last executing test programs: 3.210129577s ago: executing program 4 (id=6189): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, 0x0}, 0x20) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r3}, 0x10) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4008744b, 0x0) syz_clone(0xc2002000, 0x0, 0x0, &(0x7f0000000340), &(0x7f00000001c0), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000080)='mem\x00\x10\x00\x00\x00\x00\x00\x00I\xa2l') syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='fsi_master_aspeed_opb_write\x00'}, 0xfffffffffffffee0) 2.590800368s ago: executing program 0 (id=6195): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000018010000202064050000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1428437b3c8026bdfeb6db4ee9bcb25b1811d40a203bf40b3a7da5a8a64db04ed6dd26eea2a37229c339b1f91201c2796", 0x3d}], 0x1}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x40fd) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)}, 0x1f00) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.302010721s ago: executing program 4 (id=6198): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x14, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x3, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x1, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0, 0x5}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) recvmsg(0xffffffffffffffff, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000014c0)=""/4096, 0x1000}], 0x1}, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) 2.182931121s ago: executing program 3 (id=6199): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair(0x2a, 0x4, 0x5, &(0x7f0000000000)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x1, &(0x7f00000001c0)=@raw=[@call={0x85, 0x0, 0x0, 0x51}], 0x0}, 0x90) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000034f0e61000000000000000004000000bb7f1a007600feff000020009500000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x5, 0x8e, &(0x7f0000000100)=""/142, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000feff000000000106000000000000000000a6c00000002377bbe6d9ff994b67c0fe7df0de96e210855d09cd735724d29ad36a6034608c53cf012749007480fc2bfb7c5177178985a37b18"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) r3 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r3, r2, 0x0, 0x10, &(0x7f0000000140)='rcu_utilization\x00'}, 0x30) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r6, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x21, &(0x7f0000000040), 0x4) sendmsg$tipc(r6, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000841}, 0x0) sendmsg$tipc(r5, &(0x7f0000000b40)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0}, 0x20) 2.112432267s ago: executing program 3 (id=6200): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x2}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001a80)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000006c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYRES8=r3], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000000c0)=r8, 0x4) sendmsg$inet(r7, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x8, 0x9, 0x7, 0x81, 0xffffffffffffffff, 0x7b12, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x8}, 0x48) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, r4, 0xb, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x0, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$TUNSETVNETLE(r9, 0x400454dc, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, 0x0, 0xdc31011e4ffbd7) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2.056339611s ago: executing program 3 (id=6201): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/12], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$MAP_UPDATE_BATCH(0x1b, 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0xfffffdef) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r2, &(0x7f0000000980), 0x20000992) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x48) 1.657947824s ago: executing program 0 (id=6202): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r2, 0x58, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xa, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='mm_lru_activate\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) write$cgroup_int(r5, &(0x7f0000000200), 0x43451) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x100, 0x0, 0x3, 0x5, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x1, 0xe}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x5, 0x6, 0x203, 0x40, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000003c0), 0x8002, r6}, 0x38) close(0xffffffffffffffff) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r7, &(0x7f0000000300), &(0x7f00000006c0)=""/169}, 0x20) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) close(r1) close(r0) 1.164309834s ago: executing program 3 (id=6204): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYRESHEX=r0], 0x0, 0x1}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000370800000000d8f9ea1df8ffb40f0000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x32, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfda5fc371f606f39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000040008500005f5a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xbb6, 0x0, 0x0, 0x0, 0x56}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r5, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x4003e80, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x20000281}], 0x1}, 0x0) 1.160735715s ago: executing program 4 (id=6205): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x220, 0x1}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xffd, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000500)=ANY=[@ANYRES8=r1, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa21a35512d908400000000000007020000f8ffffffb703000008000000b704000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x90) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000026ceec1b21a9230a0743576b9000000000000000100000d030000000000000003000000000000000000000105000000200000000000000000fd8f1682c000030000000004000000020084a2077c"], 0x0, 0x56}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0xa, 0xd0, 0x4, 0x3108, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x1, 0x2, 0x0, 0xb}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0xfffc}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r8, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="0f060b7988d0e433454eac5b3bf9aa281383a37e35de94df591b29965d3d2e3a077018eacb73ff67ac4742e179043ccdc728de39e454f8761e58601ed395dc781e49ec1c24df917950f19a9606eb8ec436c15c8c262b7802f6cfbf5e50cf405840675e563541", 0xff8d}], 0x1}, 0x40) recvmsg(r9, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/78, 0x4e}], 0x1}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x6, 0x9, 0xcaa, 0x20, r0, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) close(r2) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x8982, 0x20000000) 467.039471ms ago: executing program 0 (id=6207): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="1e031800dd5c980128854d4a828e00000000002f"], 0xffdd) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000283d0020850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7ffb, 0xcc}, 0x48) 324.199963ms ago: executing program 1 (id=6210): syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000002b00)='ns/net\x00') syz_open_procfs$namespace(0x0, &(0x7f0000002c00)='ns/net\x00') 296.018455ms ago: executing program 4 (id=6211): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b2c16bd94d2da66059de81abfa15eeeae3b0ba38d8bb1bf032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f5533d3c58104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7866f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7abc231f8cde79b7a6c5aafe954b8ba37818e40c14b36f2d7c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1df7ffffff735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c095162b82ceaeaae9b1713b5f2ee68e2b53d44bd84bf6960157e96bbb96b5e10d66c87e7a9a7d53c281d88ebb175a4dbb82130e6870980e47913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf355e5b91114052f8a398d8e10c96b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3df3572a7d9ef5f6103997f1f9e4b0c3970bda50f6c0af58dbd6c031b1a5a7512c58965c514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e24d192d67a1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb2200040000fc1e3865d17d128306d1b81884a934cb0000000000d367000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44b615ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f530043a6cd72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a673804220423f52ad8178b9fd04bff816e00000000000000000000000000000000000000000079aaf19bd1e18f582aac5b83d76bd57297512fdcdad18bcf2455bc80394d8f34e2ef84733038f4b6ef516d7baa99f24f2f100fc46aec9dc19b30fe9966b7ae563b6459d86fd3b4c7173f06387517e4189f3fb09c069e20220354b054f2391efe55a0cc7f738b3987ae033ceabddec65ec31f98c7e0858e8d411087889964b8fb3c31f74fa7b2e6e1c1d84a46d8be8afff1ac67eb2da30294d4a0f89978d4e2137319b6448da45bd00eb23aa5be1d566782b5a4aa291a854a4932bcbf472fd1175b521edb1763bb7dae4a124b0006e2ce4799519b3dbd3c0109b17fe2b4b87f6ad4b7176c9c1959669ef42cfce81fbc6dcdc7f9bde1a66c0b3cf9329bfecf0217bda1b72924ee9d90a3bd0be833f206244b5ba0648309018da5442ebd22bca0363183aae9d38f80638f52015cab5a8d772f9b92cb2f286783fa976f7d215136cae0b0b0539dc7dbd56035a69807514c732763f542f10401e65368b821b584fe2f82c94b2f5930246800000000000000000000000000000000000000c8ed77d8ac9f28a2e8f205900241ec8872fe3ecdf73abfc4024298a69649e17f3fe5ebba1e17f2f280e6d3f094cd3448700c5ee102b5d1b04f08ab2e5272990646eca26a62431e8c942ea2c0c621b4821eb5beceee6d53468852159452cf47aead473a8638a4d1ce2d4c6df1074e8cb3ec16149e6b4b7ec1a9aa1b63f41d08afd3d885b98330e25eedaaf5f361b2e81ce0c52ee84a2b340afdc59b177921e2f2a99132b82ed3291196038fe9a4f5a5dc734788c71bf46222d266a48628774c87b88bf3dcbea4574a87726345587e1e233fd4117063d183f477cc53c52a3fafcb998a96cf9f61cdd9ffa82d648880552ac506811accffc85ca34b262ed983d4645f4657522ed32b278891c26d5e70d41f9a5c8df8dc163fd84a81af0020a10fe53ce940d350d62b526f198620abdad179a273682175da1d9d82fde7eb9a45b566e78904238d00908b5876b4ebfca376d631b9b0caf3f1ef32ae87507aace4715efaf840ebda28e741a8b6b29eed5861168b4e1b3842f6db4443974dd0f0d4ceed9ca62fd2a839a8150335dc2b9640825b83c8bf4f931a51b093bf2dc84809af7c14f04b58d64e4f852bc49cf1126567e11f61774559bdbcc500000000000000000000000000eab10c8c592cb6f1ebccd9eb16c155a0666189eb16cea09f164363456645c9b7c168bc214615a7e94ff3d53f85c6396c42050f3205cef3009458f33949efa6a583d87795448b8b21ab6a7ca4bd8b0da30dee0af8b3a0f3cfd0ad9a8e7819b2057e2e5d8b453b6f743f8fc4dee677658958c4d4663ddcdfd0fc44e996665ab5586a4eb40a959fb0dababa05e776c29cf2443ad1d2fa0920288db88e645033ae1a4357078810d20bd93b8194214554c3f8c6efd61bc40000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f00000002c0)="f6ea090003000060009ba538a44cc2", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) 295.497085ms ago: executing program 2 (id=6212): socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffb5, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) close(r0) 288.049816ms ago: executing program 1 (id=6213): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0xc}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000900000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r0}, 0x10) syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0) 224.231921ms ago: executing program 2 (id=6214): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x27, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 215.028802ms ago: executing program 1 (id=6215): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071113d00000000008510000002000000850000006300000095003300000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) 209.489983ms ago: executing program 2 (id=6216): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) 160.441816ms ago: executing program 0 (id=6217): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000e80)=ANY=[@ANYBLOB="8500000061000000350000000000000085000000230000009500000000000000f4670880271e3542dfa8ba6287066c5197fabc5f7010e81a15202164afe0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e20100000000000000c09cc28de194f40800000000b0d3712c7e93366796c7224a0c2c0213af2ecdf3c075e3d800000104f4b1fc30dc914bc16543d4baa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3012e95752003b2f7846c744ae6af3c037102124d8eb000000000000000000000000a46aac3abe6c4d7f47ef6d02bad9dddacecf7eaa4a9779f8555ed6aea768c1f28221c110ed050000000ee282ab76ef93d96bc46a7c04b8c5324812d992a4f8dc6fcba00b1b2da951667d0276a0327b56c0ebfb19b3426887b6f1b6070e0ce1f844ce32a9988ca042dca52fbb8c1452b651ebf942f7297f7b66254c567b7983f60f2744419a2f238f173d0000003cf4fbd775d9c07d8d591a4dac60ff00a629b3b200000000000000000000000009001d004e41ff9b4d00e07ff771cea08bea1fb4c4c43f74936f333e3ae44f7ddd2fb35d4c46392ae855531b1eaf40aee8c94fd812e40f14c519a264ff3c572eecd5f6ca98b55e78f8d94f57ed7e6a3ab5dd9a4adedbdf0e58f58eb2e83500000000000000934c92002eace9a8d6f3dd008acf8a5c0fb43367806001010000000000001d41f45d90a1e19795c995ff7d0020ecccf41d81c8c510cf773171407191872d0e3e62dd578d590e62ff74d667477ac69a806d4552084a87f74fdfc117d4975576c102976c1ef70ceac9ff714bab1f59f8ebd67f2aca41706c147e3e0d3e557de0349c5ca80f10361bedc4832ae62a2b745ef6587710a82c2e27bacc81877b996a708c3a9235bdbec2cde0cf7678205439b4fd312c7106000000000000000000000000df83e1a6c37e26d8f98d7e9419275bc3bba633b47d00"/721], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0xfffff000, 0x14, 0x0, &(0x7f0000000880)="61df712bc884fed5722780b60800", 0x0, 0x8000, 0x0, 0xfffffffffffffeca, 0x0, &(0x7f0000000000), &(0x7f0000000800)="ffe200004e379b19393a41afde6b0b1235c1278ebf59a5d4d697bc199e060b675b46d4ff37c7f91ceaa6790cd8570f080b0d2375918cd7dfcf26aa90dc6a5617be488475b892958512c8e814c24d7efc26f9f2512dec8c759773c42a2fca2735984613809a78eb", 0x0, 0x2}, 0x28) 160.228416ms ago: executing program 4 (id=6218): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x81, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 160.137576ms ago: executing program 2 (id=6219): bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000200)=""/166}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter, 0x48) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080)) 160.012616ms ago: executing program 1 (id=6220): socketpair$unix(0x1, 0x1, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000000a40)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x9ec4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3f}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x3, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'wg2\x00', @random="bc06235ec6a6"}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) socketpair(0x21, 0xab3e5be4af9b493c, 0x6, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) 159.629817ms ago: executing program 3 (id=6221): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="1e03"], 0x1010) 148.007897ms ago: executing program 4 (id=6222): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x53}, @call={0x85, 0x0, 0x0, 0x9e}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192}, 0x80) 144.010708ms ago: executing program 2 (id=6223): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 95.662852ms ago: executing program 0 (id=6224): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 95.478782ms ago: executing program 2 (id=6225): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x40000004, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32, @ANYBLOB="0d00ff0000000000830000000000000045"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe99}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x440, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'wg0\x00', 0x800}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xa, 0x4, 0x4, 0x4, 0x0, 0x1}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008230000b7040000000000008500000001000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000060ff850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getpid() perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0xfd, 0x0, 0x0, 0x4, 0xf0a51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffc) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f3, &(0x7f0000000080)) 85.986062ms ago: executing program 0 (id=6226): perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x5670}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x0, 0x4}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x400004, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x1000000}, 0x90) perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x13, 0x4, 0x0, 0x0, 0x2}, 0x48) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1, 0x1, 0x8e, 0xe7c9}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400}) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) 55.924445ms ago: executing program 1 (id=6227): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8fcffffb702000005000000b703000000000000850000007500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x85}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r2}, 0x10) 124.3µs ago: executing program 1 (id=6228): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 0s ago: executing program 3 (id=6229): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) kernel console output (not