device team_slave_0 added [ 571.114819][T14012] IPv6: Can't replace route, no match found [ 571.127745][T13924] team0: Port device team_slave_1 added [ 571.139473][T14015] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 571.238138][T13924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 571.245353][T13924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 571.292622][T13924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 571.310939][T14015] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2944'. [ 571.389953][T13924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 571.399330][T13924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 571.464334][T13924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 571.780366][T13924] device hsr_slave_0 entered promiscuous mode [ 571.822289][T13924] device hsr_slave_1 entered promiscuous mode [ 571.848897][T13924] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 571.865399][T13924] Cannot create hsr debugfs directory [ 572.511804][ T7636] device hsr_slave_1 left promiscuous mode [ 572.531032][ T7636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 572.549534][ T7636] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 572.572878][ T7636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 572.592120][ T7636] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 572.643500][ T7636] device veth1_macvtap left promiscuous mode [ 572.653573][ T7636] device veth0_macvtap left promiscuous mode [ 572.661124][ T7636] device veth1_vlan left promiscuous mode [ 572.670546][ T7636] device veth0_vlan left promiscuous mode [ 572.705529][ T4277] Bluetooth: hci1: command 0x041b tx timeout [ 573.364368][ T7636] device team_slave_1 left promiscuous mode [ 573.378723][ T7636] team0 (unregistering): Port device team_slave_1 removed [ 573.438704][ T7636] device team_slave_0 left promiscuous mode [ 573.447610][ T7636] team0 (unregistering): Port device team_slave_0 removed [ 573.514700][ T7636] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 573.526350][ T7636] device bond_slave_1 left promiscuous mode [ 573.906258][ T7636] bond0 (unregistering): Released all slaves [ 573.942752][T14047] netlink: 'syz.4.2951': attribute type 5 has an invalid length. [ 573.961236][T14052] pimreg: tun_chr_ioctl cmd 1074812117 [ 574.406350][T14071] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 574.412881][T14071] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 574.530223][T14067] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2956'. [ 574.691394][T14074] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 574.718416][T14074] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 574.746751][T14074] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 574.774914][T14074] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 574.788274][ T4277] Bluetooth: hci1: command 0x040f tx timeout [ 575.308075][T13924] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 575.346338][T13924] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 575.417821][T13924] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 575.432589][T14099] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.2965'. [ 575.492548][T13924] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 575.548958][T14099] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 575.615997][T14099] CPU: 0 PID: 14099 Comm: syz.4.2965 Not tainted 6.1.148-syzkaller #0 [ 575.624234][T14099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 575.634334][T14099] Call Trace: [ 575.637675][T14099] [ 575.640785][T14099] dump_stack_lvl+0x168/0x22e [ 575.642169][T14096] can: request_module (can-proto-0) failed. [ 575.645501][T14099] ? show_regs_print_info+0x12/0x12 [ 575.645533][T14099] ? load_image+0x3b0/0x3b0 [ 575.645578][T14099] sysfs_warn_dup+0x8a/0xa0 [ 575.645608][T14099] sysfs_do_create_link_sd+0xc0/0x110 [ 575.671140][T14099] device_add+0x7ed/0xfb0 [ 575.675509][T14099] wiphy_register+0x1e68/0x2bd0 [ 575.680398][T14099] ? cfg80211_event_work+0x40/0x40 [ 575.685547][T14099] ? minstrel_ht_alloc+0x894/0xa20 [ 575.690697][T14099] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 575.696803][T14099] ieee80211_register_hw+0x2c29/0x38c0 [ 575.702347][T14099] ? ieee80211_register_hw+0xe91/0x38c0 [ 575.707917][T14099] ? ieee80211_register_hw+0xe91/0x38c0 [ 575.713487][T14099] ? ieee80211_tasklet_handler+0x20/0x20 [ 575.719149][T14099] ? memset+0x1e/0x40 [ 575.723156][T14099] ? __hrtimer_init+0x186/0x270 [ 575.728030][T14099] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 575.733797][T14099] hwsim_new_radio_nl+0xafa/0xce0 [ 575.738861][T14099] genl_family_rcv_msg_doit+0x22e/0x320 [ 575.744428][T14099] ? end_current_label_crit_section+0x170/0x170 [ 575.750739][T14099] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 575.756760][T14099] ? bpf_lsm_capable+0x5/0x10 [ 575.761462][T14099] ? security_capable+0x85/0xb0 [ 575.766342][T14099] genl_rcv_msg+0x5f2/0x780 [ 575.770889][T14099] ? genl_bind+0x350/0x350 [ 575.775336][T14099] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 575.781713][T14099] netlink_rcv_skb+0x1de/0x420 [ 575.786519][T14099] ? genl_bind+0x350/0x350 [ 575.790954][T14099] ? netlink_ack+0x1100/0x1100 [ 575.795744][T14099] ? down_read+0x1a8/0x2d0 [ 575.800185][T14099] genl_rcv+0x24/0x40 [ 575.804183][T14099] netlink_unicast+0x74d/0x8d0 [ 575.808977][T14099] netlink_sendmsg+0x89e/0xbc0 [ 