last executing test programs: 11.82081407s ago: executing program 3 (id=4093): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b", 0x57}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f0000004940)=""/4021, 0xfb5}, {&(0x7f0000000d40)=""/4102, 0x1006}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f00000006c0)=""/109, 0x6d}, {&(0x7f0000000640)=""/13, 0xd}], 0x7}, 0x2100) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 11.805731781s ago: executing program 1 (id=4094): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000003c0)=[{0xffffffff, 0x0, 0xb}]}, 0x94) r0 = socket$kcm(0x2, 0x1, 0x84) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7f, 0x7}, 0x104101, 0x4, 0x7fff, 0x8, 0x10, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x1}], 0x1}, 0x0) 11.686288918s ago: executing program 2 (id=4095): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) socket$kcm(0x2, 0x1, 0x84) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc0042, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefffffc, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x3fe, 0x3, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3ffffe, 0x0, 0x41000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$kcm(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x80}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe80, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888808", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 10.7912725s ago: executing program 3 (id=4097): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001880)="5c00000012006b1e003de3d86e6c1dff05137e0300000000000000b68675f8001d000a00a0e69eeab556a7e60f1e611ca66982949a36c23d3b48dfd8cdbf9367b4fa0a640800030006010000080003001100000000", 0x55}, {&(0x7f0000000180)="6a6203000000dd", 0x7}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x4040844) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114d01, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x410, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000340)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x1e, 0x4, 0x0) r3 = socket$kcm(0x2, 0x6, 0x0) sendmsg$inet(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x3e8) sendmsg$kcm(r3, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x200040c0) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000b00), 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@volatile={0x0, 0x0, 0x0, 0x9, 0x2}, @fwd={0x4}]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x36, 0x0, 0x1}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@base={0x19, 0x0, 0x5, 0xffff, 0x66000, 0x1, 0x0, '\x00', 0x0, r4, 0x0, 0x0, 0x2}, 0x50) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x84, 0x4, 0x4, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r5, &(0x7f00000000c0), &(0x7f0000000000)=""/3, 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1d, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @lsm=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000840), 0x0, 0x10, 0x100}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1c, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x9}, 0x94) sendmsg$inet(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000980)=[{0x0}, {0x0}], 0x2, &(0x7f0000000a80)}, 0x0) r6 = socket$kcm(0x2, 0x0, 0x2) ioctl$sock_kcm_SIOCKCMUNATTACH(r6, 0x89e1, &(0x7f0000000040)={r6}) socket$kcm(0x23, 0x2, 0x0) 8.588647009s ago: executing program 1 (id=4099): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x23, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) close(0x3) socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r0, 0x28, 0x4, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x0, 0x4, 0x0, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000340), 0x4) r1 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x5b, 0x0, 0x0, 0x20, 0x0, 0x0, 0x45204, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x9, 0xfff}, 0x1, 0x0, 0x0, 0x5, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000069b0070000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000100008085000000c200000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe1b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYRES16=r2], 0x0, 0x4}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x28401, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}, 0x80, 0x0}, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x591, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r4, 0x29, 0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) write$cgroup_int(r6, &(0x7f0000000280), 0x12) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604000000000e000a000f", 0x25}, {0x0}, {&(0x7f00000001c0)="69fb12255ded2b9090888a7996c52e0ea21cedc19622fbcfc0dbae2388f6e3adcd040a10ca29ffb6cb219d208b53912750fa70deb80b2508c56b5ea8d8559e191000fad93ee0f3a7362f26495ab90c044eb26b9438bc897d8fac9767ea3140381a8608e1d2b2c52efd", 0x69}, {&(0x7f0000000800)="6eaeadff7eea014f3a9f2cb2c9d33b97cf5e1653e466626255944afdaaa2e4c1e6640af950ff94a9602f2d7cf7abec1c81b8ed1e8b37683fea11834290051efd0413ceded4e401061dc2c620775cb7efb5a270ee8f25a4f937347881cd83e07c34445f87fbca0f8056d1d84463fcaa89437ca92b8f083ca41573850f0f2cd6fd0c2c4addb3d405285eb5c44bfd85a7e1cd19bc141485ca80fc1c49b72ea36e3b", 0xa0}], 0x4}, 0x0) 8.447810887s ago: executing program 2 (id=4101): r0 = socket$kcm(0x10, 0x3, 0x10) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff274, 0xfffc, 0x0, 0x0, 0x0, 0x20}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x66, 0x2, 0x8}, 0x48) r3 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="240000006400ed"], 0xfe33) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f0000000180)={0x2, 0xa0, 0x5, 0x2, 0x0, 0x0, 0x0, 0x9, 0x4022, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0xfffffffc, 0x5, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x70}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8946, &(0x7f0000000080)) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r7) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="d8000000180081084e81f783db4cb9040a07080006007c03e8fc55a10a0015000600142603600e120800020081000401a8000100fcc0ffff000000fd035c0461c1d67f6f94007134cf6efb803fd6a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0) 8.389172921s ago: executing program 3 (id=4102): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0x88}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 8.123239386s ago: executing program 0 (id=4104): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f0000004940)=""/4021, 0xfb5}, {&(0x7f0000000d40)=""/4102, 0x1006}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f00000006c0)=""/109, 0x6d}, {&(0x7f0000000740)=""/153, 0x99}, {&(0x7f0000000640)=""/13, 0xd}], 0x7}, 0x2100) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 7.177133642s ago: executing program 0 (id=4105): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b", 0x57}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f0000004940)=""/4021, 0xfb5}, {&(0x7f0000000d40)=""/4102, 0x1006}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f00000006c0)=""/109, 0x6d}, {&(0x7f0000000640)=""/13, 0xd}], 0x7}, 0x2100) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 6.226274946s ago: executing program 0 (id=4106): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x8) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x20, &(0x7f0000000200)={&(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000300)=""/185, 0xb9}}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0}, 0x1000, 0x8, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, r0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r3) socket$kcm(0x2, 0x200000000000001, 0x106) ioctl$SIOCSIFHWADDR(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote}) r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0xa) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) socket$kcm(0x10, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101840, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETCARRIER(r6, 0x400454e2, &(0x7f0000000440)=0x1) ioctl$TUNSETOFFLOAD(r6, 0x400454d0, 0x9) r7 = bpf$ITER_CREATE(0xb, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8=r7], 0x0, 0x0, 0x0, 0x0, 0x100, 0x8, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r9 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6f6e, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x6, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r10 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r10, 0x107, 0xf, &(0x7f0000000000), 0x49) r11 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0x1000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r9, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x80}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x3, r11, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140), 0x10}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES32=r9], 0x48) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) 5.279056092s ago: executing program 1 (id=4107): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000003c0)=[{0xffffffff, 0x0, 0xb}]}, 0x94) r0 = socket$kcm(0x2, 0x1, 0x84) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7f, 0x7}, 0x104101, 0x4, 0x7fff, 0x8, 0x10, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/31], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x1}], 0x1}, 0x0) 5.229183935s ago: executing program 2 (id=4108): r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r2, 0x84, 0x78, &(0x7f0000000040), 0x4) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$kcm(0x10, 0x100000000002, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7}]}) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6) openat$tun(0xffffffffffffff9c, 0x0, 0x426603, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x1f4, 0x12, 0x0, &(0x7f00000001c0)="ffffffff7f833e9762a536c801d72069a00e", 0x0, 0x304, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x8}, 0x50) 5.180893548s ago: executing program 3 (id=4109): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) socket$kcm(0x2, 0x1, 0x84) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc0042, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefffffc, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x3fe, 0x3, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3ffffe, 0x0, 0x41000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$kcm(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x80}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe80, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888808", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.081743294s ago: executing program 0 (id=4110): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0x1000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff00}, 0x48) 4.984220839s ago: executing program 2 (id=4111): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001880)="5c00000012006b1e003de3d86e6c1dff05137e0300000000000000b68675f8001d000a00a0e69eeab556a7e60f1e611ca66982949a36c23d3b48dfd8cdbf9367b4fa0a640800030006010000080003001100000000", 0x55}, {&(0x7f0000000180)="6a6203000000dd", 0x7}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x4040844) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114d01, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x410, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000340)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x1e, 0x4, 0x0) r3 = socket$kcm(0x2, 0x6, 0x0) sendmsg$inet(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x3e8) sendmsg$kcm(r3, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x200040c0) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000b00), 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@volatile={0x0, 0x0, 0x0, 0x9, 0x2}, @fwd={0x4}]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x36, 0x0, 0x1}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@base={0x19, 0x0, 0x5, 0xffff, 0x66000, 0x1, 0x0, '\x00', 0x0, r4, 0x0, 0x0, 0x2}, 0x50) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x84, 0x4, 0x4, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r5, &(0x7f00000000c0), &(0x7f0000000000)=""/3, 0x2}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1d, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @lsm=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000840), 0x0, 0x10, 0x100}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1c, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x9}, 0x94) sendmsg$inet(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000980)=[{0x0}, {0x0}], 0x2, &(0x7f0000000a80)}, 0x0) r6 = socket$kcm(0x2, 0x0, 0x2) ioctl$sock_kcm_SIOCKCMUNATTACH(r6, 0x89e1, &(0x7f0000000040)={r6}) socket$kcm(0x23, 0x2, 0x0) 1.925810488s ago: executing program 0 (id=4112): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x2) recvmsg$kcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)}, 0x120) 1.902547199s ago: executing program 1 (id=4113): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f0000004940)=""/4021, 0xfb5}, {&(0x7f0000000d40)=""/4102, 0x1006}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f00000006c0)=""/109, 0x6d}, {&(0x7f0000000740)=""/153, 0x99}, {&(0x7f0000000640)=""/13, 0xd}], 0x7}, 0x2100) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 1.863862811s ago: executing program 3 (id=4114): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b305999", 0x5a}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f0000004940)=""/4021, 0xfb5}, {&(0x7f0000000d40)=""/4102, 0x1006}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f00000006c0)=""/109, 0x6d}, {&(0x7f0000000640)=""/13, 0xd}], 0x7}, 0x2100) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) 1.800694775s ago: executing program 2 (id=4115): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x23, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) close(0x3) socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r0, 0x28, 0x4, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x0, 0x4, 0x0, 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000340), 0x4) r1 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x5b, 0x0, 0x0, 0x20, 0x0, 0x0, 0x45204, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x9, 0xfff}, 0x1, 0x0, 0x0, 0x5, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001801000069b0070000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000100008085000000c200000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe1b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYRES16=r2], 0x0, 0x4}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x28401, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}, 0x80, 0x0}, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x591, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r4, 0x29, 0x6, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) write$cgroup_int(r6, &(0x7f0000000280), 0x12) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604000000000e000a000f", 0x25}, {0x0}, {&(0x7f00000001c0)="69fb12255ded2b9090888a7996c52e0ea21cedc19622fbcfc0dbae2388f6e3adcd040a10ca29ffb6cb219d208b53912750fa70deb80b2508c56b5ea8d8559e191000fad93ee0f3a7362f26495ab90c044eb26b9438bc897d8fac9767ea3140381a8608e1d2b2c52efd", 0x69}, {&(0x7f0000000800)="6eaeadff7eea014f3a9f2cb2c9d33b97cf5e1653e466626255944afdaaa2e4c1e6640af950ff94a9602f2d7cf7abec1c81b8ed1e8b37683fea11834290051efd0413ceded4e401061dc2c620775cb7efb5a270ee8f25a4f937347881cd83e07c34445f87fbca0f8056d1d84463fcaa89437ca92b8f083ca41573850f0f2cd6fd0c2c4addb3d405285eb5c44bfd85a7e1cd19bc141485ca80fc1c49b72ea36e3b", 0xa0}], 0x4}, 0x0) 1.743310648s ago: executing program 0 (id=4116): r0 = socket$kcm(0xa, 0x922000000003, 0x11) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)={0x1b, 0x0, 0x0, 0x81, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x4}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x14, 0xc, 0x96, 0x8, 0x9, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a00)={{0x1, 0xffffffffffffffff}, &(0x7f0000000980), &(0x7f00000009c0)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000a40), &(0x7f0000000a80)}, 0x20) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) close(r7) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)=@o_path={&(0x7f0000000140)='./file0\x00', r7}, 0x18) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000100)={'veth1_to_team\x00', @local}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001000)={0xffffffffffffffff, 0xe0, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000d40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, &(0x7f0000000d80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x2b, &(0x7f0000000e00)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000e40), &(0x7f0000000e80), 0x8, 0x6d, 0x8, 0x8, &(0x7f0000000ec0)}}, 0x10) r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001140)={&(0x7f0000001040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x31, 0x31, 0x8, [@datasec={0x10, 0x2, 0x0, 0xf, 0x1, [{0x5, 0x4, 0x9}, {0x5, 0x0, 0x8000}], "ff"}, @type_tag={0xf, 0x0, 0x0, 0x12, 0x5}]}, {0x0, [0x2e, 0x5f, 0x71, 0x2e, 0x30, 0x30]}}, &(0x7f00000010c0)=""/83, 0x54, 0x53, 0x0, 0x2, 0x10000}, 0x28) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001300)={0xffffffffffffffff, 0x20, &(0x7f00000012c0)={&(0x7f00000011c0)=""/155, 0x9b, 0x0, &(0x7f0000001280)=""/24, 0x18}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001380)=@bpf_lsm={0x1d, 0x2d, &(0x7f0000000b00)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x80000001}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xe24}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @generic={0x6, 0x2, 0x1, 0x5, 0x7157c6bb}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}, @map_val={0x18, 0xb, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x9}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000c80)='syzkaller\x00', 0x5, 0x49, &(0x7f0000000cc0)=""/73, 0x40f00, 0x10, '\x00', r8, 0x1b, r9, 0x8, &(0x7f0000001180)={0x4, 0x5}, 0x8, 0x10, 0x0, 0x0, r10, 0x0, 0x1, 0x0, &(0x7f0000001340)=[{0x5, 0x3, 0x0, 0xb}]}, 0x94) r11 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002000000020000000093ef1cf40e4394a96b626f71fd748d7000000000002a54c35935b23897c77c5dd7fd0c13398000100000d000000000600000002a71c000700000000"], 0x0, 0x41}, 0x28) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@generic={&(0x7f0000000100)='./file0\x00', 0x0, 0x8}, 0x18) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000680)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r12, &(0x7f0000000000), 0x2a979d) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x5, '\x00', 0x0, r11, 0x1, 0x5, 0x3}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x8e1, 0x0, 0xffffffffffffffff, 0x15c, '\x00', 0x0, r11, 0x5, 0x4, 0x3}, 0x50) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7602}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x7, 0x88) close(0x3) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0xffffffffffffffff, 0x4, 0x8}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x15, 0x9, 0xe, 0x4, 0x0, 0xffffffffffffffff, 0x3b5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x2}, 0x50) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000640)=@generic={&(0x7f0000000600)='./file0\x00', 0x0, 0x8}, 0x18) 1.644385874s ago: executing program 2 (id=4117): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0x88}, 0x0) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee6888100", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 915.928247ms ago: executing program 1 (id=4118): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c2688110000000000000000000025", 0x51}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f0000004940)=""/4021, 0xfb5}, {&(0x7f0000000d40)=""/4102, 0x1006}, {&(0x7f0000000240)=""/63, 0x3f}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f00000006c0)=""/109, 0x6d}, {&(0x7f0000000640)=""/13, 0xd}], 0x7}, 0x2100) 892.495908ms ago: executing program 3 (id=4119): r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r2, 0x84, 0x78, &(0x7f0000000040), 0x4) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$kcm(0x10, 0x100000000002, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7}]}) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6) openat$tun(0xffffffffffffff9c, 0x0, 0x426603, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x1f4, 0x12, 0x0, &(0x7f00000001c0)="ffffffff7f833e9762a536c801d72069a00e", 0x0, 0x304, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x8}, 0x50) 0s ago: executing program 1 (id=4120): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x88e}, 0x0, 0x1, 0xffffffffffffffff, 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f00000002c0)={r2}) (fail_nth: 2) kernel console output (not intermixed with test programs): 98][T14494] ? clear_bhb_loop+0x40/0x90 [ 874.320741][T14494] ? clear_bhb_loop+0x40/0x90 [ 874.325485][T14494] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 874.331456][T14494] RIP: 0033:0x7f1ad5b9aeb9 [ 874.335912][T14494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.355556][T14494] RSP: 002b:00007f1ad6add028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 874.364016][T14494] RAX: ffffffffffffffda RBX: 00007f1ad5e15fa0 RCX: 00007f1ad5b9aeb9 [ 874.372034][T14494] RDX: 0000000000000002 RSI: 0000200000000680 RDI: 0000000000000003 [ 874.380032][T14494] RBP: 00007f1ad6add090 R08: 0000000000000000 R09: 0000000000000000 [ 874.388032][T14494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 874.396027][T14494] R13: 00007f1ad5e16038 R14: 00007f1ad5e15fa0 R15: 00007fffda349958 [ 874.404037][T14494] [ 874.509104][T14500] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3376'. [ 874.528293][T14500] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3376'. [ 874.564469][T14496] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3376'. [ 875.236018][T14518] netlink: 'syz.2.3384': attribute type 10 has an invalid length. [ 875.284511][T14519] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3385'. [ 875.295232][T14519] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3385'. [ 875.307972][T14519] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3385'. [ 875.644229][T14525] netlink: 'syz.0.3387': attribute type 21 has an invalid length. [ 875.663529][T14525] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3387'. [ 875.848944][T14530] netlink: 'syz.1.3389': attribute type 3 has an invalid length. [ 875.858069][T14530] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.3389'. [ 875.922969][T14535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3392'. [ 875.935922][T14535] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3392'. [ 875.973414][T14536] FAULT_INJECTION: forcing a failure. [ 875.973414][T14536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 876.015775][T14536] CPU: 1 PID: 14536 Comm: syz.2.3393 Not tainted syzkaller #0 [ 876.023364][T14536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 876.033478][T14536] Call Trace: [ 876.036817][T14536] [ 876.039800][T14536] dump_stack_lvl+0x18c/0x250 [ 876.044560][T14536] ? show_regs_print_info+0x20/0x20 [ 876.049835][T14536] ? load_image+0x400/0x400 [ 876.054413][T14536] ? __might_fault+0xaa/0x120 [ 876.059169][T14536] ? __lock_acquire+0x7d40/0x7d40 [ 876.064267][T14536] should_fail_ex+0x39d/0x4d0 [ 876.069027][T14536] _copy_from_user+0x2f/0xe0 [ 876.073954][T14536] ___sys_recvmsg+0x176/0x590 [ 876.078697][T14536] ? __sys_recvmsg+0x2a0/0x2a0 [ 876.083533][T14536] ? ksys_write+0x1c4/0x260 [ 876.088112][T14536] ? __fget_files+0x43d/0x4b0 [ 876.092866][T14536] __x64_sys_recvmsg+0x20c/0x2e0 [ 876.097899][T14536] ? ___sys_recvmsg+0x590/0x590 [ 876.102828][T14536] ? lockdep_hardirqs_on+0x98/0x150 [ 876.108089][T14536] do_syscall_64+0x55/0xa0 [ 876.112571][T14536] ? clear_bhb_loop+0x40/0x90 [ 876.117302][T14536] ? clear_bhb_loop+0x40/0x90 [ 876.122060][T14536] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 876.128011][T14536] RIP: 0033:0x7f045119aeb9 [ 876.132484][T14536] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 876.152412][T14536] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 876.160890][T14536] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 876.168924][T14536] RDX: 0000000000000000 RSI: 0000200000000900 RDI: 0000000000000003 [ 876.176966][T14536] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 876.184993][T14536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 876.193116][T14536] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 876.201180][T14536] [ 876.350977][T14542] netlink: 'syz.3.3396': attribute type 10 has an invalid length. [ 876.744470][T14558] netlink: 'syz.3.3402': attribute type 21 has an invalid length. [ 876.865608][T14562] netlink: 'syz.3.3404': attribute type 10 has an invalid length. [ 876.875484][T14562] vlan0: entered allmulticast mode [ 876.887335][T14562] veth0_vlan: entered allmulticast mode [ 876.936321][T14562] team0: Port device vlan0 added [ 876.942729][T14564] netlink: 'syz.0.3405': attribute type 21 has an invalid length. [ 876.951266][T14564] IPv6: NLM_F_CREATE should be specified when creating new route [ 876.964199][T14564] netlink: 'syz.0.3405': attribute type 5 has an invalid length. [ 877.120811][T14570] FAULT_INJECTION: forcing a failure. [ 877.120811][T14570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 877.134191][T14570] CPU: 0 PID: 14570 Comm: syz.3.3408 Not tainted syzkaller #0 [ 877.141721][T14570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 877.151831][T14570] Call Trace: [ 877.155141][T14570] [ 877.158092][T14570] dump_stack_lvl+0x18c/0x250 [ 877.162879][T14570] ? show_regs_print_info+0x20/0x20 [ 877.168155][T14570] ? load_image+0x400/0x400 [ 877.172752][T14570] ? __might_fault+0xaa/0x120 [ 877.177500][T14570] ? __lock_acquire+0x7d40/0x7d40 [ 877.182591][T14570] should_fail_ex+0x39d/0x4d0 [ 877.187340][T14570] _copy_from_user+0x2f/0xe0 [ 877.191993][T14570] ___sys_sendmsg+0x1c7/0x360 [ 877.196734][T14570] ? get_pid_task+0x20/0x1e0 [ 877.201434][T14570] ? __sys_sendmsg+0x2a0/0x2a0 [ 877.206297][T14570] ? __lock_acquire+0x7d40/0x7d40 [ 877.211391][T14570] __se_sys_sendmsg+0x1c2/0x2b0 [ 877.216293][T14570] ? __x64_sys_sendmsg+0x80/0x80 [ 877.221294][T14570] ? lockdep_hardirqs_on+0x98/0x150 [ 877.226530][T14570] do_syscall_64+0x55/0xa0 [ 877.230991][T14570] ? clear_bhb_loop+0x40/0x90 [ 877.235718][T14570] ? clear_bhb_loop+0x40/0x90 [ 877.240476][T14570] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 877.246476][T14570] RIP: 0033:0x7f607eb9aeb9 [ 877.250933][T14570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 877.270765][T14570] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 877.279237][T14570] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 877.287250][T14570] RDX: 0000000020000800 RSI: 0000200000000600 RDI: 0000000000000003 [ 877.295283][T14570] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 877.303549][T14570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 877.311553][T14570] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 877.319577][T14570] [ 877.442605][T14568] netlink: 'syz.1.3407': attribute type 10 has an invalid length. [ 878.034026][T14593] FAULT_INJECTION: forcing a failure. [ 878.034026][T14593] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 878.065195][T14593] CPU: 0 PID: 14593 Comm: syz.0.3416 Not tainted syzkaller #0 [ 878.072760][T14593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 878.082871][T14593] Call Trace: [ 878.086194][T14593] [ 878.089163][T14593] dump_stack_lvl+0x18c/0x250 [ 878.093910][T14593] ? show_regs_print_info+0x20/0x20 [ 878.099190][T14593] ? load_image+0x400/0x400 [ 878.103756][T14593] ? __might_fault+0xaa/0x120 [ 878.108488][T14593] ? __lock_acquire+0x7d40/0x7d40 [ 878.113575][T14593] should_fail_ex+0x39d/0x4d0 [ 878.118323][T14593] _copy_from_user+0x2f/0xe0 [ 878.123004][T14593] ___sys_sendmsg+0x1c7/0x360 [ 878.127740][T14593] ? get_pid_task+0x20/0x1e0 [ 878.132386][T14593] ? __sys_sendmsg+0x2a0/0x2a0 [ 878.137230][T14593] ? __lock_acquire+0x7d40/0x7d40 [ 878.142339][T14593] __se_sys_sendmsg+0x1c2/0x2b0 [ 878.147257][T14593] ? __x64_sys_sendmsg+0x80/0x80 [ 878.152279][T14593] ? lockdep_hardirqs_on+0x98/0x150 [ 878.157534][T14593] do_syscall_64+0x55/0xa0 [ 878.162013][T14593] ? clear_bhb_loop+0x40/0x90 [ 878.166746][T14593] ? clear_bhb_loop+0x40/0x90 [ 878.171488][T14593] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 878.177443][T14593] RIP: 0033:0x7fb7d599aeb9 [ 878.181462][T14589] netlink: 'syz.2.3411': attribute type 4 has an invalid length. [ 878.181885][T14593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 878.181908][T14593] RSP: 002b:00007fb7d6789028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 878.181932][T14593] RAX: ffffffffffffffda RBX: 00007fb7d5c15fa0 RCX: 00007fb7d599aeb9 [ 878.181948][T14593] RDX: 0000000000000060 RSI: 0000200000000080 RDI: 0000000000000004 [ 878.181969][T14593] RBP: 00007fb7d6789090 R08: 0000000000000000 R09: 0000000000000000 [ 878.181982][T14593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 878.181995][T14593] R13: 00007fb7d5c16038 R14: 00007fb7d5c15fa0 R15: 00007ffda3c26ac8 [ 878.182027][T14593] [ 878.516675][T14589] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 878.775425][T14607] netlink: 'syz.2.3422': attribute type 10 has an invalid length. [ 879.332282][T14634] FAULT_INJECTION: forcing a failure. [ 879.332282][T14634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 879.349027][T14634] CPU: 1 PID: 14634 Comm: syz.2.3431 Not tainted syzkaller #0 [ 879.357106][T14634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 879.367217][T14634] Call Trace: [ 879.370531][T14634] [ 879.373519][T14634] dump_stack_lvl+0x18c/0x250 [ 879.378378][T14634] ? show_regs_print_info+0x20/0x20 [ 879.383630][T14634] ? load_image+0x400/0x400 [ 879.388180][T14634] ? __might_fault+0xaa/0x120 [ 879.392931][T14634] ? __lock_acquire+0x7d40/0x7d40 [ 879.398023][T14634] should_fail_ex+0x39d/0x4d0 [ 879.402784][T14634] _copy_from_user+0x2f/0xe0 [ 879.407431][T14634] __sys_bpf+0x23e/0x890 [ 879.411712][T14634] ? bpf_link_show_fdinfo+0x390/0x390 [ 879.417141][T14634] ? lock_chain_count+0x20/0x20 [ 879.422123][T14634] __x64_sys_bpf+0x7c/0x90 [ 879.426572][T14634] do_syscall_64+0x55/0xa0 [ 879.431097][T14634] ? clear_bhb_loop+0x40/0x90 [ 879.435935][T14634] ? clear_bhb_loop+0x40/0x90 [ 879.440660][T14634] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 879.446588][T14634] RIP: 0033:0x7f045119aeb9 [ 879.451062][T14634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 879.470896][T14634] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 879.479376][T14634] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 879.487380][T14634] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 879.495390][T14634] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 879.503433][T14634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 879.511438][T14634] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 879.519460][T14634] [ 879.618832][T14636] __nla_validate_parse: 24 callbacks suppressed [ 879.618856][T14636] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3432'. [ 879.636494][T14636] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3432'. [ 879.649497][T14636] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3432'. [ 879.660085][T14636] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3432'. [ 879.769150][T14640] netlink: 'syz.3.3434': attribute type 21 has an invalid length. [ 880.189953][T14650] netlink: 'syz.2.3437': attribute type 10 has an invalid length. [ 880.356051][T14666] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3442'. [ 880.370467][T14666] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3442'. [ 880.386807][T14666] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3442'. [ 880.398848][T14666] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3442'. [ 880.655176][T14673] FAULT_INJECTION: forcing a failure. [ 880.655176][T14673] name failslab, interval 1, probability 0, space 0, times 0 [ 880.668650][T14673] CPU: 1 PID: 14673 Comm: syz.3.3445 Not tainted syzkaller #0 [ 880.676193][T14673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 880.686313][T14673] Call Trace: [ 880.689621][T14673] [ 880.692703][T14673] dump_stack_lvl+0x18c/0x250 [ 880.697458][T14673] ? show_regs_print_info+0x20/0x20 [ 880.702716][T14673] ? load_image+0x400/0x400 [ 880.707271][T14673] ? __might_sleep+0xe0/0xe0 [ 880.711944][T14673] ? __lock_acquire+0x7d40/0x7d40 [ 880.717032][T14673] should_fail_ex+0x39d/0x4d0 [ 880.721757][T14673] should_failslab+0x9/0x20 [ 880.726330][T14673] slab_pre_alloc_hook+0x59/0x310 [ 880.731417][T14673] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 880.737185][T14673] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 880.742941][T14673] __kmem_cache_alloc_node+0x53/0x250 [ 880.748365][T14673] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 880.754205][T14673] __kmalloc+0xa4/0x230 [ 880.758412][T14673] tomoyo_realpath_from_path+0xe3/0x5d0 [ 880.764021][T14673] tomoyo_path_number_perm+0x248/0x620 [ 880.769527][T14673] ? tomoyo_path_number_perm+0x217/0x620 [ 880.775234][T14673] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 880.780741][T14673] ? ksys_write+0x1c4/0x260 [ 880.785305][T14673] ? __fget_files+0x28/0x4b0 [ 880.789933][T14673] ? __fget_files+0x28/0x4b0 [ 880.794572][T14673] security_file_ioctl+0x70/0xa0 [ 880.799564][T14673] __se_sys_ioctl+0x48/0x170 [ 880.804198][T14673] do_syscall_64+0x55/0xa0 [ 880.808653][T14673] ? clear_bhb_loop+0x40/0x90 [ 880.813366][T14673] ? clear_bhb_loop+0x40/0x90 [ 880.818078][T14673] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 880.824013][T14673] RIP: 0033:0x7f607eb9aeb9 [ 880.828467][T14673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 880.848122][T14673] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 880.856579][T14673] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 880.864625][T14673] RDX: 0000200000000000 RSI: 0000000000008b32 RDI: 0000000000000003 [ 880.872636][T14673] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 880.880649][T14673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 880.888743][T14673] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 880.896762][T14673] [ 880.921014][T14673] ERROR: Out of memory at tomoyo_realpath_from_path. [ 881.219169][T14687] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3451'. [ 881.229105][T14687] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3451'. [ 882.533977][ T5780] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 882.736053][T14720] validate_nla: 1 callbacks suppressed [ 882.736071][T14720] netlink: 'syz.0.3463': attribute type 10 has an invalid length. [ 884.993886][T14730] netlink: 'syz.3.3467': attribute type 12 has an invalid length. [ 885.006790][T14730] __nla_validate_parse: 6 callbacks suppressed [ 885.006806][T14730] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3467'. [ 885.123021][T14735] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3469'. [ 885.151461][T14735] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3469'. [ 885.171922][T14735] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3469'. [ 885.201397][T14735] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3469'. [ 886.250246][T14748] netlink: 'syz.1.3473': attribute type 10 has an invalid length. [ 886.493979][T14757] netlink: 'syz.3.3476': attribute type 10 has an invalid length. [ 888.558358][T14761] FAULT_INJECTION: forcing a failure. [ 888.558358][T14761] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 888.576740][T14761] CPU: 0 PID: 14761 Comm: syz.2.3479 Not tainted syzkaller #0 [ 888.584291][T14761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 888.594667][T14761] Call Trace: [ 888.597993][T14761] [ 888.600983][T14761] dump_stack_lvl+0x18c/0x250 [ 888.605815][T14761] ? show_regs_print_info+0x20/0x20 [ 888.611076][T14761] ? load_image+0x400/0x400 [ 888.615663][T14761] ? __might_fault+0xaa/0x120 [ 888.620389][T14761] ? __lock_acquire+0x7d40/0x7d40 [ 888.625467][T14761] should_fail_ex+0x39d/0x4d0 [ 888.630210][T14761] _copy_from_user+0x2f/0xe0 [ 888.634874][T14761] ___sys_sendmsg+0x1c7/0x360 [ 888.639604][T14761] ? get_pid_task+0x20/0x1e0 [ 888.644277][T14761] ? __sys_sendmsg+0x2a0/0x2a0 [ 888.649098][T14761] ? __lock_acquire+0x7d40/0x7d40 [ 888.654176][T14761] __se_sys_sendmsg+0x1c2/0x2b0 [ 888.659074][T14761] ? __x64_sys_sendmsg+0x80/0x80 [ 888.664060][T14761] ? lockdep_hardirqs_on+0x98/0x150 [ 888.669297][T14761] do_syscall_64+0x55/0xa0 [ 888.673755][T14761] ? clear_bhb_loop+0x40/0x90 [ 888.678497][T14761] ? clear_bhb_loop+0x40/0x90 [ 888.683203][T14761] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 888.689132][T14761] RIP: 0033:0x7f045119aeb9 [ 888.693601][T14761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 888.713240][T14761] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 888.721786][T14761] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 888.729792][T14761] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000003 [ 888.737817][T14761] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 888.745829][T14761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 888.753837][T14761] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 888.761852][T14761] [ 888.766044][T14758] Bluetooth: hci1: command 0x0406 tx timeout [ 889.554851][T14780] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.3486'. [ 889.567712][T14780] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.3486'. [ 889.579619][T14780] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.3486'. [ 890.238153][T14798] netlink: 'syz.2.3491': attribute type 10 has an invalid length. [ 890.838171][T14796] netlink: 'syz.1.3488': attribute type 4 has an invalid length. [ 890.904859][T14796] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3488'. [ 891.029285][T14813] FAULT_INJECTION: forcing a failure. [ 891.029285][T14813] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 891.085865][T14813] CPU: 1 PID: 14813 Comm: syz.0.3495 Not tainted syzkaller #0 [ 891.093602][T14813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 891.103712][T14813] Call Trace: [ 891.107056][T14813] [ 891.110040][T14813] dump_stack_lvl+0x18c/0x250 [ 891.114809][T14813] ? show_regs_print_info+0x20/0x20 [ 891.120099][T14813] ? load_image+0x400/0x400 [ 891.124670][T14813] ? __might_fault+0xaa/0x120 [ 891.129581][T14813] ? __lock_acquire+0x7d40/0x7d40 [ 891.134674][T14813] should_fail_ex+0x39d/0x4d0 [ 891.139430][T14813] _copy_from_user+0x2f/0xe0 [ 891.144089][T14813] ___sys_sendmsg+0x1c7/0x360 [ 891.148836][T14813] ? get_pid_task+0x20/0x1e0 [ 891.153490][T14813] ? __sys_sendmsg+0x2a0/0x2a0 [ 891.158358][T14813] ? __lock_acquire+0x7d40/0x7d40 [ 891.163469][T14813] __se_sys_sendmsg+0x1c2/0x2b0 [ 891.168390][T14813] ? __x64_sys_sendmsg+0x80/0x80 [ 891.173684][T14813] ? lockdep_hardirqs_on+0x98/0x150 [ 891.179002][T14813] do_syscall_64+0x55/0xa0 [ 891.183666][T14813] ? clear_bhb_loop+0x40/0x90 [ 891.188414][T14813] ? clear_bhb_loop+0x40/0x90 [ 891.193353][T14813] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 891.199660][T14813] RIP: 0033:0x7fb7d599aeb9 [ 891.204147][T14813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.224605][T14813] RSP: 002b:00007fb7d6789028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 891.233438][T14813] RAX: ffffffffffffffda RBX: 00007fb7d5c15fa0 RCX: 00007fb7d599aeb9 [ 891.241477][T14813] RDX: 0000000000000041 RSI: 0000200000002dc0 RDI: 0000000000000004 [ 891.249508][T14813] RBP: 00007fb7d6789090 R08: 0000000000000000 R09: 0000000000000000 [ 891.257815][T14813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 891.266814][T14813] R13: 00007fb7d5c16038 R14: 00007fb7d5c15fa0 R15: 00007ffda3c26ac8 [ 891.275764][T14813] [ 893.781237][T14796] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 894.050209][T14824] netlink: 'syz.0.3498': attribute type 10 has an invalid length. [ 894.067265][T14824] netlink: 55 bytes leftover after parsing attributes in process `syz.0.3498'. [ 894.544967][T14829] netlink: 'syz.1.3502': attribute type 10 has an invalid length. [ 894.564685][T14836] netlink: 'syz.2.3503': attribute type 1 has an invalid length. [ 894.984334][T14845] FAULT_INJECTION: forcing a failure. [ 894.984334][T14845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 895.011081][T14845] CPU: 1 PID: 14845 Comm: syz.3.3508 Not tainted syzkaller #0 [ 895.018664][T14845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 895.028769][T14845] Call Trace: [ 895.032133][T14845] [ 895.035186][T14845] dump_stack_lvl+0x18c/0x250 [ 895.039950][T14845] ? show_regs_print_info+0x20/0x20 [ 895.045192][T14845] ? load_image+0x400/0x400 [ 895.049755][T14845] ? __might_fault+0xaa/0x120 [ 895.054473][T14845] ? __lock_acquire+0x7d40/0x7d40 [ 895.059638][T14845] should_fail_ex+0x39d/0x4d0 [ 895.064367][T14845] _copy_from_user+0x2f/0xe0 [ 895.068996][T14845] ___sys_sendmsg+0x1c7/0x360 [ 895.073733][T14845] ? get_pid_task+0x20/0x1e0 [ 895.078421][T14845] ? __sys_sendmsg+0x2a0/0x2a0 [ 895.083253][T14845] ? __lock_acquire+0x7d40/0x7d40 [ 895.088345][T14845] __se_sys_sendmsg+0x1c2/0x2b0 [ 895.093282][T14845] ? __x64_sys_sendmsg+0x80/0x80 [ 895.098285][T14845] ? lockdep_hardirqs_on+0x98/0x150 [ 895.103530][T14845] do_syscall_64+0x55/0xa0 [ 895.108002][T14845] ? clear_bhb_loop+0x40/0x90 [ 895.112731][T14845] ? clear_bhb_loop+0x40/0x90 [ 895.117455][T14845] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 895.123395][T14845] RIP: 0033:0x7f607eb9aeb9 [ 895.127854][T14845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 895.147539][T14845] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 895.156002][T14845] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 895.164023][T14845] RDX: 0000000000008014 RSI: 0000200000000080 RDI: 0000000000000004 [ 895.172128][T14845] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 895.180144][T14845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 895.188156][T14845] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 895.196183][T14845] [ 897.928273][T14867] sit0: entered allmulticast mode [ 897.970174][T14867] sit0: entered promiscuous mode [ 898.907114][T14868] netlink: 'syz.3.3513': attribute type 10 has an invalid length. [ 899.009825][T14889] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3518'. [ 899.222205][T14889] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3518'. [ 901.625663][T14890] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3518'. [ 901.730829][T14893] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3519'. [ 904.079882][T14891] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3518'. [ 904.089292][T14893] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3519'. [ 904.282861][T14903] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3523'. [ 904.295935][T14903] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3523'. [ 904.308168][T14903] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3523'. [ 904.901616][T14912] netlink: 'syz.2.3526': attribute type 10 has an invalid length. [ 905.500353][T14916] A link change request failed with some changes committed already. Interface Q±6ã×\b‹¡Y­4 may have been left with an inconsistent configuration, please check. [ 907.759764][T14921] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3529'. [ 907.822470][T14921] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3529'. [ 907.851011][T14921] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3529'. [ 907.865542][T14921] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3529'. [ 907.879681][T14925] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3530'. [ 908.142762][T14936] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 908.150996][T14936] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 908.176696][T14936] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 908.184656][T14936] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 908.385099][T14942] netlink: 'syz.2.3538': attribute type 10 has an invalid length. [ 911.826126][T14954] __nla_validate_parse: 7 callbacks suppressed [ 911.826151][T14954] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3544'. [ 911.842294][T14956] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3543'. [ 911.842364][T14956] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3543'. [ 911.863689][T14956] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3543'. [ 911.876734][T14954] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3544'. [ 911.920938][T14956] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3543'. [ 911.931922][T14958] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3544'. [ 911.942049][T14954] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3544'. [ 912.161055][T14957] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 912.166500][T14965] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3554'. [ 912.192585][T14967] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3546'. [ 912.241928][T14964] netlink: 'syz.0.3547': attribute type 10 has an invalid length. [ 916.811257][T14995] netlink: 'syz.1.3559': attribute type 10 has an invalid length. [ 916.999697][T15008] __nla_validate_parse: 17 callbacks suppressed [ 916.999711][T15008] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3564'. [ 917.034770][T15007] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3564'. [ 920.427104][T15015] FAULT_INJECTION: forcing a failure. [ 920.427104][T15015] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 920.444088][T15015] CPU: 1 PID: 15015 Comm: syz.3.3567 Not tainted syzkaller #0 [ 920.451640][T15015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 920.459201][T15017] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3566'. [ 920.461723][T15015] Call Trace: [ 920.461735][T15015] [ 920.461745][T15015] dump_stack_lvl+0x18c/0x250 [ 920.461783][T15015] ? show_regs_print_info+0x20/0x20 [ 920.461812][T15015] ? load_image+0x400/0x400 [ 920.461837][T15015] ? __might_fault+0xaa/0x120 [ 920.461860][T15015] ? __lock_acquire+0x7d40/0x7d40 [ 920.461889][T15015] should_fail_ex+0x39d/0x4d0 [ 920.461924][T15015] _copy_from_user+0x2f/0xe0 [ 920.461950][T15015] ___sys_sendmsg+0x1c7/0x360 [ 920.461983][T15015] ? get_pid_task+0x20/0x1e0 [ 920.462014][T15015] ? __sys_sendmsg+0x2a0/0x2a0 [ 920.472774][T15017] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3566'. [ 920.474458][T15015] ? __lock_acquire+0x7d40/0x7d40 [ 920.491920][T15014] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3569'. [ 920.492094][T15014] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3569'. [ 920.496642][T15015] __se_sys_sendmsg+0x1c2/0x2b0 [ 920.506016][T15017] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3566'. [ 920.506413][T15015] ? __x64_sys_sendmsg+0x80/0x80 [ 920.517116][T15017] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3566'. [ 920.520323][T15015] ? lockdep_hardirqs_on+0x98/0x150 [ 920.531548][T15014] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3569'. [ 920.534162][T15015] do_syscall_64+0x55/0xa0 [ 920.603730][T15015] ? clear_bhb_loop+0x40/0x90 [ 920.608552][T15015] ? clear_bhb_loop+0x40/0x90 [ 920.613380][T15015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 920.619419][T15015] RIP: 0033:0x7f607eb9aeb9 [ 920.623887][T15015] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 920.643559][T15015] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 920.652085][T15015] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 920.660117][T15015] RDX: 0000000000000000 RSI: 0000200000003780 RDI: 0000000000000003 [ 920.668141][T15015] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 920.676168][T15015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 920.684196][T15015] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 920.692277][T15015] [ 920.702941][T15018] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3568'. [ 921.111844][T15029] netlink: 'syz.3.3572': attribute type 10 has an invalid length. [ 924.779603][T15050] __nla_validate_parse: 3 callbacks suppressed [ 924.779624][T15050] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3580'. [ 924.804205][T15053] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3581'. [ 924.813432][T15053] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3581'. [ 924.826169][T15050] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3580'. [ 924.838878][T15053] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3581'. [ 924.853928][T15056] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3580'. [ 924.870287][T15053] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3581'. [ 924.899736][T15050] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3580'. [ 925.045586][T15059] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3584'. [ 925.055367][T15059] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3584'. [ 925.524502][T15080] FAULT_INJECTION: forcing a failure. [ 925.524502][T15080] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 925.570746][T15080] CPU: 1 PID: 15080 Comm: syz.2.3592 Not tainted syzkaller #0 [ 925.578301][T15080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 925.588410][T15080] Call Trace: [ 925.591729][T15080] [ 925.594704][T15080] dump_stack_lvl+0x18c/0x250 [ 925.599448][T15080] ? show_regs_print_info+0x20/0x20 [ 925.604700][T15080] ? load_image+0x400/0x400 [ 925.609259][T15080] ? __might_fault+0xaa/0x120 [ 925.614001][T15080] ? __lock_acquire+0x7d40/0x7d40 [ 925.619088][T15080] should_fail_ex+0x39d/0x4d0 [ 925.623857][T15080] _copy_from_user+0x2f/0xe0 [ 925.628509][T15080] ___sys_sendmsg+0x1c7/0x360 [ 925.633252][T15080] ? get_pid_task+0x20/0x1e0 [ 925.637936][T15080] ? __sys_sendmsg+0x2a0/0x2a0 [ 925.642775][T15080] ? __lock_acquire+0x7d40/0x7d40 [ 925.647875][T15080] __se_sys_sendmsg+0x1c2/0x2b0 [ 925.652773][T15080] ? __x64_sys_sendmsg+0x80/0x80 [ 925.657761][T15080] ? lockdep_hardirqs_on+0x98/0x150 [ 925.663003][T15080] do_syscall_64+0x55/0xa0 [ 925.667454][T15080] ? clear_bhb_loop+0x40/0x90 [ 925.672168][T15080] ? clear_bhb_loop+0x40/0x90 [ 925.676877][T15080] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 925.682800][T15080] RIP: 0033:0x7f045119aeb9 [ 925.687245][T15080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 925.706885][T15080] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 925.715336][T15080] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 925.723338][T15080] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 925.731342][T15080] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 925.739345][T15080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 925.747354][T15080] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 925.755408][T15080] [ 928.779417][T15101] FAULT_INJECTION: forcing a failure. [ 928.779417][T15101] name failslab, interval 1, probability 0, space 0, times 0 [ 928.804481][T15101] CPU: 1 PID: 15101 Comm: syz.3.3600 Not tainted syzkaller #0 [ 928.812036][T15101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 928.822143][T15101] Call Trace: [ 928.825460][T15101] [ 928.828424][T15101] dump_stack_lvl+0x18c/0x250 [ 928.833169][T15101] ? show_regs_print_info+0x20/0x20 [ 928.838420][T15101] ? load_image+0x400/0x400 [ 928.842979][T15101] ? __might_sleep+0xe0/0xe0 [ 928.847620][T15101] ? __lock_acquire+0x7d40/0x7d40 [ 928.852704][T15101] should_fail_ex+0x39d/0x4d0 [ 928.857445][T15101] should_failslab+0x9/0x20 [ 928.862007][T15101] slab_pre_alloc_hook+0x59/0x310 [ 928.867085][T15101] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 928.872852][T15101] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 928.878630][T15101] __kmem_cache_alloc_node+0x53/0x250 [ 928.884059][T15101] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 928.889827][T15101] __kmalloc+0xa4/0x230 [ 928.894054][T15101] tomoyo_realpath_from_path+0xe3/0x5d0 [ 928.899666][T15101] tomoyo_path_number_perm+0x248/0x620 [ 928.905187][T15101] ? tomoyo_path_number_perm+0x217/0x620 [ 928.910898][T15101] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 928.916412][T15101] ? ksys_write+0x1c4/0x260 [ 928.920998][T15101] ? __fget_files+0x28/0x4b0 [ 928.925646][T15101] ? __fget_files+0x28/0x4b0 [ 928.930308][T15101] security_file_ioctl+0x70/0xa0 [ 928.935307][T15101] __se_sys_ioctl+0x48/0x170 [ 928.939971][T15101] do_syscall_64+0x55/0xa0 [ 928.944445][T15101] ? clear_bhb_loop+0x40/0x90 [ 928.949189][T15101] ? clear_bhb_loop+0x40/0x90 [ 928.953911][T15101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 928.959843][T15101] RIP: 0033:0x7f607eb9aeb9 [ 928.964301][T15101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 928.983943][T15101] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 928.992388][T15101] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 929.000384][T15101] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000004 [ 929.008387][T15101] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 929.016470][T15101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 929.024466][T15101] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 929.032482][T15101] [ 929.075182][T15101] ERROR: Out of memory at tomoyo_realpath_from_path. [ 931.744495][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.754854][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.100280][T15126] __nla_validate_parse: 28 callbacks suppressed [ 932.100302][T15126] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3611'. [ 932.160963][T15126] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3611'. [ 932.195495][T15128] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3612'. [ 932.214294][T15126] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3611'. [ 932.256534][T15131] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3611'. [ 932.472076][T15137] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3616'. [ 935.077137][T15137] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3616'. [ 935.664579][T15152] netlink: 'syz.3.3620': attribute type 10 has an invalid length. [ 935.837439][T15157] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3622'. [ 938.557928][T15165] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3624'. [ 938.580908][T15165] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3624'. [ 938.598271][T15165] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3624'. [ 938.624608][T15165] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3624'. [ 938.670302][ T5780] Bluetooth: hci0: unexpected event 0x0f length: 15 > 4 [ 938.674040][T15170] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3626'. [ 938.719961][T15170] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3626'. [ 938.741528][T15171] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3626'. [ 938.771432][T15170] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3626'. [ 939.077081][T15179] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3631'. [ 942.009863][T15191] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3636'. [ 942.141612][T15193] netlink: 'syz.3.3635': attribute type 10 has an invalid length. [ 942.701446][ T5780] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 942.712003][ T5780] Bluetooth: hci0: Injecting HCI hardware error event [ 942.721659][T14758] Bluetooth: hci0: hardware error 0x00 [ 945.020078][T15207] __nla_validate_parse: 7 callbacks suppressed [ 945.020100][T15207] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.3641'. [ 945.042014][T15207] netlink: 'syz.0.3641': attribute type 10 has an invalid length. [ 945.059831][T15207] team0: Device hsr_slave_0 failed to register rx_handler [ 945.868099][T15219] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3645'. [ 945.883259][T15219] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3645'. [ 945.898553][T15219] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3645'. [ 945.914141][T15219] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3645'. [ 946.052618][T15221] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3647'. [ 946.786712][T14758] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 948.697848][T15224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3648'. [ 948.707212][T15224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3648'. [ 948.720605][T15224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3648'. [ 948.735193][T15224] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3648'. [ 948.913925][T14758] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4 [ 949.140356][T15234] netlink: 'syz.2.3653': attribute type 10 has an invalid length. [ 949.186170][T15234] team0: Device hsr_slave_0 failed to register rx_handler [ 949.416060][T15241] netlink: 'syz.1.3656': attribute type 10 has an invalid length. [ 950.550693][T15257] __nla_validate_parse: 6 callbacks suppressed [ 950.550714][T15257] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3662'. [ 952.605488][T15257] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3662'. [ 952.842145][T15263] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3664'. [ 952.870114][T15263] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3664'. [ 952.905095][T15263] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3664'. [ 952.928208][T15263] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3664'. [ 952.941170][T14758] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 952.949786][T14758] Bluetooth: hci1: Injecting HCI hardware error event [ 952.959927][ T5780] Bluetooth: hci1: hardware error 0x00 [ 953.097351][T14758] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4 [ 953.232058][T15272] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3668'. [ 953.303326][T15270] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.3667'. [ 953.334157][T15270] netlink: 'syz.3.3667': attribute type 10 has an invalid length. [ 953.359639][T15270] team0: Device hsr_slave_0 failed to register rx_handler [ 954.396348][T15287] netlink: 'syz.0.3671': attribute type 10 has an invalid length. [ 955.021217][ T5780] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 956.334718][T15297] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3673'. [ 956.347158][T15293] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3673'. [ 956.553610][T15300] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3675'. [ 956.567340][T15300] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3675'. [ 956.578618][T15300] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3675'. [ 956.594764][T15300] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3675'. [ 956.742899][T15302] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3676'. [ 956.758068][T15302] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3676'. [ 956.782522][T15302] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3676'. [ 956.797283][T15302] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3676'. [ 962.691792][T15324] __nla_validate_parse: 3 callbacks suppressed [ 962.691810][T15324] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3686'. [ 962.709457][T15324] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3686'. [ 962.725286][T15320] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.3684'. [ 962.735732][T15324] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3686'. [ 962.748257][T15320] netlink: 'syz.1.3684': attribute type 10 has an invalid length. [ 962.786555][T15320] team0: Device hsr_slave_0 failed to register rx_handler [ 965.792814][T15324] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3686'. [ 965.834224][T15327] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3685'. [ 965.894410][T15329] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3687'. [ 965.903788][T15329] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3687'. [ 965.914356][T15329] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3687'. [ 965.928929][T15329] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3687'. [ 966.687567][ T5780] Bluetooth: hci2: unexpected event 0x0f length: 15 > 4 [ 966.772591][T15341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 966.925139][T15348] netlink: 'syz.2.3696': attribute type 13 has an invalid length. [ 967.809126][T15368] __nla_validate_parse: 23 callbacks suppressed [ 967.809143][T15368] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3706'. [ 967.834083][T15368] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3706'. [ 967.854127][T15368] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3706'. [ 967.866131][T15368] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3706'. [ 967.949466][T15370] FAULT_INJECTION: forcing a failure. [ 967.949466][T15370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 967.965927][T15370] CPU: 0 PID: 15370 Comm: syz.1.3707 Not tainted syzkaller #0 [ 967.973507][T15370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 967.983721][T15370] Call Trace: [ 967.987061][T15370] [ 967.990047][T15370] dump_stack_lvl+0x18c/0x250 [ 967.994813][T15370] ? show_regs_print_info+0x20/0x20 [ 968.000100][T15370] ? load_image+0x400/0x400 [ 968.004790][T15370] ? __might_fault+0xaa/0x120 [ 968.009554][T15370] ? __lock_acquire+0x7d40/0x7d40 [ 968.014674][T15370] should_fail_ex+0x39d/0x4d0 [ 968.019449][T15370] _copy_from_user+0x2f/0xe0 [ 968.024125][T15370] __sys_bpf+0x23e/0x890 [ 968.028434][T15370] ? bpf_link_show_fdinfo+0x390/0x390 [ 968.033900][T15370] ? lock_chain_count+0x20/0x20 [ 968.038839][T15370] __x64_sys_bpf+0x7c/0x90 [ 968.043330][T15370] do_syscall_64+0x55/0xa0 [ 968.047807][T15370] ? clear_bhb_loop+0x40/0x90 [ 968.052532][T15370] ? clear_bhb_loop+0x40/0x90 [ 968.057254][T15370] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 968.063192][T15370] RIP: 0033:0x7f1ad5b9aeb9 [ 968.067652][T15370] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 968.087308][T15370] RSP: 002b:00007f1ad6add028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 968.095768][T15370] RAX: ffffffffffffffda RBX: 00007f1ad5e15fa0 RCX: 00007f1ad5b9aeb9 [ 968.103779][T15370] RDX: 0000000000000040 RSI: 0000200000000240 RDI: 000000000000001c [ 968.111796][T15370] RBP: 00007f1ad6add090 R08: 0000000000000000 R09: 0000000000000000 [ 968.119807][T15370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 968.127817][T15370] R13: 00007f1ad5e16038 R14: 00007f1ad5e15fa0 R15: 00007fffda349958 [ 968.135857][T15370] [ 968.330283][T15376] netlink: 65055 bytes leftover after parsing attributes in process `syz.3.3708'. [ 968.350937][T15377] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3710'. [ 968.360018][T15377] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3710'. [ 968.563326][T15380] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3711'. [ 968.635653][T15383] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3712'. [ 970.473303][T15377] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3710'. [ 970.710890][ T5780] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 970.721504][ T5780] Bluetooth: hci2: Injecting HCI hardware error event [ 970.729885][ T5780] Bluetooth: hci2: hardware error 0x00 [ 971.863938][T15412] FAULT_INJECTION: forcing a failure. [ 971.863938][T15412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 971.894307][T15412] CPU: 1 PID: 15412 Comm: syz.3.3722 Not tainted syzkaller #0 [ 971.901888][T15412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 971.912005][T15412] Call Trace: [ 971.915340][T15412] [ 971.918325][T15412] dump_stack_lvl+0x18c/0x250 [ 971.923078][T15412] ? show_regs_print_info+0x20/0x20 [ 971.928349][T15412] ? load_image+0x400/0x400 [ 971.932918][T15412] ? __might_fault+0xaa/0x120 [ 971.937658][T15412] ? __lock_acquire+0x7d40/0x7d40 [ 971.942756][T15412] should_fail_ex+0x39d/0x4d0 [ 971.947512][T15412] _copy_from_user+0x2f/0xe0 [ 971.952174][T15412] __sys_bpf+0x23e/0x890 [ 971.956490][T15412] ? bpf_link_show_fdinfo+0x390/0x390 [ 971.961952][T15412] ? lock_chain_count+0x20/0x20 [ 971.966880][T15412] __x64_sys_bpf+0x7c/0x90 [ 971.971360][T15412] do_syscall_64+0x55/0xa0 [ 971.975841][T15412] ? clear_bhb_loop+0x40/0x90 [ 971.980579][T15412] ? clear_bhb_loop+0x40/0x90 [ 971.985326][T15412] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 971.991275][T15412] RIP: 0033:0x7f607eb9aeb9 [ 971.995753][T15412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 972.015429][T15412] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 972.023909][T15412] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 972.031931][T15412] RDX: 0000000000000094 RSI: 0000200000000640 RDI: 0000000000000005 [ 972.039960][T15412] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 972.047988][T15412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 972.056005][T15412] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 972.064062][T15412] [ 972.614715][T15425] syzkaller0: entered promiscuous mode [ 972.620593][T15425] syzkaller0: entered allmulticast mode [ 972.781146][ T5780] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 973.167746][T15437] __nla_validate_parse: 30 callbacks suppressed [ 973.167765][T15437] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3734'. [ 973.192106][T15437] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3734'. [ 973.203379][T15437] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3734'. [ 973.214416][T15437] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3734'. [ 973.260191][T15439] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3735'. [ 973.371417][T15439] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3735'. [ 973.420817][T15440] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3735'. [ 973.445560][T15442] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3735'. [ 973.708343][T15453] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3739'. [ 973.761725][T15452] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3739'. [ 974.242464][T15461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 978.287938][T15532] FAULT_INJECTION: forcing a failure. [ 978.287938][T15532] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 978.304952][T15532] CPU: 0 PID: 15532 Comm: syz.3.3772 Not tainted syzkaller #0 [ 978.312588][T15532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 978.322696][T15532] Call Trace: [ 978.326023][T15532] [ 978.328996][T15532] dump_stack_lvl+0x18c/0x250 [ 978.333746][T15532] ? show_regs_print_info+0x20/0x20 [ 978.339019][T15532] ? load_image+0x400/0x400 [ 978.343592][T15532] ? __lock_acquire+0x7d40/0x7d40 [ 978.348692][T15532] ? snprintf+0xe9/0x140 [ 978.353035][T15532] should_fail_ex+0x39d/0x4d0 [ 978.357795][T15532] _copy_to_user+0x2f/0xa0 [ 978.362283][T15532] simple_read_from_buffer+0xe7/0x150 [ 978.367718][T15532] proc_fail_nth_read+0x1e8/0x260 [ 978.372815][T15532] ? proc_fault_inject_write+0x360/0x360 [ 978.378520][T15532] ? fsnotify_perm+0x271/0x5e0 [ 978.383350][T15532] ? proc_fault_inject_write+0x360/0x360 [ 978.389047][T15532] vfs_read+0x28b/0x970 [ 978.393267][T15532] ? kernel_read+0x1e0/0x1e0 [ 978.397926][T15532] ? __fget_files+0x28/0x4b0 [ 978.402575][T15532] ? __fget_files+0x28/0x4b0 [ 978.407231][T15532] ? __fget_files+0x43d/0x4b0 [ 978.411979][T15532] ? __fdget_pos+0x2a3/0x330 [ 978.416635][T15532] ? ksys_read+0x75/0x260 [ 978.421072][T15532] ksys_read+0x150/0x260 [ 978.425377][T15532] ? vfs_write+0x990/0x990 [ 978.429851][T15532] ? lockdep_hardirqs_on+0x98/0x150 [ 978.435112][T15532] do_syscall_64+0x55/0xa0 [ 978.439586][T15532] ? clear_bhb_loop+0x40/0x90 [ 978.444321][T15532] ? clear_bhb_loop+0x40/0x90 [ 978.449065][T15532] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 978.455012][T15532] RIP: 0033:0x7f607eb5b78e [ 978.459497][T15532] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 978.479426][T15532] RSP: 002b:00007f607fae7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 978.488003][T15532] RAX: ffffffffffffffda RBX: 00007f607fae86c0 RCX: 00007f607eb5b78e [ 978.496027][T15532] RDX: 000000000000000f RSI: 00007f607fae80a0 RDI: 0000000000000004 [ 978.504051][T15532] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 978.512080][T15532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 978.520114][T15532] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 978.528158][T15532] [ 978.623368][T15535] delete_channel: no stack [ 979.856198][T15542] __nla_validate_parse: 38 callbacks suppressed [ 979.856219][T15542] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3776'. [ 979.872873][T15542] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3776'. [ 979.886666][T15542] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3776'. [ 979.896842][T15542] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3776'. [ 979.994812][T15544] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3777'. [ 980.008493][T15544] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3777'. [ 980.019097][T15544] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3777'. [ 980.031202][T15544] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3777'. [ 980.458587][T15551] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3779'. [ 980.513920][T15553] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3780'. [ 980.801201][T15560] netlink: 'syz.0.3780': attribute type 2 has an invalid length. [ 980.809198][T15560] netlink: 'syz.0.3780': attribute type 1 has an invalid length. [ 983.188034][T15553] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 983.216721][T15553] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 983.245006][T15553] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 983.269056][T15553] bond0 (unregistering): Released all slaves [ 983.686268][T15573] netlink: 'syz.0.3787': attribute type 10 has an invalid length. [ 986.985701][T15591] __nla_validate_parse: 7 callbacks suppressed [ 986.985719][T15591] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3794'. [ 987.041318][T15585] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3794'. [ 987.188647][T15596] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3796'. [ 987.206248][T15596] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3796'. [ 987.228618][T15596] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3796'. [ 987.254556][T15596] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3796'. [ 990.422222][T15618] netlink: 'syz.3.3803': attribute type 10 has an invalid length. [ 990.939303][T15623] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3805'. [ 990.954876][T15622] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3805'. [ 991.055298][T15625] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3806'. [ 991.070686][T15625] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3806'. [ 993.186103][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.200701][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.428661][T15638] __nla_validate_parse: 2 callbacks suppressed [ 993.428683][T15638] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3812'. [ 993.450411][T15638] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3812'. [ 993.466633][T15638] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3812'. [ 993.486285][T15638] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3812'. [ 993.572381][T15642] FAULT_INJECTION: forcing a failure. [ 993.572381][T15642] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 993.593498][T15644] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3816'. [ 993.603252][T15644] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3816'. [ 993.612431][T15642] CPU: 1 PID: 15642 Comm: syz.2.3814 Not tainted syzkaller #0 [ 993.619942][T15642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 993.630056][T15642] Call Trace: [ 993.633386][T15642] [ 993.636358][T15642] dump_stack_lvl+0x18c/0x250 [ 993.641090][T15642] ? show_regs_print_info+0x20/0x20 [ 993.646339][T15642] ? load_image+0x400/0x400 [ 993.650891][T15642] ? __might_fault+0xaa/0x120 [ 993.655607][T15642] ? __lock_acquire+0x7d40/0x7d40 [ 993.660672][T15642] should_fail_ex+0x39d/0x4d0 [ 993.665398][T15642] _copy_from_user+0x2f/0xe0 [ 993.670030][T15642] ___sys_recvmsg+0x176/0x590 [ 993.674759][T15642] ? __sys_recvmsg+0x2a0/0x2a0 [ 993.679563][T15642] ? ksys_write+0x1c4/0x260 [ 993.684126][T15642] ? __fget_files+0x43d/0x4b0 [ 993.688870][T15642] __x64_sys_recvmsg+0x20c/0x2e0 [ 993.693848][T15642] ? ___sys_recvmsg+0x590/0x590 [ 993.698752][T15642] ? lockdep_hardirqs_on+0x98/0x150 [ 993.703992][T15642] do_syscall_64+0x55/0xa0 [ 993.708484][T15642] ? clear_bhb_loop+0x40/0x90 [ 993.713209][T15642] ? clear_bhb_loop+0x40/0x90 [ 993.717932][T15642] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 993.723869][T15642] RIP: 0033:0x7f045119aeb9 [ 993.728321][T15642] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 993.747965][T15642] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 993.756443][T15642] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 993.764486][T15642] RDX: 0000000000000002 RSI: 0000200000000680 RDI: 0000000000000003 [ 993.772505][T15642] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 993.780514][T15642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 993.788522][T15642] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 993.796550][T15642] [ 993.809476][T15646] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3816'. [ 993.819726][T15644] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3816'. [ 993.902929][T15649] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3815'. [ 993.936301][T15647] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3815'. [ 994.783954][T15663] netlink: 'syz.2.3820': attribute type 10 has an invalid length. [ 996.547237][T15658] netlink: 'syz.1.3819': attribute type 4 has an invalid length. [ 996.562989][T15658] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 1002.719956][T15708] __nla_validate_parse: 15 callbacks suppressed [ 1002.719977][T15708] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3835'. [ 1002.781177][T15708] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3835'. [ 1002.826736][T15708] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3835'. [ 1002.881152][T15710] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3835'. [ 1003.130603][T15714] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3836'. [ 1003.210704][T15713] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.3836'. [ 1003.824438][T15721] FAULT_INJECTION: forcing a failure. [ 1003.824438][T15721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1003.838403][T15721] CPU: 1 PID: 15721 Comm: syz.2.3839 Not tainted syzkaller #0 [ 1003.845955][T15721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1003.856084][T15721] Call Trace: [ 1003.859443][T15721] [ 1003.862445][T15721] dump_stack_lvl+0x18c/0x250 [ 1003.867214][T15721] ? show_regs_print_info+0x20/0x20 [ 1003.872493][T15721] ? load_image+0x400/0x400 [ 1003.877082][T15721] ? __might_fault+0xaa/0x120 [ 1003.881836][T15721] ? __lock_acquire+0x7d40/0x7d40 [ 1003.886960][T15721] should_fail_ex+0x39d/0x4d0 [ 1003.891740][T15721] _copy_from_user+0x2f/0xe0 [ 1003.896416][T15721] ___sys_recvmsg+0x176/0x590 [ 1003.901189][T15721] ? __sys_recvmsg+0x2a0/0x2a0 [ 1003.906045][T15721] ? ksys_write+0x1c4/0x260 [ 1003.910668][T15721] ? __fget_files+0x43d/0x4b0 [ 1003.915494][T15721] __x64_sys_recvmsg+0x20c/0x2e0 [ 1003.920522][T15721] ? ___sys_recvmsg+0x590/0x590 [ 1003.925552][T15721] ? lockdep_hardirqs_on+0x98/0x150 [ 1003.930836][T15721] do_syscall_64+0x55/0xa0 [ 1003.935334][T15721] ? clear_bhb_loop+0x40/0x90 [ 1003.940081][T15721] ? clear_bhb_loop+0x40/0x90 [ 1003.944836][T15721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1003.950781][T15721] RIP: 0033:0x7f045119aeb9 [ 1003.955342][T15721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1003.975086][T15721] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1003.983558][T15721] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 1003.991583][T15721] RDX: 00000000000001c0 RSI: 00002000000013c0 RDI: 0000000000000003 [ 1003.999610][T15721] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 1004.007625][T15721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1004.015641][T15721] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 1004.023705][T15721] [ 1004.055980][T15716] netlink: 'syz.1.3837': attribute type 10 has an invalid length. [ 1004.459474][T15735] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3845'. [ 1004.480786][T15735] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3845'. [ 1004.524819][T15731] netlink: 'syz.2.3844': attribute type 10 has an invalid length. [ 1004.538832][T15735] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3845'. [ 1004.561905][T15736] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3845'. [ 1009.355709][T15757] netlink: 'syz.3.3852': attribute type 10 has an invalid length. [ 1009.974180][T15754] netlink: 'syz.0.3851': attribute type 4 has an invalid length. [ 1010.024985][T15754] __nla_validate_parse: 2 callbacks suppressed [ 1010.025006][T15754] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3851'. [ 1012.086882][T15754] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 1012.204591][T15765] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3854'. [ 1012.236033][T15765] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3854'. [ 1012.256473][T15765] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3854'. [ 1012.266216][T15765] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3854'. [ 1012.300351][T15771] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3855'. [ 1012.321595][T15768] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3855'. [ 1012.396848][T15776] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3858'. [ 1012.416014][T15776] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3858'. [ 1012.448165][T15776] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3858'. [ 1013.682524][T15794] netlink: 'syz.2.3864': attribute type 10 has an invalid length. [ 1016.792752][T15801] __nla_validate_parse: 5 callbacks suppressed [ 1016.792771][T15801] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3866'. [ 1016.808482][T15801] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3866'. [ 1016.824758][T15801] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3866'. [ 1016.836219][T15801] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3866'. [ 1018.137968][T15819] netlink: 'syz.0.3878': attribute type 10 has an invalid length. [ 1018.199274][T15821] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3874'. [ 1018.220445][T15821] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3874'. [ 1018.252528][T15821] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3874'. [ 1018.289274][T15821] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3874'. [ 1018.388458][T15827] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3875'. [ 1018.403033][T15827] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3875'. [ 1018.857784][T15831] netlink: 'syz.0.3877': attribute type 10 has an invalid length. [ 1019.638576][T15825] netlink: 'syz.2.3869': attribute type 4 has an invalid length. [ 1019.682588][T15825] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 1023.216172][T15856] __nla_validate_parse: 3 callbacks suppressed [ 1023.216190][T15856] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3885'. [ 1024.096834][T15856] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3885'. [ 1024.230073][T15861] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3886'. [ 1024.244158][T15861] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3886'. [ 1024.264303][T15861] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3886'. [ 1024.444585][T15872] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3892'. [ 1024.496173][T15872] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3892'. [ 1024.544071][T15873] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3892'. [ 1025.213450][T15876] netlink: 'syz.3.3893': attribute type 10 has an invalid length. [ 1025.265941][T15876] netlink: 55 bytes leftover after parsing attributes in process `syz.3.3893'. [ 1026.580792][T15881] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3895'. [ 1027.356801][T15876] veth0_macvtap: left promiscuous mode [ 1029.756898][T15898] __nla_validate_parse: 1 callbacks suppressed [ 1029.756916][T15898] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3900'. [ 1029.773516][T15898] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3900'. [ 1029.786262][T15898] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3900'. [ 1030.768034][T15908] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3906'. [ 1030.787662][T15908] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3906'. [ 1030.800098][T15908] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3906'. [ 1030.820294][T15908] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3906'. [ 1030.942277][T15915] FAULT_INJECTION: forcing a failure. [ 1030.942277][T15915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1030.970718][T15915] CPU: 0 PID: 15915 Comm: syz.3.3908 Not tainted syzkaller #0 [ 1030.978265][T15915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1030.988387][T15915] Call Trace: [ 1030.991722][T15915] [ 1030.994699][T15915] dump_stack_lvl+0x18c/0x250 [ 1030.999444][T15915] ? show_regs_print_info+0x20/0x20 [ 1031.004712][T15915] ? load_image+0x400/0x400 [ 1031.009288][T15915] ? __might_fault+0xaa/0x120 [ 1031.014039][T15915] ? __lock_acquire+0x7d40/0x7d40 [ 1031.019136][T15915] should_fail_ex+0x39d/0x4d0 [ 1031.023893][T15915] _copy_from_user+0x2f/0xe0 [ 1031.028558][T15915] ___sys_sendmsg+0x1c7/0x360 [ 1031.033304][T15915] ? get_pid_task+0x20/0x1e0 [ 1031.037958][T15915] ? __sys_sendmsg+0x2a0/0x2a0 [ 1031.042814][T15915] ? __lock_acquire+0x7d40/0x7d40 [ 1031.047909][T15915] __se_sys_sendmsg+0x1c2/0x2b0 [ 1031.052806][T15915] ? __x64_sys_sendmsg+0x80/0x80 [ 1031.057793][T15915] ? lockdep_hardirqs_on+0x98/0x150 [ 1031.063019][T15915] do_syscall_64+0x55/0xa0 [ 1031.067469][T15915] ? clear_bhb_loop+0x40/0x90 [ 1031.072173][T15915] ? clear_bhb_loop+0x40/0x90 [ 1031.076875][T15915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1031.082795][T15915] RIP: 0033:0x7f607eb9aeb9 [ 1031.087241][T15915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1031.106874][T15915] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1031.115419][T15915] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 1031.123445][T15915] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 1031.131441][T15915] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 1031.139439][T15915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1031.147612][T15915] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 1031.155629][T15915] [ 1031.366631][ T5780] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 1034.001806][T15926] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3912'. [ 1034.030376][T15926] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3912'. [ 1034.068279][T15931] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3912'. [ 1034.102561][ T5780] Bluetooth: hci4: unexpected event for opcode 0x0000 [ 1034.240269][T15937] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1034.282598][T15937] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1034.308927][T15937] bond0 (unregistering): Released all slaves [ 1035.021340][T15953] FAULT_INJECTION: forcing a failure. [ 1035.021340][T15953] name failslab, interval 1, probability 0, space 0, times 0 [ 1035.040949][T15953] CPU: 1 PID: 15953 Comm: syz.3.3921 Not tainted syzkaller #0 [ 1035.048509][T15953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1035.058706][T15953] Call Trace: [ 1035.062996][T15953] [ 1035.066056][T15953] dump_stack_lvl+0x18c/0x250 [ 1035.070892][T15953] ? show_regs_print_info+0x20/0x20 [ 1035.076193][T15953] ? load_image+0x400/0x400 [ 1035.080876][T15953] ? __might_sleep+0xe0/0xe0 [ 1035.085610][T15953] ? __lock_acquire+0x7d40/0x7d40 [ 1035.090861][T15953] ? mark_lock+0x94/0x320 [ 1035.095810][T15953] should_fail_ex+0x39d/0x4d0 [ 1035.100818][T15953] should_failslab+0x9/0x20 [ 1035.105385][T15953] slab_pre_alloc_hook+0x59/0x310 [ 1035.110472][T15953] ? __get_vm_area_node+0x125/0x370 [ 1035.116229][T15953] __kmem_cache_alloc_node+0x53/0x250 [ 1035.121759][T15953] ? __get_vm_area_node+0x125/0x370 [ 1035.127446][T15953] kmalloc_node_trace+0x26/0xe0 [ 1035.132448][T15953] __get_vm_area_node+0x125/0x370 [ 1035.137805][T15953] __vmalloc_node_range+0x36e/0x1330 [ 1035.143172][T15953] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1035.148779][T15953] ? mark_lock+0x94/0x320 [ 1035.153168][T15953] ? __lock_acquire+0x1347/0x7d40 [ 1035.158253][T15953] ? verify_lock_unused+0x140/0x140 [ 1035.163515][T15953] ? free_vm_area+0x50/0x50 [ 1035.168066][T15953] ? end_current_label_crit_section+0x170/0x170 [ 1035.174370][T15953] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1035.179953][T15953] __vmalloc+0x7a/0x90 [ 1035.184065][T15953] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1035.189653][T15953] bpf_prog_alloc_no_stats+0x47/0x440 [ 1035.195060][T15953] ? bpf_prog_alloc+0x2b/0x1a0 [ 1035.199874][T15953] bpf_prog_alloc+0x3d/0x1a0 [ 1035.204512][T15953] bpf_prog_load+0x6eb/0x1670 [ 1035.209230][T15953] ? map_freeze+0x420/0x420 [ 1035.213763][T15953] ? __might_fault+0xaa/0x120 [ 1035.218470][T15953] ? __lock_acquire+0x7d40/0x7d40 [ 1035.223522][T15953] ? file_end_write+0x159/0x250 [ 1035.228413][T15953] ? __might_fault+0xaa/0x120 [ 1035.233125][T15953] ? __might_fault+0xc6/0x120 [ 1035.237826][T15953] ? __might_fault+0xaa/0x120 [ 1035.242536][T15953] ? bpf_lsm_bpf+0x9/0x10 [ 1035.246898][T15953] ? security_bpf+0x7e/0xa0 [ 1035.251439][T15953] __sys_bpf+0x5ba/0x890 [ 1035.255724][T15953] ? bpf_link_show_fdinfo+0x390/0x390 [ 1035.261140][T15953] ? lock_chain_count+0x20/0x20 [ 1035.266029][T15953] __x64_sys_bpf+0x7c/0x90 [ 1035.270482][T15953] do_syscall_64+0x55/0xa0 [ 1035.274930][T15953] ? clear_bhb_loop+0x40/0x90 [ 1035.279640][T15953] ? clear_bhb_loop+0x40/0x90 [ 1035.284355][T15953] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1035.290281][T15953] RIP: 0033:0x7f607eb9aeb9 [ 1035.294731][T15953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1035.314373][T15953] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1035.322904][T15953] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 1035.330907][T15953] RDX: 0000000000000094 RSI: 0000200000000240 RDI: 0000000000000005 [ 1035.338908][T15953] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 1035.347010][T15953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1035.355015][T15953] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 1035.363029][T15953] [ 1035.371089][T15953] syz.3.3921: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1035.410677][T15953] CPU: 0 PID: 15953 Comm: syz.3.3921 Not tainted syzkaller #0 [ 1035.418246][T15953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1035.428366][T15953] Call Trace: [ 1035.431788][T15953] [ 1035.434857][T15953] dump_stack_lvl+0x18c/0x250 [ 1035.439605][T15953] ? show_regs_print_info+0x20/0x20 [ 1035.444867][T15953] ? load_image+0x400/0x400 [ 1035.449433][T15953] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1035.455914][T15953] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 1035.462482][T15953] warn_alloc+0x246/0x340 [ 1035.466920][T15953] ? __get_vm_area_node+0x125/0x370 [ 1035.472190][T15953] ? zone_watermark_ok_safe+0x230/0x230 [ 1035.477816][T15953] ? rcu_is_watching+0x15/0xb0 [ 1035.482636][T15953] ? __get_vm_area_node+0x356/0x370 [ 1035.487896][T15953] __vmalloc_node_range+0x393/0x1330 [ 1035.493236][T15953] ? mark_lock+0x94/0x320 [ 1035.497628][T15953] ? __lock_acquire+0x1347/0x7d40 [ 1035.502707][T15953] ? verify_lock_unused+0x140/0x140 [ 1035.507973][T15953] ? free_vm_area+0x50/0x50 [ 1035.512532][T15953] ? end_current_label_crit_section+0x170/0x170 [ 1035.518833][T15953] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1035.524435][T15953] __vmalloc+0x7a/0x90 [ 1035.528569][T15953] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1035.534193][T15953] bpf_prog_alloc_no_stats+0x47/0x440 [ 1035.539617][T15953] ? bpf_prog_alloc+0x2b/0x1a0 [ 1035.544462][T15953] bpf_prog_alloc+0x3d/0x1a0 [ 1035.549094][T15953] bpf_prog_load+0x6eb/0x1670 [ 1035.553812][T15953] ? map_freeze+0x420/0x420 [ 1035.558349][T15953] ? __might_fault+0xaa/0x120 [ 1035.563075][T15953] ? __lock_acquire+0x7d40/0x7d40 [ 1035.568151][T15953] ? file_end_write+0x159/0x250 [ 1035.573041][T15953] ? __might_fault+0xaa/0x120 [ 1035.577844][T15953] ? __might_fault+0xc6/0x120 [ 1035.582545][T15953] ? __might_fault+0xaa/0x120 [ 1035.587284][T15953] ? bpf_lsm_bpf+0x9/0x10 [ 1035.591660][T15953] ? security_bpf+0x7e/0xa0 [ 1035.596234][T15953] __sys_bpf+0x5ba/0x890 [ 1035.600526][T15953] ? bpf_link_show_fdinfo+0x390/0x390 [ 1035.605949][T15953] ? lock_chain_count+0x20/0x20 [ 1035.610849][T15953] __x64_sys_bpf+0x7c/0x90 [ 1035.615291][T15953] do_syscall_64+0x55/0xa0 [ 1035.619747][T15953] ? clear_bhb_loop+0x40/0x90 [ 1035.624452][T15953] ? clear_bhb_loop+0x40/0x90 [ 1035.629170][T15953] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1035.635097][T15953] RIP: 0033:0x7f607eb9aeb9 [ 1035.639538][T15953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1035.659185][T15953] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1035.667640][T15953] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 1035.675643][T15953] RDX: 0000000000000094 RSI: 0000200000000240 RDI: 0000000000000005 [ 1035.683643][T15953] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 1035.691638][T15953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1035.699635][T15953] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 1035.707649][T15953] [ 1035.741005][ T5780] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1035.749661][ T5780] Bluetooth: hci4: Injecting HCI hardware error event [ 1035.762046][ T5780] Bluetooth: hci4: hardware error 0x00 [ 1035.773443][T15953] Mem-Info: [ 1035.776623][T15953] active_anon:5114 inactive_anon:0 isolated_anon:0 [ 1035.776623][T15953] active_file:11600 inactive_file:40263 isolated_file:0 [ 1035.776623][T15953] unevictable:768 dirty:121 writeback:0 [ 1035.776623][T15953] slab_reclaimable:9628 slab_unreclaimable:97378 [ 1035.776623][T15953] mapped:24635 shmem:1361 pagetables:506 [ 1035.776623][T15953] sec_pagetables:0 bounce:0 [ 1035.776623][T15953] kernel_misc_reclaimable:0 [ 1035.776623][T15953] free:1351231 free_pcp:7121 free_cma:0 [ 1035.882115][T15953] Node 0 active_anon:20456kB inactive_anon:0kB active_file:46400kB inactive_file:160852kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98540kB dirty:484kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10968kB pagetables:2024kB sec_pagetables:0kB all_unreclaimable? no [ 1035.939122][T15953] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1035.972057][T15953] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1036.005922][T15953] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 1036.011877][T15953] Node 0 DMA32 free:1487608kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:20520kB inactive_anon:0kB active_file:46400kB inactive_file:160028kB unevictable:1536kB writepending:484kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:18680kB local_pcp:16340kB free_cma:0kB [ 1036.049093][T15953] lowmem_reserve[]: 0 0 0 0 0 [ 1036.054056][T15953] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 1036.087089][T15953] lowmem_reserve[]: 0 0 0 0 0 [ 1036.091991][T15953] Node 1 Normal free:3892744kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19776kB local_pcp:8388kB free_cma:0kB [ 1036.125722][T15953] lowmem_reserve[]: 0 0 0 0 0 [ 1036.130626][T15953] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1036.147388][T15953] Node 0 DMA32: 356*4kB (UME) 437*8kB (UME) 868*16kB (UME) 634*32kB (UME) 851*64kB (UME) 619*128kB (UME) 402*256kB (UME) 95*512kB (UME) 50*1024kB (UM) 23*2048kB (UME) 260*4096kB (UM) = 1487608kB [ 1036.174022][T15953] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1036.186858][T15953] Node 1 Normal: 224*4kB (UME) 47*8kB (UME) 35*16kB (UME) 67*32kB (UME) 12*64kB (UE) 11*128kB (UME) 2*256kB (UE) 2*512kB (ME) 0*1024kB 1*2048kB (E) 948*4096kB (M) = 3892744kB [ 1036.212809][T15953] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1036.228488][T15953] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1036.238914][T15953] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1036.252835][T15953] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1036.264101][T15953] 53224 total pagecache pages [ 1036.268848][T15953] 0 pages in swap cache [ 1036.278974][T15953] Free swap = 124996kB [ 1036.284636][T15953] Total swap = 124996kB [ 1036.289011][T15953] 2097051 pages RAM [ 1036.296477][T15953] 0 pages HighMem/MovableOnly [ 1036.302777][T15953] 416922 pages reserved [ 1036.307141][T15953] 0 pages cma reserved [ 1039.097316][T15967] __nla_validate_parse: 5 callbacks suppressed [ 1039.097336][T15967] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3926'. [ 1039.113636][T15967] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3926'. [ 1039.141905][T15967] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3926'. [ 1039.168012][T15967] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3926'. [ 1039.177487][T15970] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3927'. [ 1039.200657][T15970] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3927'. [ 1039.230442][T15972] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3927'. [ 1039.267588][T15970] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3927'. [ 1040.229606][T15990] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3934'. [ 1040.238791][T15990] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3934'. [ 1041.021446][ T5780] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1043.737444][T16024] FAULT_INJECTION: forcing a failure. [ 1043.737444][T16024] name failslab, interval 1, probability 0, space 0, times 0 [ 1043.757759][T16024] CPU: 1 PID: 16024 Comm: syz.1.3950 Not tainted syzkaller #0 [ 1043.765292][T16024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1043.775362][T16024] Call Trace: [ 1043.778678][T16024] [ 1043.781660][T16024] dump_stack_lvl+0x18c/0x250 [ 1043.786400][T16024] ? show_regs_print_info+0x20/0x20 [ 1043.791632][T16024] ? load_image+0x400/0x400 [ 1043.796170][T16024] ? __might_sleep+0xe0/0xe0 [ 1043.800805][T16024] ? __lock_acquire+0x7d40/0x7d40 [ 1043.805930][T16024] ? mark_lock+0x94/0x320 [ 1043.810301][T16024] should_fail_ex+0x39d/0x4d0 [ 1043.815039][T16024] should_failslab+0x9/0x20 [ 1043.819584][T16024] slab_pre_alloc_hook+0x59/0x310 [ 1043.824649][T16024] ? __get_vm_area_node+0x125/0x370 [ 1043.829965][T16024] __kmem_cache_alloc_node+0x53/0x250 [ 1043.835381][T16024] ? __get_vm_area_node+0x125/0x370 [ 1043.840613][T16024] kmalloc_node_trace+0x26/0xe0 [ 1043.845540][T16024] __get_vm_area_node+0x125/0x370 [ 1043.850609][T16024] __vmalloc_node_range+0x36e/0x1330 [ 1043.855926][T16024] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1043.861501][T16024] ? mark_lock+0x94/0x320 [ 1043.865859][T16024] ? __lock_acquire+0x1347/0x7d40 [ 1043.870923][T16024] ? free_vm_area+0x50/0x50 [ 1043.875463][T16024] ? end_current_label_crit_section+0x170/0x170 [ 1043.881747][T16024] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1043.887329][T16024] __vmalloc+0x7a/0x90 [ 1043.891430][T16024] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1043.897006][T16024] bpf_prog_alloc_no_stats+0x47/0x440 [ 1043.902411][T16024] ? bpf_prog_alloc+0x2b/0x1a0 [ 1043.907202][T16024] bpf_prog_alloc+0x3d/0x1a0 [ 1043.911828][T16024] bpf_prog_load+0x6eb/0x1670 [ 1043.916921][T16024] ? map_freeze+0x420/0x420 [ 1043.921465][T16024] ? __might_fault+0xaa/0x120 [ 1043.926180][T16024] ? __lock_acquire+0x7d40/0x7d40 [ 1043.931251][T16024] ? file_end_write+0x159/0x250 [ 1043.936141][T16024] ? __might_fault+0xaa/0x120 [ 1043.940841][T16024] ? __might_fault+0xc6/0x120 [ 1043.945539][T16024] ? __might_fault+0xaa/0x120 [ 1043.950330][T16024] ? bpf_lsm_bpf+0x9/0x10 [ 1043.954700][T16024] ? security_bpf+0x7e/0xa0 [ 1043.959342][T16024] __sys_bpf+0x5ba/0x890 [ 1043.963635][T16024] ? bpf_link_show_fdinfo+0x390/0x390 [ 1043.969146][T16024] ? lock_chain_count+0x20/0x20 [ 1043.974043][T16024] __x64_sys_bpf+0x7c/0x90 [ 1043.978487][T16024] do_syscall_64+0x55/0xa0 [ 1043.982935][T16024] ? clear_bhb_loop+0x40/0x90 [ 1043.987646][T16024] ? clear_bhb_loop+0x40/0x90 [ 1043.992352][T16024] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1043.998275][T16024] RIP: 0033:0x7f1ad5b9aeb9 [ 1044.002714][T16024] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1044.022365][T16024] RSP: 002b:00007f1ad6add028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1044.030821][T16024] RAX: ffffffffffffffda RBX: 00007f1ad5e15fa0 RCX: 00007f1ad5b9aeb9 [ 1044.038906][T16024] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005 [ 1044.046914][T16024] RBP: 00007f1ad6add090 R08: 0000000000000000 R09: 0000000000000000 [ 1044.054916][T16024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1044.062919][T16024] R13: 00007f1ad5e16038 R14: 00007f1ad5e15fa0 R15: 00007fffda349958 [ 1044.070938][T16024] [ 1044.293239][T16033] __nla_validate_parse: 14 callbacks suppressed [ 1044.293284][T16033] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3954'. [ 1044.445886][T16033] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.3954'. [ 1044.459916][T16033] netlink: 8446 bytes leftover after parsing attributes in process `syz.2.3954'. [ 1044.668196][T16039] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3956'. [ 1047.402217][T16039] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3956'. [ 1048.634976][T16073] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3968'. [ 1048.644391][T16073] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3968'. [ 1048.673428][T16073] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3968'. [ 1048.689588][T16073] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3968'. [ 1049.539528][T16082] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3973'. [ 1049.743314][T16088] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.3973'. [ 1050.545938][T16091] FAULT_INJECTION: forcing a failure. [ 1050.545938][T16091] name failslab, interval 1, probability 0, space 0, times 0 [ 1050.558999][T16091] CPU: 0 PID: 16091 Comm: syz.2.3975 Not tainted syzkaller #0 [ 1050.566517][T16091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1050.576619][T16091] Call Trace: [ 1050.579945][T16091] [ 1050.582913][T16091] dump_stack_lvl+0x18c/0x250 [ 1050.587654][T16091] ? show_regs_print_info+0x20/0x20 [ 1050.592907][T16091] ? load_image+0x400/0x400 [ 1050.597462][T16091] ? __might_sleep+0xe0/0xe0 [ 1050.602105][T16091] ? __lock_acquire+0x7d40/0x7d40 [ 1050.607169][T16091] ? mark_lock+0x94/0x320 [ 1050.611556][T16091] should_fail_ex+0x39d/0x4d0 [ 1050.616283][T16091] should_failslab+0x9/0x20 [ 1050.620827][T16091] slab_pre_alloc_hook+0x59/0x310 [ 1050.625974][T16091] ? __get_vm_area_node+0x125/0x370 [ 1050.631216][T16091] __kmem_cache_alloc_node+0x53/0x250 [ 1050.636747][T16091] ? __get_vm_area_node+0x125/0x370 [ 1050.642674][T16091] kmalloc_node_trace+0x26/0xe0 [ 1050.647698][T16091] __get_vm_area_node+0x125/0x370 [ 1050.652778][T16091] __vmalloc_node_range+0x36e/0x1330 [ 1050.658110][T16091] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1050.664129][T16091] ? mark_lock+0x94/0x320 [ 1050.668522][T16091] ? __lock_acquire+0x1347/0x7d40 [ 1050.673612][T16091] ? verify_lock_unused+0x140/0x140 [ 1050.678862][T16091] ? free_vm_area+0x50/0x50 [ 1050.683606][T16091] ? end_current_label_crit_section+0x170/0x170 [ 1050.689974][T16091] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1050.695563][T16091] __vmalloc+0x7a/0x90 [ 1050.699671][T16091] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1050.705255][T16091] bpf_prog_alloc_no_stats+0x47/0x440 [ 1050.711363][T16091] ? bpf_prog_alloc+0x2b/0x1a0 [ 1050.716193][T16091] bpf_prog_alloc+0x3d/0x1a0 [ 1050.720847][T16091] bpf_prog_load+0x6eb/0x1670 [ 1050.725582][T16091] ? map_freeze+0x420/0x420 [ 1050.730909][T16091] ? __might_fault+0xaa/0x120 [ 1050.735913][T16091] ? __lock_acquire+0x7d40/0x7d40 [ 1050.741073][T16091] ? file_end_write+0x159/0x250 [ 1050.746069][T16091] ? __might_fault+0xaa/0x120 [ 1050.750783][T16091] ? __might_fault+0xc6/0x120 [ 1050.755494][T16091] ? __might_fault+0xaa/0x120 [ 1050.760378][T16091] ? bpf_lsm_bpf+0x9/0x10 [ 1050.764754][T16091] ? security_bpf+0x7e/0xa0 [ 1050.769387][T16091] __sys_bpf+0x5ba/0x890 [ 1050.773673][T16091] ? bpf_link_show_fdinfo+0x390/0x390 [ 1050.779110][T16091] ? lock_chain_count+0x20/0x20 [ 1050.784091][T16091] __x64_sys_bpf+0x7c/0x90 [ 1050.788562][T16091] do_syscall_64+0x55/0xa0 [ 1050.793023][T16091] ? clear_bhb_loop+0x40/0x90 [ 1050.797733][T16091] ? clear_bhb_loop+0x40/0x90 [ 1050.802449][T16091] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1050.808894][T16091] RIP: 0033:0x7f045119aeb9 [ 1050.813347][T16091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1050.833330][T16091] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1050.841778][T16091] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 1050.849780][T16091] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 1050.857781][T16091] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 1050.865781][T16091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1050.873780][T16091] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 1050.881793][T16091] [ 1050.892485][T16091] warn_alloc: 1 callbacks suppressed [ 1050.892504][T16091] syz.2.3975: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 1050.926421][T16091] CPU: 0 PID: 16091 Comm: syz.2.3975 Not tainted syzkaller #0 [ 1050.933957][T16091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1050.944067][T16091] Call Trace: [ 1050.947405][T16091] [ 1050.950473][T16091] dump_stack_lvl+0x18c/0x250 [ 1050.955218][T16091] ? show_regs_print_info+0x20/0x20 [ 1050.960483][T16091] ? load_image+0x400/0x400 [ 1050.965081][T16091] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1050.971557][T16091] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 1050.978206][T16091] warn_alloc+0x246/0x340 [ 1050.982606][T16091] ? zone_watermark_ok_safe+0x230/0x230 [ 1050.988231][T16091] ? __get_vm_area_node+0x356/0x370 [ 1050.993497][T16091] __vmalloc_node_range+0x393/0x1330 [ 1050.998842][T16091] ? mark_lock+0x94/0x320 [ 1051.003228][T16091] ? __lock_acquire+0x1347/0x7d40 [ 1051.008303][T16091] ? verify_lock_unused+0x140/0x140 [ 1051.013577][T16091] ? free_vm_area+0x50/0x50 [ 1051.018139][T16091] ? end_current_label_crit_section+0x170/0x170 [ 1051.024444][T16091] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1051.030038][T16091] __vmalloc+0x7a/0x90 [ 1051.034167][T16091] ? bpf_prog_alloc_no_stats+0x47/0x440 [ 1051.039767][T16091] bpf_prog_alloc_no_stats+0x47/0x440 [ 1051.045195][T16091] ? bpf_prog_alloc+0x2b/0x1a0 [ 1051.050010][T16091] bpf_prog_alloc+0x3d/0x1a0 [ 1051.054668][T16091] bpf_prog_load+0x6eb/0x1670 [ 1051.059416][T16091] ? map_freeze+0x420/0x420 [ 1051.063972][T16091] ? __might_fault+0xaa/0x120 [ 1051.068695][T16091] ? __lock_acquire+0x7d40/0x7d40 [ 1051.073771][T16091] ? file_end_write+0x159/0x250 [ 1051.078674][T16091] ? __might_fault+0xaa/0x120 [ 1051.083434][T16091] ? __might_fault+0xc6/0x120 [ 1051.088156][T16091] ? __might_fault+0xaa/0x120 [ 1051.092877][T16091] ? bpf_lsm_bpf+0x9/0x10 [ 1051.097261][T16091] ? security_bpf+0x7e/0xa0 [ 1051.101817][T16091] __sys_bpf+0x5ba/0x890 [ 1051.106107][T16091] ? bpf_link_show_fdinfo+0x390/0x390 [ 1051.111542][T16091] ? lock_chain_count+0x20/0x20 [ 1051.116456][T16091] __x64_sys_bpf+0x7c/0x90 [ 1051.120916][T16091] do_syscall_64+0x55/0xa0 [ 1051.125383][T16091] ? clear_bhb_loop+0x40/0x90 [ 1051.130101][T16091] ? clear_bhb_loop+0x40/0x90 [ 1051.134827][T16091] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1051.140776][T16091] RIP: 0033:0x7f045119aeb9 [ 1051.145244][T16091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1051.164912][T16091] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1051.173399][T16091] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 1051.181419][T16091] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 1051.189528][T16091] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 1051.197550][T16091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1051.205570][T16091] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 1051.213623][T16091] [ 1051.240628][T16091] Mem-Info: [ 1051.250606][T16091] active_anon:5172 inactive_anon:0 isolated_anon:0 [ 1051.250606][T16091] active_file:11600 inactive_file:40269 isolated_file:0 [ 1051.250606][T16091] unevictable:768 dirty:216 writeback:0 [ 1051.250606][T16091] slab_reclaimable:9628 slab_unreclaimable:97719 [ 1051.250606][T16091] mapped:25746 shmem:1361 pagetables:538 [ 1051.250606][T16091] sec_pagetables:0 bounce:0 [ 1051.250606][T16091] kernel_misc_reclaimable:0 [ 1051.250606][T16091] free:1348490 free_pcp:9044 free_cma:0 [ 1051.330689][T16091] Node 0 active_anon:20688kB inactive_anon:0kB active_file:46400kB inactive_file:160876kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:102984kB dirty:864kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11120kB pagetables:2152kB sec_pagetables:0kB all_unreclaimable? no [ 1051.390902][T16091] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1051.440713][T16091] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1051.477600][T16091] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 1051.485986][T16091] Node 0 DMA32 free:1500292kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:20652kB inactive_anon:0kB active_file:46400kB inactive_file:160052kB unevictable:1536kB writepending:864kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:4164kB local_pcp:3376kB free_cma:0kB [ 1051.523189][T16091] lowmem_reserve[]: 0 0 0 0 0 [ 1051.528020][T16091] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 1051.560609][T16091] lowmem_reserve[]: 0 0 0 0 0 [ 1051.566848][T16091] Node 1 Normal free:3892744kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19776kB local_pcp:11388kB free_cma:0kB [ 1051.600536][T16091] lowmem_reserve[]: 0 0 0 0 0 [ 1051.606457][T16091] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1051.621281][T16091] Node 0 DMA32: 381*4kB (UME) 594*8kB (UME) 926*16kB (UME) 376*32kB (UME) 1287*64kB (UME) 467*128kB (UME) 399*256kB (UME) 105*512kB (UME) 52*1024kB (UM) 23*2048kB (UME) 260*4096kB (UM) = 1496484kB [ 1051.656105][T16091] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1051.668009][T16091] Node 1 Normal: 224*4kB (UME) 47*8kB (UME) 35*16kB (UME) 67*32kB (UME) 12*64kB (UE) 11*128kB (UME) 2*256kB (UE) 2*512kB (ME) 0*1024kB 1*2048kB (E) 948*4096kB (M) = 3892744kB [ 1051.692752][T16091] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1051.704405][T16091] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1051.715428][T16091] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1051.727088][T16091] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1051.742722][T16091] 53230 total pagecache pages [ 1051.747784][T16091] 0 pages in swap cache [ 1051.752117][T16088] netlink: 8446 bytes leftover after parsing attributes in process `syz.1.3973'. [ 1051.764409][T16091] Free swap = 124996kB [ 1051.768723][T16091] Total swap = 124996kB [ 1051.774091][T16091] 2097051 pages RAM [ 1051.778043][T16091] 0 pages HighMem/MovableOnly [ 1051.784296][T16091] 416922 pages reserved [ 1051.788496][T16091] 0 pages cma reserved [ 1051.976626][T16100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3979'. [ 1051.986117][T16100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3979'. [ 1051.999781][T16100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3979'. [ 1052.009940][T16100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3979'. [ 1052.983297][T16118] FAULT_INJECTION: forcing a failure. [ 1052.983297][T16118] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.010558][T16118] CPU: 1 PID: 16118 Comm: syz.3.3986 Not tainted syzkaller #0 [ 1053.018160][T16118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1053.028277][T16118] Call Trace: [ 1053.031600][T16118] [ 1053.034580][T16118] dump_stack_lvl+0x18c/0x250 [ 1053.039338][T16118] ? show_regs_print_info+0x20/0x20 [ 1053.044652][T16118] ? load_image+0x400/0x400 [ 1053.049221][T16118] ? __might_sleep+0xe0/0xe0 [ 1053.053883][T16118] ? __lock_acquire+0x7d40/0x7d40 [ 1053.059142][T16118] should_fail_ex+0x39d/0x4d0 [ 1053.063962][T16118] should_failslab+0x9/0x20 [ 1053.068523][T16118] slab_pre_alloc_hook+0x59/0x310 [ 1053.073623][T16118] ? __lock_acquire+0x7d40/0x7d40 [ 1053.078717][T16118] kmem_cache_alloc_node+0x60/0x320 [ 1053.083988][T16118] ? __alloc_skb+0x103/0x2c0 [ 1053.088657][T16118] __alloc_skb+0x103/0x2c0 [ 1053.093144][T16118] netlink_sendmsg+0x66a/0xbf0 [ 1053.097980][T16118] ? netlink_getsockopt+0x590/0x590 [ 1053.103247][T16118] ? aa_sock_msg_perm+0x94/0x150 [ 1053.108254][T16118] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1053.113600][T16118] ? security_socket_sendmsg+0x80/0xa0 [ 1053.119115][T16118] ? netlink_getsockopt+0x590/0x590 [ 1053.124385][T16118] ____sys_sendmsg+0x5ba/0x960 [ 1053.129221][T16118] ? __asan_memset+0x22/0x40 [ 1053.133879][T16118] ? __sys_sendmsg_sock+0x30/0x30 [ 1053.138992][T16118] ? __import_iovec+0x5f2/0x850 [ 1053.145178][T16118] ? import_iovec+0x73/0xa0 [ 1053.149952][T16118] ___sys_sendmsg+0x2a6/0x360 [ 1053.154881][T16118] ? get_pid_task+0x20/0x1e0 [ 1053.159554][T16118] ? __sys_sendmsg+0x2a0/0x2a0 [ 1053.164492][T16118] ? __lock_acquire+0x7d40/0x7d40 [ 1053.169606][T16118] __se_sys_sendmsg+0x1c2/0x2b0 [ 1053.174535][T16118] ? __x64_sys_sendmsg+0x80/0x80 [ 1053.179734][T16118] ? lockdep_hardirqs_on+0x98/0x150 [ 1053.185076][T16118] do_syscall_64+0x55/0xa0 [ 1053.190127][T16118] ? clear_bhb_loop+0x40/0x90 [ 1053.194871][T16118] ? clear_bhb_loop+0x40/0x90 [ 1053.199610][T16118] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1053.205567][T16118] RIP: 0033:0x7f607eb9aeb9 [ 1053.210038][T16118] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1053.230229][T16118] RSP: 002b:00007f607fae8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1053.238888][T16118] RAX: ffffffffffffffda RBX: 00007f607ee15fa0 RCX: 00007f607eb9aeb9 [ 1053.247000][T16118] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 1053.255169][T16118] RBP: 00007f607fae8090 R08: 0000000000000000 R09: 0000000000000000 [ 1053.263462][T16118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1053.271572][T16118] R13: 00007f607ee16038 R14: 00007f607ee15fa0 R15: 00007ffd0eaa4598 [ 1053.279723][T16118] [ 1053.783874][T16125] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3989'. [ 1054.624493][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.631091][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.938293][T16125] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3989'. [ 1058.151741][T16153] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3999'. [ 1058.172200][T16153] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3999'. [ 1058.204554][T16159] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3999'. [ 1058.220199][T16157] netlink: 'syz.2.4001': attribute type 21 has an invalid length. [ 1058.238516][T16153] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3999'. [ 1060.686094][T16171] netlink: 830 bytes leftover after parsing attributes in process `syz.3.4003'. [ 1060.754290][T16171] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.4003'. [ 1060.764337][T16171] netlink: 8446 bytes leftover after parsing attributes in process `syz.3.4003'. [ 1060.881780][T16179] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.4005'. [ 1060.895548][T16179] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 1060.969153][T16183] netlink: 'syz.0.4005': attribute type 40 has an invalid length. [ 1061.753349][T16189] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4010'. [ 1061.765809][T16189] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4010'. [ 1061.777504][T16189] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4010'. [ 1061.802937][T16189] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4010'. [ 1065.149281][T16218] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4019'. [ 1065.158672][T16218] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4019'. [ 1065.172802][T16218] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4019'. [ 1065.277214][T16220] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4021'. [ 1065.287508][T16220] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4021'. [ 1065.340237][T16220] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4021'. [ 1067.351258][T16249] __nla_validate_parse: 5 callbacks suppressed [ 1067.351277][T16249] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4031'. [ 1067.371334][T16249] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4031'. [ 1067.384493][T16249] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4031'. [ 1067.599985][T16256] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4033'. [ 1067.610104][T16256] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4033'. [ 1067.628104][T16256] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4033'. [ 1067.644159][T16256] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4033'. [ 1068.743559][T16264] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4036'. [ 1068.757848][T16264] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4036'. [ 1068.779465][T16264] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4036'. [ 1069.914025][T16276] pim6reg1: entered promiscuous mode [ 1069.919984][T16276] pim6reg1: entered allmulticast mode [ 1070.084743][T16284] FAULT_INJECTION: forcing a failure. [ 1070.084743][T16284] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.120666][T16284] CPU: 0 PID: 16284 Comm: syz.1.4043 Not tainted syzkaller #0 [ 1070.128219][T16284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1070.138324][T16284] Call Trace: [ 1070.141634][T16284] [ 1070.144593][T16284] dump_stack_lvl+0x18c/0x250 [ 1070.149318][T16284] ? show_regs_print_info+0x20/0x20 [ 1070.154643][T16284] ? load_image+0x400/0x400 [ 1070.159174][T16284] ? __might_sleep+0xe0/0xe0 [ 1070.163803][T16284] ? __lock_acquire+0x7d40/0x7d40 [ 1070.168864][T16284] should_fail_ex+0x39d/0x4d0 [ 1070.173675][T16284] should_failslab+0x9/0x20 [ 1070.178939][T16284] slab_pre_alloc_hook+0x59/0x310 [ 1070.184081][T16284] ? __get_vm_area_node+0x125/0x370 [ 1070.189424][T16284] __kmem_cache_alloc_node+0x53/0x250 [ 1070.194842][T16284] ? __get_vm_area_node+0x125/0x370 [ 1070.200077][T16284] kmalloc_node_trace+0x26/0xe0 [ 1070.204966][T16284] __get_vm_area_node+0x125/0x370 [ 1070.210137][T16284] __vmalloc_node_range+0x36e/0x1330 [ 1070.215458][T16284] ? netlink_sendmsg+0x602/0xbf0 [ 1070.220436][T16284] ? netlink_insert+0x109f/0x13a0 [ 1070.225515][T16284] ? netlink_data_ready+0x10/0x10 [ 1070.230575][T16284] ? free_vm_area+0x50/0x50 [ 1070.235122][T16284] ? netlink_sendmsg+0x602/0xbf0 [ 1070.240098][T16284] vmalloc+0x79/0x90 [ 1070.244095][T16284] ? netlink_sendmsg+0x602/0xbf0 [ 1070.249075][T16284] netlink_sendmsg+0x602/0xbf0 [ 1070.253882][T16284] ? netlink_getsockopt+0x590/0x590 [ 1070.259117][T16284] ? aa_sock_msg_perm+0x94/0x150 [ 1070.264089][T16284] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1070.269413][T16284] ? security_socket_sendmsg+0x80/0xa0 [ 1070.274901][T16284] ? netlink_getsockopt+0x590/0x590 [ 1070.280176][T16284] ____sys_sendmsg+0x5ba/0x960 [ 1070.285075][T16284] ? __asan_memset+0x22/0x40 [ 1070.289707][T16284] ? __sys_sendmsg_sock+0x30/0x30 [ 1070.294873][T16284] ? __import_iovec+0x5f2/0x850 [ 1070.300760][T16284] ? import_iovec+0x73/0xa0 [ 1070.305315][T16284] ___sys_sendmsg+0x2a6/0x360 [ 1070.310122][T16284] ? get_pid_task+0x20/0x1e0 [ 1070.314749][T16284] ? __sys_sendmsg+0x2a0/0x2a0 [ 1070.319575][T16284] ? __lock_acquire+0x7d40/0x7d40 [ 1070.324651][T16284] __se_sys_sendmsg+0x1c2/0x2b0 [ 1070.329544][T16284] ? __x64_sys_sendmsg+0x80/0x80 [ 1070.334533][T16284] ? lockdep_hardirqs_on+0x98/0x150 [ 1070.339772][T16284] do_syscall_64+0x55/0xa0 [ 1070.344263][T16284] ? clear_bhb_loop+0x40/0x90 [ 1070.348978][T16284] ? clear_bhb_loop+0x40/0x90 [ 1070.353688][T16284] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1070.359612][T16284] RIP: 0033:0x7f1ad5b9aeb9 [ 1070.364059][T16284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1070.383712][T16284] RSP: 002b:00007f1ad6add028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1070.392178][T16284] RAX: ffffffffffffffda RBX: 00007f1ad5e15fa0 RCX: 00007f1ad5b9aeb9 [ 1070.400203][T16284] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1070.408200][T16284] RBP: 00007f1ad6add090 R08: 0000000000000000 R09: 0000000000000000 [ 1070.416198][T16284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1070.424194][T16284] R13: 00007f1ad5e16038 R14: 00007f1ad5e15fa0 R15: 00007fffda349958 [ 1070.432812][T16284] [ 1070.562579][T16284] syz.1.4043: vmalloc error: size 213312, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1070.593877][T16284] CPU: 0 PID: 16284 Comm: syz.1.4043 Not tainted syzkaller #0 [ 1070.601437][T16284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1070.611540][T16284] Call Trace: [ 1070.614875][T16284] [ 1070.617860][T16284] dump_stack_lvl+0x18c/0x250 [ 1070.622647][T16284] ? show_regs_print_info+0x20/0x20 [ 1070.627902][T16284] ? load_image+0x400/0x400 [ 1070.632459][T16284] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1070.638931][T16284] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 1070.645501][T16284] warn_alloc+0x246/0x340 [ 1070.649899][T16284] ? zone_watermark_ok_safe+0x230/0x230 [ 1070.655518][T16284] ? __get_vm_area_node+0x356/0x370 [ 1070.660773][T16284] __vmalloc_node_range+0x393/0x1330 [ 1070.666109][T16284] ? netlink_insert+0x109f/0x13a0 [ 1070.671209][T16284] ? netlink_data_ready+0x10/0x10 [ 1070.676291][T16284] ? free_vm_area+0x50/0x50 [ 1070.681940][T16284] ? netlink_sendmsg+0x602/0xbf0 [ 1070.687051][T16284] vmalloc+0x79/0x90 [ 1070.691625][T16284] ? netlink_sendmsg+0x602/0xbf0 [ 1070.696632][T16284] netlink_sendmsg+0x602/0xbf0 [ 1070.701473][T16284] ? netlink_getsockopt+0x590/0x590 [ 1070.706744][T16284] ? aa_sock_msg_perm+0x94/0x150 [ 1070.711834][T16284] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1070.717702][T16284] ? security_socket_sendmsg+0x80/0xa0 [ 1070.723224][T16284] ? netlink_getsockopt+0x590/0x590 [ 1070.728484][T16284] ____sys_sendmsg+0x5ba/0x960 [ 1070.733319][T16284] ? __asan_memset+0x22/0x40 [ 1070.737963][T16284] ? __sys_sendmsg_sock+0x30/0x30 [ 1070.743048][T16284] ? __import_iovec+0x5f2/0x850 [ 1070.747984][T16284] ? import_iovec+0x73/0xa0 [ 1070.752578][T16284] ___sys_sendmsg+0x2a6/0x360 [ 1070.757403][T16284] ? get_pid_task+0x20/0x1e0 [ 1070.762063][T16284] ? __sys_sendmsg+0x2a0/0x2a0 [ 1070.766913][T16284] ? __lock_acquire+0x7d40/0x7d40 [ 1070.772024][T16284] __se_sys_sendmsg+0x1c2/0x2b0 [ 1070.777032][T16284] ? __x64_sys_sendmsg+0x80/0x80 [ 1070.782050][T16284] ? lockdep_hardirqs_on+0x98/0x150 [ 1070.787295][T16284] do_syscall_64+0x55/0xa0 [ 1070.791769][T16284] ? clear_bhb_loop+0x40/0x90 [ 1070.796497][T16284] ? clear_bhb_loop+0x40/0x90 [ 1070.801235][T16284] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1070.807179][T16284] RIP: 0033:0x7f1ad5b9aeb9 [ 1070.811636][T16284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1070.831305][T16284] RSP: 002b:00007f1ad6add028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1070.839787][T16284] RAX: ffffffffffffffda RBX: 00007f1ad5e15fa0 RCX: 00007f1ad5b9aeb9 [ 1070.847817][T16284] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1070.855846][T16284] RBP: 00007f1ad6add090 R08: 0000000000000000 R09: 0000000000000000 [ 1070.863868][T16284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1070.871889][T16284] R13: 00007f1ad5e16038 R14: 00007f1ad5e15fa0 R15: 00007fffda349958 [ 1070.879934][T16284] [ 1070.982519][T16284] Mem-Info: [ 1070.985817][T16284] active_anon:5119 inactive_anon:0 isolated_anon:0 [ 1070.985817][T16284] active_file:11600 inactive_file:40275 isolated_file:0 [ 1070.985817][T16284] unevictable:768 dirty:59 writeback:0 [ 1070.985817][T16284] slab_reclaimable:9629 slab_unreclaimable:97311 [ 1070.985817][T16284] mapped:26682 shmem:1361 pagetables:530 [ 1070.985817][T16284] sec_pagetables:0 bounce:0 [ 1070.985817][T16284] kernel_misc_reclaimable:0 [ 1070.985817][T16284] free:1349633 free_pcp:9910 free_cma:0 [ 1071.047428][T16284] Node 0 active_anon:20476kB inactive_anon:0kB active_file:46400kB inactive_file:160900kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106728kB dirty:236kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10904kB pagetables:2120kB sec_pagetables:0kB all_unreclaimable? no [ 1071.164795][T16284] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1071.199264][T16284] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1071.231209][T16284] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 1071.237063][T16284] Node 0 DMA32 free:1490428kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:20384kB inactive_anon:0kB active_file:46400kB inactive_file:160076kB unevictable:1536kB writepending:240kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:20932kB local_pcp:20064kB free_cma:0kB [ 1071.268696][T16284] lowmem_reserve[]: 0 0 0 0 0 [ 1071.300615][T16284] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 1071.367979][T16284] lowmem_reserve[]: 0 0 0 0 0 [ 1071.374192][T16284] Node 1 Normal free:3892744kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19776kB local_pcp:8388kB free_cma:0kB [ 1071.407048][T16284] lowmem_reserve[]: 0 0 0 0 0 [ 1071.413061][T16284] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1071.428693][T16284] Node 0 DMA32: 1208*4kB (UM) 830*8kB (UME) 893*16kB (UME) 1463*32kB (UME) 672*64kB (UME) 647*128kB (UME) 324*256kB (UME) 83*512kB (UME) 53*1024kB (UM) 23*2048kB (UME) 260*4096kB (UM) = 1490176kB [ 1071.461399][T16284] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1071.477936][T16284] Node 1 Normal: 224*4kB (UME) 47*8kB (UME) 35*16kB (UME) 67*32kB (UME) 12*64kB (UE) 11*128kB (UME) 2*256kB (UE) 2*512kB (ME) 0*1024kB 1*2048kB (E) 948*4096kB (M) = 3892744kB [ 1071.499750][T16284] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1071.515007][T16284] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1071.534558][T16284] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1071.545226][T16284] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1071.558960][T16284] 53236 total pagecache pages [ 1071.566989][T16284] 0 pages in swap cache [ 1071.574990][T16284] Free swap = 124996kB [ 1071.579343][T16284] Total swap = 124996kB [ 1071.584056][T16284] 2097051 pages RAM [ 1071.588034][T16284] 0 pages HighMem/MovableOnly [ 1071.596840][T16284] 416922 pages reserved [ 1071.608696][T16284] 0 pages cma reserved [ 1072.768041][T16310] __nla_validate_parse: 10 callbacks suppressed [ 1072.768062][T16310] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4053'. [ 1072.800191][T16310] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4053'. [ 1072.815842][T16310] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4053'. [ 1072.862826][T16314] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.4055'. [ 1073.276571][T16321] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4058'. [ 1073.285780][T16321] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4058'. [ 1073.298293][T16321] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4058'. [ 1073.460929][T16325] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4060'. [ 1073.474550][T16323] netlink: 'syz.0.4059': attribute type 10 has an invalid length. [ 1073.487164][T16325] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4060'. [ 1073.507581][T16325] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4060'. [ 1075.587528][T16344] FAULT_INJECTION: forcing a failure. [ 1075.587528][T16344] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1075.602438][T16344] CPU: 1 PID: 16344 Comm: syz.1.4067 Not tainted syzkaller #0 [ 1075.609967][T16344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1075.620070][T16344] Call Trace: [ 1075.623394][T16344] [ 1075.626366][T16344] dump_stack_lvl+0x18c/0x250 [ 1075.631104][T16344] ? show_regs_print_info+0x20/0x20 [ 1075.636357][T16344] ? load_image+0x400/0x400 [ 1075.640907][T16344] ? __lock_acquire+0x7d40/0x7d40 [ 1075.645987][T16344] should_fail_ex+0x39d/0x4d0 [ 1075.650716][T16344] _copy_from_user+0x2f/0xe0 [ 1075.655353][T16344] __copy_msghdr+0x3bb/0x580 [ 1075.659999][T16344] ___sys_sendmsg+0x214/0x360 [ 1075.664724][T16344] ? get_pid_task+0x20/0x1e0 [ 1075.669376][T16344] ? __sys_sendmsg+0x2a0/0x2a0 [ 1075.674220][T16344] ? __lock_acquire+0x7d40/0x7d40 [ 1075.679315][T16344] __se_sys_sendmsg+0x1c2/0x2b0 [ 1075.684219][T16344] ? __x64_sys_sendmsg+0x80/0x80 [ 1075.689402][T16344] ? lockdep_hardirqs_on+0x98/0x150 [ 1075.694663][T16344] do_syscall_64+0x55/0xa0 [ 1075.699135][T16344] ? clear_bhb_loop+0x40/0x90 [ 1075.703858][T16344] ? clear_bhb_loop+0x40/0x90 [ 1075.708591][T16344] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1075.714538][T16344] RIP: 0033:0x7f1ad5b9aeb9 [ 1075.719000][T16344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1075.738650][T16344] RSP: 002b:00007f1ad6add028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1075.747093][T16344] RAX: ffffffffffffffda RBX: 00007f1ad5e15fa0 RCX: 00007f1ad5b9aeb9 [ 1075.755090][T16344] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000000000000003 [ 1075.763088][T16344] RBP: 00007f1ad6add090 R08: 0000000000000000 R09: 0000000000000000 [ 1075.771085][T16344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1075.779071][T16344] R13: 00007f1ad5e16038 R14: 00007f1ad5e15fa0 R15: 00007fffda349958 [ 1075.787078][T16344] [ 1078.108294][T16368] netlink: 'syz.1.4076': attribute type 10 has an invalid length. [ 1079.047208][T16371] FAULT_INJECTION: forcing a failure. [ 1079.047208][T16371] name failslab, interval 1, probability 0, space 0, times 0 [ 1079.060807][T16371] CPU: 1 PID: 16371 Comm: syz.2.4078 Not tainted syzkaller #0 [ 1079.068366][T16371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1079.078471][T16371] Call Trace: [ 1079.081795][T16371] [ 1079.084768][T16371] dump_stack_lvl+0x18c/0x250 [ 1079.089510][T16371] ? show_regs_print_info+0x20/0x20 [ 1079.094766][T16371] ? load_image+0x400/0x400 [ 1079.099330][T16371] ? __lock_acquire+0x7d40/0x7d40 [ 1079.104408][T16371] should_fail_ex+0x39d/0x4d0 [ 1079.109154][T16371] should_failslab+0x9/0x20 [ 1079.113720][T16371] slab_pre_alloc_hook+0x59/0x310 [ 1079.118798][T16371] ? vmemdup_user+0x49/0x1e0 [ 1079.123445][T16371] ? vmemdup_user+0x49/0x1e0 [ 1079.128095][T16371] __kmem_cache_alloc_node+0x53/0x250 [ 1079.133528][T16371] ? vmemdup_user+0x49/0x1e0 [ 1079.138185][T16371] __kmalloc_node+0xa4/0x230 [ 1079.142849][T16371] vmemdup_user+0x49/0x1e0 [ 1079.147328][T16371] map_lookup_elem+0x276/0x7c0 [ 1079.152140][T16371] ? __might_fault+0xaa/0x120 [ 1079.156867][T16371] ? security_bpf+0x7e/0xa0 [ 1079.161431][T16371] __sys_bpf+0x438/0x890 [ 1079.165725][T16371] ? bpf_link_show_fdinfo+0x390/0x390 [ 1079.171159][T16371] ? lock_chain_count+0x20/0x20 [ 1079.176071][T16371] __x64_sys_bpf+0x7c/0x90 [ 1079.180542][T16371] do_syscall_64+0x55/0xa0 [ 1079.185035][T16371] ? clear_bhb_loop+0x40/0x90 [ 1079.189767][T16371] ? clear_bhb_loop+0x40/0x90 [ 1079.194503][T16371] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1079.200451][T16371] RIP: 0033:0x7f045119aeb9 [ 1079.204910][T16371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1079.224592][T16371] RSP: 002b:00007f045201a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1079.233068][T16371] RAX: ffffffffffffffda RBX: 00007f0451415fa0 RCX: 00007f045119aeb9 [ 1079.241087][T16371] RDX: 0000000000000020 RSI: 00002000000017c0 RDI: 0000000000000001 [ 1079.249130][T16371] RBP: 00007f045201a090 R08: 0000000000000000 R09: 0000000000000000 [ 1079.257148][T16371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1079.265173][T16371] R13: 00007f0451416038 R14: 00007f0451415fa0 R15: 00007ffc1982e0e8 [ 1079.273213][T16371] [ 1079.420297][T16384] __nla_validate_parse: 10 callbacks suppressed [ 1079.420318][T16384] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4082'. [ 1079.470643][T16384] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4082'. [ 1079.509392][T16385] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4082'. [ 1079.535840][T16387] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4082'. [ 1082.377873][T16406] netlink: 'syz.2.4089': attribute type 10 has an invalid length. [ 1085.454831][T16415] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4091'. [ 1085.487616][T16415] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4091'. [ 1085.514363][T16415] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4091'. [ 1085.528070][T16415] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4091'. [ 1088.859256][T16445] netlink: 'syz.1.4099': attribute type 10 has an invalid length. [ 1089.044923][T16453] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4103'. [ 1089.054465][T16453] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4103'. [ 1089.065227][T16453] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4103'. [ 1089.075600][T16453] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4103'. [ 1095.391320][T16486] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4112'. [ 1095.411073][T16486] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4112'. [ 1095.432754][T16486] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4112'. [ 1095.461285][T16486] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4112'. [ 1095.515772][T16493] netlink: 'syz.2.4115': attribute type 10 has an invalid length. [ 1097.386717][T16510] FAULT_INJECTION: forcing a failure. [ 1097.386717][T16510] name failslab, interval 1, probability 0, space 0, times 0 [ 1097.403228][T16510] CPU: 1 PID: 16510 Comm: syz.1.4120 Not tainted syzkaller #0 [ 1097.410765][T16510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1097.420871][T16510] Call Trace: [ 1097.424197][T16510] [ 1097.427173][T16510] dump_stack_lvl+0x18c/0x250 [ 1097.431912][T16510] ? show_regs_print_info+0x20/0x20 [ 1097.437167][T16510] ? load_image+0x400/0x400 [ 1097.441719][T16510] ? __might_sleep+0xe0/0xe0 [ 1097.446376][T16510] ? __lock_acquire+0x7d40/0x7d40 [ 1097.451457][T16510] should_fail_ex+0x39d/0x4d0 [ 1097.456188][T16510] should_failslab+0x9/0x20 [ 1097.460742][T16510] slab_pre_alloc_hook+0x59/0x310 [ 1097.465824][T16510] ? tomoyo_encode+0x28b/0x540 [ 1097.470719][T16510] ? tomoyo_encode+0x28b/0x540 [ 1097.475531][T16510] __kmem_cache_alloc_node+0x53/0x250 [ 1097.480960][T16510] ? tomoyo_encode+0x28b/0x540 [ 1097.485775][T16510] __kmalloc+0xa4/0x230 [ 1097.489992][T16510] tomoyo_encode+0x28b/0x540 [ 1097.494634][T16510] tomoyo_realpath_from_path+0x592/0x5d0 [ 1097.500324][T16510] tomoyo_path_number_perm+0x248/0x620 [ 1097.505870][T16510] ? tomoyo_path_number_perm+0x217/0x620 [ 1097.511579][T16510] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1097.517108][T16510] ? ksys_write+0x1c4/0x260 [ 1097.521701][T16510] ? __fget_files+0x28/0x4b0 [ 1097.526345][T16510] ? __fget_files+0x28/0x4b0 [ 1097.531001][T16510] security_file_ioctl+0x70/0xa0 [ 1097.536001][T16510] __se_sys_ioctl+0x48/0x170 [ 1097.540648][T16510] do_syscall_64+0x55/0xa0 [ 1097.545756][T16510] ? clear_bhb_loop+0x40/0x90 [ 1097.550478][T16510] ? clear_bhb_loop+0x40/0x90 [ 1097.555203][T16510] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1097.561157][T16510] RIP: 0033:0x7f1ad5b9aeb9 [ 1097.565724][T16510] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1097.586445][T16510] RSP: 002b:00007f1ad6abc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1097.597371][T16510] RAX: ffffffffffffffda RBX: 00007f1ad5e16090 RCX: 00007f1ad5b9aeb9 [ 1097.606213][T16510] RDX: 00002000000002c0 RSI: 00000000000089e1 RDI: 0000000000000006 [ 1097.615562][T16510] RBP: 00007f1ad6abc090 R08: 0000000000000000 R09: 0000000000000000 [ 1097.625685][T16510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1097.634919][T16510] R13: 00007f1ad5e16128 R14: 00007f1ad5e16090 R15: 00007fffda349958 [ 1097.645616][T16510] [ 1097.660919][T16510] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1098.546291][T16496] ------------[ cut here ]------------ [ 1098.552129][T16496] WARNING: CPU: 1 PID: 16496 at kernel/events/core.c:6806 perf_pending_task+0x35c/0x470 [ 1098.562028][T16496] Modules linked in: [ 1098.566143][T16496] CPU: 1 PID: 16496 Comm: syz.0.4116 Not tainted syzkaller #0 [ 1098.573699][T16496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1098.583895][T16496] RIP: 0010:perf_pending_task+0x35c/0x470 [ 1098.589675][T16496] Code: ff 84 db 75 14 e8 74 e1 d5 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 60 e1 d5 ff e8 bb 6b 4f ff eb e5 e8 54 e1 d5 ff <0f> 0b e9 f3 fe ff ff e8 48 e1 d5 ff 48 c7 c7 f0 f2 1c 8d 4c 89 f6 [ 1098.609430][T16496] RSP: 0018:ffffc90004def9c0 EFLAGS: 00010293 [ 1098.615600][T16496] RAX: ffffffff81b131cc RBX: ffff888022d77e48 RCX: ffff88802c015a00 [ 1098.623760][T16496] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1098.631861][T16496] RBP: 0000000000000001 R08: ffffffff8e8ad9ef R09: 1ffffffff1d15b3d [ 1098.639893][T16496] R10: dffffc0000000000 R11: fffffbfff1d15b3e R12: ffff88802c015a00 [ 1098.648575][T16496] R13: ffff888030528530 R14: ffff888022d77c08 R15: 1ffff110045aef81 [ 1098.657001][T16496] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1098.666207][T16496] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1098.672919][T16496] CR2: 0000001b34263fcf CR3: 000000007d6b8000 CR4: 00000000003506e0 [ 1098.681015][T16496] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000200000000300 [ 1098.689048][T16496] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 1098.697123][T16496] Call Trace: [ 1098.700533][T16496] [ 1098.703524][T16496] task_work_run+0x1d4/0x260 [ 1098.708181][T16496] ? task_work_cancel+0x220/0x220 [ 1098.713369][T16496] do_exit+0x95a/0x2460 [ 1098.717614][T16496] ? put_task_struct+0xc0/0xc0 [ 1098.722567][T16496] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1098.728692][T16496] ? get_signal+0x1068/0x13f0 [ 1098.733608][T16496] ? lock_chain_count+0x20/0x20 [ 1098.738515][T16496] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1098.743700][T16496] do_group_exit+0x21b/0x2d0 [ 1098.748358][T16496] ? lockdep_hardirqs_on+0x98/0x150 [ 1098.753671][T16496] get_signal+0x12fc/0x13f0 [ 1098.758249][T16496] arch_do_signal_or_restart+0xc2/0x800 [ 1098.763948][T16496] ? __ia32_sys_get_robust_list+0x110/0x110 [ 1098.770073][T16496] ? blkcg_maybe_throttle_current+0x19f/0xa90 [ 1098.776308][T16496] ? get_sigframe_size+0x20/0x20 [ 1098.781617][T16496] ? exit_to_user_mode_loop+0x3b/0x110 [ 1098.787148][T16496] exit_to_user_mode_loop+0x70/0x110 [ 1098.792559][T16496] exit_to_user_mode_prepare+0xee/0x180 [ 1098.798170][T16496] syscall_exit_to_user_mode+0x1a/0x50 [ 1098.803754][T16496] do_syscall_64+0x61/0xa0 [ 1098.808224][T16496] ? clear_bhb_loop+0x40/0x90 [ 1098.813024][T16496] ? clear_bhb_loop+0x40/0x90 [ 1098.817763][T16496] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1098.823801][T16496] RIP: 0033:0x7fb7d599aeb9 [ 1098.828262][T16496] Code: Unable to access opcode bytes at 0x7fb7d599ae8f. [ 1098.835383][T16496] RSP: 002b:00007fb7d67890e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1098.843938][T16496] RAX: fffffffffffffe00 RBX: 00007fb7d5c15fa8 RCX: 00007fb7d599aeb9 [ 1098.852052][T16496] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb7d5c15fa8 [ 1098.860076][T16496] RBP: 00007fb7d5c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1098.868273][T16496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1098.876568][T16496] R13: 00007fb7d5c16038 R14: 00007ffda3c269e0 R15: 00007ffda3c26ac8 [ 1098.884688][T16496] [ 1098.887755][T16496] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1098.895072][T16496] CPU: 1 PID: 16496 Comm: syz.0.4116 Not tainted syzkaller #0 [ 1098.902575][T16496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1098.912666][T16496] Call Trace: [ 1098.915980][T16496] [ 1098.918953][T16496] dump_stack_lvl+0x18c/0x250 [ 1098.923686][T16496] ? show_regs_print_info+0x20/0x20 [ 1098.928941][T16496] ? load_image+0x400/0x400 [ 1098.933509][T16496] panic+0x2dc/0x730 [ 1098.937454][T16496] ? bpf_jit_dump+0xd0/0xd0 [ 1098.942022][T16496] __warn+0x2e0/0x470 [ 1098.946053][T16496] ? perf_pending_task+0x35c/0x470 [ 1098.951226][T16496] ? perf_pending_task+0x35c/0x470 [ 1098.956395][T16496] report_bug+0x2be/0x4f0 [ 1098.960781][T16496] ? perf_pending_task+0x35c/0x470 [ 1098.965937][T16496] ? perf_pending_task+0x35c/0x470 [ 1098.971070][T16496] ? perf_pending_task+0x35e/0x470 [ 1098.976201][T16496] handle_bug+0xcf/0x120 [ 1098.980475][T16496] exc_invalid_op+0x1a/0x50 [ 1098.985015][T16496] asm_exc_invalid_op+0x1a/0x20 [ 1098.989899][T16496] RIP: 0010:perf_pending_task+0x35c/0x470 [ 1098.995685][T16496] Code: ff 84 db 75 14 e8 74 e1 d5 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 60 e1 d5 ff e8 bb 6b 4f ff eb e5 e8 54 e1 d5 ff <0f> 0b e9 f3 fe ff ff e8 48 e1 d5 ff 48 c7 c7 f0 f2 1c 8d 4c 89 f6 [ 1099.015335][T16496] RSP: 0018:ffffc90004def9c0 EFLAGS: 00010293 [ 1099.021531][T16496] RAX: ffffffff81b131cc RBX: ffff888022d77e48 RCX: ffff88802c015a00 [ 1099.029718][T16496] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1099.038318][T16496] RBP: 0000000000000001 R08: ffffffff8e8ad9ef R09: 1ffffffff1d15b3d [ 1099.046698][T16496] R10: dffffc0000000000 R11: fffffbfff1d15b3e R12: ffff88802c015a00 [ 1099.054712][T16496] R13: ffff888030528530 R14: ffff888022d77c08 R15: 1ffff110045aef81 [ 1099.062990][T16496] ? perf_pending_task+0x35c/0x470 [ 1099.068149][T16496] task_work_run+0x1d4/0x260 [ 1099.072868][T16496] ? task_work_cancel+0x220/0x220 [ 1099.078198][T16496] do_exit+0x95a/0x2460 [ 1099.082400][T16496] ? put_task_struct+0xc0/0xc0 [ 1099.087481][T16496] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1099.093671][T16496] ? get_signal+0x1068/0x13f0 [ 1099.098388][T16496] ? lock_chain_count+0x20/0x20 [ 1099.103266][T16496] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1099.108376][T16496] do_group_exit+0x21b/0x2d0 [ 1099.113017][T16496] ? lockdep_hardirqs_on+0x98/0x150 [ 1099.118247][T16496] get_signal+0x12fc/0x13f0 [ 1099.122831][T16496] arch_do_signal_or_restart+0xc2/0x800 [ 1099.128415][T16496] ? __ia32_sys_get_robust_list+0x110/0x110 [ 1099.134327][T16496] ? blkcg_maybe_throttle_current+0x19f/0xa90 [ 1099.140429][T16496] ? get_sigframe_size+0x20/0x20 [ 1099.145418][T16496] ? exit_to_user_mode_loop+0x3b/0x110 [ 1099.150914][T16496] exit_to_user_mode_loop+0x70/0x110 [ 1099.156240][T16496] exit_to_user_mode_prepare+0xee/0x180 [ 1099.161834][T16496] syscall_exit_to_user_mode+0x1a/0x50 [ 1099.167319][T16496] do_syscall_64+0x61/0xa0 [ 1099.171787][T16496] ? clear_bhb_loop+0x40/0x90 [ 1099.176487][T16496] ? clear_bhb_loop+0x40/0x90 [ 1099.181197][T16496] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1099.187116][T16496] RIP: 0033:0x7fb7d599aeb9 [ 1099.191556][T16496] Code: Unable to access opcode bytes at 0x7fb7d599ae8f. [ 1099.198605][T16496] RSP: 002b:00007fb7d67890e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1099.207314][T16496] RAX: fffffffffffffe00 RBX: 00007fb7d5c15fa8 RCX: 00007fb7d599aeb9 [ 1099.215319][T16496] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb7d5c15fa8 [ 1099.223325][T16496] RBP: 00007fb7d5c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1099.231324][T16496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1099.239325][T16496] R13: 00007fb7d5c16038 R14: 00007ffda3c269e0 R15: 00007ffda3c26ac8 [ 1099.247344][T16496] [ 1099.250995][T16496] Kernel Offset: disabled [ 1099.255338][T16496] Rebooting in 86400 seconds..