intermixed with test programs): T10133] ? debug_smp_processor_id+0x17/0x20 [ 334.916414][T10133] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 334.922321][T10133] __x64_sys_write+0x7b/0x90 [ 334.926747][T10133] do_syscall_64+0x3d/0xb0 [ 334.930996][T10133] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 334.936723][T10133] RIP: 0033:0x7fb4bbfad4df [ 334.940979][T10133] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48 [ 334.960418][T10133] RSP: 002b:00007fb4bac0d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 334.968667][T10133] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb4bbfad4df [ 334.976481][T10133] RDX: 0000000000000001 RSI: 00007fb4bac0d0a0 RDI: 0000000000000009 [ 334.984375][T10133] RBP: 00007fb4bac0d090 R08: 0000000000000000 R09: 0000000000000000 [ 334.992182][T10133] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 335.000000][T10133] R13: 0000000000000001 R14: 00007fb4bc13d058 R15: 00007fffbb21f358 [ 335.007827][T10133] [ 335.927800][T10160] device sit0 entered promiscuous mode [ 344.983169][T10372] syz.3.3541[10372] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 344.983248][T10372] syz.3.3541[10372] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 346.037757][T10403] tun0: tun_chr_ioctl cmd 1074025678 [ 346.059741][T10403] tun0: group set to 0 [ 346.065739][T10404] FAULT_INJECTION: forcing a failure. [ 346.065739][T10404] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 346.231701][T10404] CPU: 1 PID: 10404 Comm: syz.0.3551 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 346.242912][T10404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 346.252804][T10404] Call Trace: [ 346.255937][T10404] [ 346.258705][T10404] dump_stack_lvl+0x151/0x1b7 [ 346.263236][T10404] ? io_uring_drop_tctx_refs+0x190/0x190 [ 346.268688][T10404] dump_stack+0x15/0x17 [ 346.272677][T10404] should_fail+0x3c6/0x510 [ 346.276933][T10404] should_fail_alloc_page+0x5a/0x80 [ 346.281963][T10404] prepare_alloc_pages+0x15c/0x700 [ 346.286913][T10404] ? __alloc_pages+0x8f0/0x8f0 [ 346.291529][T10404] ? __alloc_pages_bulk+0xe40/0xe40 [ 346.296554][T10404] __alloc_pages+0x18c/0x8f0 [ 346.300979][T10404] ? __x64_sys_bpf+0x7c/0x90 [ 346.305402][T10404] ? prep_new_page+0x110/0x110 [ 346.310001][T10404] ? __kasan_check_write+0x14/0x20 [ 346.314952][T10404] __get_free_pages+0x10/0x30 [ 346.319635][T10404] kasan_populate_vmalloc_pte+0x39/0x130 [ 346.325103][T10404] ? __apply_to_page_range+0x8ca/0xbe0 [ 346.330411][T10404] __apply_to_page_range+0x8dd/0xbe0 [ 346.335514][T10404] ? kasan_populate_vmalloc+0x70/0x70 [ 346.340725][T10404] ? kasan_populate_vmalloc+0x70/0x70 [ 346.345927][T10404] apply_to_page_range+0x3b/0x50 [ 346.350703][T10404] kasan_populate_vmalloc+0x65/0x70 [ 346.355744][T10404] alloc_vmap_area+0x192f/0x1a80 [ 346.360519][T10404] ? vm_map_ram+0xa90/0xa90 [ 346.364852][T10404] ? kmem_cache_alloc_trace+0x115/0x210 [ 346.370248][T10404] ? __get_vm_area_node+0x117/0x360 [ 346.375268][T10404] __get_vm_area_node+0x158/0x360 [ 346.380127][T10404] __vmalloc_node_range+0xe2/0x8d0 [ 346.385072][T10404] ? htab_map_alloc+0x3b9/0x1440 [ 346.389852][T10404] bpf_map_area_alloc+0xd9/0xf0 [ 346.394531][T10404] ? htab_map_alloc+0x3b9/0x1440 [ 346.399305][T10404] htab_map_alloc+0x3b9/0x1440 [ 346.403912][T10404] map_create+0x411/0x2050 [ 346.408163][T10404] __sys_bpf+0x296/0x760 [ 346.412236][T10404] ? fput_many+0x160/0x1b0 [ 346.416493][T10404] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 346.421704][T10404] ? debug_smp_processor_id+0x17/0x20 [ 346.426904][T10404] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 346.432812][T10404] __x64_sys_bpf+0x7c/0x90 [ 346.437061][T10404] do_syscall_64+0x3d/0xb0 [ 346.441316][T10404] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 346.447039][T10404] RIP: 0033:0x7fcae7def9f9 [ 346.451299][T10404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.470736][T10404] RSP: 002b:00007fcae6a6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 346.478980][T10404] RAX: ffffffffffffffda RBX: 00007fcae7f7df80 RCX: 00007fcae7def9f9 [ 346.486793][T10404] RDX: 0000000000000048 RSI: 00000000200005c0 RDI: 0000000000000000 [ 346.494606][T10404] RBP: 00007fcae6a6f090 R08: 0000000000000000 R09: 0000000000000000 [ 346.502418][T10404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 346.510227][T10404] R13: 0000000000000000 R14: 00007fcae7f7df80 R15: 00007ffdd67ebbb8 [ 346.518049][T10404] [ 351.226331][T10536] syz.1.3596[10536] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 351.731611][T10547] device sit0 left promiscuous mode [ 352.310926][T10566] syz.1.3604[10566] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 352.310996][T10566] syz.1.3604[10566] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.715943][ T30] audit: type=1400 audit(1723291581.938:148): avc: denied { create } for pid=10601 comm="syz.2.3618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 354.194898][ T30] audit: type=1400 audit(1723291582.418:149): avc: denied { create } for pid=10616 comm="syz.2.3624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 354.486251][T10630] device sit0 entered promiscuous mode [ 355.342721][T10653] syz.4.3635[10653] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 355.342798][T10653] syz.4.3635[10653] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 356.137798][T10672] device sit0 entered promiscuous mode [ 356.451929][ T30] audit: type=1400 audit(1723291584.678:150): avc: denied { create } for pid=10679 comm="syz.4.3644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 366.544315][T10930] device sit0 left promiscuous mode [ 366.681110][T10930] device sit0 entered promiscuous mode [ 368.304969][T10979] FAULT_INJECTION: forcing a failure. [ 368.304969][T10979] name failslab, interval 1, probability 0, space 0, times 0 [ 368.317438][T10979] CPU: 0 PID: 10979 Comm: syz.1.3739 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 368.328675][T10979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 368.338571][T10979] Call Trace: [ 368.341692][T10979] [ 368.344476][T10979] dump_stack_lvl+0x151/0x1b7 [ 368.348989][T10979] ? io_uring_drop_tctx_refs+0x190/0x190 [ 368.354461][T10979] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 368.360093][T10979] ? __mod_timer+0x903/0xcf0 [ 368.364556][T10979] ? ipv6_rcv+0xeb/0x270 [ 368.368599][T10979] ? __netif_receive_skb+0x1c6/0x530 [ 368.373726][T10979] dump_stack+0x15/0x17 [ 368.377717][T10979] should_fail+0x3c6/0x510 [ 368.381967][T10979] __should_failslab+0xa4/0xe0 [ 368.386565][T10979] ? skb_clone+0x1d1/0x360 [ 368.390819][T10979] should_failslab+0x9/0x20 [ 368.395156][T10979] slab_pre_alloc_hook+0x37/0xd0 [ 368.399934][T10979] ? skb_clone+0x1d1/0x360 [ 368.404187][T10979] kmem_cache_alloc+0x44/0x200 [ 368.408787][T10979] skb_clone+0x1d1/0x360 [ 368.412871][T10979] __neigh_event_send+0xbcc/0x1160 [ 368.417937][T10979] ? __local_bh_enable_ip+0x58/0x80 [ 368.422972][T10979] neigh_resolve_output+0x1cf/0x760 [ 368.428009][T10979] ip6_finish_output2+0xf95/0x16e0 [ 368.432951][T10979] ? __ip6_finish_output+0x7c0/0x7c0 [ 368.438071][T10979] ? ip6t_do_table+0x1662/0x1850 [ 368.442851][T10979] __ip6_finish_output+0x60f/0x7c0 [ 368.447794][T10979] ip6_finish_output+0x31/0x210 [ 368.452478][T10979] ? ip6_output+0x486/0x4d0 [ 368.456817][T10979] ip6_output+0x1f7/0x4d0 [ 368.460985][T10979] ? ac6_seq_show+0xf0/0xf0 [ 368.465324][T10979] ? ip6_output+0x4d0/0x4d0 [ 368.469757][T10979] ip6_local_out+0x1ff/0x480 [ 368.474179][T10979] ? dst_output+0x80/0x80 [ 368.478342][T10979] ? __ip6_local_out+0x410/0x410 [ 368.483114][T10979] ? ip6_setup_cork+0xd29/0x12a0 [ 368.487892][T10979] ip6_push_pending_frames+0x14a/0x290 [ 368.493186][T10979] icmpv6_push_pending_frames+0x2b8/0x450 [ 368.498846][T10979] icmp6_send+0x13d0/0x1d60 [ 368.503172][T10979] ? icmpv6_push_pending_frames+0x450/0x450 [ 368.508893][T10979] ? gre_parse_header+0xca7/0x16d0 [ 368.513840][T10979] ? sock_alloc_send_pskb+0x915/0xa50 [ 368.519054][T10979] ? skb_pull_rcsum+0x23b/0x3a0 [ 368.523748][T10979] ? __iptunnel_pull_header+0x7bf/0x800 [ 368.529123][T10979] gre_rcv+0xce0/0x1350 [ 368.533115][T10979] ? erspan_build_header_v2+0x4c0/0x4c0 [ 368.538490][T10979] ? rawv6_mh_filter_unregister+0x20/0x20 [ 368.544049][T10979] ? ip6t_alloc_initial_table+0x630/0x630 [ 368.549606][T10979] ip6_protocol_deliver_rcu+0xa85/0x13c0 [ 368.555077][T10979] ip6_input+0xd9/0x260 [ 368.559062][T10979] ? ip6_protocol_deliver_rcu+0x13c0/0x13c0 [ 368.564788][T10979] ? ip6_input+0x260/0x260 [ 368.569040][T10979] ? sk_setup_caps+0x430/0x430 [ 368.573650][T10979] ip6_rcv_finish+0x186/0x350 [ 368.578153][T10979] ipv6_rcv+0xeb/0x270 [ 368.582067][T10979] ? ip6_rcv_finish+0x350/0x350 [ 368.586744][T10979] ? refcount_add+0x80/0x80 [ 368.591085][T10979] ? ip6_rcv_finish+0x350/0x350 [ 368.595771][T10979] __netif_receive_skb+0x1c6/0x530 [ 368.600807][T10979] ? deliver_ptype_list_skb+0x3b0/0x3b0 [ 368.606186][T10979] ? _copy_from_iter+0x231/0xdc0 [ 368.610960][T10979] netif_receive_skb+0xb0/0x480 [ 368.615646][T10979] ? _copy_from_iter+0x34d/0xdc0 [ 368.620547][T10979] ? netif_receive_skb_core+0x210/0x210 [ 368.625931][T10979] tun_rx_batched+0x6d9/0x870 [ 368.630446][T10979] ? eth_type_trans+0x2c6/0x600 [ 368.635126][T10979] ? __check_object_size+0x2ec/0x3d0 [ 368.640264][T10979] ? local_bh_enable+0x30/0x30 [ 368.644860][T10979] tun_get_user+0x2cb7/0x3aa0 [ 368.649450][T10979] ? kasan_set_track+0x4b/0x70 [ 368.654047][T10979] ? kasan_set_free_info+0x23/0x40 [ 368.658998][T10979] ? _kstrtoull+0x3a0/0x4a0 [ 368.663338][T10979] ? tun_do_read+0x1ef0/0x1ef0 [ 368.667937][T10979] ? kstrtouint_from_user+0x20a/0x2a0 [ 368.673144][T10979] ? kstrtol_from_user+0x310/0x310 [ 368.678097][T10979] ? avc_policy_seqno+0x1b/0x70 [ 368.682780][T10979] ? selinux_file_permission+0x2c4/0x570 [ 368.688245][T10979] tun_chr_write_iter+0x1e1/0x2e0 [ 368.693107][T10979] vfs_write+0xd5d/0x1110 [ 368.697270][T10979] ? kmem_cache_free+0x2c3/0x2e0 [ 368.702050][T10979] ? file_end_write+0x1c0/0x1c0 [ 368.706738][T10979] ? __fdget_pos+0x209/0x3a0 [ 368.711157][T10979] ? ksys_write+0x77/0x2c0 [ 368.715413][T10979] ksys_write+0x199/0x2c0 [ 368.719581][T10979] ? __ia32_sys_read+0x90/0x90 [ 368.724177][T10979] ? debug_smp_processor_id+0x17/0x20 [ 368.729481][T10979] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 368.735374][T10979] __x64_sys_write+0x7b/0x90 [ 368.739802][T10979] do_syscall_64+0x3d/0xb0 [ 368.744053][T10979] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 368.749869][T10979] RIP: 0033:0x7fde2b6d79f9 [ 368.754125][T10979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.773569][T10979] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 368.781806][T10979] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 368.789617][T10979] RDX: 000000000000fdef RSI: 0000000020000000 RDI: 00000000000000c8 [ 368.797538][T10979] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 368.805341][T10979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 368.813153][T10979] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 368.820977][T10979] [ 370.169354][T11017] cgroup: fork rejected by pids controller in /syz3 [ 371.267332][ T321] device bridge_slave_1 left promiscuous mode [ 371.292694][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.300029][ T321] device bridge_slave_0 left promiscuous mode [ 371.307136][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.333032][ T321] device veth1_macvtap left promiscuous mode [ 372.129115][T11040] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.151709][T11040] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.185803][T11040] device bridge_slave_0 entered promiscuous mode [ 372.260798][T11040] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.268542][T11040] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.291986][T11040] device bridge_slave_1 entered promiscuous mode [ 372.327128][T11071] FAULT_INJECTION: forcing a failure. [ 372.327128][T11071] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 372.340112][T11071] CPU: 1 PID: 11071 Comm: syz.2.3768 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 372.351403][T11071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 372.361290][T11071] Call Trace: [ 372.364409][T11071] [ 372.367189][T11071] dump_stack_lvl+0x151/0x1b7 [ 372.371702][T11071] ? io_uring_drop_tctx_refs+0x190/0x190 [ 372.377171][T11071] dump_stack+0x15/0x17 [ 372.381166][T11071] should_fail+0x3c6/0x510 [ 372.385417][T11071] should_fail_usercopy+0x1a/0x20 [ 372.390275][T11071] _copy_from_user+0x20/0xd0 [ 372.394703][T11071] bpf_test_init+0x13b/0x1b0 [ 372.399292][T11071] bpf_prog_test_run_skb+0x268/0x1420 [ 372.404422][T11071] ? __kasan_check_write+0x14/0x20 [ 372.409372][T11071] ? proc_fail_nth_write+0x20b/0x290 [ 372.414491][T11071] ? selinux_file_permission+0x2c4/0x570 [ 372.419960][T11071] ? proc_fail_nth_read+0x210/0x210 [ 372.424994][T11071] ? fsnotify_perm+0x6a/0x5d0 [ 372.429513][T11071] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 372.435233][T11071] ? __kasan_check_write+0x14/0x20 [ 372.440184][T11071] ? fput_many+0x160/0x1b0 [ 372.444436][T11071] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 372.450162][T11071] bpf_prog_test_run+0x3b0/0x630 [ 372.454936][T11071] ? bpf_prog_query+0x220/0x220 [ 372.459623][T11071] ? selinux_bpf+0xd2/0x100 [ 372.463962][T11071] ? security_bpf+0x82/0xb0 [ 372.468304][T11071] __sys_bpf+0x525/0x760 [ 372.472384][T11071] ? fput_many+0x160/0x1b0 [ 372.476634][T11071] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 372.481856][T11071] ? debug_smp_processor_id+0x17/0x20 [ 372.487049][T11071] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 372.492954][T11071] __x64_sys_bpf+0x7c/0x90 [ 372.497208][T11071] do_syscall_64+0x3d/0xb0 [ 372.501473][T11071] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 372.507271][T11071] RIP: 0033:0x7fe5811d59f9 [ 372.511538][T11071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.530970][T11071] RSP: 002b:00007fe57fe55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 372.539213][T11071] RAX: ffffffffffffffda RBX: 00007fe581363f80 RCX: 00007fe5811d59f9 [ 372.547026][T11071] RDX: 000000000000001e RSI: 0000000020000080 RDI: 000000000000000a [ 372.554920][T11071] RBP: 00007fe57fe55090 R08: 0000000000000000 R09: 0000000000000000 [ 372.562731][T11071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 372.570545][T11071] R13: 0000000000000000 R14: 00007fe581363f80 R15: 00007ffe8ecba328 [ 372.578367][T11071] [ 372.790775][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 372.818536][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 372.902352][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 372.943863][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 373.034747][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.041831][ T313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 373.180928][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 373.262283][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 373.338713][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.345622][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 373.444771][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 373.452644][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 373.462635][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 373.476059][T11040] device veth0_vlan entered promiscuous mode [ 373.510287][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 373.519040][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 373.528229][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 373.536405][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 373.546283][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 373.553703][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 373.567552][T11088] FAULT_INJECTION: forcing a failure. [ 373.567552][T11088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 373.598307][T11088] CPU: 0 PID: 11088 Comm: syz.4.3773 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 373.609509][T11088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 373.619401][T11088] Call Trace: [ 373.622523][T11088] [ 373.625303][T11088] dump_stack_lvl+0x151/0x1b7 [ 373.629816][T11088] ? io_uring_drop_tctx_refs+0x190/0x190 [ 373.635286][T11088] ? ___ratelimit+0xb2/0x5a0 [ 373.639710][T11088] dump_stack+0x15/0x17 [ 373.643700][T11088] should_fail+0x3c6/0x510 [ 373.647957][T11088] should_fail_usercopy+0x1a/0x20 [ 373.652814][T11088] _copy_from_user+0x20/0xd0 [ 373.657246][T11088] bpf_test_init+0x13b/0x1b0 [ 373.661673][T11088] bpf_prog_test_run_skb+0x268/0x1420 [ 373.666878][T11088] ? __fget_files+0x7b/0x380 [ 373.671309][T11088] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 373.677033][T11088] ? __kasan_check_write+0x14/0x20 [ 373.681978][T11088] ? fput_many+0x160/0x1b0 [ 373.686231][T11088] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 373.691958][T11088] bpf_prog_test_run+0x3b0/0x630 [ 373.696735][T11088] ? bpf_prog_query+0x220/0x220 [ 373.701423][T11088] ? selinux_bpf+0xd2/0x100 [ 373.705758][T11088] ? security_bpf+0x82/0xb0 [ 373.710100][T11088] __sys_bpf+0x525/0x760 [ 373.714178][T11088] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 373.719396][T11088] __x64_sys_bpf+0x7c/0x90 [ 373.723739][T11088] do_syscall_64+0x3d/0xb0 [ 373.728074][T11088] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 373.733717][T11088] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 373.739440][T11088] RIP: 0033:0x7f5992fe89f9 [ 373.743698][T11088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.763224][T11088] RSP: 002b:00007f5991c47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 373.771479][T11088] RAX: ffffffffffffffda RBX: 00007f5993177058 RCX: 00007f5992fe89f9 [ 373.779282][T11088] RDX: 0000000000000048 RSI: 00000000200002c0 RDI: 000000000000000a [ 373.787092][T11088] RBP: 00007f5991c47090 R08: 0000000000000000 R09: 0000000000000000 [ 373.794900][T11088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 373.802713][T11088] R13: 0000000000000000 R14: 00007f5993177058 R15: 00007fff035ee078 [ 373.810628][T11088] [ 373.838357][T11040] device veth1_macvtap entered promiscuous mode [ 373.847515][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 373.856315][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 373.865200][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 373.941840][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 373.949994][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 373.983381][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 374.032442][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 377.030764][T11194] Â: renamed from pim6reg1 [ 377.421697][T11212] device pim6reg1 entered promiscuous mode [ 385.436066][T11388] device veth0_vlan left promiscuous mode [ 385.442537][T11388] device veth0_vlan entered promiscuous mode [ 386.318146][ T30] audit: type=1400 audit(1723291614.538:151): avc: denied { create } for pid=11426 comm="syz.4.3885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 386.462184][ T30] audit: type=1400 audit(1723291614.688:152): avc: denied { append } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 386.715542][ T30] audit: type=1400 audit(1723291614.688:153): avc: denied { open } for pid=82 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 386.903839][ T30] audit: type=1400 audit(1723291614.688:154): avc: denied { getattr } for pid=82 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 387.727040][T11466] device pim6reg1 entered promiscuous mode [ 389.798487][T11510] bridge0: port 3(gretap0) entered blocking state [ 389.805728][T11510] bridge0: port 3(gretap0) entered disabled state [ 389.891077][T11510] device gretap0 entered promiscuous mode [ 389.902247][T11510] bridge0: port 3(gretap0) entered blocking state [ 389.909148][T11510] bridge0: port 3(gretap0) entered forwarding state [ 391.919013][T11557] device veth0_vlan left promiscuous mode [ 391.956598][T11557] device veth0_vlan entered promiscuous mode [ 392.071915][ T1385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 392.132213][ T1385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 392.139312][ T1385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 394.112549][T11628] FAULT_INJECTION: forcing a failure. [ 394.112549][T11628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 394.181670][T11628] CPU: 1 PID: 11628 Comm: syz.4.3944 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 394.192884][T11628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 394.202777][T11628] Call Trace: [ 394.205997][T11628] [ 394.208777][T11628] dump_stack_lvl+0x151/0x1b7 [ 394.213290][T11628] ? io_uring_drop_tctx_refs+0x190/0x190 [ 394.218762][T11628] dump_stack+0x15/0x17 [ 394.222748][T11628] should_fail+0x3c6/0x510 [ 394.227000][T11628] should_fail_usercopy+0x1a/0x20 [ 394.231949][T11628] _copy_to_user+0x20/0x90 [ 394.236303][T11628] simple_read_from_buffer+0xc7/0x150 [ 394.241494][T11628] proc_fail_nth_read+0x1a3/0x210 [ 394.246447][T11628] ? proc_fault_inject_write+0x390/0x390 [ 394.251904][T11628] ? fsnotify_perm+0x470/0x5d0 [ 394.256508][T11628] ? security_file_permission+0x86/0xb0 [ 394.261893][T11628] ? proc_fault_inject_write+0x390/0x390 [ 394.267358][T11628] vfs_read+0x27d/0xd40 [ 394.271352][T11628] ? kernel_read+0x1f0/0x1f0 [ 394.275776][T11628] ? __kasan_check_write+0x14/0x20 [ 394.280721][T11628] ? mutex_lock+0xb6/0x1e0 [ 394.284975][T11628] ? wait_for_completion_killable_timeout+0x10/0x10 [ 394.291404][T11628] ? __fdget_pos+0x2e7/0x3a0 [ 394.295822][T11628] ? ksys_read+0x77/0x2c0 [ 394.299991][T11628] ksys_read+0x199/0x2c0 [ 394.304072][T11628] ? vfs_write+0x1110/0x1110 [ 394.308494][T11628] ? debug_smp_processor_id+0x17/0x20 [ 394.313704][T11628] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 394.319607][T11628] __x64_sys_read+0x7b/0x90 [ 394.323945][T11628] do_syscall_64+0x3d/0xb0 [ 394.328200][T11628] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 394.333926][T11628] RIP: 0033:0x7f5992fe743c [ 394.338182][T11628] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 394.357621][T11628] RSP: 002b:00007f5991c68030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 394.365874][T11628] RAX: ffffffffffffffda RBX: 00007f5993176f80 RCX: 00007f5992fe743c [ 394.373679][T11628] RDX: 000000000000000f RSI: 00007f5991c680a0 RDI: 0000000000000003 [ 394.381491][T11628] RBP: 00007f5991c68090 R08: 0000000000000000 R09: 0000000000000000 [ 394.389301][T11628] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000002 [ 394.397113][T11628] R13: 0000000000000001 R14: 00007f5993176f80 R15: 00007fff035ee078 [ 394.404932][T11628] [ 395.428804][T11672] device syzkaller0 entered promiscuous mode [ 397.443869][T11745] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 397.839443][T11761] tap0: tun_chr_ioctl cmd 1074025677 [ 397.886267][T11761] tap0: linktype set to 270 [ 398.208177][T11766] device syzkaller0 entered promiscuous mode [ 398.526131][T11773] syzkaller0: refused to change device tx_queue_len [ 398.793391][T11783] device sit0 entered promiscuous mode [ 400.861339][T11841] device pim6reg1 entered promiscuous mode [ 401.089429][T11841] device veth0_vlan left promiscuous mode [ 401.163062][T11841] device veth0_vlan entered promiscuous mode [ 401.269356][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 401.285310][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 401.301903][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 403.848437][T11925] syz.4.4040[11925] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 403.848590][T11925] syz.4.4040[11925] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 408.268157][T12058] device pim6reg1 entered promiscuous mode [ 414.305691][T12249] device pim6reg1 entered promiscuous mode [ 417.090624][T12327] device veth1_macvtap left promiscuous mode [ 417.997211][T12341] device syzkaller0 entered promiscuous mode [ 418.043922][T12343] bond_slave_1: mtu less than device minimum [ 419.789797][T12400] device pim6reg1 entered promiscuous mode [ 420.205789][T12416] FAULT_INJECTION: forcing a failure. [ 420.205789][T12416] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.251703][T12416] CPU: 1 PID: 12416 Comm: syz.3.4204 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 420.263260][T12416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 420.273499][T12416] Call Trace: [ 420.277144][T12416] [ 420.280279][T12416] dump_stack_lvl+0x151/0x1b7 [ 420.284781][T12416] ? io_uring_drop_tctx_refs+0x190/0x190 [ 420.290248][T12416] dump_stack+0x15/0x17 [ 420.294237][T12416] should_fail+0x3c6/0x510 [ 420.298586][T12416] should_fail_usercopy+0x1a/0x20 [ 420.303441][T12416] _copy_from_user+0x20/0xd0 [ 420.307867][T12416] __sys_bpf+0x1e9/0x760 [ 420.311944][T12416] ? fput_many+0x160/0x1b0 [ 420.316284][T12416] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 420.321496][T12416] ? debug_smp_processor_id+0x17/0x20 [ 420.326701][T12416] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 420.332600][T12416] __x64_sys_bpf+0x7c/0x90 [ 420.336854][T12416] do_syscall_64+0x3d/0xb0 [ 420.341108][T12416] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 420.346835][T12416] RIP: 0033:0x7f2b6acb09f9 [ 420.351088][T12416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.370528][T12416] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 420.378774][T12416] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 420.386583][T12416] RDX: 0000000000000020 RSI: 0000000020000400 RDI: 0000000000000002 [ 420.394402][T12416] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 420.402206][T12416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.410019][T12416] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 420.417842][T12416] [ 422.179380][ T30] audit: type=1400 audit(1723291650.398:155): avc: denied { create } for pid=12475 comm="syz.3.4223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 423.833384][T12519] device syzkaller0 entered promiscuous mode [ 424.628497][T12535] device veth1_macvtap left promiscuous mode [ 425.017118][T12558] device sit0 left promiscuous mode [ 425.105499][T12558] FAULT_INJECTION: forcing a failure. [ 425.105499][T12558] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.188834][T12558] CPU: 0 PID: 12558 Comm: syz.2.4252 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 425.200052][T12558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 425.209945][T12558] Call Trace: [ 425.213062][T12558] [ 425.215840][T12558] dump_stack_lvl+0x151/0x1b7 [ 425.220363][T12558] ? io_uring_drop_tctx_refs+0x190/0x190 [ 425.225827][T12558] dump_stack+0x15/0x17 [ 425.229828][T12558] should_fail+0x3c6/0x510 [ 425.234073][T12558] should_fail_usercopy+0x1a/0x20 [ 425.238926][T12558] _copy_from_user+0x20/0xd0 [ 425.243356][T12558] sock_do_ioctl+0x229/0x5a0 [ 425.247784][T12558] ? sock_show_fdinfo+0xa0/0xa0 [ 425.252469][T12558] ? selinux_file_ioctl+0x3cc/0x540 [ 425.257505][T12558] sock_ioctl+0x455/0x740 [ 425.261754][T12558] ? sock_poll+0x400/0x400 [ 425.266010][T12558] ? __fget_files+0x31e/0x380 [ 425.270525][T12558] ? security_file_ioctl+0x84/0xb0 [ 425.275471][T12558] ? sock_poll+0x400/0x400 [ 425.279808][T12558] __se_sys_ioctl+0x114/0x190 [ 425.284323][T12558] __x64_sys_ioctl+0x7b/0x90 [ 425.288747][T12558] do_syscall_64+0x3d/0xb0 [ 425.293001][T12558] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 425.298642][T12558] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 425.304370][T12558] RIP: 0033:0x7fe5811d59f9 [ 425.308637][T12558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.328065][T12558] RSP: 002b:00007fe57fe55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 425.336309][T12558] RAX: ffffffffffffffda RBX: 00007fe581363f80 RCX: 00007fe5811d59f9 [ 425.344136][T12558] RDX: 0000000020000040 RSI: 0000000000008914 RDI: 000000000000000a [ 425.352017][T12558] RBP: 00007fe57fe55090 R08: 0000000000000000 R09: 0000000000000000 [ 425.359830][T12558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.367640][T12558] R13: 0000000000000000 R14: 00007fe581363f80 R15: 00007ffe8ecba328 [ 425.375463][T12558] [ 428.489976][T12652] FAULT_INJECTION: forcing a failure. [ 428.489976][T12652] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 428.559176][T12652] CPU: 0 PID: 12652 Comm: syz.3.4283 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 428.570382][T12652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 428.580299][T12652] Call Trace: [ 428.583401][T12652] [ 428.586181][T12652] dump_stack_lvl+0x151/0x1b7 [ 428.590695][T12652] ? io_uring_drop_tctx_refs+0x190/0x190 [ 428.596161][T12652] ? bpf_test_run+0x8de/0xa10 [ 428.600677][T12652] dump_stack+0x15/0x17 [ 428.604664][T12652] should_fail+0x3c6/0x510 [ 428.608923][T12652] should_fail_usercopy+0x1a/0x20 [ 428.613778][T12652] _copy_to_user+0x20/0x90 [ 428.618032][T12652] bpf_test_finish+0x297/0x5a0 [ 428.622636][T12652] ? convert_skb_to___skb+0x360/0x360 [ 428.627839][T12652] ? convert_skb_to___skb+0x208/0x360 [ 428.633049][T12652] bpf_prog_test_run_skb+0xd4d/0x1420 [ 428.638253][T12652] ? __kasan_check_write+0x14/0x20 [ 428.643211][T12652] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 428.648933][T12652] ? __kasan_check_write+0x14/0x20 [ 428.653886][T12652] ? fput_many+0x160/0x1b0 [ 428.658128][T12652] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 428.663895][T12652] bpf_prog_test_run+0x3b0/0x630 [ 428.668634][T12652] ? bpf_prog_query+0x220/0x220 [ 428.673319][T12652] ? selinux_bpf+0xd2/0x100 [ 428.677657][T12652] ? security_bpf+0x82/0xb0 [ 428.681997][T12652] __sys_bpf+0x525/0x760 [ 428.686078][T12652] ? fput_many+0x160/0x1b0 [ 428.690335][T12652] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 428.695541][T12652] ? debug_smp_processor_id+0x17/0x20 [ 428.700743][T12652] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 428.706651][T12652] __x64_sys_bpf+0x7c/0x90 [ 428.710910][T12652] do_syscall_64+0x3d/0xb0 [ 428.715154][T12652] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 428.720888][T12652] RIP: 0033:0x7f2b6acb09f9 [ 428.725136][T12652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.744575][T12652] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 428.752826][T12652] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 428.760632][T12652] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 428.768445][T12652] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 428.776252][T12652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.784073][T12652] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 428.791898][T12652] [ 428.804095][ T30] audit: type=1400 audit(1723291657.028:156): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 428.868954][ T30] audit: type=1400 audit(1723291657.028:157): avc: denied { unlink } for pid=82 comm="syslogd" name="messages.0" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 428.942095][ T30] audit: type=1400 audit(1723291657.028:158): avc: denied { create } for pid=82 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 434.872645][T12817] FAULT_INJECTION: forcing a failure. [ 434.872645][T12817] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 434.981724][T12817] CPU: 0 PID: 12817 Comm: syz.4.4341 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 434.993018][T12817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 435.002912][T12817] Call Trace: [ 435.006033][T12817] [ 435.008910][T12817] dump_stack_lvl+0x151/0x1b7 [ 435.013423][T12817] ? io_uring_drop_tctx_refs+0x190/0x190 [ 435.018888][T12817] ? kmem_cache_free+0x116/0x2e0 [ 435.023664][T12817] dump_stack+0x15/0x17 [ 435.027663][T12817] should_fail+0x3c6/0x510 [ 435.031912][T12817] should_fail_usercopy+0x1a/0x20 [ 435.036774][T12817] _copy_from_user+0x20/0xd0 [ 435.041200][T12817] __copy_msghdr_from_user+0xaf/0x7c0 [ 435.046417][T12817] ? __ia32_sys_shutdown+0x70/0x70 [ 435.051454][T12817] ___sys_sendmsg+0x166/0x2e0 [ 435.055953][T12817] ? __sys_sendmsg+0x260/0x260 [ 435.060563][T12817] ? __fdget+0x1bc/0x240 [ 435.064631][T12817] __se_sys_sendmsg+0x19a/0x260 [ 435.069317][T12817] ? __x64_sys_sendmsg+0x90/0x90 [ 435.074089][T12817] ? ksys_write+0x260/0x2c0 [ 435.078432][T12817] ? debug_smp_processor_id+0x17/0x20 [ 435.083636][T12817] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 435.089551][T12817] __x64_sys_sendmsg+0x7b/0x90 [ 435.094139][T12817] do_syscall_64+0x3d/0xb0 [ 435.098477][T12817] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 435.104396][T12817] RIP: 0033:0x7f5992fe89f9 [ 435.108648][T12817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.128104][T12817] RSP: 002b:00007f5991c68038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 435.136333][T12817] RAX: ffffffffffffffda RBX: 00007f5993176f80 RCX: 00007f5992fe89f9 [ 435.144141][T12817] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000007 [ 435.151951][T12817] RBP: 00007f5991c68090 R08: 0000000000000000 R09: 0000000000000000 [ 435.159881][T12817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 435.167662][T12817] R13: 0000000000000000 R14: 00007f5993176f80 R15: 00007fff035ee078 [ 435.175484][T12817] [ 435.785772][T12840] device sit0 entered promiscuous mode [ 436.984011][T12878] FAULT_INJECTION: forcing a failure. [ 436.984011][T12878] name failslab, interval 1, probability 0, space 0, times 0 [ 437.106528][T12878] CPU: 0 PID: 12878 Comm: syz.1.4362 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 437.117734][T12878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 437.127626][T12878] Call Trace: [ 437.130750][T12878] [ 437.133527][T12878] dump_stack_lvl+0x151/0x1b7 [ 437.138130][T12878] ? io_uring_drop_tctx_refs+0x190/0x190 [ 437.143595][T12878] ? perf_event_output_forward+0x14e/0x1b0 [ 437.149242][T12878] dump_stack+0x15/0x17 [ 437.153230][T12878] should_fail+0x3c6/0x510 [ 437.157491][T12878] __should_failslab+0xa4/0xe0 [ 437.162092][T12878] should_failslab+0x9/0x20 [ 437.166420][T12878] slab_pre_alloc_hook+0x37/0xd0 [ 437.171199][T12878] __kmalloc+0x6d/0x270 [ 437.175297][T12878] ? kvmalloc_node+0x1f0/0x4d0 [ 437.179935][T12878] kvmalloc_node+0x1f0/0x4d0 [ 437.184341][T12878] ? vm_mmap+0xb0/0xb0 [ 437.188237][T12878] __htab_map_lookup_and_delete_batch+0x4aa/0x1eb0 [ 437.194572][T12878] ? __kasan_check_write+0x14/0x20 [ 437.199530][T12878] ? proc_fail_nth_write+0x20b/0x290 [ 437.204633][T12878] ? selinux_file_permission+0x2c4/0x570 [ 437.210106][T12878] ? proc_fail_nth_read+0x210/0x210 [ 437.215141][T12878] ? irqentry_exit+0x30/0x40 [ 437.219564][T12878] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 437.225202][T12878] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 437.231194][T12878] ? htab_free_prealloced_timers+0x2e0/0x2e0 [ 437.237008][T12878] ? bpf_map_do_batch+0x1e6/0x620 [ 437.241871][T12878] ? kasan_check_range+0x82/0x2a0 [ 437.246730][T12878] htab_map_lookup_and_delete_batch+0x30/0x40 [ 437.252632][T12878] ? htab_map_lookup_and_delete_elem+0x40/0x40 [ 437.258618][T12878] bpf_map_do_batch+0x4c3/0x620 [ 437.263308][T12878] __sys_bpf+0x5dc/0x760 [ 437.267383][T12878] ? fput_many+0x160/0x1b0 [ 437.271638][T12878] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 437.276850][T12878] ? debug_smp_processor_id+0x17/0x20 [ 437.282054][T12878] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 437.287975][T12878] __x64_sys_bpf+0x7c/0x90 [ 437.292210][T12878] do_syscall_64+0x3d/0xb0 [ 437.296462][T12878] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 437.302103][T12878] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 437.307835][T12878] RIP: 0033:0x7fde2b6d79f9 [ 437.312089][T12878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.331617][T12878] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 437.339860][T12878] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 437.347841][T12878] RDX: 0000000000000038 RSI: 0000000020000800 RDI: 0000000000000019 [ 437.355655][T12878] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 437.363466][T12878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 437.371275][T12878] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 437.379103][T12878] [ 439.195795][T12956] device veth1_macvtap left promiscuous mode [ 441.702978][T13068] FAULT_INJECTION: forcing a failure. [ 441.702978][T13068] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 441.811722][T13068] CPU: 0 PID: 13068 Comm: syz.4.4431 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 441.822966][T13068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 441.832863][T13068] Call Trace: [ 441.835966][T13068] [ 441.838747][T13068] dump_stack_lvl+0x151/0x1b7 [ 441.843427][T13068] ? io_uring_drop_tctx_refs+0x190/0x190 [ 441.848893][T13068] dump_stack+0x15/0x17 [ 441.852878][T13068] should_fail+0x3c6/0x510 [ 441.857137][T13068] should_fail_usercopy+0x1a/0x20 [ 441.861993][T13068] _copy_from_user+0x20/0xd0 [ 441.866419][T13068] iovec_from_user+0xc7/0x330 [ 441.870937][T13068] __import_iovec+0x6d/0x420 [ 441.875359][T13068] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 441.881005][T13068] import_iovec+0xe5/0x120 [ 441.885255][T13068] ___sys_recvmsg+0x56b/0x690 [ 441.889775][T13068] ? __sys_recvmsg+0x260/0x260 [ 441.894372][T13068] ? preempt_schedule_irq+0xe7/0x140 [ 441.899490][T13068] ? __hrtimer_run_queues+0xa6f/0xad0 [ 441.904709][T13068] ? __fdget+0x1bc/0x240 [ 441.908779][T13068] __x64_sys_recvmsg+0x1dc/0x2b0 [ 441.913551][T13068] ? ___sys_recvmsg+0x690/0x690 [ 441.918236][T13068] ? kvm_sched_clock_read+0x18/0x40 [ 441.923368][T13068] ? debug_smp_processor_id+0x17/0x20 [ 441.928562][T13068] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 441.934468][T13068] ? exit_to_user_mode_prepare+0x39/0xa0 [ 441.939953][T13068] do_syscall_64+0x3d/0xb0 [ 441.944184][T13068] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 441.949828][T13068] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 441.955576][T13068] RIP: 0033:0x7f5992fe89f9 [ 441.959809][T13068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.979254][T13068] RSP: 002b:00007f5991c68038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 441.987496][T13068] RAX: ffffffffffffffda RBX: 00007f5993176f80 RCX: 00007f5992fe89f9 [ 441.995742][T13068] RDX: 0000000000001f00 RSI: 0000000020000500 RDI: 000000000000000a [ 442.003578][T13068] RBP: 00007f5991c68090 R08: 0000000000000000 R09: 0000000000000000 [ 442.011364][T13068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.019176][T13068] R13: 0000000000000000 R14: 00007f5993176f80 R15: 00007fff035ee078 [ 442.026996][T13068] [ 442.166768][T13078] bond_slave_1: mtu less than device minimum [ 446.802941][T13224] FAULT_INJECTION: forcing a failure. [ 446.802941][T13224] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 446.901566][T13224] CPU: 1 PID: 13224 Comm: syz.1.4485 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 446.912867][T13224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 446.922765][T13224] Call Trace: [ 446.925971][T13224] [ 446.928756][T13224] dump_stack_lvl+0x151/0x1b7 [ 446.933266][T13224] ? io_uring_drop_tctx_refs+0x190/0x190 [ 446.938900][T13224] ? __kmalloc+0x13a/0x270 [ 446.943153][T13224] ? kvmalloc_node+0x1f0/0x4d0 [ 446.947755][T13224] dump_stack+0x15/0x17 [ 446.951746][T13224] should_fail+0x3c6/0x510 [ 446.956003][T13224] should_fail_usercopy+0x1a/0x20 [ 446.960947][T13224] _copy_from_user+0x20/0xd0 [ 446.965376][T13224] map_update_elem+0x5b3/0x770 [ 446.969977][T13224] __sys_bpf+0x405/0x760 [ 446.974050][T13224] ? fput_many+0x160/0x1b0 [ 446.978304][T13224] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 446.983518][T13224] ? debug_smp_processor_id+0x17/0x20 [ 446.988720][T13224] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 446.994714][T13224] __x64_sys_bpf+0x7c/0x90 [ 446.998964][T13224] do_syscall_64+0x3d/0xb0 [ 447.003219][T13224] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 447.008940][T13224] RIP: 0033:0x7fde2b6d79f9 [ 447.013196][T13224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.032642][T13224] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 447.041056][T13224] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 447.048865][T13224] RDX: 0000000000000020 RSI: 0000000020000e00 RDI: 0000000000000002 [ 447.056701][T13224] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 447.064487][T13224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.072396][T13224] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 447.080379][T13224] [ 449.051656][T13282] device wg2 entered promiscuous mode [ 450.753813][T13329] FAULT_INJECTION: forcing a failure. [ 450.753813][T13329] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 450.857054][T13329] CPU: 1 PID: 13329 Comm: syz.1.4520 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 450.868257][T13329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 450.878153][T13329] Call Trace: [ 450.881273][T13329] [ 450.884061][T13329] dump_stack_lvl+0x151/0x1b7 [ 450.888576][T13329] ? io_uring_drop_tctx_refs+0x190/0x190 [ 450.894056][T13329] dump_stack+0x15/0x17 [ 450.898028][T13329] should_fail+0x3c6/0x510 [ 450.902291][T13329] should_fail_alloc_page+0x5a/0x80 [ 450.907312][T13329] prepare_alloc_pages+0x15c/0x700 [ 450.912259][T13329] ? __alloc_pages+0x8f0/0x8f0 [ 450.916863][T13329] ? __alloc_pages_bulk+0xe40/0xe40 [ 450.921901][T13329] __alloc_pages+0x18c/0x8f0 [ 450.926322][T13329] ? prep_new_page+0x110/0x110 [ 450.930927][T13329] ? __kasan_kmalloc+0x9/0x10 [ 450.935434][T13329] ? __kmalloc+0x13a/0x270 [ 450.939689][T13329] ? __vmalloc_node_range+0x2d6/0x8d0 [ 450.944896][T13329] __vmalloc_node_range+0x482/0x8d0 [ 450.949937][T13329] bpf_map_area_alloc+0xd9/0xf0 [ 450.954616][T13329] ? array_map_alloc+0x278/0x6d0 [ 450.959390][T13329] array_map_alloc+0x278/0x6d0 [ 450.963990][T13329] ? bpf_map_meta_alloc+0x101/0x8b0 [ 450.969027][T13329] array_of_map_alloc+0x55/0xc0 [ 450.973727][T13329] map_create+0x411/0x2050 [ 450.977971][T13329] __sys_bpf+0x296/0x760 [ 450.982044][T13329] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 450.987251][T13329] __x64_sys_bpf+0x7c/0x90 [ 450.991514][T13329] do_syscall_64+0x3d/0xb0 [ 450.995750][T13329] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 451.001393][T13329] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 451.007120][T13329] RIP: 0033:0x7fde2b6d79f9 [ 451.011375][T13329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.030936][T13329] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 451.039178][T13329] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 451.046988][T13329] RDX: 0000000000000048 RSI: 0000000020000040 RDI: 0000000000000000 [ 451.054801][T13329] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 451.062615][T13329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 451.070431][T13329] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 451.078247][T13329] [ 452.041322][T13352] FAULT_INJECTION: forcing a failure. [ 452.041322][T13352] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 452.105293][T13352] CPU: 0 PID: 13352 Comm: syz.1.4527 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 452.116504][T13352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 452.126409][T13352] Call Trace: [ 452.129515][T13352] [ 452.132299][T13352] dump_stack_lvl+0x151/0x1b7 [ 452.136809][T13352] ? io_uring_drop_tctx_refs+0x190/0x190 [ 452.142280][T13352] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 452.147923][T13352] dump_stack+0x15/0x17 [ 452.151910][T13352] should_fail+0x3c6/0x510 [ 452.156175][T13352] should_fail_alloc_page+0x5a/0x80 [ 452.161546][T13352] prepare_alloc_pages+0x15c/0x700 [ 452.166499][T13352] ? __alloc_pages+0x8f0/0x8f0 [ 452.171098][T13352] ? __alloc_pages_bulk+0xe40/0xe40 [ 452.176127][T13352] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 452.181784][T13352] __alloc_pages+0x18c/0x8f0 [ 452.186203][T13352] ? prep_new_page+0x110/0x110 [ 452.190797][T13352] ? __kasan_check_write+0x14/0x20 [ 452.195929][T13352] __get_free_pages+0x10/0x30 [ 452.200442][T13352] kasan_populate_vmalloc_pte+0x39/0x130 [ 452.205908][T13352] ? __apply_to_page_range+0x8ca/0xbe0 [ 452.211204][T13352] __apply_to_page_range+0x8dd/0xbe0 [ 452.216331][T13352] ? kasan_populate_vmalloc+0x70/0x70 [ 452.221531][T13352] ? kasan_populate_vmalloc+0x70/0x70 [ 452.226733][T13352] apply_to_page_range+0x3b/0x50 [ 452.231519][T13352] kasan_populate_vmalloc+0x65/0x70 [ 452.236549][T13352] alloc_vmap_area+0x192f/0x1a80 [ 452.241335][T13352] ? vm_map_ram+0xa90/0xa90 [ 452.245655][T13352] ? kmem_cache_alloc_trace+0x115/0x210 [ 452.251038][T13352] ? __get_vm_area_node+0x117/0x360 [ 452.256075][T13352] __get_vm_area_node+0x158/0x360 [ 452.260935][T13352] __vmalloc_node_range+0xe2/0x8d0 [ 452.265883][T13352] ? sock_hash_alloc+0x2bf/0x560 [ 452.270659][T13352] bpf_map_area_alloc+0xd9/0xf0 [ 452.275338][T13352] ? sock_hash_alloc+0x2bf/0x560 [ 452.280113][T13352] sock_hash_alloc+0x2bf/0x560 [ 452.284714][T13352] map_create+0x411/0x2050 [ 452.288969][T13352] __sys_bpf+0x296/0x760 [ 452.293044][T13352] ? fput_many+0x160/0x1b0 [ 452.297298][T13352] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 452.302511][T13352] ? debug_smp_processor_id+0x17/0x20 [ 452.307715][T13352] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 452.313623][T13352] __x64_sys_bpf+0x7c/0x90 [ 452.317954][T13352] do_syscall_64+0x3d/0xb0 [ 452.322214][T13352] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 452.327850][T13352] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 452.333578][T13352] RIP: 0033:0x7fde2b6d79f9 [ 452.337831][T13352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.357279][T13352] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 452.365516][T13352] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 452.373328][T13352] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 0000000000000000 [ 452.381138][T13352] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 452.388950][T13352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 452.396763][T13352] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 452.404583][T13352] [ 453.272477][T13390] syz.2.4539[13390] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 453.272557][T13390] syz.2.4539[13390] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 453.962899][T13416] device syzkaller0 entered promiscuous mode [ 457.722282][T13510] ªªªªªª: renamed from vlan0 [ 461.434083][T13611] device veth0_vlan left promiscuous mode [ 461.483705][T13611] device veth0_vlan entered promiscuous mode [ 461.527544][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 461.549736][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): ªªªªªª: link becomes ready [ 461.608223][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 463.109743][T13664] syz.3.4637[13664] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 463.109814][T13664] syz.3.4637[13664] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 463.139571][T13668] device pim6reg1 entered promiscuous mode [ 463.495333][T13684] device pim6reg1 entered promiscuous mode [ 463.505725][T13684] FAULT_INJECTION: forcing a failure. [ 463.505725][T13684] name failslab, interval 1, probability 0, space 0, times 0 [ 463.521702][T13684] CPU: 0 PID: 13684 Comm: syz.4.4644 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 463.532897][T13684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 463.542791][T13684] Call Trace: [ 463.545918][T13684] [ 463.548693][T13684] dump_stack_lvl+0x151/0x1b7 [ 463.553211][T13684] ? io_uring_drop_tctx_refs+0x190/0x190 [ 463.558678][T13684] dump_stack+0x15/0x17 [ 463.562671][T13684] should_fail+0x3c6/0x510 [ 463.566918][T13684] __should_failslab+0xa4/0xe0 [ 463.571533][T13684] should_failslab+0x9/0x20 [ 463.575861][T13684] slab_pre_alloc_hook+0x37/0xd0 [ 463.580631][T13684] ? rtmsg_ifinfo_build_skb+0x7f/0x180 [ 463.585925][T13684] __kmalloc_track_caller+0x6c/0x260 [ 463.591049][T13684] ? rtmsg_ifinfo_build_skb+0x7f/0x180 [ 463.596430][T13684] ? rtmsg_ifinfo_build_skb+0x7f/0x180 [ 463.601909][T13684] __alloc_skb+0x10c/0x550 [ 463.606149][T13684] rtmsg_ifinfo_build_skb+0x7f/0x180 [ 463.611275][T13684] rtmsg_ifinfo+0x78/0x120 [ 463.615530][T13684] dev_close_many+0x2a6/0x530 [ 463.620036][T13684] ? __dev_open+0x4e0/0x4e0 [ 463.624375][T13684] ? __kasan_check_read+0x11/0x20 [ 463.629237][T13684] unregister_netdevice_many+0x492/0x17c0 [ 463.634791][T13684] ? __kasan_check_write+0x14/0x20 [ 463.639739][T13684] ? alloc_netdev_mqs+0xc90/0xc90 [ 463.644598][T13684] ? add_timer+0x68/0x80 [ 463.648679][T13684] ? __queue_delayed_work+0x16d/0x1f0 [ 463.653889][T13684] ? __kasan_check_read+0x11/0x20 [ 463.658747][T13684] unregister_netdevice_queue+0x2e6/0x350 [ 463.664299][T13684] ? linkwatch_urgent_event+0x335/0x4d0 [ 463.669682][T13684] ? list_netdevice+0x4c0/0x4c0 [ 463.674374][T13684] __tun_detach+0xd14/0x1510 [ 463.678792][T13684] ? wait_for_completion_killable_timeout+0x10/0x10 [ 463.685222][T13684] tun_chr_close+0x92/0x140 [ 463.689554][T13684] ? tun_chr_open+0x530/0x530 [ 463.694069][T13684] __fput+0x3fe/0x910 [ 463.697980][T13684] ____fput+0x15/0x20 [ 463.701793][T13684] task_work_run+0x129/0x190 [ 463.706220][T13684] exit_to_user_mode_loop+0xc4/0xe0 [ 463.711256][T13684] exit_to_user_mode_prepare+0x5a/0xa0 [ 463.716548][T13684] syscall_exit_to_user_mode+0x26/0x160 [ 463.721933][T13684] do_syscall_64+0x49/0xb0 [ 463.726184][T13684] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 463.731998][T13684] RIP: 0033:0x7f5992fe89f9 [ 463.736251][T13684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.755706][T13684] RSP: 002b:00007f5991c68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 463.763935][T13684] RAX: 0000000000000000 RBX: 00007f5993176f80 RCX: 00007f5992fe89f9 [ 463.771861][T13684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 463.779659][T13684] RBP: 00007f5991c68090 R08: 0000000000000000 R09: 0000000000000000 [ 463.787475][T13684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.795284][T13684] R13: 0000000000000000 R14: 00007f5993176f80 R15: 00007fff035ee078 [ 463.803233][T13684] [ 464.171175][T13706] FAULT_INJECTION: forcing a failure. [ 464.171175][T13706] name failslab, interval 1, probability 0, space 0, times 0 [ 464.220215][T13706] CPU: 0 PID: 13706 Comm: syz.3.4651 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 464.231449][T13706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 464.241333][T13706] Call Trace: [ 464.244541][T13706] [ 464.247319][T13706] dump_stack_lvl+0x151/0x1b7 [ 464.251832][T13706] ? io_uring_drop_tctx_refs+0x190/0x190 [ 464.257300][T13706] ? avc_denied+0x1b0/0x1b0 [ 464.261642][T13706] dump_stack+0x15/0x17 [ 464.265643][T13706] should_fail+0x3c6/0x510 [ 464.269887][T13706] __should_failslab+0xa4/0xe0 [ 464.274485][T13706] ? __d_alloc+0x2d/0x6c0 [ 464.278652][T13706] should_failslab+0x9/0x20 [ 464.282992][T13706] slab_pre_alloc_hook+0x37/0xd0 [ 464.287760][T13706] ? __d_alloc+0x2d/0x6c0 [ 464.291936][T13706] kmem_cache_alloc+0x44/0x200 [ 464.296539][T13706] __d_alloc+0x2d/0x6c0 [ 464.300535][T13706] ? up_read+0x5d/0x220 [ 464.304516][T13706] d_alloc_parallel+0xe6/0x12e0 [ 464.309202][T13706] ? inode_permission+0xf8/0x460 [ 464.313977][T13706] ? kernfs_evict_inode+0x60/0x60 [ 464.318837][T13706] ? link_path_walk+0xb29/0xd90 [ 464.323525][T13706] ? d_hash_and_lookup+0x1e0/0x1e0 [ 464.328468][T13706] ? rwsem_mark_wake+0x770/0x770 [ 464.333242][T13706] ? __mnt_want_write+0x1f6/0x270 [ 464.338109][T13706] path_openat+0xa02/0x2f40 [ 464.342442][T13706] ? stack_trace_snprint+0xf0/0xf0 [ 464.347391][T13706] ? kmem_cache_free+0x116/0x2e0 [ 464.352169][T13706] ? __kasan_slab_alloc+0xb1/0xe0 [ 464.357634][T13706] ? kmem_cache_alloc+0xf5/0x200 [ 464.362412][T13706] ? do_filp_open+0x460/0x460 [ 464.366929][T13706] do_filp_open+0x21c/0x460 [ 464.371261][T13706] ? vfs_tmpfile+0x2c0/0x2c0 [ 464.375695][T13706] do_sys_openat2+0x13f/0x830 [ 464.380214][T13706] ? __kasan_check_write+0x14/0x20 [ 464.385142][T13706] ? mutex_unlock+0xb2/0x260 [ 464.389570][T13706] ? wait_for_completion_killable_timeout+0x10/0x10 [ 464.396003][T13706] ? do_sys_open+0x220/0x220 [ 464.400428][T13706] ? __kasan_check_write+0x14/0x20 [ 464.405390][T13706] ? fput_many+0x160/0x1b0 [ 464.409620][T13706] ? fput+0x1a/0x20 [ 464.413269][T13706] __x64_sys_openat+0x243/0x290 [ 464.417953][T13706] ? __ia32_sys_open+0x270/0x270 [ 464.422730][T13706] ? debug_smp_processor_id+0x17/0x20 [ 464.427937][T13706] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 464.433868][T13706] ? exit_to_user_mode_prepare+0x39/0xa0 [ 464.439309][T13706] do_syscall_64+0x3d/0xb0 [ 464.443558][T13706] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 464.449286][T13706] RIP: 0033:0x7f2b6acb09f9 [ 464.453541][T13706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.472979][T13706] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 464.481226][T13706] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 464.489034][T13706] RDX: 000000000000275a RSI: 0000000020000040 RDI: 0000000000000008 [ 464.496854][T13706] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 464.504658][T13706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 464.512611][T13706] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 464.520436][T13706] [ 470.579333][T13867] device veth0_vlan left promiscuous mode [ 470.656282][T13867] device veth0_vlan entered promiscuous mode [ 470.707258][ T1388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 470.721962][ T1388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 470.761108][ T1388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 473.151761][T13932] device veth0_vlan left promiscuous mode [ 473.177969][T13932] device veth0_vlan entered promiscuous mode [ 479.766130][T14080] device sit0 left promiscuous mode [ 479.869484][T14084] device sit0 entered promiscuous mode [ 488.119817][T14246] device syzkaller0 entered promiscuous mode [ 507.487112][T14713] device pim6reg1 entered promiscuous mode [ 509.160507][T14749] device sit0 left promiscuous mode [ 509.273846][T14752] device sit0 entered promiscuous mode [ 511.858066][T14827] FAULT_INJECTION: forcing a failure. [ 511.858066][T14827] name failslab, interval 1, probability 0, space 0, times 0 [ 511.870539][T14827] CPU: 0 PID: 14827 Comm: syz.3.5003 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 511.881679][T14827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 511.891576][T14827] Call Trace: [ 511.894702][T14827] [ 511.897479][T14827] dump_stack_lvl+0x151/0x1b7 [ 511.901992][T14827] ? io_uring_drop_tctx_refs+0x190/0x190 [ 511.907464][T14827] dump_stack+0x15/0x17 [ 511.911463][T14827] should_fail+0x3c6/0x510 [ 511.915706][T14827] __should_failslab+0xa4/0xe0 [ 511.920321][T14827] ? dst_alloc+0x164/0x1e0 [ 511.924557][T14827] should_failslab+0x9/0x20 [ 511.928898][T14827] slab_pre_alloc_hook+0x37/0xd0 [ 511.933673][T14827] ? dst_alloc+0x164/0x1e0 [ 511.938060][T14827] kmem_cache_alloc+0x44/0x200 [ 511.942661][T14827] dst_alloc+0x164/0x1e0 [ 511.946828][T14827] ip_route_output_key_hash_rcu+0x129a/0x20b0 [ 511.952736][T14827] ip_route_output_flow+0x144/0x310 [ 511.957765][T14827] ? ipv4_sk_update_pmtu+0x1e00/0x1e00 [ 511.963064][T14827] ip_tunnel_xmit+0xa6e/0x2760 [ 511.967659][T14827] ? ip_tunnel_xmit+0xd1/0x2760 [ 511.972349][T14827] ? tnl_update_pmtu+0xba0/0xba0 [ 511.977119][T14827] ? skb_push+0xf/0x120 [ 511.981109][T14827] ? skb_network_protocol+0x578/0x770 [ 511.986320][T14827] ? gre_build_header+0x233/0x7a0 [ 511.991192][T14827] ipgre_xmit+0x87a/0xc30 [ 511.995351][T14827] dev_hard_start_xmit+0x228/0x620 [ 512.000296][T14827] __dev_queue_xmit+0x18b4/0x2e70 [ 512.005157][T14827] ? dev_queue_xmit+0x20/0x20 [ 512.009666][T14827] ? __kasan_check_write+0x14/0x20 [ 512.014612][T14827] ? skb_release_data+0x1c3/0xa80 [ 512.019498][T14827] ? __kasan_check_write+0x14/0x20 [ 512.024423][T14827] ? pskb_expand_head+0xc8f/0x1240 [ 512.029372][T14827] dev_queue_xmit+0x17/0x20 [ 512.033708][T14827] __bpf_redirect+0x690/0xe60 [ 512.038226][T14827] bpf_clone_redirect+0x24d/0x390 [ 512.043184][T14827] bpf_prog_208b094576c80b22+0x56/0x424 [ 512.048552][T14827] ? swiotlb_map+0xd0/0x7c0 [ 512.052890][T14827] ? __stack_depot_save+0x34/0x470 [ 512.057840][T14827] ? __kasan_slab_alloc+0xc3/0xe0 [ 512.062871][T14827] ? __kasan_slab_alloc+0xb1/0xe0 [ 512.067728][T14827] ? slab_post_alloc_hook+0x53/0x2c0 [ 512.072852][T14827] ? kmem_cache_alloc+0xf5/0x200 [ 512.077630][T14827] ? __build_skb+0x2a/0x300 [ 512.081972][T14827] ? build_skb+0x25/0x1f0 [ 512.086129][T14827] ? bpf_prog_test_run_skb+0x38e/0x1420 [ 512.091510][T14827] ? bpf_prog_test_run+0x3b0/0x630 [ 512.096459][T14827] ? __sys_bpf+0x525/0x760 [ 512.100710][T14827] ? __x64_sys_bpf+0x7c/0x90 [ 512.105139][T14827] ? do_syscall_64+0x3d/0xb0 [ 512.109565][T14827] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 512.115472][T14827] ? ktime_get+0x12f/0x160 [ 512.119719][T14827] bpf_test_run+0x478/0xa10 [ 512.124065][T14827] ? convert___skb_to_skb+0x570/0x570 [ 512.129266][T14827] ? __build_skb+0x2a/0x300 [ 512.133613][T14827] ? eth_type_trans+0x2c6/0x600 [ 512.138469][T14827] ? eth_get_headlen+0x240/0x240 [ 512.143243][T14827] ? convert___skb_to_skb+0x44/0x570 [ 512.148363][T14827] bpf_prog_test_run_skb+0xb41/0x1420 [ 512.153574][T14827] ? __kasan_check_write+0x14/0x20 [ 512.158526][T14827] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 512.164248][T14827] ? __kasan_check_write+0x14/0x20 [ 512.169193][T14827] ? fput_many+0x160/0x1b0 [ 512.173447][T14827] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 512.179173][T14827] bpf_prog_test_run+0x3b0/0x630 [ 512.183949][T14827] ? bpf_prog_query+0x220/0x220 [ 512.188634][T14827] ? selinux_bpf+0xd2/0x100 [ 512.192974][T14827] ? security_bpf+0x82/0xb0 [ 512.197317][T14827] __sys_bpf+0x525/0x760 [ 512.201393][T14827] ? fput_many+0x160/0x1b0 [ 512.205646][T14827] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 512.210857][T14827] ? debug_smp_processor_id+0x17/0x20 [ 512.216061][T14827] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 512.221963][T14827] __x64_sys_bpf+0x7c/0x90 [ 512.226303][T14827] do_syscall_64+0x3d/0xb0 [ 512.230556][T14827] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 512.236408][T14827] RIP: 0033:0x7f2b6acb09f9 [ 512.240656][T14827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.260186][T14827] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 512.268429][T14827] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 512.276238][T14827] RDX: 000000000000001e RSI: 0000000020000080 RDI: 000000000000000a [ 512.284146][T14827] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 512.291947][T14827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.299767][T14827] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 512.307584][T14827] [ 513.995889][T14875] device wg2 left promiscuous mode [ 514.060068][T14880] device wg2 entered promiscuous mode [ 516.773927][T14958] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.781034][T14958] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.856031][T14958] device bridge0 left promiscuous mode [ 525.376436][T15141] syz.3.5102[15141] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 525.376509][T15141] syz.3.5102[15141] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 526.466115][T15157] FAULT_INJECTION: forcing a failure. [ 526.466115][T15157] name failslab, interval 1, probability 0, space 0, times 0 [ 526.502137][T15157] CPU: 0 PID: 15157 Comm: syz.2.5108 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 526.513348][T15157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 526.523253][T15157] Call Trace: [ 526.526366][T15157] [ 526.529144][T15157] dump_stack_lvl+0x151/0x1b7 [ 526.533663][T15157] ? io_uring_drop_tctx_refs+0x190/0x190 [ 526.539133][T15157] ? selinux_capable+0x2f1/0x430 [ 526.543900][T15157] dump_stack+0x15/0x17 [ 526.547988][T15157] should_fail+0x3c6/0x510 [ 526.552234][T15157] __should_failslab+0xa4/0xe0 [ 526.556929][T15157] should_failslab+0x9/0x20 [ 526.561259][T15157] slab_pre_alloc_hook+0x37/0xd0 [ 526.566032][T15157] kmem_cache_alloc_trace+0x48/0x210 [ 526.571152][T15157] ? sock_map_alloc+0x175/0x310 [ 526.575839][T15157] sock_map_alloc+0x175/0x310 [ 526.580358][T15157] map_create+0x411/0x2050 [ 526.584609][T15157] __sys_bpf+0x296/0x760 [ 526.588772][T15157] ? fput_many+0x160/0x1b0 [ 526.593022][T15157] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 526.598239][T15157] ? debug_smp_processor_id+0x17/0x20 [ 526.603436][T15157] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 526.609341][T15157] __x64_sys_bpf+0x7c/0x90 [ 526.613592][T15157] do_syscall_64+0x3d/0xb0 [ 526.617873][T15157] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 526.623573][T15157] RIP: 0033:0x7fe5811d59f9 [ 526.627826][T15157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.647269][T15157] RSP: 002b:00007fe57fe55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 526.655510][T15157] RAX: ffffffffffffffda RBX: 00007fe581363f80 RCX: 00007fe5811d59f9 [ 526.663321][T15157] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 1400000000000000 [ 526.671137][T15157] RBP: 00007fe57fe55090 R08: 0000000000000000 R09: 0000000000000000 [ 526.679033][T15157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 526.686844][T15157] R13: 0000000000000000 R14: 00007fe581363f80 R15: 00007ffe8ecba328 [ 526.694666][T15157] [ 530.186388][ T30] audit: type=1400 audit(1723291758.408:159): avc: denied { create } for pid=15246 comm="syz.1.5139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 531.755470][T15290] syz.1.5153[15290] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 531.755571][T15290] syz.1.5153[15290] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 531.905001][T15292] syz.0.5154[15292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 532.000035][T15292] syz.0.5154[15292] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 540.562201][T15524] FAULT_INJECTION: forcing a failure. [ 540.562201][T15524] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 540.586862][T15524] CPU: 0 PID: 15524 Comm: syz.2.5228 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 540.598142][T15524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 540.608125][T15524] Call Trace: [ 540.611250][T15524] [ 540.614024][T15524] dump_stack_lvl+0x151/0x1b7 [ 540.618540][T15524] ? io_uring_drop_tctx_refs+0x190/0x190 [ 540.624007][T15524] dump_stack+0x15/0x17 [ 540.628000][T15524] should_fail+0x3c6/0x510 [ 540.632249][T15524] should_fail_alloc_page+0x5a/0x80 [ 540.637287][T15524] prepare_alloc_pages+0x15c/0x700 [ 540.642230][T15524] ? __alloc_pages_bulk+0xe40/0xe40 [ 540.647349][T15524] ? stack_trace_save+0x1c0/0x1c0 [ 540.652211][T15524] __alloc_pages+0x18c/0x8f0 [ 540.656635][T15524] ? prep_new_page+0x110/0x110 [ 540.661242][T15524] ? stack_trace_save+0x113/0x1c0 [ 540.666098][T15524] ? __kasan_check_write+0x14/0x20 [ 540.671043][T15524] ? stack_trace_snprint+0xf0/0xf0 [ 540.675991][T15524] __stack_depot_save+0x38d/0x470 [ 540.680855][T15524] ? __kasan_slab_alloc+0x63/0xe0 [ 540.685715][T15524] ____kasan_kmalloc+0xed/0x110 [ 540.690399][T15524] ? ____kasan_kmalloc+0xdb/0x110 [ 540.695261][T15524] ? __kasan_kmalloc+0x9/0x10 [ 540.699772][T15524] ? __kmalloc_track_caller+0x139/0x260 [ 540.705155][T15524] ? pskb_expand_head+0x113/0x1240 [ 540.710100][T15524] ? skb_ensure_writable+0x2d0/0x440 [ 540.715223][T15524] ? bpf_clone_redirect+0x117/0x390 [ 540.720260][T15524] ? bpf_prog_208b094576c80b22+0x56/0xa34 [ 540.725810][T15524] ? bpf_test_run+0x478/0xa10 [ 540.730342][T15524] ? bpf_prog_test_run_skb+0xb41/0x1420 [ 540.735705][T15524] ? bpf_prog_test_run+0x3b0/0x630 [ 540.740653][T15524] ? __sys_bpf+0x525/0x760 [ 540.744916][T15524] ? __x64_sys_bpf+0x7c/0x90 [ 540.749590][T15524] ? do_syscall_64+0x3d/0xb0 [ 540.754017][T15524] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 540.759936][T15524] __kasan_kmalloc+0x9/0x10 [ 540.764260][T15524] __kmalloc_track_caller+0x139/0x260 [ 540.769467][T15524] ? skb_ensure_writable+0x2d0/0x440 [ 540.774588][T15524] ? skb_ensure_writable+0x2d0/0x440 [ 540.779796][T15524] pskb_expand_head+0x113/0x1240 [ 540.784568][T15524] ? __kasan_check_write+0x14/0x20 [ 540.789519][T15524] skb_ensure_writable+0x2d0/0x440 [ 540.794464][T15524] bpf_clone_redirect+0x117/0x390 [ 540.799336][T15524] bpf_prog_208b094576c80b22+0x56/0xa34 [ 540.804708][T15524] ? swiotlb_map+0xd0/0x7c0 [ 540.809050][T15524] ? __stack_depot_save+0x34/0x470 [ 540.814007][T15524] ? __kasan_slab_alloc+0xc3/0xe0 [ 540.818948][T15524] ? __kasan_slab_alloc+0xb1/0xe0 [ 540.823800][T15524] ? slab_post_alloc_hook+0x53/0x2c0 [ 540.828920][T15524] ? kmem_cache_alloc+0xf5/0x200 [ 540.833699][T15524] ? __build_skb+0x2a/0x300 [ 540.838041][T15524] ? build_skb+0x25/0x1f0 [ 540.842202][T15524] ? bpf_prog_test_run_skb+0x38e/0x1420 [ 540.847582][T15524] ? bpf_prog_test_run+0x3b0/0x630 [ 540.852530][T15524] ? __sys_bpf+0x525/0x760 [ 540.856783][T15524] ? __x64_sys_bpf+0x7c/0x90 [ 540.861212][T15524] ? do_syscall_64+0x3d/0xb0 [ 540.865636][T15524] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 540.871541][T15524] ? ktime_get+0x12f/0x160 [ 540.875793][T15524] bpf_test_run+0x478/0xa10 [ 540.880396][T15524] ? convert___skb_to_skb+0x570/0x570 [ 540.885598][T15524] ? eth_type_trans+0x2c6/0x600 [ 540.890286][T15524] ? eth_get_headlen+0x240/0x240 [ 540.895061][T15524] ? convert___skb_to_skb+0x44/0x570 [ 540.900181][T15524] bpf_prog_test_run_skb+0xb41/0x1420 [ 540.905387][T15524] ? __kasan_check_write+0x14/0x20 [ 540.910366][T15524] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 540.916061][T15524] ? __kasan_check_write+0x14/0x20 [ 540.921012][T15524] ? fput_many+0x160/0x1b0 [ 540.925276][T15524] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 540.930990][T15524] bpf_prog_test_run+0x3b0/0x630 [ 540.935767][T15524] ? bpf_prog_query+0x220/0x220 [ 540.940659][T15524] ? selinux_bpf+0xd2/0x100 [ 540.944995][T15524] ? security_bpf+0x82/0xb0 [ 540.949332][T15524] __sys_bpf+0x525/0x760 [ 540.953415][T15524] ? fput_many+0x160/0x1b0 [ 540.957667][T15524] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 540.962972][T15524] ? debug_smp_processor_id+0x17/0x20 [ 540.968166][T15524] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 540.974160][T15524] __x64_sys_bpf+0x7c/0x90 [ 540.978420][T15524] do_syscall_64+0x3d/0xb0 [ 540.982660][T15524] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 540.988390][T15524] RIP: 0033:0x7fe5811d59f9 [ 540.992641][T15524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.012176][T15524] RSP: 002b:00007fe57fe55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 541.020420][T15524] RAX: ffffffffffffffda RBX: 00007fe581363f80 RCX: 00007fe5811d59f9 [ 541.028233][T15524] RDX: 000000000000001e RSI: 0000000020000080 RDI: 000000000000000a [ 541.036036][T15524] RBP: 00007fe57fe55090 R08: 0000000000000000 R09: 0000000000000000 [ 541.043857][T15524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.051658][T15524] R13: 0000000000000000 R14: 00007fe581363f80 R15: 00007ffe8ecba328 [ 541.059478][T15524] [ 542.200432][T15546] FAULT_INJECTION: forcing a failure. [ 542.200432][T15546] name failslab, interval 1, probability 0, space 0, times 0 [ 542.212910][T15546] CPU: 1 PID: 15546 Comm: syz.0.5235 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 542.224056][T15546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 542.235162][T15546] Call Trace: [ 542.238432][T15546] [ 542.241152][T15546] dump_stack_lvl+0x151/0x1b7 [ 542.245683][T15546] ? io_uring_drop_tctx_refs+0x190/0x190 [ 542.251138][T15546] ? __bpf_trace_fib_table_lookup+0x33/0x40 [ 542.256881][T15546] dump_stack+0x15/0x17 [ 542.260854][T15546] should_fail+0x3c6/0x510 [ 542.265109][T15546] __should_failslab+0xa4/0xe0 [ 542.269715][T15546] ? dst_alloc+0x164/0x1e0 [ 542.273959][T15546] should_failslab+0x9/0x20 [ 542.278295][T15546] slab_pre_alloc_hook+0x37/0xd0 [ 542.283078][T15546] ? dst_alloc+0x164/0x1e0 [ 542.287323][T15546] kmem_cache_alloc+0x44/0x200 [ 542.291925][T15546] dst_alloc+0x164/0x1e0 [ 542.296004][T15546] ip_route_output_key_hash_rcu+0x129a/0x20b0 [ 542.301908][T15546] ip_route_output_key_hash+0x142/0x210 [ 542.307287][T15546] ? ip_route_input_rcu+0x29b0/0x29b0 [ 542.312501][T15546] vti6_tnl_xmit+0xd91/0x1860 [ 542.317098][T15546] ? vti6_dev_uninit+0x360/0x360 [ 542.321874][T15546] ? netif_skb_features+0x7fc/0xb70 [ 542.326907][T15546] dev_hard_start_xmit+0x228/0x620 [ 542.331852][T15546] __dev_queue_xmit+0x18b4/0x2e70 [ 542.336718][T15546] ? dev_queue_xmit+0x20/0x20 [ 542.341224][T15546] ? __kasan_check_write+0x14/0x20 [ 542.346171][T15546] ? skb_release_data+0x1c3/0xa80 [ 542.351120][T15546] ? __kasan_check_write+0x14/0x20 [ 542.356064][T15546] ? pskb_expand_head+0xc8f/0x1240 [ 542.361013][T15546] dev_queue_xmit+0x17/0x20 [ 542.365353][T15546] __bpf_redirect+0x690/0xe60 [ 542.369871][T15546] bpf_clone_redirect+0x24d/0x390 [ 542.374734][T15546] bpf_prog_6893982b85ceadf7+0x56/0xc30 [ 542.380108][T15546] ? swiotlb_map+0xd0/0x7c0 [ 542.384446][T15546] ? __stack_depot_save+0x34/0x470 [ 542.389397][T15546] ? __kasan_slab_alloc+0xc3/0xe0 [ 542.394252][T15546] ? __kasan_slab_alloc+0xb1/0xe0 [ 542.399112][T15546] ? slab_post_alloc_hook+0x53/0x2c0 [ 542.404233][T15546] ? kmem_cache_alloc+0xf5/0x200 [ 542.409006][T15546] ? __build_skb+0x2a/0x300 [ 542.413347][T15546] ? build_skb+0x25/0x1f0 [ 542.417514][T15546] ? bpf_prog_test_run_skb+0x38e/0x1420 [ 542.422897][T15546] ? bpf_prog_test_run+0x3b0/0x630 [ 542.427841][T15546] ? __sys_bpf+0x525/0x760 [ 542.432095][T15546] ? __x64_sys_bpf+0x7c/0x90 [ 542.436519][T15546] ? do_syscall_64+0x3d/0xb0 [ 542.440945][T15546] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 542.446857][T15546] ? ktime_get+0x12f/0x160 [ 542.451116][T15546] bpf_test_run+0x478/0xa10 [ 542.455450][T15546] ? convert___skb_to_skb+0x570/0x570 [ 542.460651][T15546] ? eth_type_trans+0x2c6/0x600 [ 542.465338][T15546] ? eth_get_headlen+0x240/0x240 [ 542.470112][T15546] ? convert___skb_to_skb+0x44/0x570 [ 542.475325][T15546] bpf_prog_test_run_skb+0xb41/0x1420 [ 542.480524][T15546] ? __kasan_check_write+0x14/0x20 [ 542.485479][T15546] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 542.491211][T15546] ? __kasan_check_write+0x14/0x20 [ 542.496234][T15546] ? fput_many+0x160/0x1b0 [ 542.500488][T15546] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 542.506217][T15546] bpf_prog_test_run+0x3b0/0x630 [ 542.510997][T15546] ? bpf_prog_query+0x220/0x220 [ 542.515677][T15546] ? selinux_bpf+0xd2/0x100 [ 542.520020][T15546] ? security_bpf+0x82/0xb0 [ 542.524357][T15546] __sys_bpf+0x525/0x760 [ 542.528435][T15546] ? fput_many+0x160/0x1b0 [ 542.532689][T15546] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 542.537898][T15546] ? debug_smp_processor_id+0x17/0x20 [ 542.543107][T15546] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 542.549005][T15546] __x64_sys_bpf+0x7c/0x90 [ 542.553259][T15546] do_syscall_64+0x3d/0xb0 [ 542.557512][T15546] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 542.563239][T15546] RIP: 0033:0x7fcae7def9f9 [ 542.567496][T15546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 542.586936][T15546] RSP: 002b:00007fcae6a6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 542.595177][T15546] RAX: ffffffffffffffda RBX: 00007fcae7f7df80 RCX: 00007fcae7def9f9 [ 542.602989][T15546] RDX: 000000000000002c RSI: 0000000020000080 RDI: 000000000000000a [ 542.610805][T15546] RBP: 00007fcae6a6f090 R08: 0000000000000000 R09: 0000000000000000 [ 542.618612][T15546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 542.626422][T15546] R13: 0000000000000000 R14: 00007fcae7f7df80 R15: 00007ffdd67ebbb8 [ 542.634245][T15546] [ 544.674816][T15601] device pim6reg1 entered promiscuous mode [ 548.875111][T15694] device syzkaller0 entered promiscuous mode [ 550.691469][ T30] audit: type=1400 audit(1723291778.908:160): avc: denied { create } for pid=15731 comm="syz.0.5295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 552.365083][T15773] device syzkaller0 entered promiscuous mode [ 554.508621][T15822] bond_slave_1: mtu less than device minimum [ 554.632582][T15822] device pim6reg1 entered promiscuous mode [ 556.342764][T15867] FAULT_INJECTION: forcing a failure. [ 556.342764][T15867] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 556.502389][T15867] CPU: 1 PID: 15867 Comm: syz.3.5337 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 556.513604][T15867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 556.523497][T15867] Call Trace: [ 556.526618][T15867] [ 556.529394][T15867] dump_stack_lvl+0x151/0x1b7 [ 556.533907][T15867] ? io_uring_drop_tctx_refs+0x190/0x190 [ 556.539394][T15867] dump_stack+0x15/0x17 [ 556.543366][T15867] should_fail+0x3c6/0x510 [ 556.547624][T15867] should_fail_alloc_page+0x5a/0x80 [ 556.552654][T15867] prepare_alloc_pages+0x15c/0x700 [ 556.557606][T15867] ? __alloc_pages+0x8f0/0x8f0 [ 556.562204][T15867] ? __alloc_pages_bulk+0xe40/0xe40 [ 556.567586][T15867] __alloc_pages+0x18c/0x8f0 [ 556.572010][T15867] ? __sys_bpf+0x50e/0x760 [ 556.576266][T15867] ? prep_new_page+0x110/0x110 [ 556.580863][T15867] ? __kasan_check_write+0x14/0x20 [ 556.585815][T15867] __get_free_pages+0x10/0x30 [ 556.590322][T15867] kasan_populate_vmalloc_pte+0x39/0x130 [ 556.595791][T15867] ? __apply_to_page_range+0x8ca/0xbe0 [ 556.601087][T15867] __apply_to_page_range+0x8dd/0xbe0 [ 556.606380][T15867] ? kasan_populate_vmalloc+0x70/0x70 [ 556.611596][T15867] ? kasan_populate_vmalloc+0x70/0x70 [ 556.616794][T15867] apply_to_page_range+0x3b/0x50 [ 556.621657][T15867] kasan_populate_vmalloc+0x65/0x70 [ 556.626693][T15867] alloc_vmap_area+0x192f/0x1a80 [ 556.631476][T15867] ? vm_map_ram+0xa90/0xa90 [ 556.635801][T15867] ? __kasan_kmalloc+0x9/0x10 [ 556.640317][T15867] ? __get_vm_area_node+0x117/0x360 [ 556.645351][T15867] __get_vm_area_node+0x158/0x360 [ 556.650213][T15867] __vmalloc_node_range+0xe2/0x8d0 [ 556.655157][T15867] ? btf_new_fd+0x2d3/0x910 [ 556.659496][T15867] ? __kasan_kmalloc_large+0x1a/0xc0 [ 556.664618][T15867] ? kmalloc_order_trace+0x1a/0xb0 [ 556.669569][T15867] ? btf_new_fd+0x2d3/0x910 [ 556.673903][T15867] __vmalloc_node+0x81/0x90 [ 556.678243][T15867] ? btf_new_fd+0x2d3/0x910 [ 556.682584][T15867] kvmalloc_node+0x242/0x4d0 [ 556.687018][T15867] ? vm_mmap+0xb0/0xb0 [ 556.691003][T15867] ? kmem_cache_alloc_trace+0x115/0x210 [ 556.696380][T15867] ? btf_new_fd+0x297/0x910 [ 556.700726][T15867] btf_new_fd+0x2d3/0x910 [ 556.704893][T15867] bpf_btf_load+0x6f/0x90 [ 556.709054][T15867] __sys_bpf+0x50e/0x760 [ 556.713137][T15867] ? fput_many+0x160/0x1b0 [ 556.717386][T15867] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 556.722598][T15867] ? debug_smp_processor_id+0x17/0x20 [ 556.727803][T15867] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 556.733706][T15867] __x64_sys_bpf+0x7c/0x90 [ 556.737959][T15867] do_syscall_64+0x3d/0xb0 [ 556.742210][T15867] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 556.747859][T15867] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 556.753579][T15867] RIP: 0033:0x7f2b6acb09f9 [ 556.757849][T15867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.777274][T15867] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 556.785520][T15867] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 556.793330][T15867] RDX: 0000000000000020 RSI: 0000000020000280 RDI: 0000000000000012 [ 556.801144][T15867] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 556.808956][T15867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 556.816764][T15867] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 556.824588][T15867] [ 605.476662][T16928] FAULT_INJECTION: forcing a failure. [ 605.476662][T16928] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 605.534792][T16928] CPU: 0 PID: 16928 Comm: syz.3.5670 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 605.546092][T16928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 605.555988][T16928] Call Trace: [ 605.559108][T16928] [ 605.561888][T16928] dump_stack_lvl+0x151/0x1b7 [ 605.566398][T16928] ? io_uring_drop_tctx_refs+0x190/0x190 [ 605.571871][T16928] dump_stack+0x15/0x17 [ 605.575858][T16928] should_fail+0x3c6/0x510 [ 605.580118][T16928] should_fail_alloc_page+0x5a/0x80 [ 605.585146][T16928] prepare_alloc_pages+0x15c/0x700 [ 605.590099][T16928] ? __alloc_pages_bulk+0xe40/0xe40 [ 605.595127][T16928] ? __alloc_skb+0x10c/0x550 [ 605.599552][T16928] ? __napi_alloc_skb+0x167/0x2e0 [ 605.604412][T16928] ? napi_get_frags+0x6a/0x170 [ 605.609014][T16928] ? tun_get_user+0xd85/0x3aa0 [ 605.613616][T16928] ? tun_chr_write_iter+0x1e1/0x2e0 [ 605.618650][T16928] __alloc_pages+0x18c/0x8f0 [ 605.623078][T16928] ? prep_new_page+0x110/0x110 [ 605.627688][T16928] kmalloc_order+0x4a/0x160 [ 605.632014][T16928] kmalloc_order_trace+0x1a/0xb0 [ 605.636872][T16928] ? tun_get_user+0x13b3/0x3aa0 [ 605.641570][T16928] __kmalloc_track_caller+0x19b/0x260 [ 605.646771][T16928] ? tun_get_user+0x13b3/0x3aa0 [ 605.651454][T16928] pskb_expand_head+0x113/0x1240 [ 605.656226][T16928] ? __napi_alloc_skb+0x174/0x2e0 [ 605.661089][T16928] tun_get_user+0x13b3/0x3aa0 [ 605.665601][T16928] ? kasan_set_track+0x4b/0x70 [ 605.670199][T16928] ? kasan_set_free_info+0x23/0x40 [ 605.675237][T16928] ? _kstrtoull+0x3a0/0x4a0 [ 605.679575][T16928] ? tun_do_read+0x1ef0/0x1ef0 [ 605.684172][T16928] ? kstrtouint_from_user+0x20a/0x2a0 [ 605.689382][T16928] ? kstrtol_from_user+0x310/0x310 [ 605.694335][T16928] ? avc_policy_seqno+0x1b/0x70 [ 605.699014][T16928] ? selinux_file_permission+0x2c4/0x570 [ 605.704485][T16928] tun_chr_write_iter+0x1e1/0x2e0 [ 605.709384][T16928] vfs_write+0xd5d/0x1110 [ 605.713513][T16928] ? kmem_cache_free+0x2c3/0x2e0 [ 605.718287][T16928] ? file_end_write+0x1c0/0x1c0 [ 605.722975][T16928] ? __fdget_pos+0x209/0x3a0 [ 605.727395][T16928] ? ksys_write+0x77/0x2c0 [ 605.731650][T16928] ksys_write+0x199/0x2c0 [ 605.735819][T16928] ? __ia32_sys_read+0x90/0x90 [ 605.740415][T16928] ? debug_smp_processor_id+0x17/0x20 [ 605.745633][T16928] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 605.751532][T16928] __x64_sys_write+0x7b/0x90 [ 605.755952][T16928] do_syscall_64+0x3d/0xb0 [ 605.760203][T16928] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 605.765941][T16928] RIP: 0033:0x7f2b6acb09f9 [ 605.770192][T16928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.789630][T16928] RSP: 002b:00007f2b6990f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 605.798016][T16928] RAX: ffffffffffffffda RBX: 00007f2b6ae3f058 RCX: 00007f2b6acb09f9 [ 605.805824][T16928] RDX: 000000000000fdef RSI: 0000000020000440 RDI: 0000000000000006 [ 605.813630][T16928] RBP: 00007f2b6990f090 R08: 0000000000000000 R09: 0000000000000000 [ 605.821442][T16928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 605.829263][T16928] R13: 0000000000000001 R14: 00007f2b6ae3f058 R15: 00007fffd9ebb1e8 [ 605.837077][T16928] [ 609.289106][T16979] device lo entered promiscuous mode [ 614.503528][T17103] FAULT_INJECTION: forcing a failure. [ 614.503528][T17103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 614.611467][T17103] CPU: 1 PID: 17103 Comm: syz.2.5725 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 614.623545][T17103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 614.633683][T17103] Call Trace: [ 614.636812][T17103] [ 614.639576][T17103] dump_stack_lvl+0x151/0x1b7 [ 614.644120][T17103] ? io_uring_drop_tctx_refs+0x190/0x190 [ 614.649654][T17103] dump_stack+0x15/0x17 [ 614.653640][T17103] should_fail+0x3c6/0x510 [ 614.657894][T17103] should_fail_usercopy+0x1a/0x20 [ 614.662755][T17103] _copy_from_iter+0x22f/0xdc0 [ 614.667443][T17103] ? copy_mc_pipe_to_iter+0x760/0x760 [ 614.672649][T17103] ? __check_object_size+0x2ec/0x3d0 [ 614.677770][T17103] tipc_msg_build+0x96f/0x1230 [ 614.682368][T17103] ? proc_tid_base_lookup+0x2b/0x30 [ 614.687405][T17103] ? tipc_msg_fragment+0x760/0x760 [ 614.692349][T17103] ? tipc_nametbl_lookup_mcast_nodes+0x424/0xa10 [ 614.698511][T17103] __tipc_sendmsg+0x2203/0x3240 [ 614.703205][T17103] ? avc_has_perm_noaudit+0x2dd/0x430 [ 614.708405][T17103] ? local_bh_enable+0x30/0x30 [ 614.713018][T17103] ? wait_woken+0x170/0x170 [ 614.717345][T17103] ? avc_has_perm+0x16f/0x260 [ 614.721873][T17103] ? __kernel_text_address+0x9b/0x110 [ 614.727072][T17103] ? avc_has_perm_noaudit+0x430/0x430 [ 614.732278][T17103] ? __kasan_check_write+0x14/0x20 [ 614.737244][T17103] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 614.742170][T17103] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 614.747208][T17103] ? __local_bh_enable_ip+0x58/0x80 [ 614.752237][T17103] ? lock_sock_nested+0x266/0x300 [ 614.757101][T17103] ? sock_init_data+0xc0/0xc0 [ 614.761708][T17103] ? kmem_cache_free+0x116/0x2e0 [ 614.766471][T17103] ? kasan_set_track+0x5d/0x70 [ 614.771071][T17103] ? kasan_set_free_info+0x23/0x40 [ 614.776015][T17103] ? check_stack_object+0x114/0x130 [ 614.781058][T17103] tipc_sendmsg+0x55/0x70 [ 614.785220][T17103] ? tipc_recvmsg+0x13b0/0x13b0 [ 614.789911][T17103] ____sys_sendmsg+0x59e/0x8f0 [ 614.794597][T17103] ? __sys_sendmsg_sock+0x40/0x40 [ 614.799453][T17103] ? import_iovec+0xe5/0x120 [ 614.803882][T17103] ___sys_sendmsg+0x252/0x2e0 [ 614.808409][T17103] ? __sys_sendmsg+0x260/0x260 [ 614.813007][T17103] ? __fdget+0x1bc/0x240 [ 614.817077][T17103] __se_sys_sendmsg+0x19a/0x260 [ 614.821760][T17103] ? __x64_sys_sendmsg+0x90/0x90 [ 614.826538][T17103] ? ksys_write+0x260/0x2c0 [ 614.830877][T17103] ? debug_smp_processor_id+0x17/0x20 [ 614.836075][T17103] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 614.841983][T17103] __x64_sys_sendmsg+0x7b/0x90 [ 614.846581][T17103] do_syscall_64+0x3d/0xb0 [ 614.850837][T17103] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 614.856559][T17103] RIP: 0033:0x7fe5811d59f9 [ 614.860818][T17103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.880259][T17103] RSP: 002b:00007fe57fe55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 614.888507][T17103] RAX: ffffffffffffffda RBX: 00007fe581363f80 RCX: 00007fe5811d59f9 [ 614.896397][T17103] RDX: 0000000000000000 RSI: 0000000020004440 RDI: 0000000000000007 [ 614.904210][T17103] RBP: 00007fe57fe55090 R08: 0000000000000000 R09: 0000000000000000 [ 614.912109][T17103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 614.919921][T17103] R13: 0000000000000000 R14: 00007fe581363f80 R15: 00007ffe8ecba328 [ 614.927740][T17103] [ 620.798055][T17243] syzkaller0: refused to change device tx_queue_len [ 620.819235][T17244] device syzkaller0 entered promiscuous mode [ 620.869602][T17244] FAULT_INJECTION: forcing a failure. [ 620.869602][T17244] name failslab, interval 1, probability 0, space 0, times 0 [ 620.882079][T17244] CPU: 0 PID: 17244 Comm: syz.3.5766 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 620.893222][T17244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 620.903118][T17244] Call Trace: [ 620.906240][T17244] [ 620.909017][T17244] dump_stack_lvl+0x151/0x1b7 [ 620.913616][T17244] ? io_uring_drop_tctx_refs+0x190/0x190 [ 620.919085][T17244] dump_stack+0x15/0x17 [ 620.923076][T17244] should_fail+0x3c6/0x510 [ 620.927333][T17244] __should_failslab+0xa4/0xe0 [ 620.932049][T17244] should_failslab+0x9/0x20 [ 620.936385][T17244] slab_pre_alloc_hook+0x37/0xd0 [ 620.941239][T17244] ? fdb_notify+0x77/0x120 [ 620.945493][T17244] __kmalloc_track_caller+0x6c/0x260 [ 620.950610][T17244] ? fdb_notify+0x77/0x120 [ 620.954863][T17244] ? fdb_notify+0x77/0x120 [ 620.959123][T17244] __alloc_skb+0x10c/0x550 [ 620.963372][T17244] fdb_notify+0x77/0x120 [ 620.967445][T17244] fdb_delete+0x83c/0xac0 [ 620.971622][T17244] fdb_delete_local+0x3d1/0x470 [ 620.976478][T17244] br_fdb_changeaddr+0x1bb/0x1c0 [ 620.981250][T17244] br_device_event+0x3c6/0x7c0 [ 620.985848][T17244] ? br_boolopt_multi_get+0xf0/0xf0 [ 620.990881][T17244] ? packet_notifier+0x8ad/0x8c0 [ 620.995656][T17244] ? ipv6_mc_netdev_event+0xa4/0x480 [ 621.000874][T17244] raw_notifier_call_chain+0x8c/0xf0 [ 621.005988][T17244] dev_set_mac_address+0x325/0x470 [ 621.010932][T17244] ? dev_pre_changeaddr_notify+0x220/0x220 [ 621.016698][T17244] dev_set_mac_address_user+0x31/0x50 [ 621.021901][T17244] dev_ifsioc+0x7ef/0x10c0 [ 621.026152][T17244] ? dev_ioctl+0xe70/0xe70 [ 621.030403][T17244] ? mutex_lock+0x135/0x1e0 [ 621.034743][T17244] ? wait_for_completion_killable_timeout+0x10/0x10 [ 621.041287][T17244] dev_ioctl+0x54d/0xe70 [ 621.045357][T17244] sock_do_ioctl+0x34f/0x5a0 [ 621.049779][T17244] ? sock_show_fdinfo+0xa0/0xa0 [ 621.054469][T17244] ? selinux_file_ioctl+0x3cc/0x540 [ 621.059501][T17244] sock_ioctl+0x455/0x740 [ 621.063667][T17244] ? sock_poll+0x400/0x400 [ 621.067916][T17244] ? __fget_files+0x31e/0x380 [ 621.072436][T17244] ? security_file_ioctl+0x84/0xb0 [ 621.077389][T17244] ? sock_poll+0x400/0x400 [ 621.081632][T17244] __se_sys_ioctl+0x114/0x190 [ 621.086268][T17244] __x64_sys_ioctl+0x7b/0x90 [ 621.090682][T17244] do_syscall_64+0x3d/0xb0 [ 621.094939][T17244] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 621.100773][T17244] RIP: 0033:0x7f2b6acb09f9 [ 621.105023][T17244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 621.124573][T17244] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 621.132813][T17244] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 621.140628][T17244] RDX: 0000000020000000 RSI: 0000000000008924 RDI: 000000000000000b [ 621.148959][T17244] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 621.156769][T17244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 621.164580][T17244] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 621.172399][T17244] [ 621.194724][T17247] device syzkaller0 entered promiscuous mode [ 622.771803][T17289] FAULT_INJECTION: forcing a failure. [ 622.771803][T17289] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 622.911561][T17289] CPU: 0 PID: 17289 Comm: syz.3.5782 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 622.922778][T17289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 622.932671][T17289] Call Trace: [ 622.935794][T17289] [ 622.938574][T17289] dump_stack_lvl+0x151/0x1b7 [ 622.943086][T17289] ? io_uring_drop_tctx_refs+0x190/0x190 [ 622.948644][T17289] dump_stack+0x15/0x17 [ 622.952633][T17289] should_fail+0x3c6/0x510 [ 622.956888][T17289] should_fail_usercopy+0x1a/0x20 [ 622.961745][T17289] strncpy_from_user+0x24/0x2d0 [ 622.966429][T17289] ? kmem_cache_alloc+0xf5/0x200 [ 622.971209][T17289] getname_flags+0xf2/0x520 [ 622.975547][T17289] __x64_sys_unlink+0x3c/0x50 [ 622.980058][T17289] do_syscall_64+0x3d/0xb0 [ 622.984318][T17289] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 622.990127][T17289] RIP: 0033:0x7f2b6acb09f9 [ 622.994392][T17289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.013913][T17289] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 623.022152][T17289] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 623.029965][T17289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 623.037776][T17289] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 623.045586][T17289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.053412][T17289] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 623.061221][T17289] [ 624.577516][T17320] device sit0 left promiscuous mode [ 624.776865][T17323] device sit0 entered promiscuous mode [ 630.272751][T17431] syz.1.5822[17431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 630.272894][T17431] syz.1.5822[17431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 632.580570][T17492] FAULT_INJECTION: forcing a failure. [ 632.580570][T17492] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 632.636775][T17492] CPU: 1 PID: 17492 Comm: syz.0.5841 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 632.647984][T17492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 632.657965][T17492] Call Trace: [ 632.661093][T17492] [ 632.663864][T17492] dump_stack_lvl+0x151/0x1b7 [ 632.668388][T17492] ? io_uring_drop_tctx_refs+0x190/0x190 [ 632.673930][T17492] ? ____sys_recvmsg+0x420/0x530 [ 632.678707][T17492] dump_stack+0x15/0x17 [ 632.682699][T17492] should_fail+0x3c6/0x510 [ 632.686948][T17492] should_fail_usercopy+0x1a/0x20 [ 632.691811][T17492] _copy_to_user+0x20/0x90 [ 632.696063][T17492] simple_read_from_buffer+0xc7/0x150 [ 632.701275][T17492] proc_fail_nth_read+0x1a3/0x210 [ 632.706132][T17492] ? proc_fault_inject_write+0x390/0x390 [ 632.711684][T17492] ? fsnotify_perm+0x470/0x5d0 [ 632.716287][T17492] ? security_file_permission+0x86/0xb0 [ 632.721665][T17492] ? proc_fault_inject_write+0x390/0x390 [ 632.727136][T17492] vfs_read+0x27d/0xd40 [ 632.731129][T17492] ? kernel_read+0x1f0/0x1f0 [ 632.735555][T17492] ? __kasan_check_write+0x14/0x20 [ 632.740589][T17492] ? mutex_lock+0xb6/0x1e0 [ 632.744842][T17492] ? wait_for_completion_killable_timeout+0x10/0x10 [ 632.751265][T17492] ? __fdget_pos+0x2e7/0x3a0 [ 632.755690][T17492] ? ksys_read+0x77/0x2c0 [ 632.759856][T17492] ksys_read+0x199/0x2c0 [ 632.763934][T17492] ? ___sys_recvmsg+0x690/0x690 [ 632.768621][T17492] ? vfs_write+0x1110/0x1110 [ 632.773047][T17492] ? debug_smp_processor_id+0x17/0x20 [ 632.778255][T17492] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 632.784159][T17492] __x64_sys_read+0x7b/0x90 [ 632.788499][T17492] do_syscall_64+0x3d/0xb0 [ 632.792750][T17492] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 632.798478][T17492] RIP: 0033:0x7fcae7dee43c [ 632.802733][T17492] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 632.822175][T17492] RSP: 002b:00007fcae6a6f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 632.830416][T17492] RAX: ffffffffffffffda RBX: 00007fcae7f7df80 RCX: 00007fcae7dee43c [ 632.838229][T17492] RDX: 000000000000000f RSI: 00007fcae6a6f0a0 RDI: 0000000000000005 [ 632.846125][T17492] RBP: 00007fcae6a6f090 R08: 0000000000000000 R09: 0000000000000000 [ 632.853938][T17492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 632.861748][T17492] R13: 0000000000000000 R14: 00007fcae7f7df80 R15: 00007ffdd67ebbb8 [ 632.869571][T17492] [ 633.088364][T17508] tap0: tun_chr_ioctl cmd 1074025677 [ 633.164972][T17508] tap0: linktype set to 776 [ 636.458254][T17569] device pim6reg1 entered promiscuous mode [ 636.885679][T17581] syz.2.5869[17581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 636.885792][T17581] syz.2.5869[17581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 638.590049][T17621] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.783882][T17621] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.805638][T17621] device bridge_slave_0 entered promiscuous mode [ 638.876926][T17621] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.938889][T17621] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.002610][T17621] device bridge_slave_1 entered promiscuous mode [ 639.343774][T17638] device sit0 entered promiscuous mode [ 639.517552][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 639.532188][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 639.557175][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 639.567889][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 639.576335][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 639.583215][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 639.595533][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 639.603838][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 639.618715][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 639.625609][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 639.660983][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 639.668831][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 639.684013][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 639.710471][T17621] device veth0_vlan entered promiscuous mode [ 639.736556][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 639.757235][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 639.775671][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 639.790788][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 639.827154][T17621] device veth1_macvtap entered promiscuous mode [ 639.862796][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 639.875204][ T344] device bridge_slave_1 left promiscuous mode [ 639.885722][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.901821][ T344] device bridge_slave_0 left promiscuous mode [ 639.913313][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 639.930204][ T344] device veth0_vlan left promiscuous mode [ 640.180319][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 640.208341][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 640.221020][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 640.821349][T17669] FAULT_INJECTION: forcing a failure. [ 640.821349][T17669] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 640.911834][T17669] CPU: 1 PID: 17669 Comm: syz.1.5896 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 640.923056][T17669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 640.932956][T17669] Call Trace: [ 640.936074][T17669] [ 640.938856][T17669] dump_stack_lvl+0x151/0x1b7 [ 640.943373][T17669] ? io_uring_drop_tctx_refs+0x190/0x190 [ 640.948837][T17669] ? __stack_depot_save+0x34/0x470 [ 640.953783][T17669] dump_stack+0x15/0x17 [ 640.957864][T17669] should_fail+0x3c6/0x510 [ 640.962122][T17669] should_fail_alloc_page+0x5a/0x80 [ 640.967152][T17669] prepare_alloc_pages+0x15c/0x700 [ 640.972096][T17669] ? __alloc_pages_bulk+0xe40/0xe40 [ 640.977135][T17669] __alloc_pages+0x18c/0x8f0 [ 640.981558][T17669] ? prep_new_page+0x110/0x110 [ 640.986159][T17669] ? __kasan_kmalloc+0x9/0x10 [ 640.990670][T17669] ? __vmalloc_node_range+0x2d6/0x8d0 [ 640.995876][T17669] __vmalloc_node_range+0x482/0x8d0 [ 641.000916][T17669] bpf_map_area_alloc+0xd9/0xf0 [ 641.005597][T17669] ? sock_map_alloc+0x1f7/0x310 [ 641.010282][T17669] sock_map_alloc+0x1f7/0x310 [ 641.014800][T17669] map_create+0x411/0x2050 [ 641.019051][T17669] __sys_bpf+0x296/0x760 [ 641.023130][T17669] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 641.028428][T17669] __x64_sys_bpf+0x7c/0x90 [ 641.032673][T17669] do_syscall_64+0x3d/0xb0 [ 641.036926][T17669] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 641.042580][T17669] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 641.048300][T17669] RIP: 0033:0x7fde2b6d79f9 [ 641.052553][T17669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 641.072083][T17669] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 641.080330][T17669] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 641.088224][T17669] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 1400000000000000 [ 641.096036][T17669] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 641.103851][T17669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 641.111659][T17669] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 641.119498][T17669] [ 643.577472][T17741] device sit0 entered promiscuous mode [ 643.867213][T17748] FAULT_INJECTION: forcing a failure. [ 643.867213][T17748] name failslab, interval 1, probability 0, space 0, times 0 [ 643.943090][T17748] CPU: 0 PID: 17748 Comm: syz.1.5928 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 643.954392][T17748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 643.964284][T17748] Call Trace: [ 643.967425][T17748] [ 643.970466][T17748] dump_stack_lvl+0x151/0x1b7 [ 643.975229][T17748] ? io_uring_drop_tctx_refs+0x190/0x190 [ 643.980697][T17748] dump_stack+0x15/0x17 [ 643.984688][T17748] should_fail+0x3c6/0x510 [ 643.988938][T17748] __should_failslab+0xa4/0xe0 [ 643.993537][T17748] ? security_inode_alloc+0x29/0x120 [ 643.998657][T17748] should_failslab+0x9/0x20 [ 644.002993][T17748] slab_pre_alloc_hook+0x37/0xd0 [ 644.007774][T17748] ? security_inode_alloc+0x29/0x120 [ 644.012894][T17748] kmem_cache_alloc+0x44/0x200 [ 644.017497][T17748] security_inode_alloc+0x29/0x120 [ 644.022436][T17748] inode_init_always+0x76d/0x9d0 [ 644.027222][T17748] ? sockfs_init_fs_context+0xb0/0xb0 [ 644.032545][T17748] new_inode_pseudo+0x93/0x220 [ 644.037106][T17748] __sock_create+0x135/0x760 [ 644.041541][T17748] __sys_socketpair+0x29f/0x6e0 [ 644.046218][T17748] ? __ia32_sys_socket+0x90/0x90 [ 644.050993][T17748] ? debug_smp_processor_id+0x17/0x20 [ 644.056199][T17748] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 644.062102][T17748] __x64_sys_socketpair+0x9b/0xb0 [ 644.066962][T17748] do_syscall_64+0x3d/0xb0 [ 644.071225][T17748] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 644.076942][T17748] RIP: 0033:0x7fde2b6d79f9 [ 644.081196][T17748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 644.100809][T17748] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 644.109055][T17748] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 644.116868][T17748] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000028 [ 644.124676][T17748] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 644.132640][T17748] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 644.140527][T17748] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 644.148346][T17748] [ 644.242007][T17748] socket: no more sockets [ 646.372440][T17826] device pim6reg1 entered promiscuous mode [ 647.724904][T17862] FAULT_INJECTION: forcing a failure. [ 647.724904][T17862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 647.766705][T17865] FAULT_INJECTION: forcing a failure. [ 647.766705][T17865] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 647.781884][T17862] CPU: 0 PID: 17862 Comm: syz.1.5967 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 647.793082][T17862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 647.802975][T17862] Call Trace: [ 647.806097][T17862] [ 647.808968][T17862] dump_stack_lvl+0x151/0x1b7 [ 647.813478][T17862] ? io_uring_drop_tctx_refs+0x190/0x190 [ 647.818951][T17862] dump_stack+0x15/0x17 [ 647.822939][T17862] should_fail+0x3c6/0x510 [ 647.827197][T17862] should_fail_usercopy+0x1a/0x20 [ 647.832050][T17862] _copy_from_user+0x20/0xd0 [ 647.836478][T17862] __sys_bpf+0x1e9/0x760 [ 647.840560][T17862] ? fput_many+0x160/0x1b0 [ 647.844808][T17862] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 647.850024][T17862] ? debug_smp_processor_id+0x17/0x20 [ 647.855238][T17862] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 647.861132][T17862] __x64_sys_bpf+0x7c/0x90 [ 647.865387][T17862] do_syscall_64+0x3d/0xb0 [ 647.869633][T17862] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 647.875360][T17862] RIP: 0033:0x7fde2b6d79f9 [ 647.879614][T17862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.899158][T17862] RSP: 002b:00007fde2a357038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 647.907385][T17862] RAX: ffffffffffffffda RBX: 00007fde2b865f80 RCX: 00007fde2b6d79f9 [ 647.915197][T17862] RDX: 0000000000000020 RSI: 0000000020000500 RDI: 0000000000000015 [ 647.923012][T17862] RBP: 00007fde2a357090 R08: 0000000000000000 R09: 0000000000000000 [ 647.930821][T17862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 647.938635][T17862] R13: 0000000000000000 R14: 00007fde2b865f80 R15: 00007fffae56c458 [ 647.946454][T17862] [ 648.145037][T17871] syz.4.5970[17871] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 648.145115][T17871] syz.4.5970[17871] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 648.159883][T17865] CPU: 1 PID: 17865 Comm: syz.3.5966 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 648.182273][T17865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 648.192339][T17865] Call Trace: [ 648.195463][T17865] [ 648.198240][T17865] dump_stack_lvl+0x151/0x1b7 [ 648.202759][T17865] ? io_uring_drop_tctx_refs+0x190/0x190 [ 648.208221][T17865] ? stack_trace_save+0x113/0x1c0 [ 648.213084][T17865] dump_stack+0x15/0x17 [ 648.217074][T17865] should_fail+0x3c6/0x510 [ 648.221329][T17865] should_fail_alloc_page+0x5a/0x80 [ 648.226368][T17865] prepare_alloc_pages+0x15c/0x700 [ 648.231309][T17865] ? kasan_set_track+0x4b/0x70 [ 648.235906][T17865] ? kasan_set_free_info+0x23/0x40 [ 648.240855][T17865] ? ____kasan_slab_free+0x126/0x160 [ 648.245978][T17865] ? __alloc_pages_bulk+0xe40/0xe40 [ 648.251017][T17865] __alloc_pages+0x18c/0x8f0 [ 648.255441][T17865] ? prep_new_page+0x110/0x110 [ 648.260044][T17865] kmalloc_order+0x4a/0x160 [ 648.264375][T17865] ? proc_fail_nth_write+0x20b/0x290 [ 648.269504][T17865] kmalloc_order_trace+0x1a/0xb0 [ 648.274290][T17865] __kmalloc+0x19c/0x270 [ 648.278355][T17865] kvmalloc_node+0x1f0/0x4d0 [ 648.282776][T17865] ? vm_mmap+0xb0/0xb0 [ 648.286687][T17865] map_lookup_and_delete_elem+0x51f/0x8d0 [ 648.292260][T17865] __sys_bpf+0x4ce/0x760 [ 648.296317][T17865] ? fput_many+0x160/0x1b0 [ 648.300572][T17865] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 648.305782][T17865] ? debug_smp_processor_id+0x17/0x20 [ 648.310987][T17865] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 648.316895][T17865] __x64_sys_bpf+0x7c/0x90 [ 648.321168][T17865] do_syscall_64+0x3d/0xb0 [ 648.325554][T17865] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 648.331275][T17865] RIP: 0033:0x7f2b6acb09f9 [ 648.335527][T17865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.354969][T17865] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 648.363210][T17865] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 648.371021][T17865] RDX: 0000000000000020 RSI: 0000000020000400 RDI: 0000000000000015 [ 648.378834][T17865] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 648.386647][T17865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 648.394455][T17865] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 648.402283][T17865] [ 649.739200][T17897] device sit0 left promiscuous mode [ 654.414176][T17980] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.431061][T17980] bridge0: port 1(bridge_slave_0) entered disabled state [ 654.519842][T17980] device bridge_slave_0 entered promiscuous mode [ 654.564731][T17980] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.583699][T17980] bridge0: port 2(bridge_slave_1) entered disabled state [ 654.618368][T17980] device bridge_slave_1 entered promiscuous mode [ 655.285340][ T10] bridge0: port 3(gretap0) entered disabled state [ 655.304267][ T10] device gretap0 left promiscuous mode [ 655.309553][ T10] bridge0: port 3(gretap0) entered disabled state [ 655.434859][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 655.445395][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 655.518886][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 655.532037][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 655.550943][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.557836][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 655.585107][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 655.609046][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 655.629207][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.636095][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 655.681942][ T10] device bridge_slave_1 left promiscuous mode [ 655.700819][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.710989][ T10] device bridge_slave_0 left promiscuous mode [ 655.720956][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.738980][ T10] device veth0_vlan left promiscuous mode [ 655.964736][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 655.991998][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 656.092100][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 656.109141][T17980] device veth0_vlan entered promiscuous mode [ 656.209904][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 656.238570][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 656.348089][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 656.388725][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 656.485178][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 656.499314][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 656.579551][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 656.635640][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 656.694939][T17980] device veth1_macvtap entered promiscuous mode [ 656.730914][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 656.741187][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 656.763222][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 656.811149][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 656.838112][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 657.586617][T18042] tap0: tun_chr_ioctl cmd 1074025677 [ 657.620505][T18042] tap0: linktype set to 825 [ 657.865790][T18055] device syzkaller0 entered promiscuous mode [ 659.491502][T18102] FAULT_INJECTION: forcing a failure. [ 659.491502][T18102] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 659.531608][T18100] tap0: tun_chr_ioctl cmd 1074025677 [ 659.609758][T18102] CPU: 1 PID: 18102 Comm: syz.1.6039 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 659.620970][T18102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 659.630872][T18102] Call Trace: [ 659.633987][T18102] [ 659.636764][T18102] dump_stack_lvl+0x151/0x1b7 [ 659.641280][T18102] ? io_uring_drop_tctx_refs+0x190/0x190 [ 659.641480][T18100] tap0: linktype set to 825 [ 659.646748][T18102] ? __kasan_check_write+0x14/0x20 [ 659.646777][T18102] dump_stack+0x15/0x17 [ 659.660113][T18102] should_fail+0x3c6/0x510 [ 659.664369][T18102] should_fail_usercopy+0x1a/0x20 [ 659.669246][T18102] _copy_from_user+0x20/0xd0 [ 659.673657][T18102] perf_copy_attr+0x163/0x880 [ 659.678173][T18102] __se_sys_perf_event_open+0xd7/0x3ce0 [ 659.683549][T18102] ? file_end_write+0x1c0/0x1c0 [ 659.688255][T18102] ? __kasan_check_write+0x14/0x20 [ 659.693266][T18102] ? mutex_unlock+0xb2/0x260 [ 659.697782][T18102] ? wait_for_completion_killable_timeout+0x10/0x10 [ 659.704215][T18102] ? __mutex_lock_slowpath+0x10/0x10 [ 659.709327][T18102] ? __x64_sys_perf_event_open+0xd0/0xd0 [ 659.714806][T18102] ? __kasan_check_write+0x14/0x20 [ 659.719743][T18102] ? fput_many+0x160/0x1b0 [ 659.723999][T18102] ? debug_smp_processor_id+0x17/0x20 [ 659.729204][T18102] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 659.735104][T18102] __x64_sys_perf_event_open+0xbf/0xd0 [ 659.740411][T18102] do_syscall_64+0x3d/0xb0 [ 659.744652][T18102] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 659.750390][T18102] RIP: 0033:0x7f574e8db9f9 [ 659.754630][T18102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 659.774177][T18102] RSP: 002b:00007f574d55b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 659.782423][T18102] RAX: ffffffffffffffda RBX: 00007f574ea69f80 RCX: 00007f574e8db9f9 [ 659.790323][T18102] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200012c0 [ 659.798131][T18102] RBP: 00007f574d55b090 R08: 0000000000000000 R09: 0000000000000000 [ 659.805941][T18102] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 659.813752][T18102] R13: 0000000000000000 R14: 00007f574ea69f80 R15: 00007ffc377901e8 [ 659.821591][T18102] [ 660.441049][T18112] device syzkaller0 entered promiscuous mode [ 665.425197][T18221] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.473262][T18221] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.513141][T18221] device bridge_slave_0 entered promiscuous mode [ 665.590289][T18221] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.612977][T18221] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.647786][T18221] device bridge_slave_1 entered promiscuous mode [ 666.009483][T18221] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.016376][T18221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 666.023495][T18221] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.030333][T18221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.144728][T11645] bridge0: port 1(bridge_slave_0) entered disabled state [ 666.174109][T11645] bridge0: port 2(bridge_slave_1) entered disabled state [ 666.318031][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 666.407849][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 666.497358][ T1385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 666.524454][ T1385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 666.581152][ T1385] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.588052][ T1385] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.613875][ T1385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 666.714975][ T1385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 666.747293][ T1385] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.754178][ T1385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 666.833815][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 666.874758][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 666.896161][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 666.922855][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 667.018011][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 667.082860][ T366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 667.183893][T18221] device veth0_vlan entered promiscuous mode [ 667.197885][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 667.208511][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 667.264857][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 667.272750][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 667.318262][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 667.331773][T11648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 667.342169][T18221] device veth1_macvtap entered promiscuous mode [ 667.407051][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 667.420201][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 667.452566][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 667.478717][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 667.509726][T11645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 668.459935][ T321] device bridge_slave_1 left promiscuous mode [ 668.525141][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.592688][ T321] device bridge_slave_0 left promiscuous mode [ 668.646712][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.710603][ T321] device veth1_macvtap left promiscuous mode [ 669.489619][ T30] audit: type=1400 audit(1723291897.708:161): avc: denied { create } for pid=18302 comm="syz.3.6100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 672.247588][T18358] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.317526][T18358] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.357663][T18358] device bridge_slave_0 entered promiscuous mode [ 672.366356][T18358] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.381479][T18358] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.497840][T18358] device bridge_slave_1 entered promiscuous mode [ 673.723621][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 673.824906][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 673.911120][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 673.981621][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 674.042417][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.049297][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 674.114666][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 674.222681][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 674.344248][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.351138][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 674.545682][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 674.583985][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 674.699706][ T1388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 674.707961][ T1388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 674.751712][T11638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 674.783598][T11638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 674.956040][T18358] device veth0_vlan entered promiscuous mode [ 674.969544][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 674.979874][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 675.012839][ T321] device bridge_slave_1 left promiscuous mode [ 675.018800][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.047639][ T321] device bridge_slave_0 left promiscuous mode [ 675.055854][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.390780][T18358] device veth1_macvtap entered promiscuous mode [ 675.447953][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 675.464239][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 675.512867][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 675.650315][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 675.727307][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 675.834575][T11638] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 675.874243][T11638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 675.944647][T11638] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 676.018574][T11638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 676.912102][T18453] device pim6reg1 entered promiscuous mode [ 678.900607][T18505] FAULT_INJECTION: forcing a failure. [ 678.900607][T18505] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 678.941225][T18505] CPU: 0 PID: 18505 Comm: syz.3.6161 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 678.952444][T18505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 678.962331][T18505] Call Trace: [ 678.965454][T18505] [ 678.968231][T18505] dump_stack_lvl+0x151/0x1b7 [ 678.972750][T18505] ? io_uring_drop_tctx_refs+0x190/0x190 [ 678.978396][T18505] ? migrate_enable+0x1c1/0x2a0 [ 678.983087][T18505] ? migrate_disable+0x190/0x190 [ 678.987860][T18505] dump_stack+0x15/0x17 [ 678.991852][T18505] should_fail+0x3c6/0x510 [ 678.996105][T18505] should_fail_usercopy+0x1a/0x20 [ 679.000962][T18505] _copy_from_user+0x20/0xd0 [ 679.005389][T18505] generic_map_update_batch+0x47e/0x860 [ 679.010773][T18505] ? generic_map_delete_batch+0x5f0/0x5f0 [ 679.016327][T18505] ? generic_map_delete_batch+0x5f0/0x5f0 [ 679.021881][T18505] bpf_map_do_batch+0x4c3/0x620 [ 679.026567][T18505] __sys_bpf+0x5dc/0x760 [ 679.030650][T18505] ? fput_many+0x160/0x1b0 [ 679.034904][T18505] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 679.040111][T18505] ? debug_smp_processor_id+0x17/0x20 [ 679.045314][T18505] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 679.051216][T18505] __x64_sys_bpf+0x7c/0x90 [ 679.055465][T18505] do_syscall_64+0x3d/0xb0 [ 679.059731][T18505] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 679.065457][T18505] RIP: 0033:0x7f2b6acb09f9 [ 679.069702][T18505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 679.089260][T18505] RSP: 002b:00007f2b69930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 679.097504][T18505] RAX: ffffffffffffffda RBX: 00007f2b6ae3ef80 RCX: 00007f2b6acb09f9 [ 679.105313][T18505] RDX: 0000000000000038 RSI: 0000000020000580 RDI: 000000000000001a [ 679.113127][T18505] RBP: 00007f2b69930090 R08: 0000000000000000 R09: 0000000000000000 [ 679.120939][T18505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 679.128750][T18505] R13: 0000000000000000 R14: 00007f2b6ae3ef80 R15: 00007fffd9ebb1e8 [ 679.137010][T18505] [ 685.749526][T18682] device wg2 entered promiscuous mode [ 685.793495][T18696] syz.1.6228[18696] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 685.793570][T18696] syz.1.6228[18696] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 685.834643][T18692] BUG: unable to handle page fault for address: ffffffffff600000 [ 685.853398][T18692] #PF: supervisor read access in kernel mode [ 685.859215][T18692] #PF: error_code(0x0001) - permissions violation [ 685.865462][T18692] PGD 6a12067 P4D 6a12067 PUD 6a14067 PMD 6a16067 PTE 8000000006a09165 [ 685.873532][T18692] Oops: 0001 [#1] PREEMPT SMP KASAN [ 685.878569][T18692] CPU: 0 PID: 18692 Comm: syz.2.6225 Tainted: G W 5.15.152-syzkaller-00143-g70e1a731d986 #0 [ 685.889763][T18692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 685.899657][T18692] RIP: 0010:copy_from_kernel_nofault+0x86/0x2e0 [ 685.905732][T18692] Code: 48 89 55 d0 0f 85 ea 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 8b 92 d6 ff 49 83 fd 07 76 5c 4d 89 fe 49 83 c5 f8 49 83 c7 08 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 [ 685.925437][T18692] RSP: 0018:ffffc90000b57b10 EFLAGS: 00010292 [ 685.931339][T18692] RAX: 0000000000000002 RBX: 00007ffffffff000 RCX: ffff888133314f00 [ 685.939150][T18692] RDX: ffff888133315a90 RSI: 0000000000000008 RDI: 0000000000000007 [ 685.946953][T18692] RBP: ffffc90000b57b48 R08: ffffffff8199b425 R09: ffffed10266629e1 [ 685.954782][T18692] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000 [ 685.962581][T18692] R13: 0000000000000000 R14: ffffc90000b57ba8 R15: ffffc90000b57bb0 [ 685.970390][T18692] FS: 00007f6a767096c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 685.979173][T18692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 685.985590][T18692] CR2: ffffffffff600000 CR3: 00000001742f3000 CR4: 00000000003506b0 [ 685.993389][T18692] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 686.001200][T18692] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 686.009011][T18692] Call Trace: [ 686.012144][T18692] [ 686.014918][T18692] ? __die_body+0x62/0xb0 [ 686.019081][T18692] ? __die+0x7e/0x90 [ 686.022817][T18692] ? page_fault_oops+0x7f9/0xa90 [ 686.027587][T18692] ? kernelmode_fixup_or_oops+0x270/0x270 [ 686.033163][T18692] ? security_file_alloc+0x29/0x120 [ 686.038178][T18692] ? exc_page_fault+0x521/0x830 [ 686.042862][T18692] ? errseq_sample+0x44/0x70 [ 686.047299][T18692] ? asm_exc_page_fault+0x27/0x30 [ 686.052151][T18692] ? copy_from_kernel_nofault+0x75/0x2e0 [ 686.057615][T18692] ? copy_from_kernel_nofault+0x86/0x2e0 [ 686.063104][T18692] bpf_probe_read_compat+0x112/0x180 [ 686.068209][T18692] bpf_prog_baa065642a502c00+0x64/0x7c0 [ 686.073676][T18692] __bpf_prog_test_run_raw_tp+0xa0/0x1d0 [ 686.079140][T18692] ? bpf_prog_test_run_raw_tp+0x4c5/0x6c0 [ 686.084699][T18692] bpf_prog_test_run_raw_tp+0x4cd/0x6c0 [ 686.090078][T18692] ? bpf_prog_test_run_tracing+0x710/0x710 [ 686.095718][T18692] ? __kasan_check_write+0x14/0x20 [ 686.100665][T18692] ? fput_many+0x160/0x1b0 [ 686.104918][T18692] ? bpf_prog_test_run_tracing+0x710/0x710 [ 686.110561][T18692] bpf_prog_test_run+0x3b0/0x630 [ 686.115335][T18692] ? bpf_prog_query+0x220/0x220 [ 686.120018][T18692] ? selinux_bpf+0xd2/0x100 [ 686.124362][T18692] ? security_bpf+0x82/0xb0 [ 686.128701][T18692] __sys_bpf+0x525/0x760 [ 686.132785][T18692] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 686.137992][T18692] ? __kasan_check_read+0x11/0x20 [ 686.142850][T18692] __x64_sys_bpf+0x7c/0x90 [ 686.147117][T18692] do_syscall_64+0x3d/0xb0 [ 686.151444][T18692] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 686.157170][T18692] RIP: 0033:0x7f6a77a899f9 [ 686.161423][T18692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.180862][T18692] RSP: 002b:00007f6a76709038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 686.189113][T18692] RAX: ffffffffffffffda RBX: 00007f6a77c17f80 RCX: 00007f6a77a899f9 [ 686.196918][T18692] RDX: 0000000000000050 RSI: 0000000020000680 RDI: 000000000000000a [ 686.204732][T18692] RBP: 00007f6a77af78ee R08: 0000000000000000 R09: 0000000000000000 [ 686.212541][T18692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 686.220353][T18692] R13: 0000000000000000 R14: 00007f6a77c17f80 R15: 00007ffda0bcbb18 [ 686.228170][T18692] [ 686.231028][T18692] Modules linked in: [ 686.234777][T18692] CR2: ffffffffff600000 [ 686.238773][T18692] ---[ end trace 25d71b7064ffa355 ]--- [ 686.244050][T18692] RIP: 0010:copy_from_kernel_nofault+0x86/0x2e0 [ 686.250126][T18692] Code: 48 89 55 d0 0f 85 ea 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 8b 92 d6 ff 49 83 fd 07 76 5c 4d 89 fe 49 83 c5 f8 49 83 c7 08 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 [ 686.269565][T18692] RSP: 0018:ffffc90000b57b10 EFLAGS: 00010292 [ 686.275468][T18692] RAX: 0000000000000002 RBX: 00007ffffffff000 RCX: ffff888133314f00 [ 686.283280][T18692] RDX: ffff888133315a90 RSI: 0000000000000008 RDI: 0000000000000007 [ 686.291088][T18692] RBP: ffffc90000b57b48 R08: ffffffff8199b425 R09: ffffed10266629e1 [ 686.298899][T18692] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000 [ 686.306711][T18692] R13: 0000000000000000 R14: ffffc90000b57ba8 R15: ffffc90000b57bb0 [ 686.314525][T18692] FS: 00007f6a767096c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 686.323291][T18692] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 686.329713][T18692] CR2: ffffffffff600000 CR3: 00000001742f3000 CR4: 00000000003506b0 [ 686.337526][T18692] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 686.345334][T18692] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 686.353157][T18692] Kernel panic - not syncing: Fatal exception [ 686.359307][T18692] Kernel Offset: disabled [ 686.363435][T18692] Rebooting in 86400 seconds..