575.813783][T14099] ? netlink_getsockopt+0x540/0x540 [ 575.819006][T14099] ? aa_sock_msg_perm+0x94/0x150 [ 575.824055][T14099] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 575.829350][T14099] ? security_socket_sendmsg+0x7c/0xa0 [ 575.834829][T14099] ? netlink_getsockopt+0x540/0x540 [ 575.840049][T14099] ____sys_sendmsg+0x59b/0x970 [ 575.844843][T14099] ? __sys_sendmsg_sock+0x30/0x30 [ 575.849922][T14099] ? __import_iovec+0x315/0x500 [ 575.854823][T14099] ? import_iovec+0x6f/0xa0 [ 575.859365][T14099] ___sys_sendmsg+0x21c/0x290 [ 575.864100][T14099] ? __sys_sendmsg+0x270/0x270 [ 575.868935][T14099] ? __fdget+0x17c/0x200 [ 575.873207][T14099] __se_sys_sendmsg+0x19e/0x270 [ 575.878107][T14099] ? ct_nmi_exit+0x145/0x1c0 [ 575.882746][T14099] ? __x64_sys_sendmsg+0x80/0x80 [ 575.887723][T14099] ? lockdep_hardirqs_on+0x94/0x140 [ 575.892946][T14099] do_syscall_64+0x4c/0xa0 [ 575.897372][T14099] ? clear_bhb_loop+0x60/0xb0 [ 575.902056][T14099] ? clear_bhb_loop+0x60/0xb0 [ 575.906759][T14099] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 575.912675][T14099] RIP: 0033:0x7fbaa9b8ebe9 [ 575.917127][T14099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.936748][T14099] RSP: 002b:00007fbaaa9df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 575.945182][T14099] RAX: ffffffffffffffda RBX: 00007fbaa9db6090 RCX: 00007fbaa9b8ebe9 [ 575.953170][T14099] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 575.961151][T14099] RBP: 00007fbaa9c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 575.969143][T14099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.977136][T14099] R13: 00007fbaa9db6128 R14: 00007fbaa9db6090 R15: 00007ffc6cd3f978 [ 575.985315][T14099] [ 576.301914][T13924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 576.387339][T13924] 8021q: adding VLAN 0 to HW filter on device team0 [ 576.394386][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 576.407335][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 576.473860][ T5501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 576.519874][ T5501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 576.545151][ T5501] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.552395][ T5501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.574177][ T5501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 576.586590][ T5501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 576.597952][ T5501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 576.611867][ T5501] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.619106][ T5501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.844346][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 576.865195][ T4277] Bluetooth: hci1: command 0x0419 tx timeout [ 576.874056][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 576.901551][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 576.919882][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 576.987326][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 577.001496][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 577.036968][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 577.057265][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 577.076803][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 577.124182][T14129] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2972'. [ 577.208386][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 577.217646][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 577.261276][T13924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 578.506858][T14153] netlink: 'syz.4.2980': attribute type 4 has an invalid length. [ 578.777993][T14159] netlink: 16399 bytes leftover after parsing attributes in process `syz.3.2981'. [ 578.977661][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 579.007107][ T5493] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 579.051088][T13924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 579.143455][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 579.162560][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 579.239984][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 579.317727][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 579.350351][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 579.381071][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 579.424060][T13924] device veth0_vlan entered promiscuous mode [ 579.482865][T13924] device veth1_vlan entered promiscuous mode [ 579.664374][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 579.680670][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 579.701917][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 579.747289][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 579.780349][T13924] device veth0_macvtap entered promiscuous mode [ 579.806030][T13924] device veth1_macvtap entered promiscuous mode [ 579.918552][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 579.939430][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 579.960288][T14193] netlink: 'syz.3.2992': attribute type 3 has an invalid length. [ 579.987029][T14193] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.2992'. [ 579.995012][T13924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 580.036461][T13924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 580.130058][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 580.147650][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 