last executing test programs: 11.169183955s ago: executing program 2 (id=1496): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x7}, [@alu={0x4, 0x0, 0x2, 0xa, 0x0, 0x0, 0x10}]}, &(0x7f0000000200)='syzkaller\x00', 0x7, 0x7d, &(0x7f0000000180)=""/125, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffea2}, 0x94) (fail_nth: 2) 11.134224156s ago: executing program 1 (id=1497): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a5bd76, 0xb, 0x9, 0x6, 0x9, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x20000003, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x2, 0x0, 0x9, 0x740b9, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f00000000c0), 0x1}, 0xa48c, 0xf, 0x43a1bd76, 0x7, 0x100000000000c, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x4882, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x8001, 0xfffffffffffffffc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1200000006000000080000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000c7d659b17ceb25014ced1cf2dd55b8d688ed0466b2899578b3fa53f20b5925"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r3}, &(0x7f00000001c0), &(0x7f0000000100)=r2}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r3, &(0x7f0000000380)="465fce", 0x0}, 0x20) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r4, 0x29, 0x5, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000740)="2e00000010008188040f46ecdb4cb9cca7480ef431000000e3bd6efb010509000b000a000d000000ba800000120145c78b1d0657b3d2928858dd1c0ae736a039c9a9603ca2a192efafeb28ab60cfb50e513d67e12839aa2e58edd290bee52c5b42fb50bceb1c3680b7374c6394f68fdff922cba2762642b0ce6b3a77551a3127641768247fe89ad18c352ec1febc9dfce044dc48c6495c3910e0e6ea3fb93c761cc41e7af89ef58d09832eeab2ba13f8cdcdbfc1b8f98f2021036ca0f763f9154daaab651f198e3d903098d7dfb264237aadf5149c934b8ddc840aa98a9f44c89b9486c9a94930bdd46c1f40c8afcb10de8a1ae8c51dbd5cea28255f4034d54553745e793d6c13ce83229d3e60e534f84cb607b2a4c574352b6578b4ca454aa8b3ee923e165c23652acb96457053c0670e1bd8f690eb27f07fc607427b59d024a8b63dab8f19e32556f21af1455769ebc130c5b57bf80126df13921cc84f35031ea8d0a035d864b43caa216a5f64e59c3b243907c8af3daabe6da3a69151ddd1ddbeb3be65406a06ef3685fe4f4ebcd07acda76ccca410a780afb9a8bd5eaa24ad4577c24df4ca8edbd2784f1e3650c130f1fc341c44db6ba7d0219cc0f4e09d09db64c9aa683bc61b975498ff34d8c12b845858e7e9f272e649e9595d", 0x1dd}], 0x1, 0x0, 0x0, 0xc9e}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f00000003c0)=ANY=[], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) r5 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000c40), 0x12) 11.070733928s ago: executing program 0 (id=1498): bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xf, 0x0, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000005d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2f837384, 0x2}, 0x10c000, 0x800, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x5, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90424fc60", 0x14}], 0x1, 0x0, 0x0, 0x600}, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000035c0)={0x0, &(0x7f0000000700)=""/199, &(0x7f0000000580)="1cb1530eefa8bfe5c2e709243d0e47cea4b2ff804ff6f8497564bd34e45301e52f0c5fdb957ba2d9b358ff3fd7764c34c17208a0283b9f3e6cdbc51bf63ba4ff73de1289becb7dc6f2d5365bd1f015f74ecaab76", &(0x7f0000003580)="59f4c552b2346f169fc6522b2c8a56faaaae565a15e5afd760a78cf2ce39a8583791333131ff5f67837f", 0x2, 0xffffffffffffffff, 0x4}, 0x38) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000380)='devices.allow\x00', 0x2, 0x0) r2 = socket$kcm(0x2, 0x2, 0x73) sendmsg$inet(r1, 0x0, 0x52cc) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f84811f9868732140602000000000e000a000f00000002", 0x29}, {&(0x7f0000000680)="ec15bd12230eb18d24776c88bac745387305290eb90f6cb1570aeef215b7ab94e7a15c74e44f43471eb4f3bf73dec55903b07cf6bacfa0400efa44c0d4d9f3de2847ae10369bab4cb7f62b9e71c6bb952a5aa5e852f517975686ecdb79261d42d9ef2979a4dcbe69e7", 0x69}], 0x2}, 0x8000) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1, 0x4, 0x0, 0x1, 0x9, 0x10000000, 0x1, 0x0, 0x0, 0x0, 0x9}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x3) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2000000011008188040f80ec59acbc0413a181014100000000010000000000000e002e000f00000002800200", 0x2c}], 0x1}, 0x20000010) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xc, 0xffffffffffffffff, 0x0) r6 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000015006b0300224ed86e6c1d0002117ea6e070d6064e22000300000000250002000f00000017d34460bc24eab556a705251e6182949a00003d3b48dfd8cdbf9767b4fa51f62a64c9f4060046d88037e786a6d0a5d7000000", 0x5b}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r7 = perf_event_open$cgroup(&(0x7f0000000300)={0x1, 0x80, 0x8, 0x7, 0x1, 0xe7, 0x0, 0xfff, 0x4008, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1000, 0x4, @perf_bp={&(0x7f0000000240), 0x4}, 0x400, 0x10000, 0x5, 0x2, 0xf7f, 0x200, 0x0, 0x0, 0xb48a, 0x0, 0xde00}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x2, 0x0, 0x0, 0x80, 0x0, 0x8001, 0x4a00, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x1, @perf_config_ext={0xd, 0xb}, 0xc580, 0x800000009, 0xfffffffc, 0x9, 0x6, 0x6, 0x1}, 0x0, 0xffefffffffffffff, r7, 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 10.208746715s ago: executing program 1 (id=1500): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90924fc60040f030047000000053582c137153e370248018000", 0x29}], 0x1}, 0x0) 9.919733373s ago: executing program 0 (id=1501): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3, 0x0, 0x9, 0x60cb01f8, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x26, 0xc, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x382a, 0xffffffffffff0001}, 0x8000, 0x3, 0x43a1bd76, 0x7, 0x9, 0x658, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000180)=@in6={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x6}, 0x80, &(0x7f0000000800), 0x0, 0x0, 0x0, 0x900}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x6, 0xa, 0x1, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000200)="5b8474fba623ae619797252f2069369cece3df8af6381bd99baddd6a3f7aa46997e91b71b108a57816d9f7f20414df637d56a1de976dd6403cbd8dc8e1a8283217a2fc08bdfaba48017a49fa0a37a8991a2a7a96f831d14c9b26c86eb8cb464d08f2628b31feacd00d30b4a34cbe640c7e3508c101cab904f7fde3bc1dfd64923902c09843f177af7297dcd2f3f48bb6565c2b8a6f2d3df8ba6190491a875bc7e865a83306a7058817d8227287891d3a93832652e1bfb3ee4aa32869387a36ba08dea9ad758c4f2f39102a17be06d3a870ca317faf4ac9b0dc1ae1a3d1b0a014744a152a7c9bfa78bffcb3c1a9f998f8c2b7430e29d53618c2cda7bf2a55", 0xfe}, {&(0x7f0000000380)="95b00b799eb98a4121f39e5eeeaea4a2a0620a9b5f390d8d6f4e21b458b7b0e4ab6f3f64b496aafe34efff07214bde225ba6f560b78caba07e3e85966c3e569395f82901dfcad879f72ab9bfe34f570e70bd83f3c98000bdf00a08960349aba3da7dd5cdfa93290b7ce76ae02dccb61a", 0x70}, {&(0x7f0000000400)="5b4569a5f908cf39c86e9c2562b2bbec991766b4db7a3b3597a89ecc3fcfc94a7fe81708ca7b213b5f8cdd4e480cfecfc1dbaed30b85c4ac15c262dd764064d25f531b7459f9f9c9ef9dcbc1fc6d80873190abb2378ca7bf11180ec04f1bcb8f9326c31baa1ff01d639e7af3f5733e66372c6682ba6d988b4498394406cfb29f838c446fa3417cd3b7b00b865a45f45b5ea3a5c2946c1c833ec46429935fd81745", 0xa1}, {&(0x7f00000004c0)="537abd3e8dc8172d35a73b11037336e110f97ead1a31fd17e85d39c34679ea0d451bb889c77eb91b73d12a56b5d75dd5b00f7361", 0x34}, {&(0x7f0000000500)="11159a05309ec7d313700a2990f1f9e1aadb", 0x12}, {&(0x7f0000000540)="a6a22a1898e21f2a71cc9f358f8364730de9d32ed6e9e626e48597649f3556bfaa01bd7f7ff1fad34ea7d21a7c0391525a6f57a27168421dddc0dbb56f3cd887443931188313762c720725f779c2a3f70093274afad3f47c775c0f6bcfd8cc95d00b23", 0x63}], 0x6, &(0x7f0000000640)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_tos_u8={{0x11}}], 0x30}, 0x2048000) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x32, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803e}, 0x1001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_mems\x00', 0x26e1, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x8000, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) gettid() gettid() sendmsg$unix(r2, &(0x7f0000000380)={&(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)="f9c9a42fb0d16269bf28619fc9797f5959a2290a75aaca0d9e0e0a5495547449d0882f12b9ac7589fc61b0d501b3f7184d46533fa818dac82cdf20e3747a69a16e9e13ec06a1548437baaf029e393a8e9bbd58932cf7f66815e1936bcb7c8a5ad12d3fbfb148351bb957f4ec1a16a9c405e04bc3b2871f75a2e74357a8e4910aa8125ac304f76865e4eb36ab2710c9853f83a0691aa5f4f6078cd4a7b98e5f7aaa98c3c9d47e82", 0xa7}], 0x1, &(0x7f00000002c0)=ANY=[], 0x78, 0x400}, 0x20000000) ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) r4 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r4, 0x84, 0xb, &(0x7f0000000000), 0xe) ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008d8dff"}) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0900400018000000080000004000000040000000374e669d3feec1e4e03af84c6d7df5168663156d8b9ce1c3557c974061a745f2ed7d363c2aca8112ffac942a59f0f6b735febc01b493", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) 9.841635596s ago: executing program 3 (id=1502): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0x1, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) r1 = socket$kcm(0x11, 0xa, 0x300) sendmsg$kcm(r1, &(0x7f0000005840)={0x0, 0x0, 0x0}, 0x4040850) 9.839663786s ago: executing program 1 (id=1503): perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x25, &(0x7f0000000100)=r0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x86dd, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68888a8", 0x0, 0xaded, 0x4000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000040), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) recvmsg(0xffffffffffffffff, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20) 9.684654571s ago: executing program 2 (id=1504): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r2) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110c23003f) write$cgroup_devices(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="80fd"], 0xa) sendmsg$inet(r1, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r0, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x41, &(0x7f0000000040)=r4, 0x4) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={0xffffffffffffffff, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0], 0x0, 0x1d, &(0x7f00000005c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x60, 0x8, 0x8, &(0x7f00000008c0)}}, 0x10) write$cgroup_subtree(r4, &(0x7f0000000100)={[{0x2d, 'net'}, {0x2d, 'devices'}, {0x2d, 'hugetlb'}]}, 0x17) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000640)="140d078a913ee60b6ed51b97b7962ca8a6b22a623e7cb2802b63c0def045186fb09b577790056e0d29e3d62829d9219c0865ae85748d87962490c7d88ad732ff1e708e6f7e6a80fa51669d599a9fb6a2bf3bb92eb220359454609d4d3c827badd1d8680f820f23124fa6c162ab5c12ecb28b68e77585c97b2eebba920490353ea2a72fcd04ccf7c39ef230f33c70b1cba49118486e9e861acdca8ce201ffb68703daf9a27475366210af18b32a7bd9b39a37e225200e4cdc018790129bd126083c82ad3c8252e52c8eacea2add3be6ef84c0a5ac3a13f52b5883b729d8e4c3f46d24b8abde42ce91233df4576452e8cf505e92e224cb8e40", 0xf8}, {&(0x7f0000000740)}], 0x2, &(0x7f0000000b40)=ANY=[@ANYBLOB="1400000000000000000000000200000007000000000000001400000000000000000000000100000002000000000000001c000000000000000000000008000000f325ce9136f23cf8a1cbec6ededefb1adb78f2da33", @ANYRES32=r5, @ANYBLOB="e0000001ffffffff0000000038000000000000000000000007000000890b14ffffffffac1414bb940401004418f290000000000000b1920000000200000200fffffff9001400000000000000000000000200000000020000000000001c000000000000000000000008000000", @ANYRES32=r6, @ANYBLOB="ac1414aaac1414bb00000000"], 0xc0}, 0x20000080) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x10, &(0x7f0000000400)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, @fallback=0x6, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) 9.592425334s ago: executing program 3 (id=1505): perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x25, &(0x7f0000000100)=r0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0, 0x2}, 0x8000, 0x0, 0x465e, 0x4, 0x3fe, 0x80000000, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x86dd, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68888a8", 0x0, 0xaded, 0x4000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000040), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) recvmsg(0xffffffffffffffff, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20) 6.722977773s ago: executing program 2 (id=1506): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0x1, 0xffffffffffffffff, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x11, 0xa, 0x300) sendmsg$kcm(r2, &(0x7f0000005840)={&(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @multicast2}, 0x1, 0x1, 0x0, 0x1}}, 0x80, 0x0}, 0x4040850) 6.687331713s ago: executing program 1 (id=1507): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x5, 0x81, 0x7, 0x6, 0x0, 0x8, 0x108, 0x6, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbbbd, 0x0, @perf_config_ext={0xab, 0xff0000}, 0x80, 0x4, 0xe9be, 0x1, 0xffffffffffff5c3c, 0x39db, 0xa, 0x0, 0xb4d, 0x0, 0x4}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x1, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x7) r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x43, &(0x7f0000000100), 0x4) perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb4, 0x9, 0x0, 0x20, 0x0, 0x2, 0x8000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x3542, 0x1ff, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0xffffffffefffffff, r1, 0xa) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="010000000200fff000000000000000d4bcd311dfefbf", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x6, r3, 0x4}, 0x38) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x81, 0x0, 0x2, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000002000000bfa300000000000007030000007effff7a0af0ff3f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27126e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb6220fd8d4b470e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef0420f0000cac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e885340133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421a8223fe5308e4e65ee93e107000000f8ddeff70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b12000000000000000030711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dabec3d18fd0699ff3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623243643db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e69578e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea7e764dde8725d2b4a0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10b98c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5924948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476f9e0407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd96d2da66059de81abfa1acc9f889555eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b4fdc08000be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd9b31bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac4794680f3037f250e96f61cb20d46d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401413f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60530000000000000004b023e4954c9eb6cd70627f5c03edd4f5ce48b8a874c852064dd0efafc3df20ec8faf3d194db76127f88f1b4fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8b310900000c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1d8e80311895f0b99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44b57e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db6e3080000000000003e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f27b6c15b1ba971de1cb9c7e6a000000000000001478b2a78f9abfefce4448303ef54c71199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b462426ff9293a28a544a6a9e2279b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718b3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5f61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6485987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434cbd52325296e22802475edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a1471bab551bd6beae7dbf58530136c238e545b28211a92000000001501ae7d7cc75007e8ff56e6d8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db9966addf4877204047be633792118efdb6b88023e80da74fdf723c7f000000009f13c7e851dfc91ec01219af568825de0cedd55a92eafe9edd98a8529d64cbaa0b9f89f391b2db7369e934085e486b946a4558c68e195af1a6e6e878609f9ed7406dc9c93a5d5cc76e037d66abe4fe54f18b4c969814c7f2094ebe736ef0f0cd65b90942f2e8de44f6fd69a94ca27bb6d92e2282d4a0b0ee3abe30d877579aed9b54f460247890aed19ef12e45097631548d8639fb2b6eb9b41c7e89ee7223cdeae1b2d02cf664df99e4a661feecb63953a4d86f3060372861ac184824b7a4fd1c605128f1307f2bba91b9fbfe2884639073c1d51e42feeb5312b23b8e1e468aa31ea8e7597f5eb6ad1897a04afc8369ebec808165218b625a64a237ed01636880f70f0ed"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x4b}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000140)="7c003307000000000008000081001a", 0x0, 0xffedfff0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r5, 0x107, 0x8, &(0x7f00000000c0), 0x8) recvmsg$kcm(r5, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0x20) socket$kcm(0x10, 0x2, 0x10) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x1d, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000900000000000000d500000085100000ffffffff18000000870000000000000002000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000d7800000850000000600000018000000030000000000000004000000852000000200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b20000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000082000000852000000100000004170100080000005a30feff080000009500"/96], &(0x7f0000000180)='GPL\x00', 0xd, 0x64, &(0x7f00000001c0)=""/100, 0x41000, 0x8, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000280)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000002c0)={0x5, 0x6, 0xc66a, 0x25bc}, 0x10, 0x38df, 0xffffffffffffffff, 0x5, &(0x7f0000000340)=[0xffffffffffffffff, r3], &(0x7f0000000380)=[{0x3, 0x1, 0x0, 0x4}, {0x4, 0x2, 0x6, 0x3}, {0x2, 0x4, 0x3}, {0x1, 0x1, 0x7, 0x8}, {0x5, 0x1, 0xa, 0x2}], 0x10, 0x80000001}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="09000000040000"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="05000000010000000400"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x26e1, 0x0) close(r9) ioctl$SIOCSIFHWADDR(r9, 0x8b34, &(0x7f0000000000)={'wlan1\x00'}) openat$cgroup_devices(r9, &(0x7f00000005c0)='devices.deny\x00', 0x2, 0x0) r10 = openat$cgroup_procs(r8, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r10, &(0x7f0000000c40), 0x12) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="180000007600a9fe059f317a9dab00000000000340000000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 6.666135674s ago: executing program 0 (id=1508): recvmsg$kcm(0xffffffffffffffff, &(0x7f0000003700)={&(0x7f0000000080)=@xdp, 0x80, &(0x7f0000002680)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/44, 0x2c}, {&(0x7f0000001500)=""/76, 0x4c}, {&(0x7f0000001580)=""/185, 0xb9}, {&(0x7f0000001640)=""/51, 0x33}, {&(0x7f0000001680)=""/4096, 0x1000}], 0x6, &(0x7f0000002700)=""/4096, 0x1000}, 0x60) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000c30c00000000000095"], &(0x7f0000000180)='syzkaller\x00', 0xb}, 0x94) 6.573849367s ago: executing program 3 (id=1509): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a5bd76, 0xb, 0x9, 0x6, 0x9, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x20000003, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x2, 0x0, 0x9, 0x740b9, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f00000000c0), 0x1}, 0xa48c, 0xf, 0x43a1bd76, 0x7, 0x100000000000c, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x4882, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x8001, 0xfffffffffffffffc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1200000006000000080000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000c7d659b17ceb25014ced1cf2dd55b8d688ed0466b2899578b3fa53f20b5925"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r3}, &(0x7f00000001c0), &(0x7f0000000100)=r2}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r3, &(0x7f0000000380)="465fce", 0x0}, 0x20) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r4, 0x29, 0x5, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000740)="2e00000010008188040f46ecdb4cb9cca7480ef431000000e3bd6efb010509000b000a000d000000ba800000120145c78b1d0657b3d2928858dd1c0ae736a039c9a9603ca2a192efafeb28ab60cfb50e513d67e12839aa2e58edd290bee52c5b42fb50bceb1c3680b7374c6394f68fdff922cba2762642b0ce6b3a77551a3127641768247fe89ad18c352ec1febc9dfce044dc48c6495c3910e0e6ea3fb93c761cc41e7af89ef58d09832eeab2ba13f8cdcdbfc1b8f98f2021036ca0f763f9154daaab651f198e3d903098d7dfb264237aadf5149c934b8ddc840aa98a9f44c89b9486c9a94930bdd46c1f40c8afcb10de8a1ae8c51dbd5cea28255f4034d54553745e793d6c13ce83229d3e60e534f84cb607b2a4c574352b6578b4ca454aa8b3ee923e165c23652acb96457053c0670e1bd8f690eb27f07fc607427b59d024a8b63dab8f19e32556f21af1455769ebc130c5b57bf80126df13921cc84f35031ea8d0a035d864b43caa216a5f64e59c3b243907c8af3daabe6da3a69151ddd1ddbeb3be65406a06ef3685fe4f4ebcd07acda76ccca410a780afb9a8bd5eaa24ad4577c24df4ca8edbd2784f1e3650c130f1fc341c44db6ba7d0219cc0f4e09d09db64c9aa683bc61b975498ff34d8c12b845858e7e9f272e649e9595d", 0x1dd}], 0x1, 0x0, 0x0, 0xc9e}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f00000003c0)=ANY=[], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) r5 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000c40), 0x12) 6.538306498s ago: executing program 0 (id=1510): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000780)={r0, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x6, 0x2, &(0x7f00000005c0)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x240}], &(0x7f0000000640)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x28, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x84}, 0x94) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d80000001c0081044e81f782db44b904021d08020e0000008100e0a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r3 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x29, 0x6, &(0x7f0000000040), 0x4) sendmsg$kcm(r3, &(0x7f0000000740)={&(0x7f00000000c0)=@in6={0xa, 0x4e23, 0x2, @remote, 0x17}, 0x80, 0x0}, 0x6000084) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004ffffffff000000000300000000000000000000000000000203000000000000000000000b"], 0x0, 0x4a}, 0x28) r4 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x5, 0x81, 0x7, 0x6, 0x0, 0x8, 0x108, 0x6, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbbbd, 0x0, @perf_config_ext={0xab, 0xff0000}, 0x80, 0x4, 0xe9be, 0x1, 0x32, 0x39db, 0xa, 0x0, 0x10, 0x0, 0x4}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb4, 0x9, 0x0, 0x20, 0x0, 0x2, 0x8000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7}, 0x3542, 0x1ff, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0xffffffffefffffff, r4, 0xa) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x6, 0xffffffffffffffff, 0x4}, 0x38) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x81, 0x0, 0x2, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=0xffffffffffffffff, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x11, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xd5}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @initr0={0x18, 0x0, 0x0, 0x0, 0x87, 0x0, 0x0, 0x0, 0x2}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80d7}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}]}, &(0x7f0000000180)='GPL\x00', 0xd, 0x64, &(0x7f00000001c0)=""/100, 0x41000, 0x8, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000280)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000002c0)={0x5, 0x6, 0xc66a, 0x25bc}, 0x10, 0x38df, 0xffffffffffffffff, 0x5, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000380)=[{0x3, 0x1, 0x0, 0x4}, {0x4, 0x2, 0x6, 0x3}, {0x2, 0x4, 0x3}, {0x1, 0x1, 0x7, 0x8}, {0x5, 0x1, 0xa, 0x2}], 0x10, 0x80000001}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="090000000400"], 0x50) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)}], 0x1}, 0x0) 3.499412712s ago: executing program 3 (id=1511): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90924fc60040f030047000000053582c137153e370248018000", 0x29}], 0x1}, 0x0) 3.498868663s ago: executing program 1 (id=1512): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)) 3.430043154s ago: executing program 2 (id=1513): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0x1, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) r1 = socket$kcm(0x11, 0xa, 0x300) sendmsg$kcm(r1, &(0x7f0000005840)={0x0, 0x0, 0x0}, 0x4040850) 3.429433134s ago: executing program 0 (id=1514): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)) (fail_nth: 2) 3.100235854s ago: executing program 3 (id=1515): perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x25, &(0x7f0000000100)=r0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x86dd, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68888a8", 0x0, 0xaded, 0x4000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000040), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) recvmsg(0xffffffffffffffff, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20) 3.052065696s ago: executing program 2 (id=1516): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0700000004000000180000000100000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000002efe8fae488abeb838d8a648af882d3acae66011633f5536d801d6eacc98189a67b0fc4121147a87d043b7cb42f72c5e845b299eab1444f81bf124f74a60f678fecaf228494ab6cf3fa9249eeba4ff1726", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0xba98575a95aeb70d) socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) close(0xffffffffffffffff) socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=0x1], 0x48) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x7}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_config_ext={0x1, 0x2}, 0x2006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r4 = socket$kcm(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18006daaed13ff00000000000000000028"], 0x0}, 0x90) r6 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r6, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="98eb000014006bcd9e", 0xeb98}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r4}, 0x8) socket$kcm(0x2, 0x3, 0x106) r7 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000028000b05d25a806f8c6394", 0xf}], 0x1}, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000011c0)={r5, 0xe0, &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0], 0x0, 0xf0, &(0x7f0000000640)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000680), &(0x7f00000006c0), 0x8, 0xc6, 0x8, 0x8, &(0x7f0000000780)}}, 0x10) 154.637456ms ago: executing program 1 (id=1517): perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8000000000000000, 0x8000}, 0x4105, 0x0, 0x3}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000)) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x25, &(0x7f0000000100)=r0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0, 0x2}, 0x8000, 0x0, 0x465e, 0x4, 0x3fe, 0x80000000, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x86dd, 0x12, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68888a8", 0x0, 0xaded, 0x4000000, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x28, &(0x7f0000000040), 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) recvmsg(0xffffffffffffffff, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20) 142.253346ms ago: executing program 3 (id=1518): socket$kcm(0x2, 0x1, 0x84) perf_event_open(0x0, 0x0, 0xf, 0xffffffffffffffff, 0xa) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd63"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000040)=""/132, 0x1a, 0x84, 0x1}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000380)="5c00000013006bcd9e3fe3dc4e48aa31086b87030f0000001f03000000010000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f6", 0x42}, {&(0x7f0000000340)="1b8468e9e96ba56ae614c60000e45a00"/26, 0x1a}], 0x2, 0x0, 0x0, 0x1f000801}, 0x4000) r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000001c0)=@o_path={&(0x7f0000000180)='./file0\x00', 0x0, 0x10, r1}, 0x18) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000200)={0xffffffffffffffff, r2}) 49.726059ms ago: executing program 0 (id=1519): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3, 0x0, 0x9, 0x60cb01f8, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x26, 0xc, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x382a, 0xffffffffffff0001}, 0x8000, 0x3, 0x43a1bd76, 0x7, 0x9, 0x658, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000180)=@in6={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x6}, 0x80, &(0x7f0000000800), 0x0, 0x0, 0x0, 0x900}, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair(0x6, 0xa, 0x1, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000200)="5b8474fba623ae619797252f2069369cece3df8af6381bd99baddd6a3f7aa46997e91b71b108a57816d9f7f20414df637d56a1de976dd6403cbd8dc8e1a8283217a2fc08bdfaba48017a49fa0a37a8991a2a7a96f831d14c9b26c86eb8cb464d08f2628b31feacd00d30b4a34cbe640c7e3508c101cab904f7fde3bc1dfd64923902c09843f177af7297dcd2f3f48bb6565c2b8a6f2d3df8ba6190491a875bc7e865a83306a7058817d8227287891d3a93832652e1bfb3ee4aa32869387a36ba08dea9ad758c4f2f39102a17be06d3a870ca317faf4ac9b0dc1ae1a3d1b0a014744a152a7c9bfa78bffcb3c1a9f998f8c2b7430e29d53618c2cda7bf2a55", 0xfe}, {&(0x7f0000000380)="95b00b799eb98a4121f39e5eeeaea4a2a0620a9b5f390d8d6f4e21b458b7b0e4ab6f3f64b496aafe34efff07214bde225ba6f560b78caba07e3e85966c3e569395f82901dfcad879f72ab9bfe34f570e70bd83f3c98000bdf00a08960349aba3da7dd5cdfa93290b7ce76ae02dccb61a", 0x70}, {&(0x7f0000000400)="5b4569a5f908cf39c86e9c2562b2bbec991766b4db7a3b3597a89ecc3fcfc94a7fe81708ca7b213b5f8cdd4e480cfecfc1dbaed30b85c4ac15c262dd764064d25f531b7459f9f9c9ef9dcbc1fc6d80873190abb2378ca7bf11180ec04f1bcb8f9326c31baa1ff01d639e7af3f5733e66372c6682ba6d988b4498394406cfb29f838c446fa3417cd3b7b00b865a45f45b5ea3a5c2946c1c833ec46429935fd81745", 0xa1}, {&(0x7f00000004c0)="537abd3e8dc8172d35a73b11037336e110f97ead1a31fd17e85d39c34679ea0d451bb889c77eb91b73d12a56b5d75dd5b00f7361", 0x34}, {&(0x7f0000000500)="11159a05309ec7d313700a2990f1f9e1aadb", 0x12}, {&(0x7f0000000540)="a6a22a1898e21f2a71cc9f358f8364730de9d32ed6e9e626e48597649f3556bfaa01bd7f7ff1fad34ea7d21a7c0391525a6f57a27168421dddc0dbb56f3cd887443931188313762c720725f779c2a3f70093274afad3f47c775c0f6bcfd8cc95d00b23", 0x63}], 0x6, &(0x7f0000000640)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_tos_u8={{0x11}}], 0x30}, 0x2048000) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x32, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803e}, 0x1001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_mems\x00', 0x26e1, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) perf_event_open(&(0x7f0000000000)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x8000, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) gettid() gettid() sendmsg$unix(r2, &(0x7f0000000380)={&(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)="f9c9a42fb0d16269bf28619fc9797f5959a2290a75aaca0d9e0e0a5495547449d0882f12b9ac7589fc61b0d501b3f7184d46533fa818dac82cdf20e3747a69a16e9e13ec06a1548437baaf029e393a8e9bbd58932cf7f66815e1936bcb7c8a5ad12d3fbfb148351bb957f4ec1a16a9c405e04bc3b2871f75a2e74357a8e4910aa8125ac304f76865e4eb36ab2710c9853f83a0691aa5f4f6078cd4a7b98e5f7aaa98c3c9d47e82", 0xa7}], 0x1, &(0x7f00000002c0)=ANY=[], 0x78, 0x400}, 0x20000000) ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) r4 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r4, 0x84, 0xb, &(0x7f0000000000), 0xe) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0900400018000000080000004000000040000000374e669d3feec1e4e03af84c6d7df5168663156d8b9ce1c3557c974061a745f2ed7d363c2aca8112ffac942a59f0f6b735febc01b493", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) 0s ago: executing program 2 (id=1520): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, 0x0, 0xc000) sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000080)="d4", 0x1}], 0x1}, 0x8001) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000023c0)=""/4095, 0xfff}, {&(0x7f0000000cc0)=""/4096, 0x1000}], 0x2}, 0x40000000) kernel console output (not intermixed with test programs): e 0 active_anon:21708kB inactive_anon:0kB active_file:45520kB inactive_file:159756kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98476kB dirty:1304kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10560kB pagetables:2184kB sec_pagetables:0kB all_unreclaimable? no [ 195.207112][ T6939] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 195.254748][ T6939] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 195.333853][ T6939] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 195.339832][ T6939] Node 0 DMA32 free:1506228kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21624kB inactive_anon:0kB active_file:45520kB inactive_file:158940kB unevictable:1536kB writepending:1308kB present:3129332kB managed:2586932kB mlocked:0kB bounce:0kB free_pcp:23704kB local_pcp:6036kB free_cma:0kB [ 195.371927][ T6939] lowmem_reserve[]: 0 0 0 0 0 [ 195.377492][ T6939] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 195.405840][ T6939] lowmem_reserve[]: 0 0 0 0 0 [ 195.411499][ T6939] Node 1 Normal free:3896840kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17956kB local_pcp:12804kB free_cma:0kB [ 195.443540][ T6939] lowmem_reserve[]: 0 0 0 0 0 [ 195.448490][ T6939] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 195.470289][ T6939] Node 0 DMA32: 251*4kB (UM) 473*8kB (UME) 616*16kB (UME) 564*32kB (UME) 462*64kB (UME) 75*128kB (UME) 13*256kB (ME) 13*512kB (UME) 7*1024kB (ME) 4*2048kB (ME) 344*4096kB (UM) = 1506228kB [ 195.489991][ T6939] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 195.502221][ T6939] Node 1 Normal: 230*4kB (UME) 44*8kB (UME) 37*16kB (UME) 60*32kB (UME) 7*64kB (UE) 5*128kB (UM) 1*256kB (E) 3*512kB (UME) 1*1024kB (E) 1*2048kB (E) 949*4096kB (M) = 3896840kB [ 195.525241][ T6939] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 195.535819][ T6939] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 195.535916][ T6952] validate_nla: 6 callbacks suppressed [ 195.535972][ T6952] netlink: 'syz.3.384': attribute type 10 has an invalid length. [ 195.545672][ T6939] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 195.571877][ T6939] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 195.583351][ T6939] 52732 total pagecache pages [ 195.588219][ T6939] 0 pages in swap cache [ 195.592904][ T6939] Free swap = 124996kB [ 195.597342][ T6939] Total swap = 124996kB [ 195.601697][ T6939] 2097051 pages RAM [ 195.605729][ T6939] 0 pages HighMem/MovableOnly [ 195.611295][ T6939] 416932 pages reserved [ 195.615607][ T6939] 0 pages cma reserved [ 195.773283][ T6955] netlink: 'syz.2.385': attribute type 3 has an invalid length. [ 195.810017][ T6955] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.385'. [ 195.912781][ T6959] netlink: 'syz.1.387': attribute type 10 has an invalid length. [ 195.921194][ T6959] netlink: 40 bytes leftover after parsing attributes in process `syz.1.387'. [ 196.336060][ T5781] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 196.352876][ T6962] netlink: 'syz.1.388': attribute type 25 has an invalid length. [ 196.376096][ T6962] netlink: 'syz.1.388': attribute type 29 has an invalid length. [ 196.613369][ T6972] netlink: 'syz.0.392': attribute type 10 has an invalid length. [ 196.638181][ T6972] netlink: 40 bytes leftover after parsing attributes in process `syz.0.392'. [ 197.145116][ T6986] netlink: 'syz.3.396': attribute type 10 has an invalid length. [ 197.153261][ T6986] netlink: 40 bytes leftover after parsing attributes in process `syz.3.396'. [ 197.561405][ T6993] netlink: 'syz.3.399': attribute type 10 has an invalid length. [ 197.634404][ T6997] netlink: 'syz.1.401': attribute type 3 has an invalid length. [ 197.642858][ T6997] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.401'. [ 197.761262][ T5781] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 197.775654][ T6999] netlink: 'syz.2.402': attribute type 25 has an invalid length. [ 197.881601][ T7002] netlink: 40 bytes leftover after parsing attributes in process `syz.1.403'. [ 198.792795][ T7017] netlink: 40 bytes leftover after parsing attributes in process `syz.0.407'. [ 198.854975][ T7019] FAULT_INJECTION: forcing a failure. [ 198.854975][ T7019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.887531][ T7019] CPU: 0 PID: 7019 Comm: syz.1.408 Not tainted syzkaller #0 [ 198.894927][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 198.905378][ T7019] Call Trace: [ 198.908697][ T7019] [ 198.911668][ T7019] dump_stack_lvl+0x18c/0x250 [ 198.916402][ T7019] ? show_regs_print_info+0x20/0x20 [ 198.921685][ T7019] ? load_image+0x420/0x420 [ 198.926267][ T7019] ? __lock_acquire+0x7d40/0x7d40 [ 198.931447][ T7019] ? snprintf+0xe9/0x140 [ 198.935746][ T7019] should_fail_ex+0x39d/0x4d0 [ 198.940491][ T7019] _copy_to_user+0x2f/0xa0 [ 198.944972][ T7019] simple_read_from_buffer+0xe7/0x150 [ 198.950416][ T7019] proc_fail_nth_read+0x1e8/0x260 [ 198.955508][ T7019] ? proc_fault_inject_write+0x360/0x360 [ 198.961223][ T7019] ? fsnotify_perm+0x271/0x5e0 [ 198.966032][ T7019] ? proc_fault_inject_write+0x360/0x360 [ 198.971720][ T7019] vfs_read+0x28b/0x970 [ 198.975932][ T7019] ? kernel_read+0x1e0/0x1e0 [ 198.980575][ T7019] ? __fget_files+0x28/0x4b0 [ 198.985214][ T7019] ? __fget_files+0x28/0x4b0 [ 198.989864][ T7019] ? __fget_files+0x43d/0x4b0 [ 198.994603][ T7019] ? __fdget_pos+0x2a3/0x330 [ 198.999241][ T7019] ? ksys_read+0x75/0x260 [ 199.003632][ T7019] ksys_read+0x150/0x260 [ 199.007933][ T7019] ? vfs_write+0x990/0x990 [ 199.012422][ T7019] ? lockdep_hardirqs_on+0x98/0x150 [ 199.017694][ T7019] do_syscall_64+0x55/0xb0 [ 199.022183][ T7019] ? clear_bhb_loop+0x40/0x90 [ 199.026941][ T7019] ? clear_bhb_loop+0x40/0x90 [ 199.031689][ T7019] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 199.037638][ T7019] RIP: 0033:0x7faa8955d68e [ 199.042096][ T7019] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 199.061842][ T7019] RSP: 002b:00007faa8a47afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 199.070304][ T7019] RAX: ffffffffffffffda RBX: 00007faa8a47b6c0 RCX: 00007faa8955d68e [ 199.078322][ T7019] RDX: 000000000000000f RSI: 00007faa8a47b0a0 RDI: 0000000000000004 [ 199.086354][ T7019] RBP: 00007faa8a47b090 R08: 0000000000000000 R09: 0000000000000000 [ 199.094369][ T7019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.102530][ T7019] R13: 00007faa89816038 R14: 00007faa89815fa0 R15: 00007ffcc7f4af58 [ 199.110568][ T7019] [ 199.366168][ T7025] netlink: 132 bytes leftover after parsing attributes in process `syz.1.409'. [ 199.782395][ T7035] netlink: 40 bytes leftover after parsing attributes in process `syz.1.413'. [ 199.878441][ T5781] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 200.719407][ T7045] validate_nla: 8 callbacks suppressed [ 200.719423][ T7045] netlink: 'syz.2.418': attribute type 10 has an invalid length. [ 200.752290][ T7045] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.418'. [ 200.951117][ T7059] netlink: 'syz.3.420': attribute type 10 has an invalid length. [ 200.986627][ T7060] netlink: 'syz.2.422': attribute type 10 has an invalid length. [ 201.007316][ T7060] netlink: 40 bytes leftover after parsing attributes in process `syz.2.422'. [ 201.150521][ T7066] FAULT_INJECTION: forcing a failure. [ 201.150521][ T7066] name failslab, interval 1, probability 0, space 0, times 0 [ 201.163833][ T7066] CPU: 0 PID: 7066 Comm: syz.2.426 Not tainted syzkaller #0 [ 201.171170][ T7066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 201.181269][ T7066] Call Trace: [ 201.184600][ T7066] [ 201.187582][ T7066] dump_stack_lvl+0x18c/0x250 [ 201.192330][ T7066] ? show_regs_print_info+0x20/0x20 [ 201.197587][ T7066] ? load_image+0x420/0x420 [ 201.202140][ T7066] ? __might_sleep+0xe0/0xe0 [ 201.206788][ T7066] ? __lock_acquire+0x7d40/0x7d40 [ 201.211868][ T7066] should_fail_ex+0x39d/0x4d0 [ 201.216607][ T7066] should_failslab+0x9/0x20 [ 201.221172][ T7066] slab_pre_alloc_hook+0x59/0x310 [ 201.226259][ T7066] ? __lock_acquire+0x7d40/0x7d40 [ 201.231339][ T7066] kmem_cache_alloc_node+0x60/0x320 [ 201.236606][ T7066] ? __alloc_skb+0x103/0x2c0 [ 201.241249][ T7066] __alloc_skb+0x103/0x2c0 [ 201.245724][ T7066] netlink_sendmsg+0x66a/0xbf0 [ 201.250555][ T7066] ? netlink_getsockopt+0x590/0x590 [ 201.255811][ T7066] ? aa_sock_msg_perm+0x94/0x150 [ 201.260805][ T7066] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 201.266151][ T7066] ? security_socket_sendmsg+0x80/0xa0 [ 201.271677][ T7066] ? netlink_getsockopt+0x590/0x590 [ 201.276939][ T7066] ____sys_sendmsg+0x5ba/0x960 [ 201.281779][ T7066] ? __asan_memset+0x22/0x40 [ 201.286434][ T7066] ? __sys_sendmsg_sock+0x30/0x30 [ 201.291531][ T7066] ? __import_iovec+0x5f2/0x850 [ 201.296445][ T7066] ? import_iovec+0x73/0xa0 [ 201.301003][ T7066] ___sys_sendmsg+0x2a6/0x360 [ 201.305751][ T7066] ? __sys_sendmsg+0x2a0/0x2a0 [ 201.310594][ T7066] ? trace_call_bpf+0xc3/0x6c0 [ 201.315442][ T7066] __se_sys_sendmsg+0x1c2/0x2b0 [ 201.320356][ T7066] ? __x64_sys_sendmsg+0x80/0x80 [ 201.325369][ T7066] ? lockdep_hardirqs_on+0x98/0x150 [ 201.330648][ T7066] do_syscall_64+0x55/0xb0 [ 201.335301][ T7066] ? clear_bhb_loop+0x40/0x90 [ 201.340059][ T7066] ? clear_bhb_loop+0x40/0x90 [ 201.344801][ T7066] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 201.350839][ T7066] RIP: 0033:0x7fd7c719ce59 [ 201.355305][ T7066] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 201.374973][ T7066] RSP: 002b:00007fd7c813e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.383442][ T7066] RAX: ffffffffffffffda RBX: 00007fd7c7415fa0 RCX: 00007fd7c719ce59 [ 201.391473][ T7066] RDX: 0000000004040c04 RSI: 0000200000000080 RDI: 0000000000000003 [ 201.399541][ T7066] RBP: 00007fd7c813e090 R08: 0000000000000000 R09: 0000000000000000 [ 201.407574][ T7066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.415612][ T7066] R13: 00007fd7c7416038 R14: 00007fd7c7415fa0 R15: 00007ffc9a2cfe48 [ 201.423660][ T7066] [ 201.572940][ T5781] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 201.588991][ T7072] netlink: 'syz.2.428': attribute type 25 has an invalid length. [ 201.598323][ T7072] netlink: 'syz.2.428': attribute type 29 has an invalid length. [ 202.225004][ T7078] FAULT_INJECTION: forcing a failure. [ 202.225004][ T7078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 202.252652][ T7078] CPU: 1 PID: 7078 Comm: syz.2.431 Not tainted syzkaller #0 [ 202.260038][ T7078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 202.270140][ T7078] Call Trace: [ 202.273462][ T7078] [ 202.276517][ T7078] dump_stack_lvl+0x18c/0x250 [ 202.281256][ T7078] ? show_regs_print_info+0x20/0x20 [ 202.286496][ T7078] ? load_image+0x420/0x420 [ 202.291069][ T7078] ? __might_fault+0xaa/0x120 [ 202.295800][ T7078] ? __lock_acquire+0x7d40/0x7d40 [ 202.300885][ T7078] should_fail_ex+0x39d/0x4d0 [ 202.305635][ T7078] _copy_from_user+0x2f/0xe0 [ 202.310286][ T7078] bpf_obj_get_info_by_fd+0x477/0x3080 [ 202.315807][ T7078] ? verify_lock_unused+0x140/0x140 [ 202.321053][ T7078] ? bpf_map_get_fd_by_id+0x310/0x310 [ 202.326554][ T7078] ? get_pid_task+0x20/0x1e0 [ 202.331201][ T7078] ? file_end_write+0x159/0x250 [ 202.336105][ T7078] ? __might_fault+0xaa/0x120 [ 202.340902][ T7078] ? __might_fault+0xc6/0x120 [ 202.345610][ T7078] ? __might_fault+0xaa/0x120 [ 202.350316][ T7078] ? bpf_lsm_bpf+0x9/0x10 [ 202.354686][ T7078] ? security_bpf+0x7e/0xa0 [ 202.359230][ T7078] __sys_bpf+0x7eb/0x890 [ 202.363505][ T7078] ? bpf_link_show_fdinfo+0x390/0x390 [ 202.368954][ T7078] ? lock_chain_count+0x20/0x20 [ 202.373869][ T7078] __x64_sys_bpf+0x7c/0x90 [ 202.378347][ T7078] do_syscall_64+0x55/0xb0 [ 202.382807][ T7078] ? clear_bhb_loop+0x40/0x90 [ 202.387521][ T7078] ? clear_bhb_loop+0x40/0x90 [ 202.392239][ T7078] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 202.398164][ T7078] RIP: 0033:0x7fd7c719ce59 [ 202.402603][ T7078] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 202.422257][ T7078] RSP: 002b:00007fd7c813e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 202.430707][ T7078] RAX: ffffffffffffffda RBX: 00007fd7c7415fa0 RCX: 00007fd7c719ce59 [ 202.438729][ T7078] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 000000000000000f [ 202.446738][ T7078] RBP: 00007fd7c813e090 R08: 0000000000000000 R09: 0000000000000000 [ 202.454744][ T7078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.462915][ T7078] R13: 00007fd7c7416038 R14: 00007fd7c7415fa0 R15: 00007ffc9a2cfe48 [ 202.470928][ T7078] [ 202.608344][ T7084] netlink: 'syz.3.434': attribute type 10 has an invalid length. [ 202.630516][ T7084] netlink: 40 bytes leftover after parsing attributes in process `syz.3.434'. [ 202.833012][ T7093] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 202.892170][ T5781] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 203.822698][ T7114] netlink: 'syz.3.440': attribute type 10 has an invalid length. [ 203.834436][ T7113] netlink: 176 bytes leftover after parsing attributes in process `syz.1.442'. [ 203.985118][ T7121] netlink: 'syz.1.447': attribute type 10 has an invalid length. [ 204.010367][ T7121] netlink: 40 bytes leftover after parsing attributes in process `syz.1.447'. [ 205.524599][ T7156] FAULT_INJECTION: forcing a failure. [ 205.524599][ T7156] name failslab, interval 1, probability 0, space 0, times 0 [ 205.538144][ T7156] CPU: 0 PID: 7156 Comm: syz.1.461 Not tainted syzkaller #0 [ 205.545496][ T7156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 205.555609][ T7156] Call Trace: [ 205.558944][ T7156] [ 205.561926][ T7156] dump_stack_lvl+0x18c/0x250 [ 205.566768][ T7156] ? show_regs_print_info+0x20/0x20 [ 205.572024][ T7156] ? load_image+0x420/0x420 [ 205.576581][ T7156] ? __lock_acquire+0x7d40/0x7d40 [ 205.581670][ T7156] should_fail_ex+0x39d/0x4d0 [ 205.586414][ T7156] should_failslab+0x9/0x20 [ 205.590975][ T7156] slab_pre_alloc_hook+0x59/0x310 [ 205.596061][ T7156] ? vmemdup_user+0x49/0x1e0 [ 205.600708][ T7156] ? vmemdup_user+0x49/0x1e0 [ 205.605355][ T7156] __kmem_cache_alloc_node+0x53/0x250 [ 205.610790][ T7156] ? vmemdup_user+0x49/0x1e0 [ 205.615437][ T7156] __kmalloc_node+0xa4/0x230 [ 205.620089][ T7156] vmemdup_user+0x49/0x1e0 [ 205.624556][ T7156] map_get_next_key+0x228/0x620 [ 205.629449][ T7156] ? __might_fault+0xc6/0x120 [ 205.634202][ T7156] ? __might_fault+0xaa/0x120 [ 205.638936][ T7156] ? bpf_lsm_bpf+0x9/0x10 [ 205.643324][ T7156] __sys_bpf+0x715/0x890 [ 205.647636][ T7156] ? bpf_link_show_fdinfo+0x390/0x390 [ 205.653075][ T7156] ? lock_chain_count+0x20/0x20 [ 205.657993][ T7156] __x64_sys_bpf+0x7c/0x90 [ 205.662468][ T7156] do_syscall_64+0x55/0xb0 [ 205.666942][ T7156] ? clear_bhb_loop+0x40/0x90 [ 205.671667][ T7156] ? clear_bhb_loop+0x40/0x90 [ 205.676478][ T7156] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 205.682493][ T7156] RIP: 0033:0x7faa8959ce59 [ 205.686939][ T7156] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.706674][ T7156] RSP: 002b:00007faa8a47b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 205.715123][ T7156] RAX: ffffffffffffffda RBX: 00007faa89815fa0 RCX: 00007faa8959ce59 [ 205.723219][ T7156] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000004 [ 205.731223][ T7156] RBP: 00007faa8a47b090 R08: 0000000000000000 R09: 0000000000000000 [ 205.739222][ T7156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.747228][ T7156] R13: 00007faa89816038 R14: 00007faa89815fa0 R15: 00007ffcc7f4af58 [ 205.755247][ T7156] [ 205.789935][ T7160] netlink: 'syz.3.460': attribute type 10 has an invalid length. [ 205.796326][ T7158] netlink: 'syz.2.462': attribute type 3 has an invalid length. [ 205.812282][ T7158] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.462'. [ 205.921084][ T7164] netlink: 'syz.1.464': attribute type 40 has an invalid length. [ 206.850725][ T5784] Bluetooth: hci2: command 0x0406 tx timeout [ 206.860277][ T5784] Bluetooth: hci3: command 0x0406 tx timeout [ 206.866428][ T5784] Bluetooth: hci1: command 0x0406 tx timeout [ 206.949626][ T7187] FAULT_INJECTION: forcing a failure. [ 206.949626][ T7187] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.963136][ T7187] CPU: 1 PID: 7187 Comm: syz.3.474 Not tainted syzkaller #0 [ 206.970489][ T7187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 206.980610][ T7187] Call Trace: [ 206.983970][ T7187] [ 206.986951][ T7187] dump_stack_lvl+0x18c/0x250 [ 206.991696][ T7187] ? show_regs_print_info+0x20/0x20 [ 206.996952][ T7187] ? load_image+0x420/0x420 [ 207.001517][ T7187] ? __lock_acquire+0x7d40/0x7d40 [ 207.006624][ T7187] ? snprintf+0xe9/0x140 [ 207.010937][ T7187] should_fail_ex+0x39d/0x4d0 [ 207.015700][ T7187] _copy_to_user+0x2f/0xa0 [ 207.020173][ T7187] simple_read_from_buffer+0xe7/0x150 [ 207.025614][ T7187] proc_fail_nth_read+0x1e8/0x260 [ 207.030705][ T7187] ? proc_fault_inject_write+0x360/0x360 [ 207.036395][ T7187] ? fsnotify_perm+0x271/0x5e0 [ 207.041210][ T7187] ? proc_fault_inject_write+0x360/0x360 [ 207.046898][ T7187] vfs_read+0x28b/0x970 [ 207.051115][ T7187] ? kernel_read+0x1e0/0x1e0 [ 207.055763][ T7187] ? __fget_files+0x28/0x4b0 [ 207.060407][ T7187] ? __fget_files+0x28/0x4b0 [ 207.065058][ T7187] ? __fget_files+0x43d/0x4b0 [ 207.069807][ T7187] ? __fdget_pos+0x2a3/0x330 [ 207.074453][ T7187] ? ksys_read+0x75/0x260 [ 207.078822][ T7187] ksys_read+0x150/0x260 [ 207.083105][ T7187] ? vfs_write+0x990/0x990 [ 207.087561][ T7187] ? lockdep_hardirqs_on+0x98/0x150 [ 207.092798][ T7187] do_syscall_64+0x55/0xb0 [ 207.097244][ T7187] ? clear_bhb_loop+0x40/0x90 [ 207.101961][ T7187] ? clear_bhb_loop+0x40/0x90 [ 207.106676][ T7187] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 207.112600][ T7187] RIP: 0033:0x7fc7ef15d68e [ 207.117053][ T7187] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 207.136693][ T7187] RSP: 002b:00007fc7f00defe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 207.145136][ T7187] RAX: ffffffffffffffda RBX: 00007fc7f00df6c0 RCX: 00007fc7ef15d68e [ 207.153134][ T7187] RDX: 000000000000000f RSI: 00007fc7f00df0a0 RDI: 0000000000000004 [ 207.161136][ T7187] RBP: 00007fc7f00df090 R08: 0000000000000000 R09: 0000000000000000 [ 207.169130][ T7187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.177153][ T7187] R13: 00007fc7ef416038 R14: 00007fc7ef415fa0 R15: 00007ffcef765ae8 [ 207.185252][ T7187] [ 207.232871][ T7189] netlink: 'syz.1.473': attribute type 3 has an invalid length. [ 207.250645][ T7189] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.473'. [ 207.595855][ T7199] netlink: 'syz.2.478': attribute type 10 has an invalid length. [ 207.666535][ T7201] netlink: 'syz.1.479': attribute type 29 has an invalid length. [ 207.675403][ T7201] netlink: 'syz.1.479': attribute type 29 has an invalid length. [ 207.687462][ T7201] netlink: 'syz.1.479': attribute type 29 has an invalid length. [ 207.698025][ T7201] netlink: 'syz.1.479': attribute type 29 has an invalid length. [ 207.709140][ T7201] netlink: 'syz.1.479': attribute type 29 has an invalid length. [ 208.312336][ T7214] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.485'. [ 208.322825][ T7215] netlink: 16410 bytes leftover after parsing attributes in process `syz.3.484'. [ 208.658505][ T7227] FAULT_INJECTION: forcing a failure. [ 208.658505][ T7227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.672573][ T7227] CPU: 1 PID: 7227 Comm: syz.0.490 Not tainted syzkaller #0 [ 208.679934][ T7227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 208.690032][ T7227] Call Trace: [ 208.693353][ T7227] [ 208.696321][ T7227] dump_stack_lvl+0x18c/0x250 [ 208.701063][ T7227] ? show_regs_print_info+0x20/0x20 [ 208.706318][ T7227] ? load_image+0x420/0x420 [ 208.710871][ T7227] ? __lock_acquire+0x7d40/0x7d40 [ 208.715951][ T7227] should_fail_ex+0x39d/0x4d0 [ 208.720683][ T7227] _copy_from_user+0x2f/0xe0 [ 208.725323][ T7227] __copy_msghdr+0x3bb/0x580 [ 208.729967][ T7227] ___sys_sendmsg+0x214/0x360 [ 208.734696][ T7227] ? get_pid_task+0x20/0x1e0 [ 208.739329][ T7227] ? __sys_sendmsg+0x2a0/0x2a0 [ 208.744134][ T7227] ? __lock_acquire+0x7d40/0x7d40 [ 208.749207][ T7227] __se_sys_sendmsg+0x1c2/0x2b0 [ 208.754095][ T7227] ? __x64_sys_sendmsg+0x80/0x80 [ 208.759076][ T7227] ? lockdep_hardirqs_on+0x98/0x150 [ 208.764316][ T7227] do_syscall_64+0x55/0xb0 [ 208.768762][ T7227] ? clear_bhb_loop+0x40/0x90 [ 208.773472][ T7227] ? clear_bhb_loop+0x40/0x90 [ 208.778618][ T7227] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 208.784551][ T7227] RIP: 0033:0x7f5e32d9ce59 [ 208.788992][ T7227] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.808623][ T7227] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.817075][ T7227] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 208.825071][ T7227] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 208.833072][ T7227] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 208.841064][ T7227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.849068][ T7227] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 208.857105][ T7227] [ 209.514447][ T7243] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.496'. [ 209.802211][ T7253] netlink: 132 bytes leftover after parsing attributes in process `syz.2.500'. [ 210.921941][ T7271] validate_nla: 4 callbacks suppressed [ 210.921961][ T7271] netlink: 'syz.1.507': attribute type 3 has an invalid length. [ 210.937002][ T7271] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.507'. [ 211.094778][ T7278] netlink: 144316 bytes leftover after parsing attributes in process `syz.1.510'. [ 211.175624][ T7279] netlink: 132 bytes leftover after parsing attributes in process `syz.0.511'. [ 211.372795][ T7286] netlink: 'syz.1.513': attribute type 10 has an invalid length. [ 211.616157][ T7289] netlink: 4 bytes leftover after parsing attributes in process `syz.0.515'. [ 211.672625][ T7289] netlink: 168 bytes leftover after parsing attributes in process `syz.0.515'. [ 211.872420][ T7301] netlink: 'syz.0.519': attribute type 3 has an invalid length. [ 212.497103][ T7319] FAULT_INJECTION: forcing a failure. [ 212.497103][ T7319] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.520429][ T7319] CPU: 1 PID: 7319 Comm: syz.2.527 Not tainted syzkaller #0 [ 212.527879][ T7319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 212.537980][ T7319] Call Trace: [ 212.541299][ T7319] [ 212.544269][ T7319] dump_stack_lvl+0x18c/0x250 [ 212.549004][ T7319] ? show_regs_print_info+0x20/0x20 [ 212.554261][ T7319] ? load_image+0x420/0x420 [ 212.558819][ T7319] ? __lock_acquire+0x7d40/0x7d40 [ 212.563910][ T7319] should_fail_ex+0x39d/0x4d0 [ 212.568646][ T7319] _copy_from_user+0x2f/0xe0 [ 212.573298][ T7319] __copy_msghdr+0x3bb/0x580 [ 212.577945][ T7319] ___sys_sendmsg+0x214/0x360 [ 212.582687][ T7319] ? get_pid_task+0x20/0x1e0 [ 212.587342][ T7319] ? __sys_sendmsg+0x2a0/0x2a0 [ 212.592179][ T7319] ? __lock_acquire+0x7d40/0x7d40 [ 212.597291][ T7319] __se_sys_sendmsg+0x1c2/0x2b0 [ 212.602198][ T7319] ? __x64_sys_sendmsg+0x80/0x80 [ 212.607231][ T7319] ? lockdep_hardirqs_on+0x98/0x150 [ 212.612496][ T7319] do_syscall_64+0x55/0xb0 [ 212.616960][ T7319] ? clear_bhb_loop+0x40/0x90 [ 212.621692][ T7319] ? clear_bhb_loop+0x40/0x90 [ 212.626431][ T7319] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 212.632373][ T7319] RIP: 0033:0x7fd7c719ce59 [ 212.636818][ T7319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 212.656517][ T7319] RSP: 002b:00007fd7c813e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.664950][ T7319] RAX: ffffffffffffffda RBX: 00007fd7c7415fa0 RCX: 00007fd7c719ce59 [ 212.672944][ T7319] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 212.680944][ T7319] RBP: 00007fd7c813e090 R08: 0000000000000000 R09: 0000000000000000 [ 212.688933][ T7319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.696925][ T7319] R13: 00007fd7c7416038 R14: 00007fd7c7415fa0 R15: 00007ffc9a2cfe48 [ 212.704938][ T7319] [ 212.815364][ T7324] netlink: 'syz.0.530': attribute type 3 has an invalid length. [ 212.824132][ T7324] __nla_validate_parse: 2 callbacks suppressed [ 212.824155][ T7324] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.530'. [ 212.980078][ T7330] netlink: 132 bytes leftover after parsing attributes in process `syz.0.532'. [ 213.132022][ T7336] netlink: 'syz.2.533': attribute type 10 has an invalid length. [ 213.569549][ T7344] FAULT_INJECTION: forcing a failure. [ 213.569549][ T7344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.626426][ T7344] CPU: 1 PID: 7344 Comm: syz.0.537 Not tainted syzkaller #0 [ 213.633817][ T7344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 213.643943][ T7344] Call Trace: [ 213.647274][ T7344] [ 213.650249][ T7344] dump_stack_lvl+0x18c/0x250 [ 213.654986][ T7344] ? show_regs_print_info+0x20/0x20 [ 213.660230][ T7344] ? load_image+0x420/0x420 [ 213.664951][ T7344] ? __might_fault+0xaa/0x120 [ 213.669679][ T7344] ? __lock_acquire+0x7d40/0x7d40 [ 213.674855][ T7344] should_fail_ex+0x39d/0x4d0 [ 213.679589][ T7344] _copy_to_user+0x2f/0xa0 [ 213.684054][ T7344] bpf_prog_test_run_raw_tp+0x4ca/0x660 [ 213.689671][ T7344] ? trace_bpf_test_finish+0x1a0/0x1a0 [ 213.695200][ T7344] ? trace_bpf_test_finish+0x1a0/0x1a0 [ 213.700717][ T7344] bpf_prog_test_run+0x321/0x390 [ 213.705711][ T7344] __sys_bpf+0x49d/0x890 [ 213.710009][ T7344] ? bpf_link_show_fdinfo+0x390/0x390 [ 213.715538][ T7344] ? lock_chain_count+0x20/0x20 [ 213.720455][ T7344] __x64_sys_bpf+0x7c/0x90 [ 213.724921][ T7344] do_syscall_64+0x55/0xb0 [ 213.729383][ T7344] ? clear_bhb_loop+0x40/0x90 [ 213.734118][ T7344] ? clear_bhb_loop+0x40/0x90 [ 213.738851][ T7344] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 213.744784][ T7344] RIP: 0033:0x7f5e32d9ce59 [ 213.749229][ T7344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 213.768940][ T7344] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 213.777372][ T7344] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 213.785364][ T7344] RDX: 000000000000000c RSI: 0000200000000380 RDI: 000000000000000a [ 213.793362][ T7344] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 213.801377][ T7344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.809367][ T7344] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 213.817386][ T7344] [ 213.871379][ T7347] FAULT_INJECTION: forcing a failure. [ 213.871379][ T7347] name failslab, interval 1, probability 0, space 0, times 0 [ 213.886542][ T7347] CPU: 0 PID: 7347 Comm: syz.3.538 Not tainted syzkaller #0 [ 213.893905][ T7347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 213.904010][ T7347] Call Trace: [ 213.907329][ T7347] [ 213.910292][ T7347] dump_stack_lvl+0x18c/0x250 [ 213.915024][ T7347] ? show_regs_print_info+0x20/0x20 [ 213.920268][ T7347] ? load_image+0x420/0x420 [ 213.924819][ T7347] ? __might_sleep+0xe0/0xe0 [ 213.929452][ T7347] ? __lock_acquire+0x7d40/0x7d40 [ 213.934520][ T7347] ? mark_lock+0x94/0x320 [ 213.939087][ T7347] should_fail_ex+0x39d/0x4d0 [ 213.943848][ T7347] should_failslab+0x9/0x20 [ 213.948408][ T7347] slab_pre_alloc_hook+0x59/0x310 [ 213.953497][ T7347] ? __get_vm_area_node+0x125/0x370 [ 213.958753][ T7347] __kmem_cache_alloc_node+0x53/0x250 [ 213.964184][ T7347] ? __get_vm_area_node+0x125/0x370 [ 213.969419][ T7347] kmalloc_node_trace+0x26/0xe0 [ 213.974303][ T7347] __get_vm_area_node+0x125/0x370 [ 213.979366][ T7347] __vmalloc_node_range+0x36e/0x1330 [ 213.984700][ T7347] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 213.990307][ T7347] ? mark_lock+0x94/0x320 [ 213.994682][ T7347] ? __lock_acquire+0x1347/0x7d40 [ 213.999737][ T7347] ? verify_lock_unused+0x140/0x140 [ 214.004997][ T7347] ? free_vm_area+0x50/0x50 [ 214.009576][ T7347] ? end_current_label_crit_section+0x170/0x170 [ 214.015863][ T7347] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 214.021439][ T7347] __vmalloc+0x7a/0x90 [ 214.025546][ T7347] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 214.031127][ T7347] bpf_prog_alloc_no_stats+0x47/0x440 [ 214.036644][ T7347] ? bpf_prog_alloc+0x2b/0x1a0 [ 214.041439][ T7347] bpf_prog_alloc+0x3d/0x1a0 [ 214.046081][ T7347] bpf_prog_load+0x6eb/0x1670 [ 214.050813][ T7347] ? map_freeze+0x420/0x420 [ 214.055344][ T7347] ? __might_fault+0xaa/0x120 [ 214.060040][ T7347] ? __lock_acquire+0x7d40/0x7d40 [ 214.065183][ T7347] ? file_end_write+0x159/0x250 [ 214.070066][ T7347] ? __might_fault+0xaa/0x120 [ 214.074771][ T7347] ? __might_fault+0xc6/0x120 [ 214.079472][ T7347] ? __might_fault+0xaa/0x120 [ 214.084180][ T7347] ? bpf_lsm_bpf+0x9/0x10 [ 214.088544][ T7347] ? security_bpf+0x7e/0xa0 [ 214.093078][ T7347] __sys_bpf+0x5ba/0x890 [ 214.097348][ T7347] ? bpf_link_show_fdinfo+0x390/0x390 [ 214.102760][ T7347] ? lock_chain_count+0x20/0x20 [ 214.107649][ T7347] __x64_sys_bpf+0x7c/0x90 [ 214.112098][ T7347] do_syscall_64+0x55/0xb0 [ 214.116542][ T7347] ? clear_bhb_loop+0x40/0x90 [ 214.121256][ T7347] ? clear_bhb_loop+0x40/0x90 [ 214.125967][ T7347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.131898][ T7347] RIP: 0033:0x7fc7ef19ce59 [ 214.136340][ T7347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.156138][ T7347] RSP: 002b:00007fc7f00df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 214.164585][ T7347] RAX: ffffffffffffffda RBX: 00007fc7ef415fa0 RCX: 00007fc7ef19ce59 [ 214.172584][ T7347] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 214.180582][ T7347] RBP: 00007fc7f00df090 R08: 0000000000000000 R09: 0000000000000000 [ 214.188573][ T7347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.196570][ T7347] R13: 00007fc7ef416038 R14: 00007fc7ef415fa0 R15: 00007ffcef765ae8 [ 214.204579][ T7347] [ 214.245874][ T7347] syz.3.538: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 214.262934][ T7347] CPU: 0 PID: 7347 Comm: syz.3.538 Not tainted syzkaller #0 [ 214.270275][ T7347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 214.280450][ T7347] Call Trace: [ 214.283760][ T7347] [ 214.286734][ T7347] dump_stack_lvl+0x18c/0x250 [ 214.291456][ T7347] ? show_regs_print_info+0x20/0x20 [ 214.296694][ T7347] ? load_image+0x420/0x420 [ 214.301248][ T7347] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 214.307710][ T7347] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 214.314257][ T7347] warn_alloc+0x246/0x340 [ 214.318751][ T7347] ? __get_vm_area_node+0x125/0x370 [ 214.324017][ T7347] ? zone_watermark_ok_safe+0x230/0x230 [ 214.329628][ T7347] ? rcu_is_watching+0x15/0xb0 [ 214.334443][ T7347] ? __get_vm_area_node+0x356/0x370 [ 214.339702][ T7347] __vmalloc_node_range+0x393/0x1330 [ 214.345052][ T7347] ? mark_lock+0x94/0x320 [ 214.349452][ T7347] ? __lock_acquire+0x1347/0x7d40 [ 214.354537][ T7347] ? verify_lock_unused+0x140/0x140 [ 214.359797][ T7347] ? free_vm_area+0x50/0x50 [ 214.364350][ T7347] ? end_current_label_crit_section+0x170/0x170 [ 214.370654][ T7347] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 214.376245][ T7347] __vmalloc+0x7a/0x90 [ 214.380367][ T7347] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 214.385979][ T7347] bpf_prog_alloc_no_stats+0x47/0x440 [ 214.391407][ T7347] ? bpf_prog_alloc+0x2b/0x1a0 [ 214.396240][ T7347] bpf_prog_alloc+0x3d/0x1a0 [ 214.400900][ T7347] bpf_prog_load+0x6eb/0x1670 [ 214.405633][ T7347] ? map_freeze+0x420/0x420 [ 214.410183][ T7347] ? __might_fault+0xaa/0x120 [ 214.414925][ T7347] ? __lock_acquire+0x7d40/0x7d40 [ 214.419989][ T7347] ? file_end_write+0x159/0x250 [ 214.424886][ T7347] ? __might_fault+0xaa/0x120 [ 214.429611][ T7347] ? __might_fault+0xc6/0x120 [ 214.434319][ T7347] ? __might_fault+0xaa/0x120 [ 214.439036][ T7347] ? bpf_lsm_bpf+0x9/0x10 [ 214.443416][ T7347] ? security_bpf+0x7e/0xa0 [ 214.447972][ T7347] __sys_bpf+0x5ba/0x890 [ 214.452280][ T7347] ? bpf_link_show_fdinfo+0x390/0x390 [ 214.457712][ T7347] ? lock_chain_count+0x20/0x20 [ 214.462606][ T7347] __x64_sys_bpf+0x7c/0x90 [ 214.467070][ T7347] do_syscall_64+0x55/0xb0 [ 214.471533][ T7347] ? clear_bhb_loop+0x40/0x90 [ 214.476271][ T7347] ? clear_bhb_loop+0x40/0x90 [ 214.480999][ T7347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 214.486924][ T7347] RIP: 0033:0x7fc7ef19ce59 [ 214.491366][ T7347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 214.511000][ T7347] RSP: 002b:00007fc7f00df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 214.519441][ T7347] RAX: ffffffffffffffda RBX: 00007fc7ef415fa0 RCX: 00007fc7ef19ce59 [ 214.527434][ T7347] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005 [ 214.535425][ T7347] RBP: 00007fc7f00df090 R08: 0000000000000000 R09: 0000000000000000 [ 214.543424][ T7347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.551420][ T7347] R13: 00007fc7ef416038 R14: 00007fc7ef415fa0 R15: 00007ffcef765ae8 [ 214.559426][ T7347] [ 214.583998][ T7347] Mem-Info: [ 214.587330][ T7347] active_anon:5451 inactive_anon:0 isolated_anon:0 [ 214.587330][ T7347] active_file:11398 inactive_file:39997 isolated_file:0 [ 214.587330][ T7347] unevictable:768 dirty:212 writeback:0 [ 214.587330][ T7347] slab_reclaimable:9979 slab_unreclaimable:90760 [ 214.587330][ T7347] mapped:24591 shmem:1361 pagetables:532 [ 214.587330][ T7347] sec_pagetables:0 bounce:0 [ 214.587330][ T7347] kernel_misc_reclaimable:0 [ 214.587330][ T7347] free:1358924 free_pcp:5822 free_cma:0 [ 214.669956][ T7347] Node 0 active_anon:21604kB inactive_anon:0kB active_file:45592kB inactive_file:159788kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98264kB dirty:848kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10512kB pagetables:2128kB sec_pagetables:0kB all_unreclaimable? no [ 214.714436][ T7347] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 214.780906][ T7347] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 214.816161][ T7347] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 214.826187][ T7347] Node 0 DMA32 free:1523048kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21464kB inactive_anon:0kB active_file:45592kB inactive_file:158964kB unevictable:1536kB writepending:848kB present:3129332kB managed:2586932kB mlocked:0kB bounce:0kB free_pcp:6452kB local_pcp:2512kB free_cma:0kB [ 214.858694][ T7347] lowmem_reserve[]: 0 0 0 0 0 [ 214.864024][ T7347] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 214.891044][ T7347] lowmem_reserve[]: 0 0 0 0 0 [ 214.895851][ T7347] Node 1 Normal free:3896840kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17956kB local_pcp:12804kB free_cma:0kB [ 214.928179][ T7347] lowmem_reserve[]: 0 0 0 0 0 [ 214.932572][ T7356] netlink: 'syz.2.541': attribute type 3 has an invalid length. [ 214.948572][ T7347] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 214.961635][ T7347] Node 0 DMA32: 574*4kB (UME) 1022*8kB (UME) 1130*16kB (UM) 1008*32kB (UME) 308*64kB (UME) 56*128kB (UME) 12*256kB (UME) 11*512kB (UME) 9*1024kB (ME) 4*2048kB (ME) 344*4096kB (UM) = 1522824kB [ 214.962564][ T7356] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.541'. [ 214.981569][ T7347] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 215.005533][ T7347] Node 1 Normal: 230*4kB (UME) 44*8kB (UME) 37*16kB (UME) 60*32kB (UME) 7*64kB (UE) 5*128kB (UM) 1*256kB (E) 3*512kB (UME) 1*1024kB (E) 1*2048kB (E) 949*4096kB (M) = 3896840kB [ 215.039600][ T7347] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 215.049430][ T7347] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 215.063857][ T7347] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 215.090265][ T7347] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 215.110954][ T7347] 52758 total pagecache pages [ 215.115724][ T7347] 0 pages in swap cache [ 215.146018][ T7360] netlink: 132 bytes leftover after parsing attributes in process `syz.1.543'. [ 215.151381][ T7347] Free swap = 124996kB [ 215.159239][ T7347] Total swap = 124996kB [ 215.175277][ T7347] 2097051 pages RAM [ 215.179156][ T7347] 0 pages HighMem/MovableOnly [ 215.190557][ T7347] 416932 pages reserved [ 215.194782][ T7347] 0 pages cma reserved [ 215.365119][ T7367] netlink: 132 bytes leftover after parsing attributes in process `syz.1.555'. [ 215.667507][ T7379] netlink: 'syz.1.550': attribute type 10 has an invalid length. [ 216.178964][ T7389] netlink: 'syz.2.556': attribute type 3 has an invalid length. [ 216.201811][ T7389] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.556'. [ 216.302298][ T7391] FAULT_INJECTION: forcing a failure. [ 216.302298][ T7391] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.331478][ T7391] CPU: 0 PID: 7391 Comm: syz.3.558 Not tainted syzkaller #0 [ 216.338856][ T7391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 216.348947][ T7391] Call Trace: [ 216.352273][ T7391] [ 216.355248][ T7391] dump_stack_lvl+0x18c/0x250 [ 216.359507][ T7393] netlink: 132 bytes leftover after parsing attributes in process `syz.0.559'. [ 216.368963][ T7391] ? show_regs_print_info+0x20/0x20 [ 216.369001][ T7391] ? load_image+0x420/0x420 [ 216.378789][ T7391] ? __might_fault+0xaa/0x120 [ 216.383525][ T7391] ? __lock_acquire+0x7d40/0x7d40 [ 216.388614][ T7391] should_fail_ex+0x39d/0x4d0 [ 216.393370][ T7391] _copy_to_user+0x2f/0xa0 [ 216.397826][ T7391] bpf_prog_test_run_raw_tp+0x4ca/0x660 [ 216.403413][ T7391] ? trace_bpf_test_finish+0x1a0/0x1a0 [ 216.408922][ T7391] ? trace_bpf_test_finish+0x1a0/0x1a0 [ 216.414415][ T7391] bpf_prog_test_run+0x321/0x390 [ 216.419381][ T7391] __sys_bpf+0x49d/0x890 [ 216.423651][ T7391] ? bpf_link_show_fdinfo+0x390/0x390 [ 216.429064][ T7391] ? lock_chain_count+0x20/0x20 [ 216.433964][ T7391] __x64_sys_bpf+0x7c/0x90 [ 216.438412][ T7391] do_syscall_64+0x55/0xb0 [ 216.442861][ T7391] ? clear_bhb_loop+0x40/0x90 [ 216.447577][ T7391] ? clear_bhb_loop+0x40/0x90 [ 216.452298][ T7391] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 216.458329][ T7391] RIP: 0033:0x7fc7ef19ce59 [ 216.462782][ T7391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 216.482521][ T7391] RSP: 002b:00007fc7f00df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 216.490972][ T7391] RAX: ffffffffffffffda RBX: 00007fc7ef415fa0 RCX: 00007fc7ef19ce59 [ 216.498972][ T7391] RDX: 000000000000000c RSI: 0000200000000080 RDI: 000000000000000a [ 216.506969][ T7391] RBP: 00007fc7f00df090 R08: 0000000000000000 R09: 0000000000000000 [ 216.514978][ T7391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 216.523063][ T7391] R13: 00007fc7ef416038 R14: 00007fc7ef415fa0 R15: 00007ffcef765ae8 [ 216.531072][ T7391] [ 216.741953][ T7402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.563'. [ 217.304569][ T7418] netlink: 'syz.1.568': attribute type 10 has an invalid length. [ 217.330035][ T7420] netlink: 132 bytes leftover after parsing attributes in process `syz.3.569'. [ 218.262197][ T7443] netlink: 132 bytes leftover after parsing attributes in process `syz.3.579'. [ 218.511738][ T7452] netlink: 'syz.2.580': attribute type 10 has an invalid length. [ 218.550302][ T7452] netlink: 40 bytes leftover after parsing attributes in process `syz.2.580'. [ 218.717727][ T7459] tap0: tun_chr_ioctl cmd 1074025677 [ 218.723676][ T7459] tap0: linktype set to 774 [ 218.734084][ T7459] netlink: 156 bytes leftover after parsing attributes in process `syz.3.582'. [ 219.359396][ T7467] netlink: 'syz.2.586': attribute type 10 has an invalid length. [ 219.957719][ T7474] netlink: 132 bytes leftover after parsing attributes in process `syz.3.590'. [ 220.201169][ T7485] netlink: 'syz.1.594': attribute type 10 has an invalid length. [ 220.219726][ T7485] netlink: 40 bytes leftover after parsing attributes in process `syz.1.594'. [ 220.252769][ T7486] FAULT_INJECTION: forcing a failure. [ 220.252769][ T7486] name failslab, interval 1, probability 0, space 0, times 0 [ 220.281263][ T7486] CPU: 0 PID: 7486 Comm: syz.0.595 Not tainted syzkaller #0 [ 220.288647][ T7486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 220.298755][ T7486] Call Trace: [ 220.302074][ T7486] [ 220.305043][ T7486] dump_stack_lvl+0x18c/0x250 [ 220.309793][ T7486] ? show_regs_print_info+0x20/0x20 [ 220.315063][ T7486] ? load_image+0x420/0x420 [ 220.319625][ T7486] ? __might_sleep+0xe0/0xe0 [ 220.324273][ T7486] ? __lock_acquire+0x7d40/0x7d40 [ 220.329368][ T7486] should_fail_ex+0x39d/0x4d0 [ 220.334119][ T7486] should_failslab+0x9/0x20 [ 220.338678][ T7486] slab_pre_alloc_hook+0x59/0x310 [ 220.343776][ T7486] ? bpf_prog_test_run_flow_dissector+0x259/0x640 [ 220.350251][ T7486] ? bpf_prog_test_run_flow_dissector+0x259/0x640 [ 220.356798][ T7486] __kmem_cache_alloc_node+0x53/0x250 [ 220.362314][ T7486] ? bpf_prog_test_run_flow_dissector+0x259/0x640 [ 220.368788][ T7486] __kmalloc+0xa4/0x230 [ 220.373002][ T7486] bpf_prog_test_run_flow_dissector+0x259/0x640 [ 220.379307][ T7486] ? xdp_convert_buff_to_md+0x200/0x200 [ 220.384913][ T7486] ? __fget_files+0x28/0x4b0 [ 220.389555][ T7486] ? __fget_files+0x28/0x4b0 [ 220.394195][ T7486] ? __fget_files+0x43d/0x4b0 [ 220.398938][ T7486] ? xdp_convert_buff_to_md+0x200/0x200 [ 220.404546][ T7486] bpf_prog_test_run+0x321/0x390 [ 220.409543][ T7486] __sys_bpf+0x49d/0x890 [ 220.413865][ T7486] ? bpf_link_show_fdinfo+0x390/0x390 [ 220.419336][ T7486] ? lock_chain_count+0x20/0x20 [ 220.424258][ T7486] __x64_sys_bpf+0x7c/0x90 [ 220.428733][ T7486] do_syscall_64+0x55/0xb0 [ 220.433200][ T7486] ? clear_bhb_loop+0x40/0x90 [ 220.437941][ T7486] ? clear_bhb_loop+0x40/0x90 [ 220.442680][ T7486] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 220.448630][ T7486] RIP: 0033:0x7f5e32d9ce59 [ 220.453107][ T7486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 220.472772][ T7486] RSP: 002b:00007f5e30fd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 220.481241][ T7486] RAX: ffffffffffffffda RBX: 00007f5e33016090 RCX: 00007f5e32d9ce59 [ 220.489249][ T7486] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a [ 220.497246][ T7486] RBP: 00007f5e30fd5090 R08: 0000000000000000 R09: 0000000000000000 [ 220.505242][ T7486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.513238][ T7486] R13: 00007f5e33016128 R14: 00007f5e33016090 R15: 00007fff8a161888 [ 220.521253][ T7486] [ 220.795842][ T7502] netlink: 132 bytes leftover after parsing attributes in process `syz.1.601'. [ 221.101600][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.0.603'. [ 221.369375][ T7516] netlink: 'syz.0.605': attribute type 10 has an invalid length. [ 221.465767][ T7517] netlink: 'syz.3.606': attribute type 10 has an invalid length. [ 221.475757][ T7517] netlink: 40 bytes leftover after parsing attributes in process `syz.3.606'. [ 224.550960][ T7529] netlink: 132 bytes leftover after parsing attributes in process `syz.2.612'. [ 224.988011][ T7544] netlink: 'syz.3.617': attribute type 10 has an invalid length. [ 225.090516][ T7544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.617'. [ 225.267205][ T7552] netlink: 'syz.1.620': attribute type 10 has an invalid length. [ 225.874163][ T7560] netlink: 132 bytes leftover after parsing attributes in process `syz.3.623'. [ 226.167489][ T7573] netlink: 'syz.1.634': attribute type 10 has an invalid length. [ 226.229892][ T7572] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.628'. [ 226.483253][ T7582] netlink: 'syz.3.630': attribute type 10 has an invalid length. [ 226.516605][ T7582] netlink: 40 bytes leftover after parsing attributes in process `syz.3.630'. [ 227.006106][ T7587] netlink: 132 bytes leftover after parsing attributes in process `syz.0.635'. [ 227.691106][ T7608] netlink: 'syz.2.642': attribute type 10 has an invalid length. [ 227.699906][ T7608] netlink: 40 bytes leftover after parsing attributes in process `syz.2.642'. [ 228.096632][ T7615] netlink: 132 bytes leftover after parsing attributes in process `syz.2.647'. [ 228.140395][ T7618] netlink: 'syz.1.645': attribute type 10 has an invalid length. [ 229.406278][ T7642] netlink: 'syz.3.655': attribute type 10 has an invalid length. [ 229.416808][ T7642] netlink: 40 bytes leftover after parsing attributes in process `syz.3.655'. [ 229.498952][ T7644] tap0: tun_chr_ioctl cmd 1074025677 [ 229.510622][ T7644] tap0: linktype set to 774 [ 229.532624][ T7644] netlink: 156 bytes leftover after parsing attributes in process `syz.1.654'. [ 229.724978][ T7646] netlink: 132 bytes leftover after parsing attributes in process `syz.0.656'. [ 230.131021][ T7655] netlink: 'syz.0.658': attribute type 10 has an invalid length. [ 233.563761][ T7675] netlink: 'syz.0.665': attribute type 10 has an invalid length. [ 233.600398][ T7675] netlink: 40 bytes leftover after parsing attributes in process `syz.0.665'. [ 233.656950][ T7676] netlink: 132 bytes leftover after parsing attributes in process `syz.2.666'. [ 234.261021][ T7695] netlink: 'syz.2.674': attribute type 10 has an invalid length. [ 234.289109][ T7697] tap0: tun_chr_ioctl cmd 1074025677 [ 234.294915][ T7697] tap0: linktype set to 774 [ 234.306160][ T7697] netlink: 156 bytes leftover after parsing attributes in process `syz.0.671'. [ 234.493033][ T7702] netlink: 132 bytes leftover after parsing attributes in process `syz.3.678'. [ 234.709408][ T7704] netlink: 'syz.3.679': attribute type 10 has an invalid length. [ 234.719451][ T7704] netlink: 40 bytes leftover after parsing attributes in process `syz.3.679'. [ 237.707218][ T7724] netlink: 132 bytes leftover after parsing attributes in process `syz.2.687'. [ 237.886138][ T7728] netlink: 'syz.3.689': attribute type 10 has an invalid length. [ 237.918446][ T7728] netlink: 40 bytes leftover after parsing attributes in process `syz.3.689'. [ 238.040900][ T7736] netlink: 'syz.2.691': attribute type 10 has an invalid length. [ 241.267386][ T7752] netlink: 132 bytes leftover after parsing attributes in process `syz.3.699'. [ 241.492718][ T7761] netlink: 'syz.3.703': attribute type 10 has an invalid length. [ 241.517133][ T7761] netlink: 40 bytes leftover after parsing attributes in process `syz.3.703'. [ 241.770376][ T7769] netlink: 14975 bytes leftover after parsing attributes in process `syz.0.707'. [ 241.840944][ T51] Bluetooth: hci2: Dropping invalid advertising data [ 241.848749][ T51] Bluetooth: hci2: unknown advertising packet type: 0xdc [ 241.848787][ T51] Bluetooth: hci2: Malformed LE Event: 0x02 [ 242.035895][ T7774] netlink: 'syz.1.709': attribute type 10 has an invalid length. [ 242.163862][ T7778] netlink: 132 bytes leftover after parsing attributes in process `syz.3.711'. [ 242.850828][ T7793] netlink: 'syz.2.716': attribute type 10 has an invalid length. [ 242.858682][ T7793] netlink: 40 bytes leftover after parsing attributes in process `syz.2.716'. [ 243.047016][ T7800] netlink: 132 bytes leftover after parsing attributes in process `syz.0.720'. [ 243.678011][ T7819] netlink: 'syz.0.725': attribute type 10 has an invalid length. [ 244.089143][ T7833] netlink: 132 bytes leftover after parsing attributes in process `syz.2.733'. [ 244.212897][ T7834] netlink: 'syz.1.732': attribute type 10 has an invalid length. [ 244.247006][ T7834] netlink: 40 bytes leftover after parsing attributes in process `syz.1.732'. [ 245.259521][ T7858] netlink: 132 bytes leftover after parsing attributes in process `syz.3.745'. [ 245.389630][ T7864] netlink: 'syz.1.746': attribute type 10 has an invalid length. [ 245.847403][ T7874] netlink: 'syz.2.750': attribute type 10 has an invalid length. [ 245.858877][ T7874] netlink: 40 bytes leftover after parsing attributes in process `syz.2.750'. [ 246.330962][ T7889] netlink: 132 bytes leftover after parsing attributes in process `syz.2.756'. [ 246.832578][ T7907] netlink: 'syz.2.763': attribute type 10 has an invalid length. [ 246.840662][ T7907] netlink: 40 bytes leftover after parsing attributes in process `syz.2.763'. [ 247.565916][ T7919] netlink: 'syz.3.765': attribute type 10 has an invalid length. [ 247.597002][ T7918] netlink: 132 bytes leftover after parsing attributes in process `syz.1.768'. [ 248.244511][ T7935] netlink: 'syz.1.774': attribute type 10 has an invalid length. [ 248.263038][ T7935] netlink: 40 bytes leftover after parsing attributes in process `syz.1.774'. [ 248.874558][ T7943] netlink: 132 bytes leftover after parsing attributes in process `syz.2.778'. [ 249.038459][ T51] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 249.701871][ T7965] netlink: 'syz.0.784': attribute type 10 has an invalid length. [ 249.951158][ T7972] netlink: 132 bytes leftover after parsing attributes in process `syz.3.788'. [ 252.571678][ T7984] netlink: 'syz.2.790': attribute type 10 has an invalid length. [ 252.597802][ T7984] netlink: 40 bytes leftover after parsing attributes in process `syz.2.790'. [ 252.987883][ T7996] netlink: 60 bytes leftover after parsing attributes in process `syz.1.797'. [ 252.998571][ T7996] veth0_vlan: entered allmulticast mode [ 253.258190][ T8004] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.799'. [ 253.310470][ T8007] syzkaller0: refused to change device tx_queue_len [ 253.579784][ T8019] netlink: 'syz.3.806': attribute type 10 has an invalid length. [ 253.592340][ T8019] macvlan0: entered promiscuous mode [ 253.597910][ T8019] macvlan0: entered allmulticast mode [ 253.881954][ T8029] netlink: 'syz.1.810': attribute type 10 has an invalid length. [ 253.950038][ T8032] netlink: 132 bytes leftover after parsing attributes in process `syz.3.812'. [ 254.087673][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 254.990385][ T8049] netlink: 'syz.1.818': attribute type 10 has an invalid length. [ 254.998208][ T8049] netlink: 40 bytes leftover after parsing attributes in process `syz.1.818'. [ 255.037777][ T8051] netlink: 'syz.2.819': attribute type 3 has an invalid length. [ 255.074094][ T8051] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.819'. [ 255.420059][ T8058] netlink: 132 bytes leftover after parsing attributes in process `syz.0.822'. [ 255.488710][ T51] Bluetooth: hci1: unexpected subevent 0x0a length: 15 < 30 [ 255.943466][ T8072] netlink: 'syz.0.826': attribute type 10 has an invalid length. [ 256.002818][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.009310][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.663470][ T8080] netlink: 'syz.3.831': attribute type 3 has an invalid length. [ 256.683504][ T8080] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.831'. [ 256.804205][ T8085] netlink: 'syz.0.832': attribute type 10 has an invalid length. [ 256.843378][ T8085] netlink: 40 bytes leftover after parsing attributes in process `syz.0.832'. [ 256.878849][ T8089] netlink: 132 bytes leftover after parsing attributes in process `syz.1.834'. [ 256.910345][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 257.803964][ T8107] netlink: 'syz.2.840': attribute type 10 has an invalid length. [ 257.874251][ T51] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 258.020796][ T51] Bluetooth: hci2: unexpected subevent 0x0a length: 15 < 30 [ 258.104235][ T8115] netlink: 'syz.1.845': attribute type 3 has an invalid length. [ 258.132461][ T8115] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.845'. [ 258.185022][ T8120] netlink: 'syz.0.846': attribute type 10 has an invalid length. [ 258.196529][ T8120] netlink: 40 bytes leftover after parsing attributes in process `syz.0.846'. [ 258.207758][ T8119] netlink: 132 bytes leftover after parsing attributes in process `syz.3.847'. [ 259.612586][ T8141] netlink: 'syz.3.856': attribute type 3 has an invalid length. [ 259.621901][ T8141] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.856'. [ 259.735581][ T8145] netlink: 132 bytes leftover after parsing attributes in process `syz.2.857'. [ 259.955830][ T8153] netlink: 'syz.3.859': attribute type 10 has an invalid length. [ 259.989285][ T51] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 260.805069][ T8169] netlink: 132 bytes leftover after parsing attributes in process `syz.0.868'. [ 261.358374][ T8182] netlink: 'syz.1.872': attribute type 3 has an invalid length. [ 261.367682][ T8182] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.872'. [ 261.799500][ T51] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 261.936184][ T8193] netlink: 132 bytes leftover after parsing attributes in process `syz.2.877'. [ 261.950664][ T8195] netlink: 'syz.1.875': attribute type 10 has an invalid length. [ 262.337033][ T8207] netlink: 'syz.2.883': attribute type 3 has an invalid length. [ 262.360924][ T8207] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.883'. [ 262.968614][ T51] Bluetooth: hci2: unexpected subevent 0x0a length: 15 < 30 [ 263.133629][ T8224] netlink: 132 bytes leftover after parsing attributes in process `syz.3.891'. [ 263.303099][ T8228] netlink: 'syz.1.892': attribute type 3 has an invalid length. [ 263.311299][ T8228] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.892'. [ 263.500751][ T8238] netlink: 'syz.3.894': attribute type 10 has an invalid length. [ 263.521698][ T51] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 263.975346][ T51] Bluetooth: hci1: unexpected subevent 0x0a length: 15 < 30 [ 264.092013][ T8247] netlink: 132 bytes leftover after parsing attributes in process `syz.2.901'. [ 264.429391][ T8260] netlink: 'syz.3.904': attribute type 3 has an invalid length. [ 264.437594][ T8260] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.904'. [ 264.801373][ T8271] netlink: 132 bytes leftover after parsing attributes in process `syz.1.911'. [ 264.978457][ T8276] netlink: 'syz.0.912': attribute type 10 has an invalid length. [ 265.575756][ T8291] netlink: 'syz.1.918': attribute type 3 has an invalid length. [ 265.584289][ T8291] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.918'. [ 265.743558][ T51] Bluetooth: hci1: unexpected subevent 0x0a length: 15 < 30 [ 265.819797][ T8299] netlink: 132 bytes leftover after parsing attributes in process `syz.0.922'. [ 266.943638][ T8316] netlink: 'syz.0.929': attribute type 3 has an invalid length. [ 266.966078][ T8316] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.929'. [ 266.992357][ T51] Bluetooth: hci2: unexpected subevent 0x0a length: 15 < 30 [ 267.034142][ T8323] netlink: 'syz.2.931': attribute type 10 has an invalid length. [ 267.085762][ T8325] netlink: 132 bytes leftover after parsing attributes in process `syz.0.933'. [ 268.321843][ T8344] netlink: 'syz.3.941': attribute type 3 has an invalid length. [ 268.329679][ T8344] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.941'. [ 268.379750][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 268.524908][ T8350] netlink: 132 bytes leftover after parsing attributes in process `syz.0.944'. [ 268.896912][ T51] Bluetooth: hci1: unexpected subevent 0x0a length: 15 < 30 [ 268.994368][ T8367] netlink: 'syz.3.950': attribute type 10 has an invalid length. [ 269.312166][ T8375] netlink: 'syz.0.954': attribute type 3 has an invalid length. [ 269.320078][ T8375] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.954'. [ 269.609557][ T8386] netlink: 132 bytes leftover after parsing attributes in process `syz.0.959'. [ 269.751576][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 270.429686][ T8402] netlink: 'syz.0.965': attribute type 3 has an invalid length. [ 270.437767][ T8402] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.965'. [ 270.820391][ T8410] netlink: 132 bytes leftover after parsing attributes in process `syz.0.969'. [ 271.031499][ T8415] netlink: 'syz.3.970': attribute type 10 has an invalid length. [ 271.057944][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 272.165019][ T8431] netlink: 'syz.1.977': attribute type 3 has an invalid length. [ 272.210446][ T8431] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.977'. [ 272.411683][ T8437] netlink: 132 bytes leftover after parsing attributes in process `syz.2.980'. [ 272.931528][ T8456] netlink: 'syz.2.989': attribute type 3 has an invalid length. [ 272.946113][ T8456] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.989'. [ 273.535231][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 273.617945][ T8472] netlink: 132 bytes leftover after parsing attributes in process `syz.2.994'. [ 273.874973][ T8480] netlink: 'syz.2.998': attribute type 3 has an invalid length. [ 273.896907][ T8480] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.998'. [ 274.085421][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 274.762616][ T8495] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1005'. [ 274.994431][ T8505] netlink: 'syz.3.1010': attribute type 3 has an invalid length. [ 275.020338][ T8505] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1010'. [ 275.737031][ T8527] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1018'. [ 275.806879][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 275.924395][ T8533] netlink: 'syz.0.1022': attribute type 3 has an invalid length. [ 275.962880][ T8533] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1022'. [ 276.672554][ T8554] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1031'. [ 276.781234][ T51] Bluetooth: hci3: unexpected subevent 0x0a length: 15 < 30 [ 276.879740][ T8563] netlink: 'syz.3.1036': attribute type 3 has an invalid length. [ 276.888289][ T8563] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1036'. [ 277.763888][ T8590] netlink: 'syz.3.1047': attribute type 3 has an invalid length. [ 277.773665][ T8590] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1047'. [ 278.576504][ T51] Bluetooth: hci2: unexpected subevent 0x0a length: 15 < 30 [ 278.591814][ T8617] netlink: 'syz.0.1059': attribute type 3 has an invalid length. [ 278.599843][ T8617] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1059'. [ 279.279757][ T8637] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1067'. [ 279.532052][ T8646] netlink: 'syz.1.1069': attribute type 10 has an invalid length. [ 281.324680][ T8695] netlink: 'syz.1.1089': attribute type 10 has an invalid length. [ 281.539701][ T51] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 282.669025][ T51] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 282.715808][ T8739] netlink: 'syz.3.1108': attribute type 10 has an invalid length. [ 283.486577][ T8754] netlink: 'syz.1.1112': attribute type 10 has an invalid length. [ 283.720603][ T51] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 284.590975][ T8782] FAULT_INJECTION: forcing a failure. [ 284.590975][ T8782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 284.610363][ T8782] CPU: 0 PID: 8782 Comm: syz.1.1128 Not tainted syzkaller #0 [ 284.617944][ T8782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 284.628054][ T8782] Call Trace: [ 284.631375][ T8782] [ 284.634344][ T8782] dump_stack_lvl+0x18c/0x250 [ 284.639083][ T8782] ? show_regs_print_info+0x20/0x20 [ 284.644346][ T8782] ? load_image+0x420/0x420 [ 284.648913][ T8782] ? __lock_acquire+0x7d40/0x7d40 [ 284.654020][ T8782] should_fail_ex+0x39d/0x4d0 [ 284.658768][ T8782] _copy_from_user+0x2f/0xe0 [ 284.663419][ T8782] __copy_msghdr+0x3bb/0x580 [ 284.668072][ T8782] ___sys_sendmsg+0x214/0x360 [ 284.672835][ T8782] ? __sys_sendmsg+0x2a0/0x2a0 [ 284.677679][ T8782] ? trace_call_bpf+0xc3/0x6c0 [ 284.682537][ T8782] __se_sys_sendmsg+0x1c2/0x2b0 [ 284.687454][ T8782] ? __x64_sys_sendmsg+0x80/0x80 [ 284.692468][ T8782] ? lockdep_hardirqs_on+0x98/0x150 [ 284.697737][ T8782] do_syscall_64+0x55/0xb0 [ 284.702215][ T8782] ? clear_bhb_loop+0x40/0x90 [ 284.706965][ T8782] ? clear_bhb_loop+0x40/0x90 [ 284.711708][ T8782] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 284.717677][ T8782] RIP: 0033:0x7faa8959ce59 [ 284.722152][ T8782] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 284.741831][ T8782] RSP: 002b:00007faa8a47b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 284.750314][ T8782] RAX: ffffffffffffffda RBX: 00007faa89815fa0 RCX: 00007faa8959ce59 [ 284.758343][ T8782] RDX: 0000000004008040 RSI: 0000200000000200 RDI: 0000000000000003 [ 284.766364][ T8782] RBP: 00007faa8a47b090 R08: 0000000000000000 R09: 0000000000000000 [ 284.774393][ T8782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.782423][ T8782] R13: 00007faa89816038 R14: 00007faa89815fa0 R15: 00007ffcc7f4af58 [ 284.790475][ T8782] [ 284.817802][ T8789] netlink: 'syz.3.1125': attribute type 10 has an invalid length. [ 285.369252][ T51] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 285.665324][ T8808] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1138'. [ 285.836409][ T8815] netlink: 'syz.0.1139': attribute type 10 has an invalid length. [ 285.896768][ T8815] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1139'. [ 285.982532][ T8821] netlink: 'syz.2.1140': attribute type 10 has an invalid length. [ 286.045993][ T8822] netlink: 'syz.1.1142': attribute type 10 has an invalid length. [ 286.546709][ T8828] FAULT_INJECTION: forcing a failure. [ 286.546709][ T8828] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 286.567082][ T8828] CPU: 1 PID: 8828 Comm: syz.0.1145 Not tainted syzkaller #0 [ 286.574542][ T8828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 286.584662][ T8828] Call Trace: [ 286.587988][ T8828] [ 286.590961][ T8828] dump_stack_lvl+0x18c/0x250 [ 286.595707][ T8828] ? show_regs_print_info+0x20/0x20 [ 286.600974][ T8828] ? load_image+0x420/0x420 [ 286.605544][ T8828] ? __lock_acquire+0x7d40/0x7d40 [ 286.610627][ T8828] ? lockdep_hardirqs_on+0x98/0x150 [ 286.615899][ T8828] should_fail_ex+0x39d/0x4d0 [ 286.620652][ T8828] _copy_from_user+0x2f/0xe0 [ 286.625303][ T8828] __copy_msghdr+0x3bb/0x580 [ 286.629954][ T8828] ___sys_sendmsg+0x214/0x360 [ 286.634692][ T8828] ? __sys_sendmsg+0x2a0/0x2a0 [ 286.639588][ T8828] __se_sys_sendmsg+0x1c2/0x2b0 [ 286.644501][ T8828] ? __x64_sys_sendmsg+0x80/0x80 [ 286.649499][ T8828] ? syscall_enter_from_user_mode+0x2e/0x80 [ 286.655422][ T8828] do_syscall_64+0x55/0xb0 [ 286.659856][ T8828] ? clear_bhb_loop+0x40/0x90 [ 286.664609][ T8828] ? clear_bhb_loop+0x40/0x90 [ 286.669310][ T8828] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 286.675224][ T8828] RIP: 0033:0x7f5e32d9ce59 [ 286.679664][ T8828] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 286.699305][ T8828] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 286.707789][ T8828] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 286.715820][ T8828] RDX: 0000000004000084 RSI: 0000200000000580 RDI: 0000000000000009 [ 286.723887][ T8828] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 286.731931][ T8828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 286.739957][ T8828] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 286.747998][ T8828] [ 286.896137][ T51] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 287.061094][ T8844] netlink: 'syz.3.1151': attribute type 10 has an invalid length. [ 287.077560][ T8844] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1151'. [ 287.088290][ T8843] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1150'. [ 287.645372][ T8862] netlink: 'syz.2.1157': attribute type 10 has an invalid length. [ 287.683844][ T8863] netlink: 'syz.0.1156': attribute type 10 has an invalid length. [ 287.859579][ T51] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 288.122443][ T8875] netlink: 'syz.3.1162': attribute type 10 has an invalid length. [ 288.178917][ T8875] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1162'. [ 288.191498][ T8877] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1164'. [ 288.924583][ T51] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 288.955856][ T8899] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1173'. [ 289.073325][ T8900] netlink: 'syz.0.1174': attribute type 10 has an invalid length. [ 289.202854][ T8905] netlink: 'syz.2.1176': attribute type 10 has an invalid length. [ 289.251991][ T8905] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1176'. [ 289.292371][ T8904] netlink: 201356 bytes leftover after parsing attributes in process `syz.1.1175'. [ 289.311709][ T8904] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4. [ 290.012602][ T51] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 290.214427][ T8933] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1186'. [ 290.339046][ T8936] netlink: 'syz.0.1187': attribute type 10 has an invalid length. [ 291.329003][ T8954] netlink: 'syz.3.1193': attribute type 10 has an invalid length. [ 291.391916][ T51] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 291.677992][ T8964] __nla_validate_parse: 1 callbacks suppressed [ 291.678225][ T8964] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1198'. [ 291.933294][ T8970] netlink: 'syz.2.1200': attribute type 10 has an invalid length. [ 291.961807][ T8970] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1200'. [ 292.104650][ T8974] FAULT_INJECTION: forcing a failure. [ 292.104650][ T8974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.144739][ T8974] CPU: 0 PID: 8974 Comm: syz.1.1201 Not tainted syzkaller #0 [ 292.152213][ T8974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 292.162339][ T8974] Call Trace: [ 292.165672][ T8974] [ 292.168639][ T8974] dump_stack_lvl+0x18c/0x250 [ 292.173378][ T8974] ? show_regs_print_info+0x20/0x20 [ 292.178640][ T8974] ? load_image+0x420/0x420 [ 292.183188][ T8974] ? __might_fault+0xaa/0x120 [ 292.187916][ T8974] ? __lock_acquire+0x7d40/0x7d40 [ 292.192998][ T8974] should_fail_ex+0x39d/0x4d0 [ 292.197740][ T8974] _copy_from_iter+0x1d9/0x12e0 [ 292.202648][ T8974] ? __virt_addr_valid+0x18c/0x540 [ 292.207816][ T8974] ? __lock_acquire+0x7d40/0x7d40 [ 292.212987][ T8974] ? copyout_mc+0x70/0x70 [ 292.217374][ T8974] ? __virt_addr_valid+0x18c/0x540 [ 292.222533][ T8974] ? __virt_addr_valid+0x18c/0x540 [ 292.227694][ T8974] ? __virt_addr_valid+0x469/0x540 [ 292.232941][ T8974] ? __check_object_size+0x506/0xa20 [ 292.238450][ T8974] kernfs_fop_write_iter+0x1a4/0x520 [ 292.243804][ T8974] vfs_write+0x46c/0x990 [ 292.248112][ T8974] ? file_end_write+0x250/0x250 [ 292.253021][ T8974] ? __fget_files+0x43d/0x4b0 [ 292.257764][ T8974] ? __fdget_pos+0x2a3/0x330 [ 292.262415][ T8974] ? ksys_write+0x75/0x260 [ 292.266916][ T8974] ksys_write+0x150/0x260 [ 292.271309][ T8974] ? __ia32_sys_read+0x90/0x90 [ 292.276134][ T8974] ? lockdep_hardirqs_on+0x98/0x150 [ 292.281396][ T8974] do_syscall_64+0x55/0xb0 [ 292.285861][ T8974] ? clear_bhb_loop+0x40/0x90 [ 292.290593][ T8974] ? clear_bhb_loop+0x40/0x90 [ 292.295328][ T8974] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 292.301273][ T8974] RIP: 0033:0x7faa8959ce59 [ 292.305729][ T8974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 292.325471][ T8974] RSP: 002b:00007faa8a439028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 292.333951][ T8974] RAX: ffffffffffffffda RBX: 00007faa89816180 RCX: 00007faa8959ce59 [ 292.342000][ T8974] RDX: 0000000000000012 RSI: 00002000000000c0 RDI: 000000000000000a [ 292.350022][ T8974] RBP: 00007faa8a439090 R08: 0000000000000000 R09: 0000000000000000 [ 292.358054][ T8974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.366164][ T8974] R13: 00007faa89816218 R14: 00007faa89816180 R15: 00007ffcc7f4af58 [ 292.374219][ T8974] [ 292.931216][ T51] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 293.291267][ T8993] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1209'. [ 293.591183][ T9003] netlink: 'syz.0.1211': attribute type 10 has an invalid length. [ 293.599111][ T9003] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1211'. [ 293.701238][ T9004] netlink: 'syz.1.1213': attribute type 10 has an invalid length. [ 293.777560][ T9000] netlink: 201356 bytes leftover after parsing attributes in process `syz.2.1212'. [ 293.797730][ T9000] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4. [ 294.520599][ T9017] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1219'. [ 294.871878][ T9035] netlink: 'syz.1.1224': attribute type 10 has an invalid length. [ 294.879973][ T9035] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1224'. [ 295.162620][ T9038] netlink: 'syz.3.1225': attribute type 10 has an invalid length. [ 295.549467][ T9044] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1227'. [ 295.586523][ T51] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 295.765796][ T9046] netlink: 'syz.1.1229': attribute type 29 has an invalid length. [ 295.778188][ T9049] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1230'. [ 295.788569][ T9046] netlink: 'syz.1.1229': attribute type 29 has an invalid length. [ 296.078834][ T9059] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 296.420329][ T9067] netlink: 'syz.1.1236': attribute type 10 has an invalid length. [ 296.449321][ T9067] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1236'. [ 296.846704][ T9079] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1239'. [ 297.079367][ T9090] netlink: 'syz.3.1242': attribute type 10 has an invalid length. [ 297.514155][ T9102] netlink: 'syz.1.1247': attribute type 10 has an invalid length. [ 298.054256][ T9106] netlink: 201356 bytes leftover after parsing attributes in process `syz.0.1248'. [ 298.078397][ T9106] openvswitch: netlink: Geneve opt len 5 is not a multiple of 4. [ 298.494675][ T9114] FAULT_INJECTION: forcing a failure. [ 298.494675][ T9114] name failslab, interval 1, probability 0, space 0, times 0 [ 298.508497][ T9114] CPU: 0 PID: 9114 Comm: syz.2.1251 Not tainted syzkaller #0 [ 298.515949][ T9114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 298.526150][ T9114] Call Trace: [ 298.529485][ T9114] [ 298.532819][ T9114] dump_stack_lvl+0x18c/0x250 [ 298.537574][ T9114] ? show_regs_print_info+0x20/0x20 [ 298.542846][ T9114] ? load_image+0x420/0x420 [ 298.547394][ T9114] ? __might_sleep+0xe0/0xe0 [ 298.552044][ T9114] ? __lock_acquire+0x7d40/0x7d40 [ 298.557125][ T9114] should_fail_ex+0x39d/0x4d0 [ 298.561863][ T9114] should_failslab+0x9/0x20 [ 298.566411][ T9114] slab_pre_alloc_hook+0x59/0x310 [ 298.571486][ T9114] ? tomoyo_encode+0x28b/0x540 [ 298.576292][ T9114] ? tomoyo_encode+0x28b/0x540 [ 298.581089][ T9114] __kmem_cache_alloc_node+0x53/0x250 [ 298.586519][ T9114] ? tomoyo_encode+0x28b/0x540 [ 298.591336][ T9114] __kmalloc+0xa4/0x230 [ 298.595547][ T9114] tomoyo_encode+0x28b/0x540 [ 298.600188][ T9114] tomoyo_realpath_from_path+0x592/0x5d0 [ 298.605877][ T9114] tomoyo_path_number_perm+0x248/0x620 [ 298.611377][ T9114] ? tomoyo_path_number_perm+0x217/0x620 [ 298.617045][ T9114] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 298.622542][ T9114] ? ksys_write+0x1c4/0x260 [ 298.627126][ T9114] ? __fget_files+0x28/0x4b0 [ 298.631762][ T9114] ? __fget_files+0x28/0x4b0 [ 298.636417][ T9114] security_file_ioctl+0x70/0xa0 [ 298.642812][ T9114] __se_sys_ioctl+0x48/0x170 [ 298.647509][ T9114] do_syscall_64+0x55/0xb0 [ 298.651979][ T9114] ? clear_bhb_loop+0x40/0x90 [ 298.656710][ T9114] ? clear_bhb_loop+0x40/0x90 [ 298.661449][ T9114] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 298.667392][ T9114] RIP: 0033:0x7fd7c719ce59 [ 298.671851][ T9114] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 298.691508][ T9114] RSP: 002b:00007fd7c813e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 298.699976][ T9114] RAX: ffffffffffffffda RBX: 00007fd7c7415fa0 RCX: 00007fd7c719ce59 [ 298.707978][ T9114] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000008 [ 298.715989][ T9114] RBP: 00007fd7c813e090 R08: 0000000000000000 R09: 0000000000000000 [ 298.724008][ T9114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.732016][ T9114] R13: 00007fd7c7416038 R14: 00007fd7c7415fa0 R15: 00007ffc9a2cfe48 [ 298.740042][ T9114] [ 298.761243][ T9114] ERROR: Out of memory at tomoyo_realpath_from_path. [ 299.172034][ T78] wlan1: Trigger new scan to find an IBSS to join [ 299.275412][ T9140] netlink: 'syz.2.1258': attribute type 10 has an invalid length. [ 299.435552][ T9146] FAULT_INJECTION: forcing a failure. [ 299.435552][ T9146] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 299.461498][ T9146] CPU: 1 PID: 9146 Comm: syz.1.1261 Not tainted syzkaller #0 [ 299.469043][ T9146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 299.479155][ T9146] Call Trace: [ 299.482477][ T9146] [ 299.485449][ T9146] dump_stack_lvl+0x18c/0x250 [ 299.490197][ T9146] ? show_regs_print_info+0x20/0x20 [ 299.491888][ T9141] FAULT_INJECTION: forcing a failure. [ 299.491888][ T9141] name failslab, interval 1, probability 0, space 0, times 0 [ 299.495424][ T9146] ? load_image+0x420/0x420 [ 299.495474][ T9146] ? __lock_acquire+0x7d40/0x7d40 [ 299.495503][ T9146] ? snprintf+0xe9/0x140 [ 299.495540][ T9146] should_fail_ex+0x39d/0x4d0 [ 299.495581][ T9146] _copy_to_user+0x2f/0xa0 [ 299.495611][ T9146] simple_read_from_buffer+0xe7/0x150 [ 299.495652][ T9146] proc_fail_nth_read+0x1e8/0x260 [ 299.495686][ T9146] ? proc_fault_inject_write+0x360/0x360 [ 299.495722][ T9146] ? fsnotify_perm+0x271/0x5e0 [ 299.495743][ T9146] ? proc_fault_inject_write+0x360/0x360 [ 299.495776][ T9146] vfs_read+0x28b/0x970 [ 299.495812][ T9146] ? kernel_read+0x1e0/0x1e0 [ 299.495842][ T9146] ? __fget_files+0x28/0x4b0 [ 299.495870][ T9146] ? __fget_files+0x28/0x4b0 [ 299.495899][ T9146] ? __fget_files+0x43d/0x4b0 [ 299.495938][ T9146] ? __fdget_pos+0x2a3/0x330 [ 299.495965][ T9146] ? ksys_read+0x75/0x260 [ 299.495997][ T9146] ksys_read+0x150/0x260 [ 299.496030][ T9146] ? vfs_write+0x990/0x990 [ 299.496063][ T9146] ? lockdep_hardirqs_on+0x98/0x150 [ 299.496098][ T9146] do_syscall_64+0x55/0xb0 [ 299.496122][ T9146] ? clear_bhb_loop+0x40/0x90 [ 299.496154][ T9146] ? clear_bhb_loop+0x40/0x90 [ 299.496188][ T9146] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 299.496218][ T9146] RIP: 0033:0x7faa8955d68e [ 299.496240][ T9146] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 299.496259][ T9146] RSP: 002b:00007faa8a459fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 299.496283][ T9146] RAX: ffffffffffffffda RBX: 00007faa8a45a6c0 RCX: 00007faa8955d68e [ 299.496300][ T9146] RDX: 000000000000000f RSI: 00007faa8a45a0a0 RDI: 0000000000000006 [ 299.496315][ T9146] RBP: 00007faa8a45a090 R08: 0000000000000000 R09: 0000000000000000 [ 299.496329][ T9146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.496342][ T9146] R13: 00007faa89816128 R14: 00007faa89816090 R15: 00007ffcc7f4af58 [ 299.496394][ T9146] [ 299.801604][ T9148] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1262'. [ 299.952361][ T9141] CPU: 0 PID: 9141 Comm: syz.0.1260 Not tainted syzkaller #0 [ 299.959788][ T9141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 299.969879][ T9141] Call Trace: [ 299.973191][ T9141] [ 299.976154][ T9141] dump_stack_lvl+0x18c/0x250 [ 299.980879][ T9141] ? show_regs_print_info+0x20/0x20 [ 299.986131][ T9141] ? load_image+0x420/0x420 [ 299.990670][ T9141] ? __might_sleep+0xe0/0xe0 [ 299.995303][ T9141] ? __lock_acquire+0x7d40/0x7d40 [ 300.000368][ T9141] should_fail_ex+0x39d/0x4d0 [ 300.005093][ T9141] should_failslab+0x9/0x20 [ 300.009641][ T9141] slab_pre_alloc_hook+0x59/0x310 [ 300.014727][ T9141] ? tomoyo_encode+0x28b/0x540 [ 300.019525][ T9141] ? tomoyo_encode+0x28b/0x540 [ 300.024330][ T9141] __kmem_cache_alloc_node+0x53/0x250 [ 300.029749][ T9141] ? tomoyo_encode+0x28b/0x540 [ 300.034551][ T9141] __kmalloc+0xa4/0x230 [ 300.038745][ T9141] tomoyo_encode+0x28b/0x540 [ 300.043456][ T9141] tomoyo_realpath_from_path+0x592/0x5d0 [ 300.049137][ T9141] tomoyo_path_number_perm+0x248/0x620 [ 300.054632][ T9141] ? tomoyo_path_number_perm+0x217/0x620 [ 300.060294][ T9141] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 300.065788][ T9141] ? trace_call_bpf+0xc3/0x6c0 [ 300.070622][ T9141] ? trace_call_bpf+0xc3/0x6c0 [ 300.075470][ T9141] ? trace_call_bpf+0x5e9/0x6c0 [ 300.080402][ T9141] ? __fget_files+0x28/0x4b0 [ 300.085033][ T9141] ? __fget_files+0x28/0x4b0 [ 300.089673][ T9141] security_file_ioctl+0x70/0xa0 [ 300.094650][ T9141] __se_sys_ioctl+0x48/0x170 [ 300.099467][ T9141] do_syscall_64+0x55/0xb0 [ 300.103914][ T9141] ? clear_bhb_loop+0x40/0x90 [ 300.108634][ T9141] ? clear_bhb_loop+0x40/0x90 [ 300.113367][ T9141] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 300.119303][ T9141] RIP: 0033:0x7f5e32d9ce59 [ 300.123751][ T9141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 300.143406][ T9141] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.151870][ T9141] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 300.159876][ T9141] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000006 [ 300.167890][ T9141] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 300.175891][ T9141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.183920][ T9141] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 300.191948][ T9141] [ 300.234139][ T9141] ERROR: Out of memory at tomoyo_realpath_from_path. [ 301.184612][ T9176] netlink: 'syz.0.1271': attribute type 10 has an invalid length. [ 301.241705][ T9178] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1273'. [ 301.407692][ T9182] FAULT_INJECTION: forcing a failure. [ 301.407692][ T9182] name failslab, interval 1, probability 0, space 0, times 0 [ 301.420777][ T9182] CPU: 1 PID: 9182 Comm: syz.3.1275 Not tainted syzkaller #0 [ 301.428366][ T9182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 301.438472][ T9182] Call Trace: [ 301.441815][ T9182] [ 301.444804][ T9182] dump_stack_lvl+0x18c/0x250 [ 301.449551][ T9182] ? show_regs_print_info+0x20/0x20 [ 301.454797][ T9182] ? load_image+0x420/0x420 [ 301.459405][ T9182] ? __might_sleep+0xe0/0xe0 [ 301.464053][ T9182] ? __lock_acquire+0x7d40/0x7d40 [ 301.469138][ T9182] should_fail_ex+0x39d/0x4d0 [ 301.473898][ T9182] should_failslab+0x9/0x20 [ 301.478464][ T9182] slab_pre_alloc_hook+0x59/0x310 [ 301.483589][ T9182] kmem_cache_alloc+0x5a/0x2d0 [ 301.488434][ T9182] ? getname_flags+0xbb/0x500 [ 301.493207][ T9182] getname_flags+0xbb/0x500 [ 301.497804][ T9182] user_path_at_empty+0x2c/0x60 [ 301.502707][ T9182] bpf_obj_get_user+0xbf/0x480 [ 301.507528][ T9182] ? bpf_obj_pin_user+0x330/0x330 [ 301.512602][ T9182] ? __might_fault+0xaa/0x120 [ 301.517389][ T9182] __sys_bpf+0x770/0x890 [ 301.521701][ T9182] ? bpf_link_show_fdinfo+0x390/0x390 [ 301.527144][ T9182] ? lock_chain_count+0x20/0x20 [ 301.532093][ T9182] __x64_sys_bpf+0x7c/0x90 [ 301.536576][ T9182] do_syscall_64+0x55/0xb0 [ 301.541019][ T9182] ? clear_bhb_loop+0x40/0x90 [ 301.545836][ T9182] ? clear_bhb_loop+0x40/0x90 [ 301.550582][ T9182] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 301.556535][ T9182] RIP: 0033:0x7fc7ef19ce59 [ 301.561014][ T9182] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 301.580687][ T9182] RSP: 002b:00007fc7f00df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 301.589194][ T9182] RAX: ffffffffffffffda RBX: 00007fc7ef415fa0 RCX: 00007fc7ef19ce59 [ 301.597239][ T9182] RDX: 0000000000000018 RSI: 0000200000000180 RDI: 0000000000000007 [ 301.605278][ T9182] RBP: 00007fc7f00df090 R08: 0000000000000000 R09: 0000000000000000 [ 301.613305][ T9182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.621348][ T9182] R13: 00007fc7ef416038 R14: 00007fc7ef415fa0 R15: 00007ffcef765ae8 [ 301.629425][ T9182] [ 302.206649][ T9196] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 302.435223][ T9204] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1284'. [ 302.873549][ T9218] netlink: 'syz.2.1288': attribute type 10 has an invalid length. [ 303.191908][ T2987] wlan1: Trigger new scan to find an IBSS to join [ 303.659532][ T9225] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 304.026165][ T9241] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1296'. [ 304.139916][ T32] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 304.632569][ T9255] netlink: 'syz.0.1302': attribute type 10 has an invalid length. [ 305.309331][ T9264] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 305.854006][ T9286] FAULT_INJECTION: forcing a failure. [ 305.854006][ T9286] name failslab, interval 1, probability 0, space 0, times 0 [ 305.867093][ T9286] CPU: 1 PID: 9286 Comm: syz.2.1317 Not tainted syzkaller #0 [ 305.874535][ T9286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 305.884657][ T9286] Call Trace: [ 305.887985][ T9286] [ 305.890959][ T9286] dump_stack_lvl+0x18c/0x250 [ 305.895691][ T9286] ? show_regs_print_info+0x20/0x20 [ 305.900943][ T9286] ? load_image+0x420/0x420 [ 305.905497][ T9286] ? __might_sleep+0xe0/0xe0 [ 305.910147][ T9286] ? __lock_acquire+0x7d40/0x7d40 [ 305.915246][ T9286] should_fail_ex+0x39d/0x4d0 [ 305.919993][ T9286] should_failslab+0x9/0x20 [ 305.924550][ T9286] slab_pre_alloc_hook+0x59/0x310 [ 305.929634][ T9286] ? tomoyo_encode+0x28b/0x540 [ 305.934453][ T9286] ? tomoyo_encode+0x28b/0x540 [ 305.939273][ T9286] __kmem_cache_alloc_node+0x53/0x250 [ 305.944709][ T9286] ? tomoyo_encode+0x28b/0x540 [ 305.949528][ T9286] __kmalloc+0xa4/0x230 [ 305.953744][ T9286] tomoyo_encode+0x28b/0x540 [ 305.958399][ T9286] tomoyo_realpath_from_path+0x592/0x5d0 [ 305.964104][ T9286] tomoyo_path_number_perm+0x248/0x620 [ 305.969614][ T9286] ? tomoyo_path_number_perm+0x217/0x620 [ 305.975294][ T9286] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 305.980819][ T9286] ? ksys_write+0x1c4/0x260 [ 305.985420][ T9286] ? __fget_files+0x28/0x4b0 [ 305.990060][ T9286] ? __fget_files+0x28/0x4b0 [ 305.994730][ T9286] security_file_ioctl+0x70/0xa0 [ 305.999738][ T9286] __se_sys_ioctl+0x48/0x170 [ 306.004394][ T9286] do_syscall_64+0x55/0xb0 [ 306.008870][ T9286] ? clear_bhb_loop+0x40/0x90 [ 306.013605][ T9286] ? clear_bhb_loop+0x40/0x90 [ 306.018342][ T9286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 306.024301][ T9286] RIP: 0033:0x7fd7c719ce59 [ 306.028755][ T9286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 306.048513][ T9286] RSP: 002b:00007fd7c813e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 306.057004][ T9286] RAX: ffffffffffffffda RBX: 00007fd7c7415fa0 RCX: 00007fd7c719ce59 [ 306.065023][ T9286] RDX: 0000000000000000 RSI: 000000004008240b RDI: 0000000000000003 [ 306.073038][ T9286] RBP: 00007fd7c813e090 R08: 0000000000000000 R09: 0000000000000000 [ 306.081048][ T9286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.089059][ T9286] R13: 00007fd7c7416038 R14: 00007fd7c7415fa0 R15: 00007ffc9a2cfe48 [ 306.097102][ T9286] [ 306.117435][ T9286] ERROR: Out of memory at tomoyo_realpath_from_path. [ 306.130962][ T2987] wlan1: Trigger new scan to find an IBSS to join [ 306.170613][ T32] wlan1: Trigger new scan to find an IBSS to join [ 306.392491][ T9291] netlink: 'syz.2.1318': attribute type 10 has an invalid length. [ 306.790062][ T9297] FAULT_INJECTION: forcing a failure. [ 306.790062][ T9297] name failslab, interval 1, probability 0, space 0, times 0 [ 306.804012][ T9297] CPU: 1 PID: 9297 Comm: syz.0.1321 Not tainted syzkaller #0 [ 306.811467][ T9297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 306.821585][ T9297] Call Trace: [ 306.824920][ T9297] [ 306.827903][ T9297] dump_stack_lvl+0x18c/0x250 [ 306.832753][ T9297] ? show_regs_print_info+0x20/0x20 [ 306.838103][ T9297] ? load_image+0x420/0x420 [ 306.842663][ T9297] ? __might_sleep+0xe0/0xe0 [ 306.847324][ T9297] ? __lock_acquire+0x7d40/0x7d40 [ 306.852421][ T9297] should_fail_ex+0x39d/0x4d0 [ 306.857170][ T9297] should_failslab+0x9/0x20 [ 306.861745][ T9297] slab_pre_alloc_hook+0x59/0x310 [ 306.866845][ T9297] ? tomoyo_encode+0x28b/0x540 [ 306.871675][ T9297] ? tomoyo_encode+0x28b/0x540 [ 306.876505][ T9297] __kmem_cache_alloc_node+0x53/0x250 [ 306.881960][ T9297] ? tomoyo_encode+0x28b/0x540 [ 306.886785][ T9297] __kmalloc+0xa4/0x230 [ 306.891008][ T9297] tomoyo_encode+0x28b/0x540 [ 306.895656][ T9297] tomoyo_realpath_from_path+0x592/0x5d0 [ 306.901368][ T9297] tomoyo_path_number_perm+0x248/0x620 [ 306.906893][ T9297] ? tomoyo_path_number_perm+0x217/0x620 [ 306.912587][ T9297] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 306.918170][ T9297] ? trace_call_bpf+0xc3/0x6c0 [ 306.922974][ T9297] ? trace_call_bpf+0x5e9/0x6c0 [ 306.927883][ T9297] ? __fget_files+0x28/0x4b0 [ 306.932515][ T9297] ? __fget_files+0x28/0x4b0 [ 306.937146][ T9297] security_file_ioctl+0x70/0xa0 [ 306.942121][ T9297] __se_sys_ioctl+0x48/0x170 [ 306.946743][ T9297] do_syscall_64+0x55/0xb0 [ 306.951191][ T9297] ? clear_bhb_loop+0x40/0x90 [ 306.955902][ T9297] ? clear_bhb_loop+0x40/0x90 [ 306.960628][ T9297] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 306.966573][ T9297] RIP: 0033:0x7f5e32d9ce59 [ 306.971024][ T9297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 306.990677][ T9297] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 306.999124][ T9297] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 307.007127][ T9297] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 000000000000002f [ 307.015126][ T9297] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 307.023125][ T9297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.031136][ T9297] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 307.039148][ T9297] [ 307.064680][ T9297] ERROR: Out of memory at tomoyo_realpath_from_path. [ 308.137055][ T32] wlan1: Trigger new scan to find an IBSS to join [ 308.366560][ T9321] netlink: 'syz.3.1331': attribute type 10 has an invalid length. [ 308.384928][ T9321] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1331'. [ 308.406036][ T9321] hsr0: entered promiscuous mode [ 308.420695][ T9321] bridge0: port 4(hsr0) entered blocking state [ 308.434659][ T9321] bridge0: port 4(hsr0) entered disabled state [ 308.443648][ T9321] hsr0: entered allmulticast mode [ 308.449884][ T9321] hsr_slave_0: entered allmulticast mode [ 308.458455][ T9321] hsr_slave_1: entered allmulticast mode [ 308.553324][ T9321] bridge0: port 4(hsr0) entered blocking state [ 308.564968][ T9321] bridge0: port 4(hsr0) entered forwarding state [ 311.090485][ T49] wlan1: Trigger new scan to find an IBSS to join [ 311.097764][ T32] wlan1: Trigger new scan to find an IBSS to join [ 313.090545][ T49] wlan1: Trigger new scan to find an IBSS to join [ 314.264166][ T78] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 314.273221][ T32] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 314.282316][ T2987] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 314.545036][ T9360] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1342'. [ 314.635817][ T9363] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1343'. [ 314.852381][ T9368] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.1346'. [ 314.875769][ T9368] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.1346'. [ 317.440315][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.446674][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.368279][ T9397] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1356'. [ 318.384990][ T9398] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1357'. [ 319.613210][ T9423] netlink: 'syz.1.1364': attribute type 10 has an invalid length. [ 319.622827][ T9423] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1364'. [ 319.633629][ T9423] hsr0: entered promiscuous mode [ 319.647579][ T9423] bridge0: port 4(hsr0) entered blocking state [ 319.658296][ T9423] bridge0: port 4(hsr0) entered disabled state [ 319.685197][ T9423] hsr0: entered allmulticast mode [ 319.692555][ T9423] hsr_slave_0: entered allmulticast mode [ 319.709698][ T9423] hsr_slave_1: entered allmulticast mode [ 319.831780][ T9423] bridge0: port 4(hsr0) entered blocking state [ 319.838894][ T9423] bridge0: port 4(hsr0) entered forwarding state [ 322.240601][ T9437] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1369'. [ 322.268323][ T9438] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1371'. [ 326.148646][ T9469] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1382'. [ 326.224212][ T9468] FAULT_INJECTION: forcing a failure. [ 326.224212][ T9468] name failslab, interval 1, probability 0, space 0, times 0 [ 326.254845][ T9468] CPU: 1 PID: 9468 Comm: syz.0.1381 Not tainted syzkaller #0 [ 326.262359][ T9468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 326.272468][ T9468] Call Trace: [ 326.275813][ T9468] [ 326.278848][ T9468] dump_stack_lvl+0x18c/0x250 [ 326.283584][ T9468] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 326.289789][ T9468] ? show_regs_print_info+0x20/0x20 [ 326.295021][ T9468] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 326.301221][ T9468] ? dump_stack+0x9/0x20 [ 326.305507][ T9468] should_fail_ex+0x39d/0x4d0 [ 326.310253][ T9468] should_failslab+0x9/0x20 [ 326.314861][ T9468] slab_pre_alloc_hook+0x59/0x310 [ 326.319942][ T9468] ? sock_write_iter+0x2df/0x420 [ 326.324923][ T9468] ? vfs_write+0x46c/0x990 [ 326.329479][ T9468] ? ksys_write+0x150/0x260 [ 326.334030][ T9468] kmem_cache_alloc_node+0x60/0x320 [ 326.339272][ T9468] ? alloc_vmap_area+0x1b4/0x1e30 [ 326.344338][ T9468] alloc_vmap_area+0x1b4/0x1e30 [ 326.349241][ T9468] ? vm_map_ram+0xcb0/0xcb0 [ 326.353786][ T9468] ? rcu_is_watching+0x15/0xb0 [ 326.358587][ T9468] __get_vm_area_node+0x162/0x370 [ 326.363690][ T9468] __vmalloc_node_range+0x36e/0x1330 [ 326.369012][ T9468] ? netlink_sendmsg+0x602/0xbf0 [ 326.373976][ T9468] ? netlink_insert+0x109f/0x13a0 [ 326.379059][ T9468] ? netlink_data_ready+0x10/0x10 [ 326.384122][ T9468] ? free_vm_area+0x50/0x50 [ 326.388663][ T9468] ? netlink_sendmsg+0x602/0xbf0 [ 326.393633][ T9468] vmalloc+0x79/0x90 [ 326.397566][ T9468] ? netlink_sendmsg+0x602/0xbf0 [ 326.402618][ T9468] netlink_sendmsg+0x602/0xbf0 [ 326.407409][ T9468] ? lockdep_hardirqs_on+0x98/0x150 [ 326.412659][ T9468] ? netlink_getsockopt+0x590/0x590 [ 326.417890][ T9468] ? security_socket_sendmsg+0x37/0xa0 [ 326.423386][ T9468] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 326.428713][ T9468] ? security_socket_sendmsg+0x80/0xa0 [ 326.434216][ T9468] sock_write_iter+0x2df/0x420 [ 326.439032][ T9468] ? sock_read_iter+0x3e0/0x3e0 [ 326.443937][ T9468] ? common_file_perm+0x198/0x1f0 [ 326.449013][ T9468] vfs_write+0x46c/0x990 [ 326.453300][ T9468] ? file_end_write+0x250/0x250 [ 326.458186][ T9468] ? __fget_files+0x43d/0x4b0 [ 326.462904][ T9468] ? __fdget_pos+0x1d8/0x330 [ 326.467528][ T9468] ? ksys_write+0x75/0x260 [ 326.471976][ T9468] ksys_write+0x150/0x260 [ 326.476341][ T9468] ? __ia32_sys_read+0x90/0x90 [ 326.481146][ T9468] ? lockdep_hardirqs_on+0x98/0x150 [ 326.486379][ T9468] do_syscall_64+0x55/0xb0 [ 326.490826][ T9468] ? clear_bhb_loop+0x40/0x90 [ 326.495544][ T9468] ? clear_bhb_loop+0x40/0x90 [ 326.500260][ T9468] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 326.506189][ T9468] RIP: 0033:0x7f5e32d9ce59 [ 326.510642][ T9468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.530288][ T9468] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 326.538773][ T9468] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 326.546776][ T9468] RDX: 000000000000fdef RSI: 0000200000000200 RDI: 000000000000000c [ 326.554771][ T9468] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 326.562772][ T9468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.570852][ T9468] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 326.578866][ T9468] [ 326.667432][ T9468] syz.0.1381: vmalloc error: size 65344, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 326.732235][ T9468] CPU: 1 PID: 9468 Comm: syz.0.1381 Not tainted syzkaller #0 [ 326.739707][ T9468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 326.749821][ T9468] Call Trace: [ 326.753148][ T9468] [ 326.756123][ T9468] dump_stack_lvl+0x18c/0x250 [ 326.760856][ T9468] ? show_regs_print_info+0x20/0x20 [ 326.766110][ T9468] ? load_image+0x420/0x420 [ 326.770666][ T9468] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 326.777139][ T9468] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 326.783809][ T9468] warn_alloc+0x246/0x340 [ 326.788195][ T9468] ? slab_free_freelist_hook+0x130/0x1a0 [ 326.793975][ T9468] ? zone_watermark_ok_safe+0x230/0x230 [ 326.799586][ T9468] ? __get_vm_area_node+0x17b/0x370 [ 326.804858][ T9468] ? __get_vm_area_node+0x17b/0x370 [ 326.810145][ T9468] __vmalloc_node_range+0x393/0x1330 [ 326.815499][ T9468] ? netlink_insert+0x109f/0x13a0 [ 326.820602][ T9468] ? netlink_data_ready+0x10/0x10 [ 326.825687][ T9468] ? free_vm_area+0x50/0x50 [ 326.830261][ T9468] ? netlink_sendmsg+0x602/0xbf0 [ 326.835252][ T9468] vmalloc+0x79/0x90 [ 326.839224][ T9468] ? netlink_sendmsg+0x602/0xbf0 [ 326.844221][ T9468] netlink_sendmsg+0x602/0xbf0 [ 326.849028][ T9468] ? lockdep_hardirqs_on+0x98/0x150 [ 326.854282][ T9468] ? netlink_getsockopt+0x590/0x590 [ 326.859546][ T9468] ? security_socket_sendmsg+0x37/0xa0 [ 326.865077][ T9468] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 326.870414][ T9468] ? security_socket_sendmsg+0x80/0xa0 [ 326.875930][ T9468] sock_write_iter+0x2df/0x420 [ 326.880749][ T9468] ? sock_read_iter+0x3e0/0x3e0 [ 326.885645][ T9468] ? common_file_perm+0x198/0x1f0 [ 326.890725][ T9468] vfs_write+0x46c/0x990 [ 326.895039][ T9468] ? file_end_write+0x250/0x250 [ 326.899942][ T9468] ? __fget_files+0x43d/0x4b0 [ 326.904665][ T9468] ? __fdget_pos+0x1d8/0x330 [ 326.909298][ T9468] ? ksys_write+0x75/0x260 [ 326.913851][ T9468] ksys_write+0x150/0x260 [ 326.918229][ T9468] ? __ia32_sys_read+0x90/0x90 [ 326.923031][ T9468] ? lockdep_hardirqs_on+0x98/0x150 [ 326.928283][ T9468] do_syscall_64+0x55/0xb0 [ 326.932738][ T9468] ? clear_bhb_loop+0x40/0x90 [ 326.937455][ T9468] ? clear_bhb_loop+0x40/0x90 [ 326.942197][ T9468] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 326.948156][ T9468] RIP: 0033:0x7f5e32d9ce59 [ 326.952609][ T9468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.972263][ T9468] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 326.980739][ T9468] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 326.988753][ T9468] RDX: 000000000000fdef RSI: 0000200000000200 RDI: 000000000000000c [ 326.996766][ T9468] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 327.004779][ T9468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.012789][ T9468] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 327.020811][ T9468] [ 327.050347][ T9468] Mem-Info: [ 327.054074][ T9468] active_anon:5331 inactive_anon:0 isolated_anon:0 [ 327.054074][ T9468] active_file:12617 inactive_file:40041 isolated_file:0 [ 327.054074][ T9468] unevictable:768 dirty:411 writeback:0 [ 327.054074][ T9468] slab_reclaimable:10169 slab_unreclaimable:92262 [ 327.054074][ T9468] mapped:24762 shmem:1361 pagetables:508 [ 327.054074][ T9468] sec_pagetables:0 bounce:0 [ 327.054074][ T9468] kernel_misc_reclaimable:0 [ 327.054074][ T9468] free:1353858 free_pcp:9735 free_cma:0 [ 327.107635][ T9468] Node 0 active_anon:21260kB inactive_anon:0kB active_file:50468kB inactive_file:159964kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98960kB dirty:1556kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10512kB pagetables:2020kB sec_pagetables:0kB all_unreclaimable? no [ 327.165480][ T9468] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 327.205986][ T9468] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 327.234933][ T9468] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 327.242041][ T9468] Node 0 DMA32 free:1503232kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21360kB inactive_anon:0kB active_file:50468kB inactive_file:159140kB unevictable:1536kB writepending:1556kB present:3129332kB managed:2586932kB mlocked:0kB bounce:0kB free_pcp:21832kB local_pcp:13460kB free_cma:0kB [ 327.278950][ T9468] lowmem_reserve[]: 0 0 0 0 0 [ 327.284123][ T9468] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 327.311838][ T9468] lowmem_reserve[]: 0 0 0 0 0 [ 327.316669][ T9468] Node 1 Normal free:3896840kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18116kB local_pcp:12900kB free_cma:0kB [ 327.425993][ T9468] lowmem_reserve[]: 0 0 0 0 0 [ 327.431126][ T9468] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 327.444292][ T9468] Node 0 DMA32: 912*4kB (UME) 778*8kB (UME) 409*16kB (UME) 893*32kB (UME) 285*64kB (UME) 58*128kB (UM) 12*256kB (UM) 14*512kB (UM) 9*1024kB (ME) 4*2048kB (ME) 343*4096kB (UM) = 1503232kB [ 327.466030][ T9468] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 327.477864][ T9468] Node 1 Normal: 230*4kB (UME) 44*8kB (UME) 37*16kB (UME) 60*32kB (UME) 7*64kB (UE) 5*128kB (UM) 1*256kB (E) 3*512kB (UME) 1*1024kB (E) 1*2048kB (E) 949*4096kB (M) = 3896840kB [ 327.503431][ T9468] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 327.513659][ T9468] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 327.523262][ T9468] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 327.535089][ T9468] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 327.546120][ T9468] 54019 total pagecache pages [ 327.551162][ T9468] 0 pages in swap cache [ 327.556482][ T9468] Free swap = 124996kB [ 327.585174][ T9468] Total swap = 124996kB [ 327.589435][ T9468] 2097051 pages RAM [ 327.594239][ T9468] 0 pages HighMem/MovableOnly [ 327.599022][ T9468] 416932 pages reserved [ 327.603942][ T9468] 0 pages cma reserved [ 328.084703][ T9504] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1394'. [ 331.466718][ T9537] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1406'. [ 331.746673][ T9547] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 331.764350][ T9548] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 332.396863][ T9565] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1417'. [ 332.600550][ T9570] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 332.849250][ T9579] FAULT_INJECTION: forcing a failure. [ 332.849250][ T9579] name failslab, interval 1, probability 0, space 0, times 0 [ 332.883418][ T9579] CPU: 0 PID: 9579 Comm: syz.2.1422 Not tainted syzkaller #0 [ 332.890894][ T9579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 332.901076][ T9579] Call Trace: [ 332.904396][ T9579] [ 332.907372][ T9579] dump_stack_lvl+0x18c/0x250 [ 332.912103][ T9579] ? show_regs_print_info+0x20/0x20 [ 332.917360][ T9579] ? load_image+0x420/0x420 [ 332.921914][ T9579] ? __might_sleep+0xe0/0xe0 [ 332.926572][ T9579] ? __lock_acquire+0x7d40/0x7d40 [ 332.931647][ T9579] ? verify_lock_unused+0x140/0x140 [ 332.936884][ T9579] should_fail_ex+0x39d/0x4d0 [ 332.941622][ T9579] should_failslab+0x9/0x20 [ 332.946179][ T9579] slab_pre_alloc_hook+0x59/0x310 [ 332.951253][ T9579] ? bpf_prog_test_run_skb+0x245/0x18c0 [ 332.956848][ T9579] ? bpf_prog_test_run_skb+0x245/0x18c0 [ 332.962451][ T9579] __kmem_cache_alloc_node+0x53/0x250 [ 332.967883][ T9579] ? bpf_prog_test_run_skb+0x245/0x18c0 [ 332.973489][ T9579] __kmalloc+0xa4/0x230 [ 332.977715][ T9579] bpf_prog_test_run_skb+0x245/0x18c0 [ 332.983137][ T9579] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 332.989347][ T9579] ? lockdep_hardirqs_on+0x98/0x150 [ 332.994610][ T9579] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 333.001173][ T9579] ? cpu_online+0x60/0x60 [ 333.005548][ T9579] bpf_prog_test_run+0x321/0x390 [ 333.010552][ T9579] __sys_bpf+0x49d/0x890 [ 333.014837][ T9579] ? bpf_link_show_fdinfo+0x390/0x390 [ 333.020363][ T9579] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 333.026593][ T9579] __x64_sys_bpf+0x7c/0x90 [ 333.031144][ T9579] do_syscall_64+0x55/0xb0 [ 333.035609][ T9579] ? clear_bhb_loop+0x40/0x90 [ 333.040525][ T9579] ? clear_bhb_loop+0x40/0x90 [ 333.045259][ T9579] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 333.051223][ T9579] RIP: 0033:0x7fd7c719ce59 [ 333.055676][ T9579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 333.075350][ T9579] RSP: 002b:00007fd7c811d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 333.083834][ T9579] RAX: ffffffffffffffda RBX: 00007fd7c7416090 RCX: 00007fd7c719ce59 [ 333.091850][ T9579] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 333.099953][ T9579] RBP: 00007fd7c811d090 R08: 0000000000000000 R09: 0000000000000000 [ 333.107970][ T9579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 333.115987][ T9579] R13: 00007fd7c7416128 R14: 00007fd7c7416090 R15: 00007ffc9a2cfe48 [ 333.124029][ T9579] [ 333.311290][ T9581] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 333.647776][ T9591] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 333.695235][ T9595] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1427'. [ 334.134165][ T2969] wlan1: Trigger new scan to find an IBSS to join [ 334.223382][ T32] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 334.624910][ T9620] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1434'. [ 334.927545][ T9628] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1437'. [ 335.167704][ T9632] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 335.368578][ T9642] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1443'. [ 335.904442][ T9655] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1448'. [ 336.131305][ T78] wlan1: Trigger new scan to find an IBSS to join [ 336.605761][ T9678] netlink: 'syz.2.1456': attribute type 10 has an invalid length. [ 337.090756][ T78] wlan1: Trigger new scan to find an IBSS to join [ 337.818862][ T9705] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 338.325002][ T9714] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 338.482008][ T9721] netlink: 'syz.3.1473': attribute type 10 has an invalid length. [ 338.521497][ T9723] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1476'. [ 339.027224][ T9732] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 339.090466][ T32] wlan1: Trigger new scan to find an IBSS to join [ 339.097090][ T78] wlan1: Trigger new scan to find an IBSS to join [ 339.648921][ T9751] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1487'. [ 339.771384][ T9750] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 340.133232][ T126] wlan1: Trigger new scan to find an IBSS to join [ 342.736834][ T32] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 342.743194][ T9757] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 342.765552][ T9764] netlink: 'syz.3.1492': attribute type 10 has an invalid length. [ 342.953588][ T9773] FAULT_INJECTION: forcing a failure. [ 342.953588][ T9773] name failslab, interval 1, probability 0, space 0, times 0 [ 343.007497][ T9773] CPU: 0 PID: 9773 Comm: syz.2.1496 Not tainted syzkaller #0 [ 343.014977][ T9773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 343.025190][ T9773] Call Trace: [ 343.028516][ T9773] [ 343.031498][ T9773] dump_stack_lvl+0x18c/0x250 [ 343.036249][ T9773] ? show_regs_print_info+0x20/0x20 [ 343.041508][ T9773] ? load_image+0x420/0x420 [ 343.046066][ T9773] ? __might_sleep+0xe0/0xe0 [ 343.050714][ T9773] ? __lock_acquire+0x7d40/0x7d40 [ 343.055796][ T9773] ? mark_lock+0x94/0x320 [ 343.060179][ T9773] should_fail_ex+0x39d/0x4d0 [ 343.064923][ T9773] should_failslab+0x9/0x20 [ 343.069482][ T9773] slab_pre_alloc_hook+0x59/0x310 [ 343.074567][ T9773] ? __get_vm_area_node+0x125/0x370 [ 343.079828][ T9773] __kmem_cache_alloc_node+0x53/0x250 [ 343.085274][ T9773] ? __get_vm_area_node+0x125/0x370 [ 343.090534][ T9773] kmalloc_node_trace+0x26/0xe0 [ 343.095470][ T9773] __get_vm_area_node+0x125/0x370 [ 343.100541][ T9773] __vmalloc_node_range+0x36e/0x1330 [ 343.105874][ T9773] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 343.111454][ T9773] ? mark_lock+0x94/0x320 [ 343.115842][ T9773] ? __lock_acquire+0x1347/0x7d40 [ 343.120910][ T9773] ? verify_lock_unused+0x140/0x140 [ 343.126149][ T9773] ? free_vm_area+0x50/0x50 [ 343.130685][ T9773] ? end_current_label_crit_section+0x170/0x170 [ 343.136966][ T9773] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 343.142626][ T9773] __vmalloc+0x7a/0x90 [ 343.146734][ T9773] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 343.152319][ T9773] bpf_prog_alloc_no_stats+0x47/0x440 [ 343.157727][ T9773] ? bpf_prog_alloc+0x2b/0x1a0 [ 343.162523][ T9773] bpf_prog_alloc+0x3d/0x1a0 [ 343.167153][ T9773] bpf_prog_load+0x6eb/0x1670 [ 343.171866][ T9773] ? map_freeze+0x420/0x420 [ 343.176404][ T9773] ? __might_fault+0xaa/0x120 [ 343.181114][ T9773] ? __lock_acquire+0x7d40/0x7d40 [ 343.186170][ T9773] ? file_end_write+0x159/0x250 [ 343.191063][ T9773] ? __might_fault+0xaa/0x120 [ 343.195778][ T9773] ? __might_fault+0xc6/0x120 [ 343.200482][ T9773] ? __might_fault+0xaa/0x120 [ 343.205194][ T9773] ? bpf_lsm_bpf+0x9/0x10 [ 343.209558][ T9773] ? security_bpf+0x7e/0xa0 [ 343.214119][ T9773] __sys_bpf+0x5ba/0x890 [ 343.218427][ T9773] ? bpf_link_show_fdinfo+0x390/0x390 [ 343.223944][ T9773] ? lock_chain_count+0x20/0x20 [ 343.228842][ T9773] __x64_sys_bpf+0x7c/0x90 [ 343.233297][ T9773] do_syscall_64+0x55/0xb0 [ 343.237744][ T9773] ? clear_bhb_loop+0x40/0x90 [ 343.242477][ T9773] ? clear_bhb_loop+0x40/0x90 [ 343.247191][ T9773] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 343.253128][ T9773] RIP: 0033:0x7fd7c719ce59 [ 343.257572][ T9773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 343.277317][ T9773] RSP: 002b:00007fd7c813e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 343.285772][ T9773] RAX: ffffffffffffffda RBX: 00007fd7c7415fa0 RCX: 00007fd7c719ce59 [ 343.293773][ T9773] RDX: 0000000000000094 RSI: 00002000000006c0 RDI: 0000000000000005 [ 343.301779][ T9773] RBP: 00007fd7c813e090 R08: 0000000000000000 R09: 0000000000000000 [ 343.309780][ T9773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.317780][ T9773] R13: 00007fd7c7416038 R14: 00007fd7c7415fa0 R15: 00007ffc9a2cfe48 [ 343.325797][ T9773] [ 343.345815][ T9773] syz.2.1496: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 343.362801][ T9773] CPU: 1 PID: 9773 Comm: syz.2.1496 Not tainted syzkaller #0 [ 343.370250][ T9773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 343.380367][ T9773] Call Trace: [ 343.383689][ T9773] [ 343.386656][ T9773] dump_stack_lvl+0x18c/0x250 [ 343.391383][ T9773] ? show_regs_print_info+0x20/0x20 [ 343.396628][ T9773] ? load_image+0x420/0x420 [ 343.401183][ T9773] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 343.407645][ T9773] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 343.414205][ T9773] warn_alloc+0x246/0x340 [ 343.418606][ T9773] ? __get_vm_area_node+0x125/0x370 [ 343.423872][ T9773] ? zone_watermark_ok_safe+0x230/0x230 [ 343.429510][ T9773] ? rcu_is_watching+0x15/0xb0 [ 343.434437][ T9773] ? __get_vm_area_node+0x356/0x370 [ 343.439709][ T9773] __vmalloc_node_range+0x393/0x1330 [ 343.445058][ T9773] ? mark_lock+0x94/0x320 [ 343.449448][ T9773] ? __lock_acquire+0x1347/0x7d40 [ 343.454556][ T9773] ? verify_lock_unused+0x140/0x140 [ 343.459919][ T9773] ? free_vm_area+0x50/0x50 [ 343.464489][ T9773] ? end_current_label_crit_section+0x170/0x170 [ 343.470804][ T9773] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 343.476394][ T9773] __vmalloc+0x7a/0x90 [ 343.480508][ T9773] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 343.486095][ T9773] bpf_prog_alloc_no_stats+0x47/0x440 [ 343.491504][ T9773] ? bpf_prog_alloc+0x2b/0x1a0 [ 343.496312][ T9773] bpf_prog_alloc+0x3d/0x1a0 [ 343.500956][ T9773] bpf_prog_load+0x6eb/0x1670 [ 343.505696][ T9773] ? map_freeze+0x420/0x420 [ 343.510239][ T9773] ? __might_fault+0xaa/0x120 [ 343.514946][ T9773] ? __lock_acquire+0x7d40/0x7d40 [ 343.520005][ T9773] ? file_end_write+0x159/0x250 [ 343.524891][ T9773] ? __might_fault+0xaa/0x120 [ 343.529599][ T9773] ? __might_fault+0xc6/0x120 [ 343.534325][ T9773] ? __might_fault+0xaa/0x120 [ 343.539065][ T9773] ? bpf_lsm_bpf+0x9/0x10 [ 343.543432][ T9773] ? security_bpf+0x7e/0xa0 [ 343.547967][ T9773] __sys_bpf+0x5ba/0x890 [ 343.552243][ T9773] ? bpf_link_show_fdinfo+0x390/0x390 [ 343.557670][ T9773] ? lock_chain_count+0x20/0x20 [ 343.562586][ T9773] __x64_sys_bpf+0x7c/0x90 [ 343.567028][ T9773] do_syscall_64+0x55/0xb0 [ 343.571472][ T9773] ? clear_bhb_loop+0x40/0x90 [ 343.576188][ T9773] ? clear_bhb_loop+0x40/0x90 [ 343.580905][ T9773] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 343.586840][ T9773] RIP: 0033:0x7fd7c719ce59 [ 343.591286][ T9773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 343.610922][ T9773] RSP: 002b:00007fd7c813e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 343.619377][ T9773] RAX: ffffffffffffffda RBX: 00007fd7c7415fa0 RCX: 00007fd7c719ce59 [ 343.627376][ T9773] RDX: 0000000000000094 RSI: 00002000000006c0 RDI: 0000000000000005 [ 343.635380][ T9773] RBP: 00007fd7c813e090 R08: 0000000000000000 R09: 0000000000000000 [ 343.643389][ T9773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.651387][ T9773] R13: 00007fd7c7416038 R14: 00007fd7c7415fa0 R15: 00007ffc9a2cfe48 [ 343.659393][ T9773] [ 343.670513][ T9773] Mem-Info: [ 343.673831][ T9773] active_anon:5335 inactive_anon:0 isolated_anon:0 [ 343.673831][ T9773] active_file:12617 inactive_file:40047 isolated_file:0 [ 343.673831][ T9773] unevictable:768 dirty:149 writeback:0 [ 343.673831][ T9773] slab_reclaimable:10083 slab_unreclaimable:90992 [ 343.673831][ T9773] mapped:24787 shmem:1361 pagetables:517 [ 343.673831][ T9773] sec_pagetables:0 bounce:0 [ 343.673831][ T9773] kernel_misc_reclaimable:0 [ 343.673831][ T9773] free:1355148 free_pcp:11222 free_cma:0 [ 343.724003][ T9773] Node 0 active_anon:21340kB inactive_anon:0kB active_file:50468kB inactive_file:159988kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98948kB dirty:596kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10388kB pagetables:2068kB sec_pagetables:0kB all_unreclaimable? no [ 343.757294][ T9773] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 343.860258][ T9773] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 343.888803][ T9780] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1499'. [ 343.906300][ T9773] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 343.913559][ T9773] Node 0 DMA32 free:1527008kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:21200kB inactive_anon:0kB active_file:50468kB inactive_file:159164kB unevictable:1536kB writepending:596kB present:3129332kB managed:2586932kB mlocked:0kB bounce:0kB free_pcp:7496kB local_pcp:6112kB free_cma:0kB [ 343.944870][ T9773] lowmem_reserve[]: 0 0 0 0 0 [ 343.949682][ T9773] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 343.982766][ T9773] lowmem_reserve[]: 0 0 0 0 0 [ 343.987633][ T9773] Node 1 Normal free:3896840kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18116kB local_pcp:12900kB free_cma:0kB [ 344.018389][ T9773] lowmem_reserve[]: 0 0 0 0 0 [ 344.023610][ T9773] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 344.038408][ T9773] Node 0 DMA32: 1244*4kB (UME) 774*8kB (UM) 788*16kB (UME) 1128*32kB (UME) 403*64kB (UME) 63*128kB (UME) 11*256kB (UM) 13*512kB (UM) 8*1024kB (ME) 3*2048kB (ME) 344*4096kB (UM) = 1526560kB [ 344.058721][ T9773] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 344.072266][ T9773] Node 1 Normal: 230*4kB (UME) 44*8kB (UME) 37*16kB (UME) 60*32kB (UME) 7*64kB (UE) 5*128kB (UM) 1*256kB (E) 3*512kB (UME) 1*1024kB (E) 1*2048kB (E) 949*4096kB (M) = 3896840kB [ 344.090601][ T9773] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 344.102829][ T9773] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 344.112698][ T9773] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 344.122994][ T9773] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 344.133186][ T9773] 54025 total pagecache pages [ 344.137931][ T9773] 0 pages in swap cache [ 344.144009][ T9773] Free swap = 124996kB [ 344.148224][ T9773] Total swap = 124996kB [ 344.174302][ T9773] 2097051 pages RAM [ 344.178201][ T9773] 0 pages HighMem/MovableOnly [ 344.200574][ T9773] 416932 pages reserved [ 344.204829][ T9773] 0 pages cma reserved [ 344.327021][ T9786] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 345.091381][ T78] wlan1: Trigger new scan to find an IBSS to join [ 345.182313][ T78] wlan1: Trigger new scan to find an IBSS to join [ 345.188937][ T2987] wlan1: Trigger new scan to find an IBSS to join [ 347.095359][ T5911] wlan1: Trigger new scan to find an IBSS to join [ 347.263964][ T78] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 347.273180][ T2969] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 347.577701][ T9808] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1510'. [ 350.651645][ T9812] syzkaller1: tun_chr_ioctl cmd 2147767521 [ 350.679381][ T9818] FAULT_INJECTION: forcing a failure. [ 350.679381][ T9818] name failslab, interval 1, probability 0, space 0, times 0 [ 350.693531][ T9818] CPU: 1 PID: 9818 Comm: syz.0.1514 Not tainted syzkaller #0 [ 350.700983][ T9818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 350.711120][ T9818] Call Trace: [ 350.714462][ T9818] [ 350.717442][ T9818] dump_stack_lvl+0x18c/0x250 [ 350.722192][ T9818] ? show_regs_print_info+0x20/0x20 [ 350.727453][ T9818] ? load_image+0x420/0x420 [ 350.732016][ T9818] ? __might_sleep+0xe0/0xe0 [ 350.736677][ T9818] ? __lock_acquire+0x7d40/0x7d40 [ 350.741761][ T9818] ? prepend_path+0x4b/0x960 [ 350.746407][ T9818] should_fail_ex+0x39d/0x4d0 [ 350.751157][ T9818] should_failslab+0x9/0x20 [ 350.755711][ T9818] slab_pre_alloc_hook+0x59/0x310 [ 350.760797][ T9818] ? __asan_memcpy+0x40/0x70 [ 350.765445][ T9818] ? tomoyo_encode+0x28b/0x540 [ 350.770250][ T9818] ? tomoyo_encode+0x28b/0x540 [ 350.775060][ T9818] __kmem_cache_alloc_node+0x53/0x250 [ 350.780520][ T9818] ? prepend_path+0x4b/0x960 [ 350.785185][ T9818] ? tomoyo_encode+0x28b/0x540 [ 350.789992][ T9818] __kmalloc+0xa4/0x230 [ 350.794218][ T9818] tomoyo_encode+0x28b/0x540 [ 350.798873][ T9818] tomoyo_realpath_from_path+0x592/0x5d0 [ 350.804666][ T9818] tomoyo_path_number_perm+0x248/0x620 [ 350.810267][ T9818] ? tomoyo_path_number_perm+0x217/0x620 [ 350.815961][ T9818] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 350.821475][ T9818] ? ksys_write+0x1c4/0x260 [ 350.826084][ T9818] ? __fget_files+0x28/0x4b0 [ 350.830762][ T9818] ? __fget_files+0x28/0x4b0 [ 350.835423][ T9818] security_file_ioctl+0x70/0xa0 [ 350.840422][ T9818] __se_sys_ioctl+0x48/0x170 [ 350.845087][ T9818] do_syscall_64+0x55/0xb0 [ 350.849564][ T9818] ? clear_bhb_loop+0x40/0x90 [ 350.854308][ T9818] ? clear_bhb_loop+0x40/0x90 [ 350.859019][ T9818] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 350.864949][ T9818] RIP: 0033:0x7f5e32d9ce59 [ 350.869394][ T9818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 350.889014][ T9818] RSP: 002b:00007f5e30ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 350.897445][ T9818] RAX: ffffffffffffffda RBX: 00007f5e33015fa0 RCX: 00007f5e32d9ce59 [ 350.905451][ T9818] RDX: 0000200000000000 RSI: 00000000800454e1 RDI: 0000000000000003 [ 350.913476][ T9818] RBP: 00007f5e30ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 350.921507][ T9818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.929542][ T9818] R13: 00007f5e33016038 R14: 00007f5e33015fa0 R15: 00007fff8a161888 [ 350.937594][ T9818] [ 350.948683][ T9818] ERROR: Out of memory at tomoyo_realpath_from_path. [ 350.955738][ T9818] syzkaller1: tun_chr_ioctl cmd 2147767521 [ 351.171407][ T32] wlan1: Trigger new scan to find an IBSS to join [ 353.180457][ T2969] wlan1: Trigger new scan to find an IBSS to join [ 353.837402][ T2969] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 354.393641][ T78] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 354.414200][ T9834] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 354.416220][ T2969] ------------[ cut here ]------------ [ 354.430022][ T2969] WARNING: CPU: 1 PID: 2969 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440 [ 354.440565][ T2969] Modules linked in: [ 354.444520][ T2969] CPU: 1 PID: 2969 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 354.452882][ T2969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 354.463662][ T2969] Workqueue: cfg80211 cfg80211_event_work [ 354.469478][ T2969] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440 [ 354.475786][ T2969] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 d7 01 9f f7 0f 0b eb bb e8 ce 01 9f f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 c0 01 9f f7 0f 0b e9 e0 fd ff ff e8 [ 354.496611][ T2969] RSP: 0000:ffffc9000c20fa20 EFLAGS: 00010293 [ 354.502982][ T2969] RAX: ffffffff89e82a22 RBX: dffffc0000000000 RCX: ffff88802c728000 [ 354.511354][ T2969] RDX: 0000000000000000 RSI: ffffffff8acacbe0 RDI: ffffffff8b1c9a20 [ 354.519435][ T2969] RBP: ffffc9000c20faf8 R08: ffffffff911cc56f R09: 1ffffffff22398ad [ 354.527507][ T2969] R10: dffffc0000000000 R11: fffffbfff22398ae R12: ffff88805debcc90 [ 354.535576][ T2969] R13: 1ffff92001841f4c R14: ffff88807d7fb5b8 R15: 000000000000001f [ 354.543654][ T2969] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 354.552728][ T2969] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 354.559373][ T2969] CR2: 0000001b2db22ff8 CR3: 000000000cf32000 CR4: 00000000003506e0 [ 354.567482][ T2969] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 354.575569][ T2969] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 354.583649][ T2969] Call Trace: [ 354.586988][ T2969] [ 354.590807][ T2969] ? mutex_lock_nested+0x20/0x20 [ 354.595828][ T2969] ? trace_rdev_return_void+0x1c0/0x1c0 [ 354.601779][ T2969] cfg80211_process_wdev_events+0x3bc/0x550 [ 354.607796][ T2969] cfg80211_process_rdev_events+0xa1/0x110 [ 354.613751][ T2969] cfg80211_event_work+0x2f/0x40 [ 354.618743][ T2969] ? process_scheduled_works+0x96f/0x15d0 [ 354.624525][ T2969] process_scheduled_works+0xa5d/0x15d0 [ 354.630219][ T2969] ? worker_attach_to_pool+0x380/0x380 [ 354.635722][ T2969] ? assign_work+0x3d2/0x5d0 [ 354.640402][ T2969] worker_thread+0xa55/0xfc0 [ 354.645064][ T2969] kthread+0x2fa/0x390 [ 354.649180][ T2969] ? pr_cont_work+0x560/0x560 [ 354.653983][ T2969] ? kthread_blkcg+0xd0/0xd0 [ 354.658638][ T2969] ret_from_fork+0x48/0x80 [ 354.663203][ T2969] ? kthread_blkcg+0xd0/0xd0 [ 354.667860][ T2969] ret_from_fork_asm+0x11/0x20 [ 354.672770][ T2969] [ 354.675846][ T2969] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 354.683166][ T2969] CPU: 1 PID: 2969 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 354.690751][ T2969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 354.700879][ T2969] Workqueue: cfg80211 cfg80211_event_work [ 354.706659][ T2969] Call Trace: [ 354.709963][ T2969] [ 354.712934][ T2969] dump_stack_lvl+0x18c/0x250 [ 354.717669][ T2969] ? show_regs_print_info+0x20/0x20 [ 354.722934][ T2969] ? load_image+0x420/0x420 [ 354.727504][ T2969] panic+0x2dc/0x730 [ 354.731458][ T2969] ? bpf_jit_dump+0xd0/0xd0 [ 354.736009][ T2969] ? ret_from_fork_asm+0x11/0x20 [ 354.740984][ T2969] __warn+0x2e0/0x470 [ 354.744993][ T2969] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 354.750575][ T2969] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 354.756153][ T2969] report_bug+0x2be/0x4f0 [ 354.760510][ T2969] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 354.766088][ T2969] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 354.771670][ T2969] ? __cfg80211_ibss_joined+0x3d4/0x440 [ 354.777252][ T2969] handle_bug+0xcf/0x120 [ 354.781532][ T2969] exc_invalid_op+0x1a/0x50 [ 354.786067][ T2969] asm_exc_invalid_op+0x1a/0x20 [ 354.790949][ T2969] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440 [ 354.797140][ T2969] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 d7 01 9f f7 0f 0b eb bb e8 ce 01 9f f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 c0 01 9f f7 0f 0b e9 e0 fd ff ff e8 [ 354.816782][ T2969] RSP: 0000:ffffc9000c20fa20 EFLAGS: 00010293 [ 354.822880][ T2969] RAX: ffffffff89e82a22 RBX: dffffc0000000000 RCX: ffff88802c728000 [ 354.830879][ T2969] RDX: 0000000000000000 RSI: ffffffff8acacbe0 RDI: ffffffff8b1c9a20 [ 354.838876][ T2969] RBP: ffffc9000c20faf8 R08: ffffffff911cc56f R09: 1ffffffff22398ad [ 354.846873][ T2969] R10: dffffc0000000000 R11: fffffbfff22398ae R12: ffff88805debcc90 [ 354.854872][ T2969] R13: 1ffff92001841f4c R14: ffff88807d7fb5b8 R15: 000000000000001f [ 354.862877][ T2969] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 354.868467][ T2969] ? mutex_lock_nested+0x20/0x20 [ 354.873439][ T2969] ? trace_rdev_return_void+0x1c0/0x1c0 [ 354.879030][ T2969] cfg80211_process_wdev_events+0x3bc/0x550 [ 354.884966][ T2969] cfg80211_process_rdev_events+0xa1/0x110 [ 354.890810][ T2969] cfg80211_event_work+0x2f/0x40 [ 354.895782][ T2969] ? process_scheduled_works+0x96f/0x15d0 [ 354.901536][ T2969] process_scheduled_works+0xa5d/0x15d0 [ 354.907135][ T2969] ? worker_attach_to_pool+0x380/0x380 [ 354.912628][ T2969] ? assign_work+0x3d2/0x5d0 [ 354.917253][ T2969] worker_thread+0xa55/0xfc0 [ 354.921899][ T2969] kthread+0x2fa/0x390 [ 354.926003][ T2969] ? pr_cont_work+0x560/0x560 [ 354.930711][ T2969] ? kthread_blkcg+0xd0/0xd0 [ 354.935344][ T2969] ret_from_fork+0x48/0x80 [ 354.939806][ T2969] ? kthread_blkcg+0xd0/0xd0 [ 354.944436][ T2969] ret_from_fork_asm+0x11/0x20 [ 354.949257][ T2969] [ 354.952887][ T2969] Kernel Offset: disabled [ 354.957295][ T2969] Rebooting in 86400 seconds..