580.176254][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 580.212134][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 580.330360][T14199] netlink: 'syz.4.2993': attribute type 10 has an invalid length. [ 580.351587][T14199] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 580.376666][T14199] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 580.437076][T14199] bond0: (slave hsr0): Error -95 calling set_mac_address [ 580.470433][T13924] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.504314][T13924] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.524679][T13924] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.540956][T13924] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.815551][ T5498] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 580.873143][ T5498] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 580.911944][ T7628] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 581.015183][ T7628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.023518][ T7628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 581.896399][ T5498] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 581.912275][T14214] netlink: 'syz.4.2997': attribute type 10 has an invalid length. [ 581.978321][T14214] bond0: (slave netdevsim0): Releasing backup interface [ 582.002882][T14214] device netdevsim0 left promiscuous mode [ 582.021320][T14214] device netdevsim0 entered promiscuous mode [ 582.033730][T14214] team0: Port device netdevsim0 added [ 582.090232][T14211] device syzkaller0 entered promiscuous mode [ 582.100284][T14218] netlink: 'syz.4.2997': attribute type 10 has an invalid length. [ 582.109527][T14218] device netdevsim0 left promiscuous mode [ 582.152514][T14218] team0: Port device netdevsim0 removed [ 582.168232][T14218] device netdevsim0 entered promiscuous mode [ 582.174987][T14218] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 583.415843][T13348] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 583.426754][T13348] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 583.435492][T13348] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 583.446005][T13348] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 583.454865][T13348] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 583.462743][T13348] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 585.508045][T13348] Bluetooth: hci0: command 0x0409 tx timeout [ 586.063914][T14235] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3002'. [ 587.061886][T14253] chnl_net:caif_netlink_parms(): no params data found [ 587.586152][T13348] Bluetooth: hci0: command 0x041b tx timeout [ 587.870289][ T7636] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.912016][T14253] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.927099][T14253] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.019481][T14253] device bridge_slave_0 entered promiscuous mode [ 588.116647][ T7636] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.143467][T14253] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.160227][T14253] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.186521][T14253] device bridge_slave_1 entered promiscuous mode [ 588.306940][ T7636] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.470422][ T7636] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.713904][T14253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 588.900749][T14253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 589.208051][T14253] team0: Port device team_slave_0 added [ 589.340173][T14253] team0: Port device team_slave_1 added [ 589.477471][T14356] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 589.483938][T14356] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 589.518114][T14354] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3025'. [ 589.662732][T14253] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 589.670627][T13348] Bluetooth: hci0: command 0x040f tx timeout [ 589.677253][T14253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.704187][T14253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 589.848903][T14253] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 589.856198][T14253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.882817][T14253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 590.196864][T14253] device hsr_slave_0 entered promiscuous mode [ 590.216494][T14253] device hsr_slave_1 entered promiscuous mode [ 590.234657][T14253] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 590.255290][T14253] Cannot create hsr debugfs directory [ 591.748751][ T4277] Bluetooth: hci0: command 0x0419 tx timeout [ 592.133164][ T7636] device hsr_slave_1 left promiscuous mode [ 592.176172][ T7636] device veth1_macvtap left promiscuous mode [ 592.189057][ T7636] device veth0_macvtap left promiscuous mode [ 592.196435][ T7636] device veth1_vlan left promiscuous mode [ 592.202483][ T7636] device veth0_vlan left promiscuous mode [ 592.790411][ T7636] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 592.832142][ T7636] device team_slave_1 left promiscuous mode [ 592.848330][ T7636] team0 (unregistering): Port device team_slave_1 removed [ 592.916392][ T7636] device team_slave_0 left promiscuous mode [ 592.925022][ T7636] team0 (unregistering): Port device team_slave_0 removed [ 592.985661][ T7636] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 593.043425][ T7636] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 593.667433][ T7636] bond0 (unregistering): Released all slaves [ 593.705888][T14398] device bridge_slave_1 left promiscuous mode [ 593.712189][T14398] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.722402][T14398] device bridge_slave_0 left promiscuous mode [ 593.730209][T14398] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.931269][ T5465] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.091412][ T5465] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.222783][ T5465] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.386850][ T5465] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.538984][ T5465] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.645275][ T5465] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.736002][ T5465] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.806355][ T5465] bond0: (slave netdevsim0): Releasing backup interface [ 595.826744][ T5465] device netdevsim0 left promiscuous mode [ 595.834718][ T5465] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.712199][ T5465] device hsr_slave_0 left promiscuous mode [ 597.718874][ T5465] device hsr_slave_1 left promiscuous mode [ 597.729326][ T5465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 597.737179][ T5465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 597.747888][ T5465] device bridge_slave_1 left promiscuous mode [ 597.755641][ T5465] bridge0: port 2(bridge_slave_1) entered disabled state [ 597.765024][ T5465] device bridge_slave_0 left promiscuous mode [ 597.773464][ T5465] bridge0: port 1(bridge_slave_0) entered disabled state [ 597.791776][ T5465] device hsr_slave_0 left promiscuous mode [ 597.798942][ T5465] device hsr_slave_1 left promiscuous mode [ 597.808014][ T5465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 597.815731][ T5465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 597.823625][ T5465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 597.831651][ T5465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 597.840694][ T5465] device veth0_to_bridge left promiscuous mode [ 597.847306][ T5465] Ÿë: port 1(veth0_to_bridge) entered disabled state [ 597.861415][ T5465] device hsr_slave_0 left promiscuous mode [ 597.868007][ T5465] device hsr_slave_1 left promiscuous mode [ 597.911727][ T5465] device veth1_macvtap left promiscuous mode [ 597.917996][ T5465] device veth0_macvtap left promiscuous mode [ 597.924135][ T5465] device veth1_vlan left promiscuous mode [ 597.930753][ T5465] device veth0_vlan left promiscuous mode [ 597.939472][ T5465] device veth1_macvtap left promiscuous mode [ 597.946007][ T5465] device veth0_macvtap left promiscuous mode [ 597.952265][ T5465] device veth1_vlan left promiscuous mode [ 597.958220][ T5465] device veth0_vlan left promiscuous mode [ 598.221499][ T5465] team0 (unregistering): Port device team_slave_1 removed [ 598.251409][ T5465] team0 (unregistering): Port device team_slave_0 removed [ 598.274931][ T5465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 598.302984][ T5465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 598.387545][ T5465] bond0 (unregistering): Released all slaves [ 598.745313][ T5465] team0 (unregistering): Port device team_slave_1 removed [ 598.781999][ T5465] team0 (unregistering): Port device team_slave_0 removed [ 598.819049][ T5465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 598.858767][ T5465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 599.229822][ T5465] bond0 (unregistering): Released all slaves [ 599.622587][ T5465] device team_slave_1 left promiscuous mode [ 599.631483][ T5465] team0 (unregistering): Port device team_slave_1 removed [ 599.667258][ T5465] device team_slave_0 left promiscuous mode [ 599.674372][ T5465] team0 (unregistering): Port device team_slave_0 removed [ 599.710211][ T5465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 599.719120][ T5465] device bond_slave_1 left promiscuous mode [ 599.755235][ T5465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 599.764275][ T5465] device bond_slave_0 left promiscuous mode [ 600.098977][ T5465] bond0 (unregistering): Released all slaves [ 600.991415][ T5465] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.042573][ T5465] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.094954][ T5465] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.152017][ T5465] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 602.244194][ T5465] device hsr_slave_0 left promiscuous mode [ 602.250923][ T5465] device hsr_slave_1 left promiscuous mode [ 602.258085][ T5465] device bridge_slave_1 left promiscuous mode [ 602.264418][ T5465] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.274427][ T5465] device bridge_slave_0 left promiscuous mode [ 602.280842][ T5465] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.302197][ T5465] device veth1_macvtap left promiscuous mode [ 602.308320][ T5465] device veth0_macvtap left promiscuous mode [ 602.314540][ T5465] device veth1_vlan left promiscuous mode [ 602.320385][ T5465] device veth0_vlan left promiscuous mode [ 602.680615][ T5465] team0 (unregistering): Port device team_slave_1 removed [ 602.716964][ T5465] team0 (unregistering): Port device team_slave_0 removed [ 602.751609][ T5465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 602.789388][ T5465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface