last executing test programs: 3.93663861s ago: executing program 0 (id=4626): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0, 0xa}, 0x1945, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r1) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000080654d970008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$kcm(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8918, &(0x7f0000000000)={r2}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2141, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xfb43}, 0x114905, 0x4, 0x0, 0x1, 0x2000000000, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r6) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0, 0xa}, 0x1945, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0x1, 0xffffffffffffffff, 0x0) (async) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) (async) close(r1) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000080654d970008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) socket$kcm(0xa, 0x2, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) (async) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8918, &(0x7f0000000000)={r2}) (async) bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) (async) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2141, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xfb43}, 0x114905, 0x4, 0x0, 0x1, 0x2000000000, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r6) (async) 2.612071797s ago: executing program 1 (id=4631): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0xd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x2, 0x2, 0x1, 0x0) r1 = socket$kcm(0x2, 0x1, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x34000}], 0x1}, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000046090100000003e71600000006000000180100002020702500000000002020207b9af8ff00000000ad9100000000000037010000f8ffffffb702000008000000b70300000000000024090000060000005c09000000000000b5030000000000008500000076000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 2.602798368s ago: executing program 0 (id=4639): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x31, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x3fffffff}, [@tail_call, @ringbuf_query, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffefc}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x5}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xb}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x4}, @ringbuf_query, @btf_id={0x18, 0x9, 0x3, 0x0, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}}, @generic={0xfe, 0x6, 0x9, 0x3, 0x4e}, @tail_call, @ringbuf_query]}, 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) socket$kcm(0x11, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r0 = perf_event_open$cgroup(&(0x7f00000001c0)={0x7, 0x80, 0x9, 0x0, 0xf, 0x4, 0x0, 0x3, 0x28000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000140), 0x5}, 0x1000, 0xfffffffffffffffe, 0x1ff, 0x4, 0xfff, 0x2, 0x6, 0x0, 0x5, 0x0, 0xf6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000280)=ANY=[@ANYBLOB="0506000000000000000000d6c5136f00"/25]) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x8, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x2, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x11, 0x200000000000002, 0x300) r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x104046, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xfffffffffffffe38, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d0013000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f00000003c0)=0x4000000000001000, 0x12) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@o_path={&(0x7f0000000300)='./file0\x00', 0x0, 0x4010, r1}, 0x18) r6 = openat$cgroup_procs(r3, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000400), 0x12) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000180000021800000004000000010000000000000b020000000e000000000000020200000000613000"], &(0x7f00000006c0)=""/84, 0x34, 0x54, 0x0, 0x1, 0x10000}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x16, &(0x7f0000000500)=ANY=[@ANYBLOB="2458feffffffffff1801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000c30000008500000006000000180000007f0000000000000005000000852000000100000018230000", @ANYRES32=0x1, @ANYBLOB="0000000005000000180100002020782500000000006020207b1af8ff000000007d670000000000000701000000b7e7d39865de015585f3000000b7020000000000b70300000500"], &(0x7f0000000380)='syzkaller\x00', 0x7, 0xeb, &(0x7f00000005c0)=""/235, 0x41000, 0x4, '\x00', 0x0, 0x25, r8, 0x8, &(0x7f0000000780)={0x3, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x7fff, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000800)=[r5], &(0x7f0000000840)=[{0x5, 0x5, 0x7, 0x7}, {0x2, 0x2, 0xa, 0x5}], 0x10, 0x2}, 0x94) r9 = openat$cgroup_int(r7, &(0x7f0000000240)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r9, &(0x7f00000003c0)=0x1000, 0x12) 2.464673416s ago: executing program 2 (id=4633): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1) socket$kcm(0x2, 0x1, 0x84) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, 0x0, 0x40000) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000081000400000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) unlink(&(0x7f0000000200)='./cgroup\x00') sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000fa4c4241fc0560", 0xe}], 0x1}, 0x0) 2.271792488s ago: executing program 1 (id=4634): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000fa4c4241fc0560", 0xe}], 0x1}, 0x0) 2.250595579s ago: executing program 3 (id=4635): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1) socket$kcm(0x2, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40000) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000081000400000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) unlink(&(0x7f0000000200)='./cgroup\x00') sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000fa4c4241fc0560", 0xe}], 0x1}, 0x0) 2.204690531s ago: executing program 2 (id=4636): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1) socket$kcm(0x2, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000081000400000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000fa4c4241fc0560", 0xe}], 0x1}, 0x0) 2.152477895s ago: executing program 0 (id=4637): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x4080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x4206}, 0x2, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001e80)={&(0x7f0000000180)=@abs={0x1, 0x5c}, 0x6e, 0x0}, 0x11) 2.101285457s ago: executing program 1 (id=4638): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x1c}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f00000005c0)={0x5, 0x80, 0x57, 0x92, 0x3, 0x6, 0x0, 0x8, 0x8, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000003c0), 0x6}, 0x28, 0x8, 0x1, 0x4, 0x3, 0x6f07d4f2, 0x6, 0x0, 0x2, 0x0, 0x2}, 0xffffffffffffffff, 0xe, r1, 0x2) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000400)={0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000003600000085000000d00000"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0xd, 0x8, 0x8, 0x5, 0x0, 0x80000000, 0x2002, 0xb, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0xffffafe5, 0x0, @perf_config_ext={0x100000000, 0xfffffffffffff819}, 0x2000, 0x1, 0x0, 0x5, 0x2, 0x2, 0x8001, 0x0, 0xd2, 0x0, 0xfb}, 0x0, 0x3, 0xffffffffffffffff, 0x2) r5 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r5, 0x29, 0x14, &(0x7f0000000100), 0x120) setsockopt$sock_attach_bpf(r5, 0x29, 0x15, &(0x7f0000000100), 0x3d) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r4) sendmsg(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000300)=@tipc=@id={0x1e, 0x3, 0x1, {0x4e21, 0x4}}, 0x80, &(0x7f00000008c0)=[{&(0x7f00000003c0)}, {&(0x7f0000000440)="f5e04d0874d2", 0x6}, {&(0x7f0000000580)="7374bb4770383bf0cad937f2270878e9283aba05a8ba6b9b7131d64a57c00ed5d8404102db64e6d0af57", 0x2a}, {&(0x7f0000000800)}], 0x4, &(0x7f0000000940)=[{0x58, 0x10f, 0x3, "a6af9109a92e8e4c9d13dfe6b7b6fd757395075cf9b3f3fd05ab6f7626995287c04b1bedf0d5442592561bf4754e7cca79b0e9570a566d85ac297720be8dd3e16e2a"}, {0xc0, 0x112, 0x623, "e6f5517e2b0ce8309a8d8af5e70d9428d28e33b1f1798aa3e07b180d22455b0d97ee51ac872a902e803931607e47cf18f4796706e25e2a01982383cb39f51da60b68be0b0df634e19567ed23e42cb20b31d1c1e8faf8958bae03c60a409fa6f3af854772f92a7016ce6727c1bea4c92fe08dcb3e2fc18076b3c0c17a359612093c41f565613c9824cb6b36880a0d3103040ca01dfb6623feaee501ac304f5c1b80dce3b481cb4e1b54"}, {0x58, 0x10e, 0x40, "bd71c597617364966e84baa2545692e8c53b591b0561dbca9219c853bf1b718709d278c189ad805e99d837d57a11d873c42a56c998e2e4708db016083a5d496b8297d62c592c4b2b"}, {0xd0, 0x10b, 0x7f, "de2575250fec159afbc5c4895db34fca272165aab528baf3f73698708fb0910c9edb33ff413f566a676e35d3d90e1b18dc42a1662e69be36eeca9e6f02f034f36a0cab0e4a64bebd4855291ff3da50c5af52821873fd62cc26e039b325d74a6860aa426ed9e13f1d3357daabcfd2775a8217b9838a2fbe798268d2aeb02c9351487cd6d023f0b0e2f0d93e68abb8f37f6ca280c0f4edbab704f55d69305cec78f7694b16dd966f7d567e73f5713cbd3f8a3403816f434a092e26ced31e47b8"}], 0x240}, 0x40) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="8500000005000000070000000000000095000000000000005bee1ea01c7814c00980e99a5df1f0614e1942612258708ff9dfaef11bd5504710e1d85587ee4727c9802ba8f5bd83e27c5585207b4e19cee40a9cab915f98eeb1e5a448c0d934224a13ed92a919f303d06b06833168000000000000000000000000f828967cd7352bed054c35edcb5548bcc8573fa4bcd1b87b8bc4a080d48368c87caa011f9f43f44dce6f7896caa82c8cc94a6f9f01ea49effd5ddd45908a22dc23876180f09a80e42135896d93fc510cbde2b03f40dab9c5904a59c5a7a47d173f8001e59332bbea03c2b6"], &(0x7f0000000040)='GPL\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, r6, 0x14, &(0x7f00000000c0)={0x0, 0x11}, 0x1, 0x10, &(0x7f0000000000), 0xa, 0x0, 0xffffffffffffffff, 0x4c}, 0x70) 2.093212428s ago: executing program 3 (id=4640): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x407fff, 0x1}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x6, 0x0, 0xffda, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x200000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x108}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200}) socketpair(0x1, 0x1, 0x1, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080)) 2.033350451s ago: executing program 2 (id=4641): syz_clone(0x10eb22f000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@const={0x0, 0x0, 0x0, 0x2, 0x3}, @fwd={0x2, 0x0, 0x0, 0x12}, @typedef={0x4, 0x0, 0x0, 0x12, 0x2}]}, {0x0, [0x0, 0x5f, 0x0, 0x61]}}, 0x0, 0x42, 0x0, 0x1}, 0x20) (async) r0 = syz_clone(0x20800000, 0x0, 0x4b, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000a00)={0x4, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1e37cf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x200, 0x0, 0x7, 0x0, 0x100}, r0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000700000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x61}, 0x70) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000070000000200000007"], 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close(0x3) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 64) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="06000000040000000a0000000c00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000600000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4) (async, rerun: 32) sendmsg$unix(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 32) gettid() (async, rerun: 64) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (rerun: 64) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) syz_clone(0xc510c080, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0) (async) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) (async) r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000060000000400000000000008000000000000000061"], 0x0, 0x2a}, 0x20) bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000001000)=@base={0x10, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r9, 0x0, 0x1}, 0x48) (async) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400001c000000850000001500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) (rerun: 32) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r8}, &(0x7f0000000180), &(0x7f00000001c0)=r10}, 0x20) (async, rerun: 64) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 64) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000001000", 0x0, 0x2e00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) syz_clone(0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) 1.301990714s ago: executing program 3 (id=4642): r0 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000002c0)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000240)="0ea415"}, {&(0x7f0000000740)="8b0a751c7aead06880515a5d", 0x3}, {&(0x7f0000000800)="c8ea972e8fbc5218c56e7b9c7ef9c62f186d531c8a26c50e09e4267c68eedb106c2f9d33ca75", 0xffc9}], 0x3}, 0x200ce0c0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000080)='i', 0x1e}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x20040080) 1.272517766s ago: executing program 1 (id=4643): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xfffffff7}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x4, 0x0) close(0xffffffffffffffff) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x40800) socket$kcm(0x10, 0x2, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="ff00"}) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="09c56e0000000400"/31, @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000010feffffff00"/28], 0x50) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$TUNSETVNETBE(r2, 0x400454de, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x36500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x62, 0x2}, 0x7602, 0x5, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x2) socket$kcm(0xa, 0x5, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000080000000000000000000008500000022000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000d4448d49850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r3, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e00000000000000070040000900000000", @ANYRES32, @ANYBLOB="00000000000021b167d6c41d1fa30004", @ANYBLOB="8d82f141615af7807d4fb9dcee8471f1acdeba24d46d3a9b079c5594adfe47c3fae3c461814698053c175b1fed754b3aeb36d19a5dc26ca80c23174b0f11e0aba7696f3230b0400e3c8cf1fdedf57be8043a686eb5ec"], 0x50) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'wlan1\x00', @random="0100c3201000"}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000)) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1e00000006000000800000000000000022000000", @ANYRES32=r4, @ANYBLOB="070000000000000000002ec30008000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000010000000100"/25], 0x50) r6 = socket$kcm(0xa, 0x5, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x890b, &(0x7f0000000000)={r6}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'sit0\x00', @random="00e10000d3a8"}) 1.271468426s ago: executing program 0 (id=4644): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0xd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x2, 0x2, 0x1, 0x0) r0 = socket$kcm(0x2, 0x1, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x34000}], 0x1}, 0x0) 1.182815891s ago: executing program 2 (id=4645): ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x5421, 0x110e22ffff) 1.180929491s ago: executing program 3 (id=4646): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x31, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x3fffffff}, [@tail_call, @ringbuf_query, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffefc}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x5}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xb}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x4}, @ringbuf_query, @btf_id={0x18, 0x9, 0x3, 0x0, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}}, @generic={0xfe, 0x6, 0x9, 0x3, 0x4e}, @tail_call, @ringbuf_query]}, 0x0, 0x2, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) socket$kcm(0x11, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r0 = perf_event_open$cgroup(&(0x7f00000001c0)={0x7, 0x80, 0x9, 0x0, 0xf, 0x4, 0x0, 0x3, 0x28000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000140), 0x5}, 0x1000, 0xfffffffffffffffe, 0x1ff, 0x4, 0xfff, 0x2, 0x6, 0x0, 0x5, 0x0, 0xf6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000280)=ANY=[@ANYBLOB="0506000000000000000000d6c5136f00"/27]) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x8, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x2, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x11, 0x200000000000002, 0x300) r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x104046, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xfffffffffffffe38, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d0013000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f00000003c0)=0x4000000000001000, 0x12) r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@o_path={&(0x7f0000000300)='./file0\x00', 0x0, 0x4010, r1}, 0x18) r6 = openat$cgroup_procs(r3, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000400), 0x12) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000180000021800000004000000010000000000000b020000000e000000000000020200000000613000"], &(0x7f00000006c0)=""/84, 0x34, 0x54, 0x0, 0x1, 0x10000}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x16, &(0x7f0000000500)=ANY=[@ANYBLOB="2458feffffffffff1801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000c30000008500000006000000180000007f0000000000000005000000852000000100000018230000", @ANYRES32=0x1, @ANYBLOB="0000000005000000180100002020782500000000006020207b1af8ff000000007d670000000000000701000000b7e7d39865de015585f3000000b7020000000000b70300000500"], &(0x7f0000000380)='syzkaller\x00', 0x7, 0xeb, &(0x7f00000005c0)=""/235, 0x41000, 0x4, '\x00', 0x0, 0x25, r8, 0x8, &(0x7f0000000780)={0x3, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x7fff, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000800)=[r5], &(0x7f0000000840)=[{0x5, 0x5, 0x7, 0x7}, {0x2, 0x2, 0xa, 0x5}], 0x10, 0x2}, 0x94) r9 = openat$cgroup_int(r7, &(0x7f0000000240)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r9, &(0x7f00000003c0)=0x1000, 0x12) 823.355232ms ago: executing program 2 (id=4647): r0 = socket$kcm(0x11, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$kcm(0x2, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000fa4c4241fc0560", 0xe}], 0x1}, 0x0) 800.082243ms ago: executing program 0 (id=4648): r0 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000002c0)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000240)="0ea415"}, {&(0x7f0000000740)="8b0a751c7aead06880515a5d", 0x3}, {&(0x7f0000000800)="c8ea972e8fbc5218c56e7b9c7ef9c62f186d531c8a26c50e09e4267c68eedb106c2f9d33ca75", 0xffc9}], 0x3}, 0x200ce0c0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000080)='i', 0x1e}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x20040080) (fail_nth: 3) 638.456533ms ago: executing program 1 (id=4649): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r1) socket$kcm(0x2, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000081000400000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000fa4c4241fc0560", 0xe}], 0x1}, 0x0) 577.424206ms ago: executing program 3 (id=4650): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) setsockopt$sock_attach_bpf(r0, 0x1, 0x7, &(0x7f0000000040), 0x4) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa7}, 0x30004084) (fail_nth: 7) 530.836739ms ago: executing program 0 (id=4651): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x407fff, 0x1}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x6, 0x0, 0xffda, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x200000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}], 0x108}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200}) socketpair(0x1, 0x1, 0x1, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080)) 529.920379ms ago: executing program 2 (id=4652): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r1 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000005, 0x80100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x11540}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x9, 0x1, 0x7fe2, 0x1}, 0x50) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x9, 0x1, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{r3}, &(0x7f0000000b40), &(0x7f0000000b80)}, 0x20) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) (async) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae4d060cdc030000007f1be3f74002000000e2ffca1b1f00fff40004c00e72f750375eeb8a56331d169cd7815e381ad6e747073a0093b837dc6cc01e32efaec8c7a6ec00122800014007040000000004009bbc7a46e398b21000040000ab2ace935daa434e1ae73666d70200dcdf0c171308f8b83ed327957fed0009ef8f0a947ee2", 0x89}], 0x1}, 0x10) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x2) socket$kcm(0x11, 0x200000000000002, 0x300) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) (async) r8 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) openat$cgroup(r8, &(0x7f0000000340)='syz1\x00', 0x200002, 0x0) (async) openat$cgroup(r8, &(0x7f0000000340)='syz1\x00', 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={r6, 0xe0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, &(0x7f0000000900)=[{}, {}], 0x10, 0x10, &(0x7f0000000940), &(0x7f0000000980), 0x8, 0xec, 0x8, 0x8, &(0x7f00000009c0)}}, 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000740)={@ifindex=r9, 0xf, 0x1, 0x7, &(0x7f00000003c0)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000400)=[0x0, 0x0], &(0x7f00000006c0)=[0x0], &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0]}, 0x40) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000740)={@ifindex=r9, 0xf, 0x1, 0x7, &(0x7f00000003c0)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000400)=[0x0, 0x0], &(0x7f00000006c0)=[0x0], &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0]}, 0x40) r10 = syz_clone(0x2050000, &(0x7f0000000040)="43dbef57653a34454150c21a8bf7569abc52e21751b9d23fdcf202", 0x1b, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000580)="3b58f5611e2ae2e23153e9dcb16d52c179871c166e36e87634f7d2416038a8a512fe5977d9f5365b3a878d17e50eb4541543ae68f7f0ea3849753c11103907f17ba61fcde45e7b966efb3ea85513fe4e5cd955645bb38d668a268e91d326b725ce6094011fc5e9080f3178361e183bcefebc5d2cc3ae3fb363ec3a99b7ebcce2c93a0eb06ed8e0aadacb24aeb2332405c24abe4e64c88bd60d4d") perf_event_open(0x0, r10, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000380)=r10, 0x12) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) (async) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) ioctl$SIOCSIFHWADDR(r0, 0x89fe, &(0x7f0000000680)={'caif0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}}) 484.950262ms ago: executing program 1 (id=4653): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x4080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x4206}, 0x2, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001e80)={&(0x7f0000000180)=@abs={0x1, 0x5c}, 0x6e, 0x0}, 0x11) 0s ago: executing program 3 (id=4654): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000001880)=ANY=[@ANYRES32=0x0, @ANYBLOB="2f000000ddffffffffffffffffe0bc34df7f14a6f0f6af388a8a2dee962a123a654752ff07a1a5f9999b04a35ffc64926a69a5cd49200593bb1631aa1589230c96e04cef7ed28fd79b13964476e0612aee14f3e192b0ee", @ANYRES32=r0, @ANYBLOB], 0x20) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x4, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xf, 0x4, 0x2, 0xdc, 0x7, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xd, 0xffffffffffffffff, 0x9) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20040010) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000180)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000001300)=[{&(0x7f0000000240)="27050200340f3c000600002fb96dbcf706060000170000005f45f491bdd54ec5ff1144ee162fd4b8bf7256da82f600102c21880b00000000010040570000000600000000000000805d", 0x49}, {&(0x7f00000002c0)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee274120e7662328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb013c9d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa2e9b598f0ae06efbc1a5d5bd91aed6b32deccf7755cef50fab72633c802533b9d94f17f9be978f2514c47671575ee528fbdddc6194328e605e4d10e293756d20eb8a545f2bfe48df5d1d98a270458392a0a57647dcb8ee005e78877a072d12d0429b9b9957a695c3289b4a59469691115e6ba204181708b9d1ae47418ed594b8128f20c100f5485a84e60d73ab818da73fab78caf42afd1f89cdb29dfdd6676c55ea00d35321bc4878170c62b056b4e03ae556ac804026cabcbc8e79e7a18f2f56442cd650aa2bc88f62ebb65bfafd3e5b4c62ac2e720ff0fdf03c46889df55ff91058319c953f90cd6e7f7b15d56a58ff6128357510c4c618aa25434881d58c39092969ba1f7c444465f16d1f2561991e357bda928f2a50422f774f318fb41169a0d0324a8efd19b940a17c28cda06b750cd02155dbdbd1dc695e190a997ae8f4bb8766983d8db8678a78ae8f044b868549e9c60f7ce25a36300ce07f304e75d285e914b3aec703969df969b2736dd99fcab1944c751f8ef4c34cbb86d5f27ef9982be245949d5579b540750d1eac428b0cd2541295b577573b27e9ecac3934987e85b44bc85e6e307cf6f5683bf1c817369d556a368bc5560a1737aa2bec3cac4689e04fbe851ed4b6c1a355950522f8918af3855fe97ec285da15a20e8119483e7419fa2b0639d5add10b396a8033ec2b98d9a9fca3fc4202d0a6bcfa55798eacafa4c8efafb73a2ab89bb58b0c20364a6ad9c233dfb1bdbb87b8f91e3ab9790e876f906107183419aa7480e327388c01dc5f2d5bcb8a7565cddc4e1275741116416b66bf3adf9e7e31c3fc518740446ed2a394e7699baf9408c62b4c0e7a11dec8f4a67e78a3f00bedae9f55f36c52a1fd4ee3a8be7285f9ca898ee63d3718a7c4603bcb9a24537b34a41a6c0eee4cc609b014d3f4fb928aa7e3fa7a4f97dcef5c0e526b650284ffeda82f603ed9ea1eb6627d29d8bcd6c7e6fe128b1c4463b2cfe50c0ff9a46090635dde4b4d4a984e5a91f7486856cd2bf85088fa4d27b219628be8cdba7004d00985a73fb5b0b4b0f96844e73a8ff7884bdee1a0d6e62decfeebfb56351c135e6580fd61ea806ee5592fe4ffba5c73b8a4a04d44aa52645320cb73fe0c5f14a971d3b3f64c85f5ebaab5e1a061f5186050230286331048e43368e45cfc88e8f4d0d3b1b86b64d5394bc68c2b754389b3c18a45c1edb0496dd88cb3113bbdf1a0f127eb8cd52caf8da95b83d0decad3775b2f2e43776d0d32d447cdd0b267b32775e3473f51a233f8c91a4c07ad669da1844f3d9554f399d43ca1eda29c5c761b3936f845f0c4d1c6a56b8b34b5ab3291e06cd86de6116fc3236a11343d6f4ad02199717054ac1f15471c5a2b8efe67bd4bea33c0ca36e2c4209026849de21c1da1057f353cc824947d75119e4501b98cb9e621d0644e3f4a75353093557afcee7da41ad368fe1cbb426922772b9b262a861fbce9ae86d6e8c5a8de6a1e8f03456c0a354277a2f3ff46a62b6d6cdee4febf23e2350f94b47a05a4d0e7da37a2e97b899d92ca1f3bd1cded5588593e8bb99b9dce0731fa1174de14b63be2bf7e424f870551f213fab437aac092c2e9798959fa3616465e2b36fd49cc9af902d47debec02558c036ed991f1a3895b37cd70f3c405cca362c885542fd976e73be4cf7580a0c4d5a9527c77c189573e3be07ed15472f6b012939abb5be9f3e8a5b720307fb2dbca48b35d121702cfb6b3690559b08fbeb77d53d37582d7f44fe269ac51665632bf070cfc7445741b70306cb3f19b7fbecd19a78092dfd086a0da019734d95660ba4e5ce5bcf25f09403c32e3ec902f3717cca0eca05e791c2b8c2b8988645afa2446d5218abce136c0dbbafb95e4f4727a29cc567b3f73d5dbc1aeee746653a7f5c445add24a9c1b67d1bfeec85d2a6478e80c3acdb9439aa46c8cf14a98ffa89790ef7a94b3146088566812e28ccbafb466772b7fbb98dcf1e792eb6d0de0829c3c49c5ecdeea3e80017324a0fe724565c4e7a242764e9012442cae44b57c7121889c044be05b5eca70efb649bb528e751f072af93ae2c5053fdce196cce158136f904cf64f2cb8becc2d024f5ec32a38d78b87a4dfe7c53769dadef890efd160eb662cedb18a756aed83edfb9efbbb3648eb399e61f80077e64b95eae9d17083aed05cfc2e148621e36be1f41d373c721a11804fce269c688b0c647d6e1083e336d1f7f90a7a080a83397773cc351531070af5c1a1418f28dce95c01052a314a9ebe39cb9cddb8e7855e58c4a636b7f6250ecad312ede18664c03d92e330935295a35ea3e0306f25ca971300f782ae2f6e79a513732d22ef9b9bc41d17df3352a855cdd19b18f5abd6e6420f4f42f01750a64f6acdb6b46622fafebe3e913c64a1a6a59f980e97deae0dc83c12ccae6b430d7a28f21c3e0e38b32f3d5f1d44927fc34ed5c9ddb5be8eb936dbdcd327b63ea69d86c2da15cb834a18ee51a44f2da7b11d79486942fd04eade92fe5d93342970ca4cc73861b15facf97e9c53c15488c5630b17b9364c58652cfa6de0918327498ba8d6120d3be9139c51a6e9017525772397529ddd4fd1905614fd1cc7f1370a577ad10ec9ea742f9aedc9fee42c3df38f4b35ccb1cf8590eaf770b3f74af21f5119ac238e82e92c83321b06f106530abbbd321c3e1dc948accdc21a586ff37253ad1d0c5bfb51541f876be1b6e4f490046204b9edfe9a9721b9019a495d1efed10d4570f4c75ac56aa862f738b46cfe8899f6d92e862611b35be8931a2460dc646ed332b3046baf48613bbb543f4abda22d3d62a484665ba5bbf8fec1bb199b430a6e96cfad417a1644cc5f7f640004836c60f15a174eb7eb1750a71a141549f393c7d88b8729a33f841f7f8f2bd03dccaaa825f2e29105f6b4c11ac8e06bb3be9dfdecce66294a0be9dbc5f40123644fcac59ed0c968eb62fb14d111e900ad1c038f17d5471ab088f704de7db35753f818f55669a76e621b29d975253d177791e1434644a81b2b8bc4c8e147961b4f1b7f3e225571fecb10906957791b27d35a89e3ce84c91a2dc60aee460d8f41eb7b5e171516ef34d8c7dbbc8122cdeffa51b5a393d2cae7f69826d342d4d81b58ca7ddb0e688a15b39a00ef1aed5db337d1ab87e86f835663a4968c8bf5afd7cf80549f42588d9b8ea04ff3d9eac2b8ffd1155a504230103a68bd8b3c416a10d76cee236442a68393896587bc66c01a5f7f411325578d023d7619a89d0bcbbacae99b925fb72994e1ef4240cddad2294a56bec6d6243b95b04345c215bd48a3aa89786ba39b4d2f5015d8bd038c32a7b0eb02a4eb5a640371d9b4af540eb99a1e26547cc214da21e9538754a802972411a0bf416707b95457d0b77daac9bdf27a82b9aa7992ad1d3815f9a56a746eefa6f7e1913b6e3e859b2cc7797adcae825b7aad17c11e66597042c327a6473489a9664c5ce0ff8b1ecfb691daa0bd50c17f4597826553686bc2ee08eaca8dd6f77c626691699141a698e5b517e02130587ee503c7b5f638cbf32166b0d4ebe9222b6c9d50fb3db9d1ab060c31aabeef52cd51e5cf485eecc741e37a47c4996068f1d4b25f182b9d7bee4bec5cb070d3cea2f9762a41bb8d9ec5896ebcb2b17ca82f29bcce456412d8ed531afda50d259fcb7794216b6a9a873b6c3c4493c0c6d3e6a4f81f3b40dcc745a4e2383c678c472b1d5bf3ff02992bfe893a5bc96824039da1ee3cf8593e7d616d62f6e3c3e2c4e0cc58d5445998cf5b1c91c2468b2571b118709668efbbe72911f1bfa96b97c32f71cd7071f4c729e88631a89b53dd4bae6ef9c4ed082916e267479195599e9871b26b92c6885ded29f990070fddc4d8535088ddc70d6e83f797b6fa2260a92602eb90800000001cb7394f0c90fb5913b2f8d8d24c8f1056920e1facbe643dd49d8983b277da7282a986c28d5468aed9a4730579a20346d35f78b6bd2cacb4b9237fbfb0b7a2314105ff3b074a0e340b904e715e99c501e1435c15eaa262893c2883c90f26d2ff91792d46e4d867b62570e0c1e4739b8ac4fff8f778960de1ae40d4c85c51e1c47040bb2caeaf0c71dbb67c30715b8c14d6921831d7678522eeed29444df421ee206ca3be20d1b5fd2d2baf832f097fef590290eea77f8f3ed00b39841421b61f1c0d01def54bec0348be2216a8dad60838f3ad3595a744edeb6202dbcbd9c73a126a79cbefa43c7db0493103c2aa8fecb5cde1773ad0cdd03f5b0cfb0270642a96a9e14d116e9140501df48cdbf725611b398eb2b9e93f8da49e601099e0b2e880a95525b5f3f2edd74ae9d664a1f2e932493b61634ab53a1e2f3bf56add0a7f09c16853814b03a4212b9a0119420948da26bb171b288a66a2f0a4063754c2910512aa1cead69b94b498b5d4c44ce0a4aaa7855ee1a3b7ca738756a00a435062ccb86a40cc01f666d372f323e087ef5db2bc2d17ed1f72db14c52ca6723ce92ada6ff0c4f498d42d4218a9f799a216facb7377a1532e0755b894bfc0ee99a4072ac54ee5727846631574f348bf650e7d54b0ef3a1b5cc8233e660a2615bb7401f6c23e08ff0ddb488b9d504fc42508449b8fdd70afb387016e8c9206482c334f37d26fa3bdb6063f8147db9363e22c4b43b89ba0f68d06646fc1eb74fec0be4f59a17b274e0db67b2c0398250da219c9caf7e0f6cb1f828b6f89a67cacfd0fe0132bd94261410f8d8d7eb819bc783b8e66a1786285e1e429b71ccc22f7f4c216001375c7a816719e29abc98652b6752923132256cb5f0470223e2c685c9ebf635e316a12b35a429160d1c7688dbc3edcb1af64032177e41def01696e7100bbe102ae1b68a", 0xf26}, {&(0x7f0000002840)="d0e9f04c4439acf77fc95f5dc3b5984211aff166ee", 0x15}], 0x3}, 0x9cdc2384016f48f8) (fail_nth: 8) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, 0x0, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r2, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): T15112] ? _local_bh_enable+0xa0/0xa0 [ 785.217555][T15112] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 785.223425][T15112] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 785.229294][T15112] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 785.234928][T15112] ? security_sctp_bind_connect+0x89/0xb0 [ 785.240706][T15112] sctp_sendmsg+0x1575/0x28c0 [ 785.245436][T15112] ? sctp_getsockopt+0xb60/0xb60 [ 785.250437][T15112] ? aa_sk_perm+0x83c/0x970 [ 785.254996][T15112] ? aa_af_perm+0x330/0x330 [ 785.259547][T15112] ? aa_sock_msg_perm+0x6a/0x150 [ 785.264589][T15112] ? sock_rps_record_flow+0x19/0x3f0 [ 785.269938][T15112] ? inet_sendmsg+0x7c/0x2f0 [ 785.274606][T15112] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 785.279932][T15112] ? security_socket_sendmsg+0x80/0xa0 [ 785.285434][T15112] ? inet_send_prepare+0x260/0x260 [ 785.290629][T15112] ____sys_sendmsg+0x5ba/0x960 [ 785.295451][T15112] ? __lock_acquire+0x7d40/0x7d40 [ 785.300576][T15112] ? __asan_memset+0x22/0x40 [ 785.305208][T15112] ? __sys_sendmsg_sock+0x30/0x30 [ 785.310316][T15112] ? __import_iovec+0x5f2/0x850 [ 785.315221][T15112] ? import_iovec+0x73/0xa0 [ 785.319774][T15112] ___sys_sendmsg+0x2a6/0x360 [ 785.324500][T15112] ? __sys_sendmsg+0x2a0/0x2a0 [ 785.329341][T15112] __se_sys_sendmsg+0x1c2/0x2b0 [ 785.334243][T15112] ? __x64_sys_sendmsg+0x80/0x80 [ 785.339256][T15112] ? syscall_enter_from_user_mode+0x2e/0x80 [ 785.345185][T15112] do_syscall_64+0x55/0xa0 [ 785.349643][T15112] ? clear_bhb_loop+0x40/0x90 [ 785.354363][T15112] ? clear_bhb_loop+0x40/0x90 [ 785.359083][T15112] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 785.365022][T15112] RIP: 0033:0x7fe1f119bf79 [ 785.369467][T15112] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 785.389109][T15112] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 785.397593][T15112] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 785.405610][T15112] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000003 [ 785.413620][T15112] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 785.421628][T15112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 785.429633][T15112] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 785.437676][T15112] [ 785.717063][T15115] netlink: 'syz.0.2887': attribute type 3 has an invalid length. [ 785.757165][T15115] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2887'. [ 785.957074][T15127] netlink: 'syz.1.2897': attribute type 3 has an invalid length. [ 785.976720][T15127] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2897'. [ 786.174491][T15131] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2895'. [ 786.329482][T15135] netlink: 'syz.1.2899': attribute type 19 has an invalid length. [ 786.352506][T15135] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2899'. [ 787.128299][T15141] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.2901'. [ 789.362858][T15147] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2910'. [ 790.051207][T15156] netlink: 'syz.0.2905': attribute type 21 has an invalid length. [ 790.128050][T15156] netlink: 'syz.0.2905': attribute type 6 has an invalid length. [ 790.221518][T15156] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2905'. [ 790.481717][ T5769] Bluetooth: hci0: command 0x0406 tx timeout [ 790.701023][T15169] netlink: 'syz.0.2912': attribute type 19 has an invalid length. [ 790.724479][T15169] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2912'. [ 791.389316][T15171] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2909'. [ 792.503038][T15180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2921'. [ 793.792967][T15184] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2914'. [ 794.181417][T15192] FAULT_INJECTION: forcing a failure. [ 794.181417][T15192] name failslab, interval 1, probability 0, space 0, times 0 [ 794.248817][T15192] CPU: 0 PID: 15192 Comm: syz.3.2918 Not tainted syzkaller #0 [ 794.256376][T15192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 794.266478][T15192] Call Trace: [ 794.269814][T15192] [ 794.272794][T15192] dump_stack_lvl+0x18c/0x250 [ 794.277535][T15192] ? show_regs_print_info+0x20/0x20 [ 794.282795][T15192] ? load_image+0x400/0x400 [ 794.287360][T15192] ? __might_sleep+0xe0/0xe0 [ 794.292040][T15192] ? __lock_acquire+0x7d40/0x7d40 [ 794.297144][T15192] should_fail_ex+0x39d/0x4d0 [ 794.301884][T15192] should_failslab+0x9/0x20 [ 794.306443][T15192] slab_pre_alloc_hook+0x59/0x310 [ 794.311554][T15192] ? __xdp_reg_mem_model+0x1e4/0x5c0 [ 794.316910][T15192] __kmem_cache_alloc_node+0x53/0x250 [ 794.322340][T15192] ? __asan_memset+0x22/0x40 [ 794.326991][T15192] ? __xdp_reg_mem_model+0x1e4/0x5c0 [ 794.332341][T15192] kmalloc_trace+0x2a/0xe0 [ 794.336832][T15192] __xdp_reg_mem_model+0x1e4/0x5c0 [ 794.342001][T15192] ? kvmalloc_node+0x70/0x180 [ 794.346734][T15192] ? kvmalloc_node+0x70/0x180 [ 794.351483][T15192] ? xdp_reg_mem_model+0x40/0x40 [ 794.356484][T15192] xdp_reg_mem_model+0x22/0x40 [ 794.361302][T15192] bpf_test_run_xdp_live+0x262/0x1b20 [ 794.366726][T15192] ? verify_lock_unused+0x140/0x140 [ 794.372002][T15192] ? kasan_set_track+0x4e/0x70 [ 794.376816][T15192] ? __kasan_kmalloc+0x8f/0xa0 [ 794.381712][T15192] ? __kmalloc+0xb4/0x230 [ 794.386097][T15192] ? bpf_test_init+0x9f/0x140 [ 794.390824][T15192] ? bpf_prog_test_run+0x321/0x390 [ 794.395987][T15192] ? __sys_bpf+0x49d/0x890 [ 794.400454][T15192] ? __x64_sys_bpf+0x7c/0x90 [ 794.405102][T15192] ? do_syscall_64+0x55/0xa0 [ 794.409759][T15192] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 794.415892][T15192] ? xdp_convert_md_to_buff+0x330/0x330 [ 794.421536][T15192] ? __lock_acquire+0x7d40/0x7d40 [ 794.426623][T15192] ? __virt_addr_valid+0x18c/0x540 [ 794.431801][T15192] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 794.438092][T15192] ? _copy_from_user+0xa5/0xe0 [ 794.442912][T15192] ? bpf_test_init+0x119/0x140 [ 794.447722][T15192] ? xdp_convert_md_to_buff+0x5b/0x330 [ 794.453233][T15192] bpf_prog_test_run_xdp+0x7ca/0x10e0 [ 794.458665][T15192] ? dev_put+0x80/0x80 [ 794.462795][T15192] ? dev_put+0x80/0x80 [ 794.466899][T15192] bpf_prog_test_run+0x321/0x390 [ 794.471932][T15192] __sys_bpf+0x49d/0x890 [ 794.476224][T15192] ? bpf_link_show_fdinfo+0x390/0x390 [ 794.481664][T15192] ? lock_chain_count+0x20/0x20 [ 794.486611][T15192] __x64_sys_bpf+0x7c/0x90 [ 794.491096][T15192] do_syscall_64+0x55/0xa0 [ 794.495572][T15192] ? clear_bhb_loop+0x40/0x90 [ 794.500301][T15192] ? clear_bhb_loop+0x40/0x90 [ 794.505024][T15192] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 794.510960][T15192] RIP: 0033:0x7f6e70b9bf79 [ 794.515418][T15192] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.535087][T15192] RSP: 002b:00007f6e71b10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 794.543544][T15192] RAX: ffffffffffffffda RBX: 00007f6e70e15fa0 RCX: 00007f6e70b9bf79 [ 794.551547][T15192] RDX: 0000000000000050 RSI: 0000200000000b80 RDI: 000000000000000a [ 794.559550][T15192] RBP: 00007f6e71b10090 R08: 0000000000000000 R09: 0000000000000000 [ 794.567547][T15192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 794.575563][T15192] R13: 00007f6e70e16038 R14: 00007f6e70e15fa0 R15: 00007ffd21c82928 [ 794.583577][T15192] [ 794.908064][T15200] FAULT_INJECTION: forcing a failure. [ 794.908064][T15200] name failslab, interval 1, probability 0, space 0, times 0 [ 794.931933][T15200] CPU: 0 PID: 15200 Comm: syz.3.2922 Not tainted syzkaller #0 [ 794.939470][T15200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 794.949559][T15200] Call Trace: [ 794.952864][T15200] [ 794.955832][T15200] dump_stack_lvl+0x18c/0x250 [ 794.960573][T15200] ? show_regs_print_info+0x20/0x20 [ 794.965850][T15200] ? load_image+0x400/0x400 [ 794.970414][T15200] ? __lock_acquire+0x7d40/0x7d40 [ 794.975506][T15200] should_fail_ex+0x39d/0x4d0 [ 794.980243][T15200] should_failslab+0x9/0x20 [ 794.984790][T15200] slab_pre_alloc_hook+0x59/0x310 [ 794.989865][T15200] ? bpf_test_init+0x9f/0x140 [ 794.994586][T15200] ? bpf_test_init+0x9f/0x140 [ 794.999316][T15200] __kmem_cache_alloc_node+0x53/0x250 [ 795.004740][T15200] ? bpf_test_init+0x9f/0x140 [ 795.009469][T15200] __kmalloc+0xa4/0x230 [ 795.013691][T15200] bpf_test_init+0x9f/0x140 [ 795.018237][T15200] bpf_prog_test_run_xdp+0x4d1/0x10e0 [ 795.023686][T15200] ? dev_put+0x80/0x80 [ 795.027807][T15200] ? dev_put+0x80/0x80 [ 795.031933][T15200] bpf_prog_test_run+0x321/0x390 [ 795.036909][T15200] __sys_bpf+0x49d/0x890 [ 795.041202][T15200] ? bpf_link_show_fdinfo+0x390/0x390 [ 795.046675][T15200] ? lock_chain_count+0x20/0x20 [ 795.051586][T15200] __x64_sys_bpf+0x7c/0x90 [ 795.056064][T15200] do_syscall_64+0x55/0xa0 [ 795.060526][T15200] ? clear_bhb_loop+0x40/0x90 [ 795.065237][T15200] ? clear_bhb_loop+0x40/0x90 [ 795.069960][T15200] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 795.075893][T15200] RIP: 0033:0x7f6e70b9bf79 [ 795.080348][T15200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.100003][T15200] RSP: 002b:00007f6e71b10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 795.108461][T15200] RAX: ffffffffffffffda RBX: 00007f6e70e15fa0 RCX: 00007f6e70b9bf79 [ 795.116496][T15200] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 795.124521][T15200] RBP: 00007f6e71b10090 R08: 0000000000000000 R09: 0000000000000000 [ 795.132518][T15200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 795.140511][T15200] R13: 00007f6e70e16038 R14: 00007f6e70e15fa0 R15: 00007ffd21c82928 [ 795.148527][T15200] [ 795.413786][T15206] netlink: 'syz.3.2925': attribute type 10 has an invalid length. [ 798.426113][T15206] team0: Port device wlan1 added [ 798.583003][T15212] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2924'. [ 799.562760][T15232] netlink: 'syz.2.2934': attribute type 19 has an invalid length. [ 799.605628][T15232] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2934'. [ 800.000410][T15240] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2938'. [ 800.732157][T15248] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2941'. [ 800.779948][T15248] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2941'. [ 800.818031][T15249] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2941'. [ 800.909963][T15250] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2941'. [ 802.996042][T15261] FAULT_INJECTION: forcing a failure. [ 802.996042][T15261] name failslab, interval 1, probability 0, space 0, times 0 [ 803.045039][T15261] CPU: 1 PID: 15261 Comm: syz.1.2946 Not tainted syzkaller #0 [ 803.052569][T15261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 803.062671][T15261] Call Trace: [ 803.066026][T15261] [ 803.068998][T15261] dump_stack_lvl+0x18c/0x250 [ 803.073735][T15261] ? show_regs_print_info+0x20/0x20 [ 803.078978][T15261] ? load_image+0x400/0x400 [ 803.083530][T15261] ? __lock_acquire+0x7d40/0x7d40 [ 803.088619][T15261] should_fail_ex+0x39d/0x4d0 [ 803.093347][T15261] should_failslab+0x9/0x20 [ 803.097906][T15261] slab_pre_alloc_hook+0x59/0x310 [ 803.103047][T15261] ? bpf_test_init+0x9f/0x140 [ 803.107778][T15261] ? bpf_test_init+0x9f/0x140 [ 803.112514][T15261] __kmem_cache_alloc_node+0x53/0x250 [ 803.117931][T15261] ? bpf_test_init+0x9f/0x140 [ 803.122639][T15261] __kmalloc+0xa4/0x230 [ 803.126841][T15261] bpf_test_init+0x9f/0x140 [ 803.131409][T15261] bpf_prog_test_run_xdp+0x4d1/0x10e0 [ 803.136835][T15261] ? dev_put+0x80/0x80 [ 803.140950][T15261] ? dev_put+0x80/0x80 [ 803.145053][T15261] bpf_prog_test_run+0x321/0x390 [ 803.150037][T15261] __sys_bpf+0x49d/0x890 [ 803.154326][T15261] ? bpf_link_show_fdinfo+0x390/0x390 [ 803.159775][T15261] ? lock_chain_count+0x20/0x20 [ 803.164667][T15261] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 803.170702][T15261] __x64_sys_bpf+0x7c/0x90 [ 803.175164][T15261] do_syscall_64+0x55/0xa0 [ 803.179625][T15261] ? clear_bhb_loop+0x40/0x90 [ 803.184342][T15261] ? clear_bhb_loop+0x40/0x90 [ 803.189056][T15261] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 803.194987][T15261] RIP: 0033:0x7fe1f119bf79 [ 803.199442][T15261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 803.219104][T15261] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 803.227564][T15261] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 803.235594][T15261] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 803.243615][T15261] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 803.251626][T15261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 803.259648][T15261] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 803.267693][T15261] [ 803.292453][T15265] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2949'. [ 803.470081][T15271] netlink: 'syz.0.2951': attribute type 19 has an invalid length. [ 803.478163][T15271] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2951'. [ 803.782998][T15276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2950'. [ 804.279004][T15285] netlink: 'syz.0.2957': attribute type 10 has an invalid length. [ 806.742836][T15285] team0: Port device wlan1 added [ 806.972331][T15303] FAULT_INJECTION: forcing a failure. [ 806.972331][T15303] name failslab, interval 1, probability 0, space 0, times 0 [ 807.018988][T15303] CPU: 0 PID: 15303 Comm: syz.0.2963 Not tainted syzkaller #0 [ 807.026523][T15303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 807.036619][T15303] Call Trace: [ 807.039931][T15303] [ 807.042895][T15303] dump_stack_lvl+0x18c/0x250 [ 807.047620][T15303] ? show_regs_print_info+0x20/0x20 [ 807.052834][T15303] ? load_image+0x400/0x400 [ 807.057363][T15303] ? __might_sleep+0xe0/0xe0 [ 807.062021][T15303] ? __lock_acquire+0x7d40/0x7d40 [ 807.067077][T15303] should_fail_ex+0x39d/0x4d0 [ 807.071780][T15303] should_failslab+0x9/0x20 [ 807.076325][T15303] slab_pre_alloc_hook+0x59/0x310 [ 807.081380][T15303] ? netdevice_event+0x3cc/0x8e0 [ 807.086340][T15303] __kmem_cache_alloc_node+0x53/0x250 [ 807.091747][T15303] ? netdevice_event+0x3cc/0x8e0 [ 807.096708][T15303] kmalloc_trace+0x2a/0xe0 [ 807.101166][T15303] netdevice_event+0x3cc/0x8e0 [ 807.105961][T15303] ? __up_read+0x2b6/0x6b0 [ 807.110402][T15303] ? inet6addr_event+0xd0/0xd0 [ 807.115188][T15303] ? netdevice_event+0x8e0/0x8e0 [ 807.120141][T15303] ? add_default_gids+0xe0/0xe0 [ 807.125012][T15303] ? is_ndev_for_default_gid_filter+0x2f0/0x2f0 [ 807.131274][T15303] ? enum_all_gids_of_dev_cb+0x260/0x260 [ 807.136937][T15303] ? netdev_upper_walk+0x210/0x210 [ 807.142074][T15303] ? add_default_gids+0xe0/0xe0 [ 807.146958][T15303] notifier_call_chain+0x197/0x380 [ 807.152098][T15303] dev_set_mac_address+0x39a/0x4d0 [ 807.157232][T15303] ? dev_pre_changeaddr_notify+0x120/0x120 [ 807.163106][T15303] ? down_write+0x16e/0x200 [ 807.167658][T15303] dev_set_mac_address_user+0x31/0x50 [ 807.173053][T15303] dev_ioctl+0x7b4/0x1140 [ 807.177427][T15303] sock_do_ioctl+0x239/0x310 [ 807.182034][T15303] ? sock_show_fdinfo+0xb0/0xb0 [ 807.186916][T15303] sock_ioctl+0x5ba/0x7e0 [ 807.191273][T15303] ? sock_poll+0x3e0/0x3e0 [ 807.195719][T15303] ? bpf_lsm_file_ioctl+0x9/0x10 [ 807.200681][T15303] ? security_file_ioctl+0x80/0xa0 [ 807.205820][T15303] ? sock_poll+0x3e0/0x3e0 [ 807.210262][T15303] __se_sys_ioctl+0xfd/0x170 [ 807.214874][T15303] do_syscall_64+0x55/0xa0 [ 807.219313][T15303] ? clear_bhb_loop+0x40/0x90 [ 807.224007][T15303] ? clear_bhb_loop+0x40/0x90 [ 807.228712][T15303] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 807.234631][T15303] RIP: 0033:0x7f64f139bf79 [ 807.239063][T15303] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 807.258682][T15303] RSP: 002b:00007f64f21c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 807.267139][T15303] RAX: ffffffffffffffda RBX: 00007f64f1615fa0 RCX: 00007f64f139bf79 [ 807.275133][T15303] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000003 [ 807.283124][T15303] RBP: 00007f64f21c9090 R08: 0000000000000000 R09: 0000000000000000 [ 807.291119][T15303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 807.299107][T15303] R13: 00007f64f1616038 R14: 00007f64f1615fa0 R15: 00007fffb30f1668 [ 807.307115][T15303] [ 807.723539][T15315] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2967'. [ 807.884596][T15318] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2966'. [ 807.948208][T15317] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2968'. [ 808.841537][T15341] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2977'. [ 808.870157][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.876626][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.897013][T15341] hsr_slave_0: left promiscuous mode [ 808.943094][T15341] hsr_slave_1: left promiscuous mode [ 809.140083][T15347] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2980'. [ 809.680713][T15361] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2982'. [ 810.275184][T15372] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2991'. [ 810.829601][T15385] sit0: entered allmulticast mode [ 810.901124][T15385] netlink: 'syz.1.2998': attribute type 21 has an invalid length. [ 811.531022][T15403] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3001'. [ 811.605688][T15402] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3004'. [ 812.239507][T15412] FAULT_INJECTION: forcing a failure. [ 812.239507][T15412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 812.281915][T15412] CPU: 0 PID: 15412 Comm: syz.1.3007 Not tainted syzkaller #0 [ 812.289462][T15412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 812.299544][T15412] Call Trace: [ 812.302849][T15412] [ 812.305814][T15412] dump_stack_lvl+0x18c/0x250 [ 812.310568][T15412] ? show_regs_print_info+0x20/0x20 [ 812.315828][T15412] ? load_image+0x400/0x400 [ 812.320385][T15412] ? __might_fault+0xaa/0x120 [ 812.325093][T15412] ? __lock_acquire+0x7d40/0x7d40 [ 812.330147][T15412] ? mark_lock+0x94/0x320 [ 812.334518][T15412] should_fail_ex+0x39d/0x4d0 [ 812.339250][T15412] _copy_from_user+0x2f/0xe0 [ 812.343897][T15412] get_user_ifreq+0x6b/0x180 [ 812.348516][T15412] inet_ioctl+0x357/0x560 [ 812.352864][T15412] ? tomoyo_path_number_perm+0x217/0x620 [ 812.358514][T15412] ? inet_shutdown+0x370/0x370 [ 812.363287][T15412] ? slab_free_freelist_hook+0x130/0x1a0 [ 812.368940][T15412] ? tomoyo_path_number_perm+0x500/0x620 [ 812.374591][T15412] ? __kmem_cache_free+0xba/0x1e0 [ 812.379643][T15412] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 812.385297][T15412] ? packet_ioctl+0x10d/0x340 [ 812.389998][T15412] sock_do_ioctl+0xfc/0x310 [ 812.394523][T15412] ? sock_show_fdinfo+0xb0/0xb0 [ 812.399417][T15412] sock_ioctl+0x5ba/0x7e0 [ 812.403761][T15412] ? sock_poll+0x3e0/0x3e0 [ 812.408202][T15412] ? bpf_lsm_file_ioctl+0x9/0x10 [ 812.413154][T15412] ? security_file_ioctl+0x80/0xa0 [ 812.418324][T15412] ? sock_poll+0x3e0/0x3e0 [ 812.422754][T15412] __se_sys_ioctl+0xfd/0x170 [ 812.427379][T15412] do_syscall_64+0x55/0xa0 [ 812.431828][T15412] ? clear_bhb_loop+0x40/0x90 [ 812.436523][T15412] ? clear_bhb_loop+0x40/0x90 [ 812.441219][T15412] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 812.447121][T15412] RIP: 0033:0x7fe1f119bf79 [ 812.451543][T15412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 812.471156][T15412] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 812.479588][T15412] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 812.487573][T15412] RDX: 00002000000007c0 RSI: 0000000000008919 RDI: 0000000000000003 [ 812.495573][T15412] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 812.503564][T15412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 812.511547][T15412] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 812.519541][T15412] [ 813.169901][T15424] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.3013'. [ 813.208782][T15424] netlink: zone id is out of range [ 813.268182][T15424] netlink: del zone limit has 8 unknown bytes [ 813.778220][T15437] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3014'. [ 814.283101][T15443] netlink: 'syz.0.3020': attribute type 19 has an invalid length. [ 814.346405][T15443] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3020'. [ 815.231607][T15461] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.3026'. [ 815.429862][T15461] netlink: zone id is out of range [ 815.614322][T15461] netlink: del zone limit has 8 unknown bytes [ 815.992964][T15471] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3029'. [ 816.059128][T13331] Bluetooth: hci2: command 0x0406 tx timeout [ 816.650197][T15486] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3037'. [ 816.675555][T15486] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3037'. [ 816.729135][T15484] netlink: 'syz.0.3036': attribute type 19 has an invalid length. [ 816.790689][T15484] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3036'. [ 817.029359][T15494] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.3038'. [ 817.732542][T15498] sit0: entered allmulticast mode [ 817.967997][T15506] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3041'. [ 818.126173][T15498] netlink: 'syz.3.3040': attribute type 21 has an invalid length. [ 818.854425][T15524] netlink: 'syz.3.3050': attribute type 19 has an invalid length. [ 818.898466][T15524] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3050'. [ 821.991361][T15555] netlink: 'syz.3.3062': attribute type 19 has an invalid length. [ 822.036024][T15555] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3062'. [ 822.209518][T15554] sit0: entered allmulticast mode [ 822.340785][T15561] FAULT_INJECTION: forcing a failure. [ 822.340785][T15561] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 822.359016][T15558] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3057'. [ 822.369796][T15554] netlink: 'syz.2.3061': attribute type 21 has an invalid length. [ 822.389042][T15561] CPU: 1 PID: 15561 Comm: syz.1.3063 Not tainted syzkaller #0 [ 822.396550][T15561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 822.406675][T15561] Call Trace: [ 822.409991][T15561] [ 822.412958][T15561] dump_stack_lvl+0x18c/0x250 [ 822.417682][T15561] ? show_regs_print_info+0x20/0x20 [ 822.422926][T15561] ? load_image+0x400/0x400 [ 822.427468][T15561] ? __might_fault+0xaa/0x120 [ 822.432178][T15561] ? __lock_acquire+0x7d40/0x7d40 [ 822.437240][T15561] should_fail_ex+0x39d/0x4d0 [ 822.441960][T15561] _copy_from_user+0x2f/0xe0 [ 822.446599][T15561] __sys_bpf+0x23e/0x890 [ 822.450909][T15561] ? bpf_link_show_fdinfo+0x390/0x390 [ 822.456318][T15561] ? lock_chain_count+0x20/0x20 [ 822.461199][T15561] __x64_sys_bpf+0x7c/0x90 [ 822.465630][T15561] do_syscall_64+0x55/0xa0 [ 822.470084][T15561] ? clear_bhb_loop+0x40/0x90 [ 822.474787][T15561] ? clear_bhb_loop+0x40/0x90 [ 822.479494][T15561] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 822.485405][T15561] RIP: 0033:0x7fe1f119bf79 [ 822.489848][T15561] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 822.509490][T15561] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 822.517923][T15561] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 822.525910][T15561] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a [ 822.533900][T15561] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 822.541908][T15561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 822.549893][T15561] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 822.557898][T15561] [ 826.072940][T15584] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3069'. [ 826.410294][T15595] netlink: 'syz.1.3075': attribute type 19 has an invalid length. [ 826.449278][T15595] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3075'. [ 828.221050][T15600] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3074'. [ 828.856375][T15623] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3089'. [ 831.384676][T15645] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.3092'. [ 831.556121][T15647] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3094'. [ 833.278464][T15676] netlink: 'syz.2.3106': attribute type 10 has an invalid length. [ 833.842146][T15688] netlink: 202920 bytes leftover after parsing attributes in process `syz.2.3109'. [ 834.178542][T15682] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3107'. [ 834.730060][T15695] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3113'. [ 834.818496][T15697] netlink: 'syz.2.3113': attribute type 29 has an invalid length. [ 835.098442][T15695] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 835.225739][T15695] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 835.290467][T15695] bond0 (unregistering): Released all slaves [ 836.539077][T13331] Bluetooth: hci1: command 0x0406 tx timeout [ 838.128789][T15697] netlink: 'syz.2.3113': attribute type 29 has an invalid length. [ 838.365973][T15716] netlink: 'syz.0.3119': attribute type 10 has an invalid length. [ 838.374271][T15716] netlink: 55 bytes leftover after parsing attributes in process `syz.0.3119'. [ 840.192030][T15719] netdevsim netdevsim0 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 840.268960][T15727] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3122'. [ 840.383558][T15733] netlink: 202920 bytes leftover after parsing attributes in process `syz.3.3124'. [ 841.638261][T15751] netlink: 'syz.3.3132': attribute type 19 has an invalid length. [ 841.702881][T15751] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3132'. [ 844.022044][T15764] netlink: 'syz.2.3137': attribute type 10 has an invalid length. [ 844.048418][T15764] netlink: 55 bytes leftover after parsing attributes in process `syz.2.3137'. [ 844.871762][T15761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3136'. [ 844.936010][T15767] netdevsim netdevsim2 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 845.253830][T15781] netlink: 202920 bytes leftover after parsing attributes in process `syz.0.3139'. [ 845.375912][T15783] netlink: 'syz.2.3144': attribute type 19 has an invalid length. [ 845.430218][T15783] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3144'. [ 846.933251][T15793] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3147'. [ 848.925886][T15809] netlink: 'syz.3.3151': attribute type 10 has an invalid length. [ 848.954297][T15809] netlink: 55 bytes leftover after parsing attributes in process `syz.3.3151'. [ 850.458808][T15811] netdevsim netdevsim3 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 851.063215][T15836] delete_channel: no stack [ 852.991410][T15876] delete_channel: no stack [ 856.679397][T15907] delete_channel: no stack [ 860.581981][T15941] delete_channel: no stack [ 863.986804][T15965] FAULT_INJECTION: forcing a failure. [ 863.986804][T15965] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 864.011133][T15965] CPU: 0 PID: 15965 Comm: syz.1.3228 Not tainted syzkaller #0 [ 864.018734][T15965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 864.028831][T15965] Call Trace: [ 864.032150][T15965] [ 864.035113][T15965] dump_stack_lvl+0x18c/0x250 [ 864.039836][T15965] ? show_regs_print_info+0x20/0x20 [ 864.045074][T15965] ? load_image+0x400/0x400 [ 864.049620][T15965] ? __lock_acquire+0x7d40/0x7d40 [ 864.054697][T15965] should_fail_ex+0x39d/0x4d0 [ 864.059420][T15965] _copy_from_user+0x2f/0xe0 [ 864.064063][T15965] __copy_msghdr+0x3bb/0x580 [ 864.068709][T15965] ___sys_sendmsg+0x214/0x360 [ 864.073428][T15965] ? __sys_sendmsg+0x2a0/0x2a0 [ 864.078246][T15965] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 864.084540][T15965] __se_sys_sendmsg+0x1c2/0x2b0 [ 864.089424][T15965] ? __x64_sys_sendmsg+0x80/0x80 [ 864.094406][T15965] ? lockdep_hardirqs_on+0x98/0x150 [ 864.099639][T15965] do_syscall_64+0x55/0xa0 [ 864.104093][T15965] ? clear_bhb_loop+0x40/0x90 [ 864.108806][T15965] ? clear_bhb_loop+0x40/0x90 [ 864.113525][T15965] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 864.119452][T15965] RIP: 0033:0x7fe1f119bf79 [ 864.123913][T15965] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.143553][T15965] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 864.152007][T15965] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 864.160011][T15965] RDX: 0000000000000000 RSI: 0000200000001780 RDI: 0000000000000006 [ 864.168021][T15965] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 864.176029][T15965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 864.184037][T15965] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 864.192050][T15965] [ 864.456453][T15981] netlink: 'syz.1.3223': attribute type 10 has an invalid length. [ 864.642710][T15981] team0: Port device syz_tun added [ 865.412129][T15999] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3230'. [ 865.434067][T15999] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3230'. [ 865.444360][T15996] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3230'. [ 865.469736][T15999] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3230'. [ 865.492644][T15996] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3230'. [ 865.513569][T16004] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3230'. [ 870.303017][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.311129][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 873.642935][T16078] netlink: 'syz.3.3264': attribute type 4 has an invalid length. [ 873.652447][T16078] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3264'. [ 873.721809][T16078] bond_slave_1: entered promiscuous mode [ 873.727675][T16078] bond_slave_1: entered allmulticast mode [ 877.352945][T16109] netlink: 'syz.0.3278': attribute type 4 has an invalid length. [ 877.375915][T16115] netlink: 'syz.3.3280': attribute type 4 has an invalid length. [ 877.385953][T16109] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3278'. [ 877.402863][T16115] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3280'. [ 877.464317][T16115] .`: renamed from bond0 (while UP) [ 878.096989][T16109] bond_slave_1: entered promiscuous mode [ 878.107308][T16109] bond_slave_1: entered allmulticast mode [ 878.418543][T16127] netlink: 'syz.3.3285': attribute type 29 has an invalid length. [ 878.432839][T16127] netlink: 'syz.3.3285': attribute type 29 has an invalid length. [ 882.178668][T16153] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 882.186718][T16153] IPv6: NLM_F_CREATE should be set when creating new route [ 882.194320][T16153] IPv6: NLM_F_CREATE should be set when creating new route [ 882.201824][T16153] IPv6: NLM_F_CREATE should be set when creating new route [ 882.218561][T16158] netlink: 'syz.1.3294': attribute type 4 has an invalid length. [ 882.243818][T16158] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3294'. [ 882.396775][T16154] bond_slave_1: entered promiscuous mode [ 882.409154][T16154] bond_slave_1: entered allmulticast mode [ 882.593688][T16164] netlink: 'syz.0.3299': attribute type 29 has an invalid length. [ 882.619294][T16164] netlink: 'syz.0.3299': attribute type 29 has an invalid length. [ 882.739218][T16175] netlink: 196 bytes leftover after parsing attributes in process `syz.3.3303'. [ 883.723195][T16195] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 883.730748][T16195] IPv6: NLM_F_CREATE should be set when creating new route [ 883.738231][T16195] IPv6: NLM_F_CREATE should be set when creating new route [ 883.745665][T16195] IPv6: NLM_F_CREATE should be set when creating new route [ 886.577249][T16210] netlink: 'syz.2.3313': attribute type 4 has an invalid length. [ 886.588754][T16210] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.3313'. [ 886.720554][T16210] bond_slave_1: entered promiscuous mode [ 886.726660][T16210] bond_slave_1: entered allmulticast mode [ 886.817765][T16217] netlink: 'syz.1.3314': attribute type 29 has an invalid length. [ 886.830005][T16217] netlink: 'syz.1.3314': attribute type 29 has an invalid length. [ 887.706538][T16237] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3320'. [ 891.352695][T16249] veth0_macvtap: left promiscuous mode [ 891.411709][T16249] macvtap0: entered allmulticast mode [ 899.431459][T16329] netlink: 'syz.2.3360': attribute type 19 has an invalid length. [ 899.444119][T16329] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3360'. [ 899.747791][T16332] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3361'. [ 899.917351][T16339] netlink: 'syz.1.3364': attribute type 19 has an invalid length. [ 899.926403][T16339] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3364'. [ 900.243230][T16343] FAULT_INJECTION: forcing a failure. [ 900.243230][T16343] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 900.275519][T16343] CPU: 1 PID: 16343 Comm: syz.2.3366 Not tainted syzkaller #0 [ 900.283047][T16343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 900.293132][T16343] Call Trace: [ 900.296449][T16343] [ 900.299422][T16343] dump_stack_lvl+0x18c/0x250 [ 900.304164][T16343] ? show_regs_print_info+0x20/0x20 [ 900.309410][T16343] ? load_image+0x400/0x400 [ 900.313989][T16343] ? __might_fault+0xaa/0x120 [ 900.318726][T16343] ? __lock_acquire+0x7d40/0x7d40 [ 900.323799][T16343] should_fail_ex+0x39d/0x4d0 [ 900.328525][T16343] _copy_from_iter+0x1d9/0x12e0 [ 900.333414][T16343] ? slab_post_alloc_hook+0x8a/0x4b0 [ 900.338766][T16343] ? __virt_addr_valid+0x18c/0x540 [ 900.343919][T16343] ? __lock_acquire+0x7d40/0x7d40 [ 900.348994][T16343] ? rcu_is_watching+0x15/0xb0 [ 900.353819][T16343] ? copyout_mc+0x70/0x70 [ 900.358204][T16343] ? __virt_addr_valid+0x18c/0x540 [ 900.363368][T16343] ? __virt_addr_valid+0x18c/0x540 [ 900.368539][T16343] ? __virt_addr_valid+0x469/0x540 [ 900.373705][T16343] ? __check_object_size+0x506/0xa20 [ 900.379048][T16343] netlink_sendmsg+0x76b/0xbf0 [ 900.383870][T16343] ? netlink_getsockopt+0x590/0x590 [ 900.389119][T16343] ? aa_sock_msg_perm+0x94/0x150 [ 900.394114][T16343] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 900.399436][T16343] ? security_socket_sendmsg+0x80/0xa0 [ 900.404932][T16343] ? netlink_getsockopt+0x590/0x590 [ 900.410189][T16343] ____sys_sendmsg+0x5ba/0x960 [ 900.415000][T16343] ? __asan_memset+0x22/0x40 [ 900.419632][T16343] ? __sys_sendmsg_sock+0x30/0x30 [ 900.424693][T16343] ? __import_iovec+0x5f2/0x850 [ 900.429605][T16343] ? import_iovec+0x73/0xa0 [ 900.434153][T16343] ___sys_sendmsg+0x2a6/0x360 [ 900.438863][T16343] ? get_pid_task+0x20/0x1e0 [ 900.443518][T16343] ? __sys_sendmsg+0x2a0/0x2a0 [ 900.448337][T16343] ? __lock_acquire+0x7d40/0x7d40 [ 900.453437][T16343] __se_sys_sendmsg+0x1c2/0x2b0 [ 900.458329][T16343] ? __x64_sys_sendmsg+0x80/0x80 [ 900.463347][T16343] ? lockdep_hardirqs_on+0x98/0x150 [ 900.468608][T16343] do_syscall_64+0x55/0xa0 [ 900.473100][T16343] ? clear_bhb_loop+0x40/0x90 [ 900.477817][T16343] ? clear_bhb_loop+0x40/0x90 [ 900.482531][T16343] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 900.488463][T16343] RIP: 0033:0x7f9bbb39bf79 [ 900.492914][T16343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 900.512561][T16343] RSP: 002b:00007f9bbc1c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 900.521102][T16343] RAX: ffffffffffffffda RBX: 00007f9bbb615fa0 RCX: 00007f9bbb39bf79 [ 900.529134][T16343] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000000000000004 [ 900.537141][T16343] RBP: 00007f9bbc1c7090 R08: 0000000000000000 R09: 0000000000000000 [ 900.545167][T16343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 900.553204][T16343] R13: 00007f9bbb616038 R14: 00007f9bbb615fa0 R15: 00007ffe1a83ee08 [ 900.561233][T16343] [ 903.911302][T16379] netlink: 'syz.3.3381': attribute type 19 has an invalid length. [ 903.932144][T16379] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3381'. [ 906.951021][T16394] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3387'. [ 906.964327][T16394] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3387'. [ 906.974442][T16394] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3387'. [ 907.667650][T16414] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3392'. [ 907.688618][T16409] netlink: 'syz.2.3393': attribute type 10 has an invalid length. [ 907.717151][T16413] netlink: 'syz.0.3394': attribute type 19 has an invalid length. [ 907.727966][T16413] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3394'. [ 907.771581][T16409] netlink: 'syz.2.3393': attribute type 21 has an invalid length. [ 907.790187][T16409] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3393'. [ 911.129672][T16436] netlink: 'syz.0.3406': attribute type 19 has an invalid length. [ 911.140744][T16436] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3406'. [ 911.831896][T16450] netlink: 'syz.1.3409': attribute type 10 has an invalid length. [ 912.209233][T16450] bond0: (slave bond_slave_0): Releasing backup interface [ 914.898671][T16456] netlink: 'syz.1.3409': attribute type 21 has an invalid length. [ 914.919315][T16456] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3409'. [ 915.079556][T16465] netlink: 'syz.2.3416': attribute type 19 has an invalid length. [ 915.087548][T16465] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3416'. [ 915.480403][T16478] delete_channel: no stack [ 915.629248][T16487] netlink: 'syz.3.3424': attribute type 10 has an invalid length. [ 915.763069][T16487] .`: (slave bond_slave_0): Releasing backup interface [ 915.827907][T16483] netlink: 'syz.3.3424': attribute type 21 has an invalid length. [ 915.847870][T16483] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3424'. [ 915.925407][T16495] netlink: 'syz.0.3427': attribute type 19 has an invalid length. [ 915.934818][T16487] syz.3.3424 (16487) used greatest stack depth: 19496 bytes left [ 915.946394][T16495] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3427'. [ 919.522359][T16519] delete_channel: no stack [ 919.703470][T16527] netlink: 'syz.3.3440': attribute type 19 has an invalid length. [ 919.721120][T16527] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3440'. [ 922.756514][T16546] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3445'. [ 923.071518][T16556] netlink: 'syz.0.3452': attribute type 19 has an invalid length. [ 923.109366][T16556] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3452'. [ 923.461073][T16575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3457'. [ 923.935574][T16591] netlink: 'syz.3.3465': attribute type 19 has an invalid length. [ 923.955930][T16591] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3465'. [ 924.040523][T16592] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3464'. [ 924.055158][T16592] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3464'. [ 924.077925][T16592] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3464'. [ 927.117907][T16611] netlink: 'syz.1.3473': attribute type 10 has an invalid length. [ 927.136279][T16611] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3473'. [ 927.154018][T16611] team0: entered promiscuous mode [ 927.169143][T16611] team_slave_0: entered promiscuous mode [ 927.175205][T16611] team_slave_1: entered promiscuous mode [ 927.186047][T16611] syz_tun: entered promiscuous mode [ 927.204700][T16611] team0: entered allmulticast mode [ 927.225001][T16611] team_slave_0: entered allmulticast mode [ 927.240973][T16611] team_slave_1: entered allmulticast mode [ 927.249134][T16611] syz_tun: entered allmulticast mode [ 927.270707][T16611] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 927.378454][T16619] team0: entered promiscuous mode [ 927.383638][T16619] team_slave_0: entered promiscuous mode [ 927.390011][T16619] team_slave_1: entered promiscuous mode [ 927.395959][T16619] mac80211_hwsim hwsim15 wlan1: entered promiscuous mode [ 927.404465][T16619] team0: entered allmulticast mode [ 927.413093][T16619] team_slave_0: entered allmulticast mode [ 927.419148][T16619] team_slave_1: entered allmulticast mode [ 927.424965][T16619] mac80211_hwsim hwsim15 wlan1: entered allmulticast mode [ 927.578201][T16624] netlink: 'syz.1.3478': attribute type 19 has an invalid length. [ 927.593027][T16624] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3478'. [ 927.644568][T16626] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3480'. [ 930.806208][T16644] netlink: 'syz.0.3487': attribute type 10 has an invalid length. [ 930.830455][T16644] __nla_validate_parse: 2 callbacks suppressed [ 930.830472][T16644] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3487'. [ 930.878173][T16644] FAULT_INJECTION: forcing a failure. [ 930.878173][T16644] name failslab, interval 1, probability 0, space 0, times 0 [ 930.908442][T16644] CPU: 0 PID: 16644 Comm: syz.0.3487 Not tainted syzkaller #0 [ 930.916046][T16644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 930.926154][T16644] Call Trace: [ 930.929464][T16644] [ 930.932408][T16644] dump_stack_lvl+0x18c/0x250 [ 930.937127][T16644] ? show_regs_print_info+0x20/0x20 [ 930.942340][T16644] ? load_image+0x400/0x400 [ 930.946927][T16644] ? __might_sleep+0xe0/0xe0 [ 930.951571][T16644] ? __lock_acquire+0x7d40/0x7d40 [ 930.956641][T16644] should_fail_ex+0x39d/0x4d0 [ 930.961369][T16644] should_failslab+0x9/0x20 [ 930.965900][T16644] slab_pre_alloc_hook+0x59/0x310 [ 930.970987][T16644] kmem_cache_alloc_node+0x60/0x320 [ 930.976245][T16644] ? __alloc_skb+0x103/0x2c0 [ 930.980888][T16644] __alloc_skb+0x103/0x2c0 [ 930.985331][T16644] rtmsg_ifinfo_build_skb+0x8c/0x260 [ 930.990649][T16644] rtmsg_ifinfo+0x8c/0x1a0 [ 930.995094][T16644] netdev_state_change+0xfe/0x170 [ 931.000136][T16644] ? netdev_features_change+0xd0/0xd0 [ 931.005534][T16644] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 931.011471][T16644] ? mutex_is_locked+0x12/0x40 [ 931.016266][T16644] ? __dev_get_by_index+0x7a/0x110 [ 931.021414][T16644] do_setlink+0x84a/0x4130 [ 931.025855][T16644] ? load_image+0x400/0x400 [ 931.030405][T16644] ? nlmsg_parse_deprecated_strict+0x110/0x110 [ 931.036615][T16644] ? rcu_is_watching+0x15/0xb0 [ 931.041442][T16644] ? do_trace_netlink_extack+0x7e/0x1a0 [ 931.047050][T16644] ? __nla_validate_parse+0x262c/0x2ea0 [ 931.052673][T16644] ? __nla_validate+0x50/0x50 [ 931.057378][T16644] ? mark_lock+0x94/0x320 [ 931.061729][T16644] ? __lock_acquire+0x1347/0x7d40 [ 931.066817][T16644] ? validate_linkmsg+0x719/0x910 [ 931.071883][T16644] rtnl_setlink+0x3d9/0x4e0 [ 931.076434][T16644] ? rtnl_dump_ifinfo+0x13c0/0x13c0 [ 931.081671][T16644] ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0 [ 931.088397][T16644] ? mutex_lock_nested+0x20/0x20 [ 931.093367][T16644] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 931.098499][T16644] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 931.103628][T16644] ? rtnl_dump_ifinfo+0x13c0/0x13c0 [ 931.108865][T16644] rtnetlink_rcv_msg+0x869/0xfa0 [ 931.113900][T16644] ? rtnetlink_bind+0x80/0x80 [ 931.118693][T16644] ? perf_trace_preemptirq_template+0x269/0x330 [ 931.124985][T16644] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 931.131021][T16644] ? lock_chain_count+0x20/0x20 [ 931.135951][T16644] ? __local_bh_enable_ip+0x13a/0x1c0 [ 931.141356][T16644] ? lockdep_hardirqs_on+0x98/0x150 [ 931.146595][T16644] ? __local_bh_enable_ip+0x13a/0x1c0 [ 931.152021][T16644] ? _local_bh_enable+0xa0/0xa0 [ 931.156909][T16644] ? __dev_queue_xmit+0x26b/0x36b0 [ 931.162035][T16644] ? __dev_queue_xmit+0x26b/0x36b0 [ 931.167160][T16644] ? __dev_queue_xmit+0x124f/0x36b0 [ 931.172374][T16644] ? __dev_queue_xmit+0x26b/0x36b0 [ 931.177555][T16644] ? ref_tracker_free+0x690/0x840 [ 931.182605][T16644] netlink_rcv_skb+0x241/0x4d0 [ 931.187391][T16644] ? rtnetlink_bind+0x80/0x80 [ 931.192104][T16644] ? netlink_ack+0x1180/0x1180 [ 931.196962][T16644] ? __lock_acquire+0x7d40/0x7d40 [ 931.202056][T16644] ? netlink_deliver_tap+0x2e/0x1b0 [ 931.207310][T16644] netlink_unicast+0x751/0x8d0 [ 931.212139][T16644] netlink_sendmsg+0x8d0/0xbf0 [ 931.216976][T16644] ? netlink_getsockopt+0x590/0x590 [ 931.222241][T16644] ? aa_sock_msg_perm+0x94/0x150 [ 931.227205][T16644] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 931.232512][T16644] ? security_socket_sendmsg+0x80/0xa0 [ 931.237985][T16644] ? netlink_getsockopt+0x590/0x590 [ 931.243216][T16644] ____sys_sendmsg+0x5ba/0x960 [ 931.248002][T16644] ? __asan_memset+0x22/0x40 [ 931.252604][T16644] ? __sys_sendmsg_sock+0x30/0x30 [ 931.257635][T16644] ? __import_iovec+0x5f2/0x850 [ 931.262577][T16644] ? import_iovec+0x73/0xa0 [ 931.267147][T16644] ___sys_sendmsg+0x2a6/0x360 [ 931.271874][T16644] ? __sys_sendmsg+0x2a0/0x2a0 [ 931.276710][T16644] ? trace_call_bpf+0xc3/0x6c0 [ 931.281563][T16644] __se_sys_sendmsg+0x1c2/0x2b0 [ 931.286473][T16644] ? __x64_sys_sendmsg+0x80/0x80 [ 931.291475][T16644] ? lockdep_hardirqs_on+0x98/0x150 [ 931.296693][T16644] do_syscall_64+0x55/0xa0 [ 931.301153][T16644] ? clear_bhb_loop+0x40/0x90 [ 931.305866][T16644] ? clear_bhb_loop+0x40/0x90 [ 931.310590][T16644] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 931.316534][T16644] RIP: 0033:0x7f64f139bf79 [ 931.321002][T16644] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 931.340658][T16644] RSP: 002b:00007f64f21c9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 931.349107][T16644] RAX: ffffffffffffffda RBX: 00007f64f1615fa0 RCX: 00007f64f139bf79 [ 931.357089][T16644] RDX: 0000000000004014 RSI: 00002000000000c0 RDI: 000000000000000b [ 931.365088][T16644] RBP: 00007f64f21c9090 R08: 0000000000000000 R09: 0000000000000000 [ 931.373114][T16644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 931.381108][T16644] R13: 00007f64f1616038 R14: 00007f64f1615fa0 R15: 00007fffb30f1668 [ 931.389117][T16644] [ 931.414910][T16644] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 931.635866][T16660] netlink: 'syz.3.3494': attribute type 19 has an invalid length. [ 931.647283][T16660] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3494'. [ 931.756141][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.764452][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.948675][T16669] netlink: 'syz.1.3498': attribute type 21 has an invalid length. [ 931.966654][T16672] team0: entered promiscuous mode [ 931.975648][T16672] team_slave_0: entered promiscuous mode [ 931.990231][T16672] team_slave_1: entered promiscuous mode [ 931.996392][T16672] mac80211_hwsim hwsim19 wlan1: entered promiscuous mode [ 932.007647][T16672] team0: entered allmulticast mode [ 932.014402][T16672] team_slave_0: entered allmulticast mode [ 932.024559][T16672] team_slave_1: entered allmulticast mode [ 932.032514][T16672] mac80211_hwsim hwsim19 wlan1: entered allmulticast mode [ 932.044198][T16669] netlink: 'syz.1.3498': attribute type 10 has an invalid length. [ 932.063961][T16669] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3498'. [ 932.095966][T16669] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 935.005426][T16687] netlink: 'syz.1.3505': attribute type 19 has an invalid length. [ 935.015216][T16687] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3505'. [ 935.130530][T16693] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3508'. [ 935.141541][T16693] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 935.154040][T16693] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 935.178298][T16695] team0: entered promiscuous mode [ 935.189044][T16695] team_slave_0: entered promiscuous mode [ 935.207041][T16695] team_slave_1: entered promiscuous mode [ 935.217195][T16695] team0: entered allmulticast mode [ 935.228175][T16695] team_slave_0: entered allmulticast mode [ 935.234561][T16695] team_slave_1: entered allmulticast mode [ 935.738127][T16711] netlink: 'syz.0.3514': attribute type 21 has an invalid length. [ 935.751191][T16711] netlink: 'syz.0.3514': attribute type 10 has an invalid length. [ 935.767135][T16711] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3514'. [ 935.782381][T16711] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 936.044067][T16719] netlink: 'syz.3.3517': attribute type 19 has an invalid length. [ 936.078509][T16719] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3517'. [ 936.864639][T16727] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3520'. [ 938.912194][T16735] netlink: 'syz.0.3531': attribute type 19 has an invalid length. [ 938.931187][T16735] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3531'. [ 940.242463][T16759] IPv6: NLM_F_CREATE should be specified when creating new route [ 940.279261][T16759] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3534'. [ 940.898456][T16766] netlink: 'syz.2.3536': attribute type 21 has an invalid length. [ 943.582056][T16791] netlink: 'syz.3.3546': attribute type 21 has an invalid length. [ 943.872746][T16799] netlink: 'syz.1.3550': attribute type 19 has an invalid length. [ 943.887643][T16799] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3550'. [ 943.899643][T16793] mac80211_hwsim hwsim19 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 944.069433][T16800] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3548'. [ 946.059637][ T42] wlan1: Trigger new scan to find an IBSS to join [ 946.858523][T16805] netlink: 'syz.0.3559': attribute type 19 has an invalid length. [ 946.902941][T16805] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3559'. [ 948.242832][T16829] netlink: 153820 bytes leftover after parsing attributes in process `syz.0.3560'. [ 948.330879][T16834] sit0: entered promiscuous mode [ 948.352810][T16834] sit0: entered allmulticast mode [ 948.608528][T16836] netlink: 'syz.2.3564': attribute type 19 has an invalid length. [ 948.632034][T16836] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3564'. [ 949.030732][ T3471] wlan1: Trigger new scan to find an IBSS to join [ 950.050336][T16846] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 951.164324][T13780] wlan1: Creating new IBSS network, BSSID 2a:19:7f:b4:c8:95 [ 951.686831][T16862] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3569'. [ 951.725825][T16865] FAULT_INJECTION: forcing a failure. [ 951.725825][T16865] name failslab, interval 1, probability 0, space 0, times 0 [ 951.739394][T16865] CPU: 1 PID: 16865 Comm: syz.3.3573 Not tainted syzkaller #0 [ 951.746911][T16865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 951.757042][T16865] Call Trace: [ 951.760351][T16865] [ 951.763327][T16865] dump_stack_lvl+0x18c/0x250 [ 951.768056][T16865] ? show_regs_print_info+0x20/0x20 [ 951.773293][T16865] ? load_image+0x400/0x400 [ 951.777831][T16865] ? __might_sleep+0xe0/0xe0 [ 951.782545][T16865] ? __lock_acquire+0x7d40/0x7d40 [ 951.787601][T16865] should_fail_ex+0x39d/0x4d0 [ 951.792307][T16865] should_failslab+0x9/0x20 [ 951.796829][T16865] slab_pre_alloc_hook+0x59/0x310 [ 951.801893][T16865] ? percpu_ref_put+0x12/0x100 [ 951.806679][T16865] ? apparmor_sk_alloc_security+0x77/0x100 [ 951.812524][T16865] __kmem_cache_alloc_node+0x53/0x250 [ 951.817921][T16865] ? apparmor_sk_alloc_security+0x77/0x100 [ 951.823758][T16865] kmalloc_trace+0x2a/0xe0 [ 951.828210][T16865] apparmor_sk_alloc_security+0x77/0x100 [ 951.833875][T16865] security_sk_alloc+0x6e/0xa0 [ 951.838667][T16865] sk_prot_alloc+0x101/0x210 [ 951.843296][T16865] sk_alloc+0x3a/0x360 [ 951.847400][T16865] inet_create+0x7a0/0xfe0 [ 951.851837][T16865] ? inet_create+0x9c/0xfe0 [ 951.856369][T16865] __sock_create+0x4a6/0x940 [ 951.860989][T16865] mptcp_subflow_create_socket+0x10b/0xac0 [ 951.866825][T16865] ? perf_trace_run_bpf_submit+0x125/0x1c0 [ 951.872678][T16865] ? __mptcp_subflow_connect+0x1450/0x1450 [ 951.878534][T16865] ? mark_lock+0x94/0x320 [ 951.882891][T16865] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 951.888916][T16865] __mptcp_nmpc_sk+0x157/0x740 [ 951.893729][T16865] ? __bpf_trace_subflow_check_data_avail+0x160/0x160 [ 951.900521][T16865] ? __local_bh_enable_ip+0x13a/0x1c0 [ 951.905915][T16865] ? lockdep_hardirqs_on+0x98/0x150 [ 951.911147][T16865] ? __local_bh_enable_ip+0x13a/0x1c0 [ 951.916543][T16865] mptcp_sendmsg_fastopen+0x7f/0x4d0 [ 951.921853][T16865] mptcp_sendmsg+0x14b2/0x16d0 [ 951.926643][T16865] ? aa_sk_perm+0x83c/0x970 [ 951.931186][T16865] ? aa_af_perm+0x330/0x330 [ 951.935715][T16865] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 951.942151][T16865] ? mptcp_shutdown+0x80/0x80 [ 951.946859][T16865] ? sock_rps_record_flow+0x19/0x3f0 [ 951.952172][T16865] ? inet_sendmsg+0xe9/0x2f0 [ 951.956781][T16865] ? inet_send_prepare+0x260/0x260 [ 951.961913][T16865] ____sys_sendmsg+0x5ba/0x960 [ 951.966711][T16865] ? __asan_memset+0x22/0x40 [ 951.971344][T16865] ? __sys_sendmsg_sock+0x30/0x30 [ 951.976380][T16865] ? __import_iovec+0x3fa/0x850 [ 951.981271][T16865] ? import_iovec+0x73/0xa0 [ 951.985807][T16865] ___sys_sendmsg+0x2a6/0x360 [ 951.990510][T16865] ? __sys_sendmsg+0x2a0/0x2a0 [ 951.995328][T16865] __se_sys_sendmsg+0x1c2/0x2b0 [ 952.000201][T16865] ? __x64_sys_sendmsg+0x80/0x80 [ 952.005184][T16865] ? syscall_enter_from_user_mode+0x2e/0x80 [ 952.011095][T16865] do_syscall_64+0x55/0xa0 [ 952.015537][T16865] ? clear_bhb_loop+0x40/0x90 [ 952.020267][T16865] ? clear_bhb_loop+0x40/0x90 [ 952.024966][T16865] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 952.030884][T16865] RIP: 0033:0x7f6e70b9bf79 [ 952.035331][T16865] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 952.054952][T16865] RSP: 002b:00007f6e71b10028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 952.063383][T16865] RAX: ffffffffffffffda RBX: 00007f6e70e15fa0 RCX: 00007f6e70b9bf79 [ 952.071367][T16865] RDX: 0000000034004000 RSI: 0000200000000240 RDI: 0000000000000004 [ 952.079350][T16865] RBP: 00007f6e71b10090 R08: 0000000000000000 R09: 0000000000000000 [ 952.087340][T16865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 952.095337][T16865] R13: 00007f6e70e16038 R14: 00007f6e70e15fa0 R15: 00007ffd21c82928 [ 952.103350][T16865] [ 952.159975][ T6632] wlan1: Trigger new scan to find an IBSS to join [ 952.293378][T16874] netlink: 'syz.1.3577': attribute type 19 has an invalid length. [ 952.324608][T16874] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3577'. [ 955.355966][T16885] netlink: 'syz.0.3590': attribute type 19 has an invalid length. [ 955.378262][T16885] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3590'. [ 955.612157][T16887] mac80211_hwsim hwsim17 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 955.736009][T16898] FAULT_INJECTION: forcing a failure. [ 955.736009][T16898] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 955.779670][T16898] CPU: 1 PID: 16898 Comm: syz.2.3586 Not tainted syzkaller #0 [ 955.787280][T16898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 955.797360][T16898] Call Trace: [ 955.800666][T16898] [ 955.803626][T16898] dump_stack_lvl+0x18c/0x250 [ 955.808355][T16898] ? show_regs_print_info+0x20/0x20 [ 955.813595][T16898] ? load_image+0x400/0x400 [ 955.818187][T16898] ? __might_fault+0xaa/0x120 [ 955.822905][T16898] ? __lock_acquire+0x7d40/0x7d40 [ 955.827972][T16898] should_fail_ex+0x39d/0x4d0 [ 955.832687][T16898] _copy_from_user+0x2f/0xe0 [ 955.837320][T16898] sk_setsockopt+0x2b2/0x2bc0 [ 955.842043][T16898] ? sockopt_capable+0x60/0x60 [ 955.846851][T16898] ? aa_sk_perm+0x83c/0x970 [ 955.851392][T16898] ? __fget_files+0x28/0x4b0 [ 955.856024][T16898] ? aa_af_perm+0x330/0x330 [ 955.860571][T16898] ? __fget_files+0x28/0x4b0 [ 955.865194][T16898] ? __fget_files+0x28/0x4b0 [ 955.869854][T16898] ? aa_sock_opt_perm+0x74/0x100 [ 955.874833][T16898] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 955.880411][T16898] ? security_socket_setsockopt+0x7e/0xa0 [ 955.886173][T16898] do_sock_setsockopt+0x11b/0x1a0 [ 955.891250][T16898] __x64_sys_setsockopt+0x182/0x200 [ 955.896487][T16898] do_syscall_64+0x55/0xa0 [ 955.900933][T16898] ? clear_bhb_loop+0x40/0x90 [ 955.905630][T16898] ? clear_bhb_loop+0x40/0x90 [ 955.910329][T16898] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 955.916235][T16898] RIP: 0033:0x7f9bbb39bf79 [ 955.920668][T16898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 955.940288][T16898] RSP: 002b:00007f9bbc1a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 955.948752][T16898] RAX: ffffffffffffffda RBX: 00007f9bbb616090 RCX: 00007f9bbb39bf79 [ 955.956750][T16898] RDX: 0000000000000007 RSI: 0000000000000001 RDI: 0000000000000007 [ 955.964737][T16898] RBP: 00007f9bbc1a6090 R08: 0000000000000004 R09: 0000000000000000 [ 955.972717][T16898] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 955.980736][T16898] R13: 00007f9bbb616128 R14: 00007f9bbb616090 R15: 00007ffe1a83ee08 [ 955.988741][T16898] [ 956.129417][T16901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3583'. [ 956.315777][T16915] netlink: 'syz.2.3593': attribute type 6 has an invalid length. [ 956.339276][T16915] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3593'. [ 956.483997][T16920] netlink: 'syz.3.3595': attribute type 19 has an invalid length. [ 956.511130][T16920] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3595'. [ 956.560366][T16921] netlink: 'syz.2.3593': attribute type 29 has an invalid length. [ 956.568262][T16921] netlink: 'syz.2.3593': attribute type 3 has an invalid length. [ 956.629327][T16921] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3593'. [ 956.866062][T16928] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3598'. [ 956.875414][T16928] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3598'. [ 956.891155][T16928] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3598'. [ 956.905299][T16928] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3598'. [ 957.099235][T13780] wlan1: Creating new IBSS network, BSSID 26:53:41:90:8b:6d [ 958.070146][ T6638] wlan1: Trigger new scan to find an IBSS to join [ 959.699152][T16934] FAULT_INJECTION: forcing a failure. [ 959.699152][T16934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 959.719143][T16934] CPU: 0 PID: 16934 Comm: syz.3.3601 Not tainted syzkaller #0 [ 959.726663][T16934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 959.736749][T16934] Call Trace: [ 959.740055][T16934] [ 959.743002][T16934] dump_stack_lvl+0x18c/0x250 [ 959.747698][T16934] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 959.753870][T16934] ? show_regs_print_info+0x20/0x20 [ 959.759091][T16934] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 959.765270][T16934] should_fail_ex+0x39d/0x4d0 [ 959.769984][T16934] _copy_to_user+0x2f/0xa0 [ 959.774430][T16934] bpf_test_finish+0x19f/0x650 [ 959.779236][T16934] ? convert___skb_to_skb+0x590/0x590 [ 959.784635][T16934] ? convert_skb_to___skb+0x420/0x420 [ 959.790023][T16934] ? slab_build_skb+0x25f/0x3f0 [ 959.794898][T16934] bpf_prog_test_run_skb+0xcc3/0x12b0 [ 959.800293][T16934] ? cpu_online+0x60/0x60 [ 959.804637][T16934] bpf_prog_test_run+0x321/0x390 [ 959.809591][T16934] __sys_bpf+0x49d/0x890 [ 959.813852][T16934] ? bpf_link_show_fdinfo+0x390/0x390 [ 959.819278][T16934] ? lock_chain_count+0x20/0x20 [ 959.824163][T16934] __x64_sys_bpf+0x7c/0x90 [ 959.828616][T16934] do_syscall_64+0x55/0xa0 [ 959.833046][T16934] ? clear_bhb_loop+0x40/0x90 [ 959.837734][T16934] ? clear_bhb_loop+0x40/0x90 [ 959.842441][T16934] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 959.848340][T16934] RIP: 0033:0x7f6e70b9bf79 [ 959.852769][T16934] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 959.872383][T16934] RSP: 002b:00007f6e71b10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 959.880808][T16934] RAX: ffffffffffffffda RBX: 00007f6e70e15fa0 RCX: 00007f6e70b9bf79 [ 959.888803][T16934] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a [ 959.896809][T16934] RBP: 00007f6e71b10090 R08: 0000000000000000 R09: 0000000000000000 [ 959.904798][T16934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 959.912781][T16934] R13: 00007f6e70e16038 R14: 00007f6e70e15fa0 R15: 00007ffd21c82928 [ 959.920788][T16934] [ 960.038632][T16945] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3603'. [ 960.241607][T16951] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3608'. [ 960.262127][T16951] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3608'. [ 960.302514][T16955] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3608'. [ 960.341628][T16951] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3608'. [ 962.066353][ T6622] wlan1: Trigger new scan to find an IBSS to join [ 963.495036][ T3471] wlan1: Creating new IBSS network, BSSID 46:59:8a:2a:76:9a [ 963.617739][T16978] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3619'. [ 963.627180][T16978] netlink: get zone limit has 4 unknown bytes [ 964.527182][T16994] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3620'. [ 964.712060][T17000] netlink: 'syz.3.3626': attribute type 19 has an invalid length. [ 964.737524][T17000] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3626'. [ 964.810755][T17004] FAULT_INJECTION: forcing a failure. [ 964.810755][T17004] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 964.847305][T17004] CPU: 0 PID: 17004 Comm: syz.0.3627 Not tainted syzkaller #0 [ 964.854910][T17004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 964.864996][T17004] Call Trace: [ 964.868342][T17004] [ 964.871317][T17004] dump_stack_lvl+0x18c/0x250 [ 964.876054][T17004] ? show_regs_print_info+0x20/0x20 [ 964.881318][T17004] ? load_image+0x400/0x400 [ 964.885882][T17004] ? __lock_acquire+0x7d40/0x7d40 [ 964.890958][T17004] ? __lock_acquire+0x7d40/0x7d40 [ 964.896035][T17004] ? full_name_hash+0xb0/0xe0 [ 964.900769][T17004] should_fail_ex+0x39d/0x4d0 [ 964.905509][T17004] _copy_to_user+0x2f/0xa0 [ 964.909979][T17004] put_user_ifreq+0x78/0xb0 [ 964.914531][T17004] sock_do_ioctl+0x268/0x310 [ 964.919162][T17004] ? sock_show_fdinfo+0xb0/0xb0 [ 964.924060][T17004] sock_ioctl+0x5ba/0x7e0 [ 964.928427][T17004] ? sock_poll+0x3e0/0x3e0 [ 964.932894][T17004] ? bpf_lsm_file_ioctl+0x9/0x10 [ 964.937876][T17004] ? security_file_ioctl+0x80/0xa0 [ 964.943053][T17004] ? sock_poll+0x3e0/0x3e0 [ 964.947527][T17004] __se_sys_ioctl+0xfd/0x170 [ 964.952178][T17004] do_syscall_64+0x55/0xa0 [ 964.956654][T17004] ? clear_bhb_loop+0x40/0x90 [ 964.961393][T17004] ? clear_bhb_loop+0x40/0x90 [ 964.966110][T17004] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 964.972044][T17004] RIP: 0033:0x7f64f139bf79 [ 964.976497][T17004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 964.996148][T17004] RSP: 002b:00007f64f21c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 965.004609][T17004] RAX: ffffffffffffffda RBX: 00007f64f1615fa0 RCX: 00007f64f139bf79 [ 965.012627][T17004] RDX: 0000200000000080 RSI: 0000000000008970 RDI: 0000000000000005 [ 965.020643][T17004] RBP: 00007f64f21c9090 R08: 0000000000000000 R09: 0000000000000000 [ 965.028652][T17004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 965.036666][T17004] R13: 00007f64f1616038 R14: 00007f64f1615fa0 R15: 00007fffb30f1668 [ 965.044719][T17004] [ 965.170568][T17009] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3630'. [ 965.209449][T17009] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3630'. [ 965.232713][T17009] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3630'. [ 965.263302][T17009] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3630'. [ 968.732750][T17025] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3636'. [ 973.021424][T17062] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3651'. [ 973.138293][T17067] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3653'. [ 973.148653][T17067] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3653'. [ 973.167625][T17067] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3653'. [ 973.202678][T17067] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3653'. [ 973.821279][T17074] netlink: 'syz.2.3655': attribute type 1 has an invalid length. [ 973.928178][T17079] netlink: 'syz.2.3655': attribute type 1 has an invalid length. [ 974.035834][T17077] netlink: 'syz.1.3656': attribute type 7 has an invalid length. [ 974.090058][T17077] netlink: 'syz.1.3656': attribute type 1 has an invalid length. [ 974.191011][T17077] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.3656'. [ 975.863335][T17109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3665'. [ 977.701688][T17119] netlink: 'syz.2.3670': attribute type 10 has an invalid length. [ 977.719066][T17119] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.3670'. [ 977.840664][T17121] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3670'. [ 978.293363][T17125] netlink: 'syz.3.3673': attribute type 7 has an invalid length. [ 978.360446][T17125] netlink: 'syz.3.3673': attribute type 1 has an invalid length. [ 978.451410][T17125] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.3673'. [ 979.074483][T17138] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3677'. [ 979.621870][T17142] FAULT_INJECTION: forcing a failure. [ 979.621870][T17142] name failslab, interval 1, probability 0, space 0, times 0 [ 979.676421][T17142] CPU: 0 PID: 17142 Comm: syz.0.3678 Not tainted syzkaller #0 [ 979.683972][T17142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 979.694067][T17142] Call Trace: [ 979.697373][T17142] [ 979.700348][T17142] dump_stack_lvl+0x18c/0x250 [ 979.705092][T17142] ? show_regs_print_info+0x20/0x20 [ 979.710346][T17142] ? load_image+0x400/0x400 [ 979.714910][T17142] ? __might_sleep+0xe0/0xe0 [ 979.719559][T17142] ? __lock_acquire+0x7d40/0x7d40 [ 979.724631][T17142] should_fail_ex+0x39d/0x4d0 [ 979.729365][T17142] should_failslab+0x9/0x20 [ 979.733939][T17142] slab_pre_alloc_hook+0x59/0x310 [ 979.739017][T17142] ? tomoyo_encode+0x28b/0x540 [ 979.743818][T17142] ? tomoyo_encode+0x28b/0x540 [ 979.748616][T17142] __kmem_cache_alloc_node+0x53/0x250 [ 979.754053][T17142] ? tomoyo_encode+0x28b/0x540 [ 979.758860][T17142] __kmalloc+0xa4/0x230 [ 979.763068][T17142] tomoyo_encode+0x28b/0x540 [ 979.767705][T17142] tomoyo_realpath_from_path+0x592/0x5d0 [ 979.773401][T17142] tomoyo_path_number_perm+0x248/0x620 [ 979.778911][T17142] ? tomoyo_path_number_perm+0x217/0x620 [ 979.784596][T17142] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 979.790112][T17142] ? trace_call_bpf+0xc3/0x6c0 [ 979.794927][T17142] ? trace_call_bpf+0xc3/0x6c0 [ 979.799736][T17142] ? trace_call_bpf+0x5e9/0x6c0 [ 979.804668][T17142] ? __fget_files+0x28/0x4b0 [ 979.809299][T17142] ? __fget_files+0x28/0x4b0 [ 979.813941][T17142] security_file_ioctl+0x70/0xa0 [ 979.818927][T17142] __se_sys_ioctl+0x48/0x170 [ 979.823567][T17142] do_syscall_64+0x55/0xa0 [ 979.828064][T17142] ? clear_bhb_loop+0x40/0x90 [ 979.832789][T17142] ? clear_bhb_loop+0x40/0x90 [ 979.837509][T17142] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 979.843443][T17142] RIP: 0033:0x7f64f139bf79 [ 979.847894][T17142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 979.867545][T17142] RSP: 002b:00007f64f21c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 979.876021][T17142] RAX: ffffffffffffffda RBX: 00007f64f1615fa0 RCX: 00007f64f139bf79 [ 979.884037][T17142] RDX: 0000200000000000 RSI: 0000000000008915 RDI: 0000000000000003 [ 979.892045][T17142] RBP: 00007f64f21c9090 R08: 0000000000000000 R09: 0000000000000000 [ 979.900057][T17142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 979.908062][T17142] R13: 00007f64f1616038 R14: 00007f64f1615fa0 R15: 00007fffb30f1668 [ 979.916095][T17142] [ 980.038923][T17142] ERROR: Out of memory at tomoyo_realpath_from_path. [ 981.175804][ T6622] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 981.966893][T17158] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3682'. [ 982.231025][T17165] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3686'. [ 983.658541][T17177] netlink: 'syz.0.3689': attribute type 7 has an invalid length. [ 983.711451][T17177] netlink: 'syz.0.3689': attribute type 1 has an invalid length. [ 983.829522][T17177] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.3689'. [ 984.268964][T17180] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3696'. [ 985.279386][ T6622] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 988.877767][T17210] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3700'. [ 989.809350][T17219] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3703'. [ 991.302734][T17237] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3715'. [ 993.186824][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.193515][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.449092][T17256] netlink: 'syz.2.3714': attribute type 10 has an invalid length. [ 993.569395][ T6638] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 993.751200][T17256] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode [ 993.785321][T17256] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 993.903721][T17256] team0: Port device wlan1 added [ 993.929162][T17253] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 993.955378][T17256] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 994.007071][T17269] netlink: 'syz.0.3721': attribute type 19 has an invalid length. [ 994.028984][T17269] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3721'. [ 995.685858][T17279] netlink: 822 bytes leftover after parsing attributes in process `syz.2.3723'. [ 996.491300][T17295] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3727'. [ 999.287957][T17307] netlink: 'syz.3.3734': attribute type 19 has an invalid length. [ 999.318300][T17307] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3734'. [ 1000.710585][T17327] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3741'. [ 1002.090312][T17342] netlink: 'syz.0.3748': attribute type 19 has an invalid length. [ 1002.098470][T17342] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3748'. [ 1005.389071][T17364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3755'. [ 1006.285235][T17373] netlink: 'syz.0.3760': attribute type 19 has an invalid length. [ 1006.319861][T17373] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3760'. [ 1008.979631][T17398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3768'. [ 1009.633678][T17408] netlink: 'syz.1.3773': attribute type 19 has an invalid length. [ 1009.671401][T17408] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3773'. [ 1012.919832][ T42] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1013.044998][T17434] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3782'. [ 1013.867225][T17448] netlink: 'syz.0.3788': attribute type 19 has an invalid length. [ 1013.897658][T17448] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3788'. [ 1017.260916][T17475] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3797'. [ 1017.418549][ T6632] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1018.046083][T17488] netlink: 'syz.1.3803': attribute type 19 has an invalid length. [ 1018.068053][T17488] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3803'. [ 1019.131389][T17505] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3810'. [ 1021.687719][T17514] netlink: 'syz.2.3814': attribute type 19 has an invalid length. [ 1021.742565][T17514] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3814'. [ 1022.917314][T17539] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3820'. [ 1023.503309][T17544] netlink: 'syz.3.3825': attribute type 19 has an invalid length. [ 1023.543146][T17544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3825'. [ 1025.517559][ T6632] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1026.143257][T17570] netlink: 'syz.3.3837': attribute type 19 has an invalid length. [ 1026.160167][T17570] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3837'. [ 1026.385364][T17571] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3834'. [ 1029.637083][T17600] netlink: 'syz.0.3849': attribute type 19 has an invalid length. [ 1029.662654][T17600] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3849'. [ 1029.955386][T17607] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3847'. [ 1033.041156][T17629] netlink: 'syz.2.3860': attribute type 19 has an invalid length. [ 1033.067970][T17629] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3860'. [ 1033.545021][T17643] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3862'. [ 1036.701612][T17660] netlink: 'syz.0.3874': attribute type 19 has an invalid length. [ 1036.710084][T17660] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3874'. [ 1037.368089][T17681] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3877'. [ 1038.285922][T17690] netlink: 'syz.0.3886': attribute type 19 has an invalid length. [ 1038.331619][T17690] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3886'. [ 1041.426989][T17715] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3891'. [ 1042.387772][T17731] netlink: 'syz.1.3901': attribute type 19 has an invalid length. [ 1042.399143][T17731] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3901'. [ 1045.935828][T17754] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3908'. [ 1046.602298][T13780] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1046.727731][T17757] netlink: 'syz.1.3912': attribute type 19 has an invalid length. [ 1046.753138][T17757] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3912'. [ 1047.749179][T17778] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3922'. [ 1049.989653][T13780] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1050.579846][T17792] netlink: 'syz.3.3928': attribute type 19 has an invalid length. [ 1050.609109][T17792] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3928'. [ 1051.230756][T17808] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3933'. [ 1052.533161][T17827] netlink: 'syz.3.3942': attribute type 19 has an invalid length. [ 1052.578945][T17827] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3942'. [ 1054.624961][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.631508][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.191682][T17846] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3948'. [ 1055.456672][T17853] netlink: 'syz.3.3954': attribute type 19 has an invalid length. [ 1055.497811][T17853] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3954'. [ 1059.010207][T17882] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3965'. [ 1059.092523][T17885] netlink: 'syz.1.3968': attribute type 19 has an invalid length. [ 1059.097353][ T42] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1059.137499][T17885] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3968'. [ 1062.535417][T17906] netlink: 'syz.1.3978': attribute type 19 has an invalid length. [ 1062.550031][T17906] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3978'. [ 1063.079280][T17924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3981'. [ 1063.987410][T17937] netlink: 'syz.2.3992': attribute type 19 has an invalid length. [ 1064.016529][T17937] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3992'. [ 1067.071145][T17966] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3999'. [ 1067.119375][T17965] netlink: 'syz.1.4003': attribute type 19 has an invalid length. [ 1067.127727][T17965] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4003'. [ 1070.619316][T17992] netlink: 'syz.1.4014': attribute type 19 has an invalid length. [ 1070.658518][T17992] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4014'. [ 1071.036336][T18003] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4015'. [ 1074.878351][T18023] netlink: 'syz.2.4029': attribute type 19 has an invalid length. [ 1074.916942][T18023] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4029'. [ 1075.334667][T18041] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4033'. [ 1076.710308][T18064] netlink: 'syz.3.4044': attribute type 19 has an invalid length. [ 1076.725479][T18064] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4044'. [ 1079.194954][T18085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4051'. [ 1079.662953][T18093] netlink: 'syz.1.4056': attribute type 19 has an invalid length. [ 1079.713593][T18093] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4056'. [ 1080.298605][ T3471] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1081.008679][ T6638] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1083.047972][T18120] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4066'. [ 1083.547259][T18127] netlink: 'syz.0.4071': attribute type 19 has an invalid length. [ 1083.586477][T18127] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4071'. [ 1086.937330][T18157] netlink: 'syz.1.4085': attribute type 19 has an invalid length. [ 1086.962651][T18157] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4085'. [ 1086.991939][T18159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4082'. [ 1088.778970][T18185] netlink: 'syz.2.4095': attribute type 19 has an invalid length. [ 1088.817034][T18185] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4095'. [ 1090.464268][T18192] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4098'. [ 1090.489084][T18192] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4098'. [ 1090.840944][T18203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4099'. [ 1090.975631][T18208] netlink: 'syz.2.4105': attribute type 19 has an invalid length. [ 1091.013864][T18208] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4105'. [ 1091.519697][T18218] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4109'. [ 1091.617525][T18218] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4109'. [ 1092.377828][ T6638] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1094.278686][T18238] netlink: 'syz.2.4118': attribute type 19 has an invalid length. [ 1094.298927][T18238] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4118'. [ 1094.549046][T18244] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4121'. [ 1094.558164][T18244] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4121'. [ 1094.947313][T18255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4120'. [ 1096.009700][T18270] netlink: 'syz.1.4131': attribute type 19 has an invalid length. [ 1096.053052][T18270] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4131'. [ 1098.013016][T18277] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4133'. [ 1098.045434][T18277] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4133'. [ 1098.087201][T18282] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4133'. [ 1098.542809][T18295] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4139'. [ 1098.925958][T18302] netlink: 'syz.2.4144': attribute type 19 has an invalid length. [ 1098.957005][T18302] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4144'. [ 1101.753692][T18320] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4152'. [ 1101.775677][T18320] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4152'. [ 1101.807189][T18320] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4152'. [ 1102.143935][T18330] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4153'. [ 1102.186965][T18329] netlink: 'syz.0.4156': attribute type 19 has an invalid length. [ 1102.225853][T18329] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4156'. [ 1105.434270][T18346] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4163'. [ 1105.458644][T18346] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4163'. [ 1105.469367][T18346] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4163'. [ 1105.611674][T18352] netlink: 'syz.2.4167': attribute type 19 has an invalid length. [ 1105.629754][T18352] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4167'. [ 1106.004487][T18365] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4168'. [ 1109.241023][T18381] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4179'. [ 1109.265933][T18381] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4179'. [ 1109.293704][T18381] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4179'. [ 1109.379440][T18387] netlink: 'syz.2.4182': attribute type 19 has an invalid length. [ 1109.419038][T18387] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4182'. [ 1109.823950][T18394] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4184'. [ 1110.161873][T18412] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4192'. [ 1110.187603][T18412] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4192'. [ 1110.218004][T18412] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4192'. [ 1112.279478][T18422] netlink: 'syz.2.4194': attribute type 19 has an invalid length. [ 1112.287691][T18422] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4194'. [ 1112.446851][ T3471] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1112.457688][T14124] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1112.987071][T18432] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4201'. [ 1113.220720][T18444] netlink: 'syz.2.4206': attribute type 19 has an invalid length. [ 1116.069698][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.076109][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.523588][T18462] __nla_validate_parse: 4 callbacks suppressed [ 1116.523606][T18462] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.4213'. [ 1116.554404][T18462] netlink: 'syz.1.4213': attribute type 3 has an invalid length. [ 1116.562919][T18462] netlink: 106052 bytes leftover after parsing attributes in process `syz.1.4213'. [ 1116.605679][T18466] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4215'. [ 1116.622200][T18466] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4215'. [ 1116.636355][T18466] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4215'. [ 1116.876983][T18477] netlink: 'syz.3.4219': attribute type 19 has an invalid length. [ 1116.936569][T18477] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4219'. [ 1117.167435][T18483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4218'. [ 1118.039430][T18493] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4225'. [ 1118.048587][T18493] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4225'. [ 1118.149069][T18493] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4225'. [ 1118.907141][T18499] netlink: 'syz.1.4226': attribute type 10 has an invalid length. [ 1119.216959][T18494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1120.217537][T18499] mac80211_hwsim hwsim17 wlan1: entered promiscuous mode [ 1120.251836][T18499] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode [ 1120.290651][T18499] team0: Port device wlan1 added [ 1121.142022][T18512] netlink: 'syz.2.4231': attribute type 19 has an invalid length. [ 1121.786288][T18528] __nla_validate_parse: 1 callbacks suppressed [ 1121.786309][T18528] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4234'. [ 1122.120565][T18531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4238'. [ 1124.062985][T13780] wlan1: Trigger new scan to find an IBSS to join [ 1124.680245][T18544] netlink: 'syz.2.4242': attribute type 19 has an invalid length. [ 1124.749489][T18544] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4242'. [ 1124.860449][T18548] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4241'. [ 1124.909790][T18542] netlink: 'syz.3.4243': attribute type 10 has an invalid length. [ 1125.081084][T18541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1125.199291][T18551] netlink: 'syz.0.4252': attribute type 19 has an invalid length. [ 1125.226105][T18551] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4252'. [ 1125.901261][T18564] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4247'. [ 1125.958997][T18563] netlink: 'syz.1.4248': attribute type 19 has an invalid length. [ 1126.028029][T18563] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4248'. [ 1126.450980][T18567] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4246'. [ 1128.843149][T18583] netlink: 'syz.0.4255': attribute type 19 has an invalid length. [ 1128.964057][T18583] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4255'. [ 1129.120294][ T6638] wlan1: Trigger new scan to find an IBSS to join [ 1130.155833][T18591] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4257'. [ 1131.464645][ T6638] wlan1: Creating new IBSS network, BSSID 32:13:46:d4:80:a5 [ 1132.356995][T18606] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4258'. [ 1132.458948][T18607] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4259'. [ 1135.864259][T18632] netlink: 'syz.1.4268': attribute type 19 has an invalid length. [ 1135.917549][T18632] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4268'. [ 1136.002596][T18633] netlink: 'syz.2.4269': attribute type 19 has an invalid length. [ 1136.029619][T18633] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4269'. [ 1139.134371][T18653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4270'. [ 1140.043194][T18660] netlink: 'syz.2.4281': attribute type 19 has an invalid length. [ 1140.109155][T18660] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4281'. [ 1143.479079][ T3471] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1143.919147][T18693] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4289'. [ 1144.574279][T18696] netlink: 'syz.0.4295': attribute type 19 has an invalid length. [ 1144.592058][T18696] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4295'. [ 1148.262442][T18721] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4302'. [ 1149.048380][T18732] netlink: 168 bytes leftover after parsing attributes in process `syz.2.4311'. [ 1149.946225][T18739] pim6reg1: entered promiscuous mode [ 1149.958162][T18739] pim6reg1: entered allmulticast mode [ 1152.894642][T18771] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4319'. [ 1152.958170][T18775] FAULT_INJECTION: forcing a failure. [ 1152.958170][T18775] name failslab, interval 1, probability 0, space 0, times 0 [ 1152.972370][T18775] CPU: 1 PID: 18775 Comm: syz.1.4323 Not tainted syzkaller #0 [ 1152.979886][T18775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1152.990364][T18775] Call Trace: [ 1152.993734][T18775] [ 1152.996708][T18775] dump_stack_lvl+0x18c/0x250 [ 1153.001442][T18775] ? show_regs_print_info+0x20/0x20 [ 1153.006689][T18775] ? load_image+0x400/0x400 [ 1153.011251][T18775] ? __might_sleep+0xe0/0xe0 [ 1153.015882][T18775] ? __lock_acquire+0x7d40/0x7d40 [ 1153.020950][T18775] should_fail_ex+0x39d/0x4d0 [ 1153.025748][T18775] should_failslab+0x9/0x20 [ 1153.030304][T18775] slab_pre_alloc_hook+0x59/0x310 [ 1153.035408][T18775] ? kvmalloc_node+0x70/0x180 [ 1153.040127][T18775] ? kvmalloc_node+0x70/0x180 [ 1153.044851][T18775] __kmem_cache_alloc_node+0x53/0x250 [ 1153.050271][T18775] ? kvmalloc_node+0x70/0x180 [ 1153.054982][T18775] __kmalloc_node+0xa4/0x230 [ 1153.059705][T18775] kvmalloc_node+0x70/0x180 [ 1153.064223][T18775] alloc_netdev_mqs+0xa76/0x1040 [ 1153.069187][T18775] ipip6_tunnel_locate+0x4d4/0x760 [ 1153.074350][T18775] ? check_6rd+0x670/0x670 [ 1153.078797][T18775] ? bpf_lsm_capable+0x9/0x10 [ 1153.083510][T18775] ipip6_tunnel_ctl+0x6ae/0x9e0 [ 1153.088395][T18775] ip_tunnel_siocdevprivate+0x138/0x1f0 [ 1153.093984][T18775] ? ip_tunnel_update+0xb10/0xb10 [ 1153.099056][T18775] ? lock_acquire+0x208/0x420 [ 1153.103773][T18775] ? __mutex_trylock_common+0x159/0x260 [ 1153.109351][T18775] ipip6_tunnel_siocdevprivate+0x363/0x16f0 [ 1153.115303][T18775] ? rcu_is_watching+0x15/0xb0 [ 1153.120125][T18775] ? sit_tunnel_xmit+0x2010/0x2010 [ 1153.125275][T18775] ? trace_contention_end+0x39/0xe0 [ 1153.130493][T18775] ? __mutex_lock+0x315/0xcc0 [ 1153.135191][T18775] ? dev_load+0x21/0x1f0 [ 1153.139457][T18775] ? dev_ioctl+0x83c/0x1140 [ 1153.143971][T18775] ? __lock_acquire+0x7d40/0x7d40 [ 1153.149013][T18775] ? mutex_lock_nested+0x20/0x20 [ 1153.153973][T18775] ? full_name_hash+0x92/0xe0 [ 1153.158696][T18775] ? dev_ifsioc+0x958/0xc40 [ 1153.163227][T18775] dev_ioctl+0x84c/0x1140 [ 1153.167572][T18775] sock_ioctl+0x74c/0x7e0 [ 1153.171916][T18775] ? sock_poll+0x3e0/0x3e0 [ 1153.176352][T18775] ? sock_poll+0x3e0/0x3e0 [ 1153.180841][T18775] ? __se_sys_ioctl+0xf1/0x170 [ 1153.186149][T18775] ? sock_poll+0x3e0/0x3e0 [ 1153.190595][T18775] __se_sys_ioctl+0xfd/0x170 [ 1153.195217][T18775] do_syscall_64+0x55/0xa0 [ 1153.199666][T18775] ? clear_bhb_loop+0x40/0x90 [ 1153.204384][T18775] ? clear_bhb_loop+0x40/0x90 [ 1153.209081][T18775] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1153.214994][T18775] RIP: 0033:0x7fe1f119bf79 [ 1153.219424][T18775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1153.239053][T18775] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1153.247491][T18775] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 1153.255479][T18775] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000008 [ 1153.263480][T18775] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 1153.271478][T18775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1153.279471][T18775] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 1153.287479][T18775] [ 1156.455066][T18787] netlink: 'syz.2.4328': attribute type 19 has an invalid length. [ 1156.481386][T18787] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4328'. [ 1157.258323][T18813] netlink: 'syz.3.4337': attribute type 21 has an invalid length. [ 1157.279509][T18813] netlink: 'syz.3.4337': attribute type 6 has an invalid length. [ 1157.297616][T18813] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4337'. [ 1157.492757][T18822] netlink: 'syz.1.4341': attribute type 19 has an invalid length. [ 1157.552614][T18822] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4341'. [ 1158.338288][T18852] netlink: 'syz.2.4356': attribute type 19 has an invalid length. [ 1158.357613][T18852] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4356'. [ 1158.404515][T18851] netlink: 'syz.0.4354': attribute type 21 has an invalid length. [ 1158.445741][T18851] netlink: 'syz.0.4354': attribute type 6 has an invalid length. [ 1158.475014][T18851] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4354'. [ 1158.722998][T18862] delete_channel: no stack [ 1158.740827][T18865] netlink: 'syz.0.4367': attribute type 19 has an invalid length. [ 1158.774597][T18865] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4367'. [ 1159.253356][T18885] netlink: 'syz.3.4369': attribute type 10 has an invalid length. [ 1159.288349][T18885] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4369'. [ 1159.370209][T18886] netlink: 'syz.2.4368': attribute type 21 has an invalid length. [ 1159.393436][T18886] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4368'. [ 1159.572930][T18894] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4373'. [ 1159.661959][T18897] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.4373'. [ 1159.915118][T18900] FAULT_INJECTION: forcing a failure. [ 1159.915118][T18900] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1159.971020][T18900] CPU: 0 PID: 18900 Comm: syz.2.4374 Not tainted syzkaller #0 [ 1159.978542][T18900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1159.988627][T18900] Call Trace: [ 1159.991929][T18900] [ 1159.994878][T18900] dump_stack_lvl+0x18c/0x250 [ 1159.999600][T18900] ? show_regs_print_info+0x20/0x20 [ 1160.004861][T18900] ? load_image+0x400/0x400 [ 1160.009415][T18900] ? __lock_acquire+0x7d40/0x7d40 [ 1160.014479][T18900] ? snprintf+0xe9/0x140 [ 1160.018753][T18900] should_fail_ex+0x39d/0x4d0 [ 1160.023482][T18900] _copy_to_user+0x2f/0xa0 [ 1160.027947][T18900] simple_read_from_buffer+0xe7/0x150 [ 1160.033378][T18900] proc_fail_nth_read+0x1e8/0x260 [ 1160.038469][T18900] ? proc_fault_inject_write+0x360/0x360 [ 1160.044158][T18900] ? fsnotify_perm+0x271/0x5e0 [ 1160.048977][T18900] ? proc_fault_inject_write+0x360/0x360 [ 1160.054682][T18900] vfs_read+0x28b/0x970 [ 1160.058891][T18900] ? kernel_read+0x1e0/0x1e0 [ 1160.063528][T18900] ? __fget_files+0x28/0x4b0 [ 1160.068174][T18900] ? __fget_files+0x28/0x4b0 [ 1160.072800][T18900] ? __fget_files+0x43d/0x4b0 [ 1160.077528][T18900] ? __fdget_pos+0x2a3/0x330 [ 1160.082157][T18900] ? ksys_read+0x75/0x260 [ 1160.086529][T18900] ksys_read+0x150/0x260 [ 1160.090819][T18900] ? vfs_write+0x990/0x990 [ 1160.095275][T18900] ? syscall_enter_from_user_mode+0x2e/0x80 [ 1160.101203][T18900] do_syscall_64+0x55/0xa0 [ 1160.105680][T18900] ? clear_bhb_loop+0x40/0x90 [ 1160.110395][T18900] ? clear_bhb_loop+0x40/0x90 [ 1160.115107][T18900] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1160.121039][T18900] RIP: 0033:0x7f9bbb35c84e [ 1160.125485][T18900] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1160.145130][T18900] RSP: 002b:00007f9bbc1c6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1160.153582][T18900] RAX: ffffffffffffffda RBX: 00007f9bbc1c76c0 RCX: 00007f9bbb35c84e [ 1160.161588][T18900] RDX: 000000000000000f RSI: 00007f9bbc1c70a0 RDI: 0000000000000009 [ 1160.169598][T18900] RBP: 00007f9bbc1c7090 R08: 0000000000000000 R09: 0000000000000000 [ 1160.177605][T18900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1160.185615][T18900] R13: 00007f9bbb616038 R14: 00007f9bbb615fa0 R15: 00007ffe1a83ee08 [ 1160.193686][T18900] [ 1161.497460][T13780] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1164.173966][T18943] __nla_validate_parse: 6 callbacks suppressed [ 1164.173982][T18943] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4389'. [ 1164.189508][T18943] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4389'. [ 1164.207734][T18943] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4389'. [ 1164.365715][T18949] FAULT_INJECTION: forcing a failure. [ 1164.365715][T18949] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1164.400983][T18949] CPU: 0 PID: 18949 Comm: syz.1.4393 Not tainted syzkaller #0 [ 1164.408517][T18949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1164.418617][T18949] Call Trace: [ 1164.421925][T18949] [ 1164.424877][T18949] dump_stack_lvl+0x18c/0x250 [ 1164.429605][T18949] ? show_regs_print_info+0x20/0x20 [ 1164.434853][T18949] ? load_image+0x400/0x400 [ 1164.439391][T18949] ? __might_fault+0xaa/0x120 [ 1164.444098][T18949] ? __lock_acquire+0x7d40/0x7d40 [ 1164.449161][T18949] should_fail_ex+0x39d/0x4d0 [ 1164.453907][T18949] _copy_from_user+0x2f/0xe0 [ 1164.458540][T18949] bpf_prog_test_run_skb+0x266/0x12b0 [ 1164.463953][T18949] ? lockdep_hardirqs_on+0x98/0x150 [ 1164.469207][T18949] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1164.475405][T18949] ? cpu_online+0x60/0x60 [ 1164.479775][T18949] bpf_prog_test_run+0x321/0x390 [ 1164.484767][T18949] __sys_bpf+0x49d/0x890 [ 1164.489051][T18949] ? bpf_link_show_fdinfo+0x390/0x390 [ 1164.494472][T18949] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1164.500679][T18949] __x64_sys_bpf+0x7c/0x90 [ 1164.505130][T18949] do_syscall_64+0x55/0xa0 [ 1164.509580][T18949] ? clear_bhb_loop+0x40/0x90 [ 1164.514287][T18949] ? clear_bhb_loop+0x40/0x90 [ 1164.519029][T18949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1164.524966][T18949] RIP: 0033:0x7fe1f119bf79 [ 1164.529418][T18949] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1164.549053][T18949] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1164.557506][T18949] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 1164.565505][T18949] RDX: 0000000000000050 RSI: 0000200000000240 RDI: 000000000000000a [ 1164.573508][T18949] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 1164.581516][T18949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1164.589532][T18949] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 1164.597566][T18949] [ 1164.802345][T18953] validate_nla: 7 callbacks suppressed [ 1164.802379][T18953] netlink: 'syz.1.4395': attribute type 19 has an invalid length. [ 1164.855093][T18953] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4395'. [ 1166.184721][T18976] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4403'. [ 1166.210084][T18976] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4403'. [ 1166.246165][T18976] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4403'. [ 1168.059251][ T3471] wlan1: Trigger new scan to find an IBSS to join [ 1169.038267][T18987] netlink: 'syz.0.4408': attribute type 19 has an invalid length. [ 1169.046797][T18987] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4408'. [ 1169.387056][T18995] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4413'. [ 1169.401436][T18995] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4413'. [ 1169.412287][T18995] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4413'. [ 1170.708259][T19017] netlink: 'syz.3.4422': attribute type 19 has an invalid length. [ 1170.770320][T19017] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4422'. [ 1172.059714][T14124] wlan1: Trigger new scan to find an IBSS to join [ 1173.403522][T13780] wlan1: Creating new IBSS network, BSSID 1a:cd:45:1e:1b:b2 [ 1173.617665][T19028] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4423'. [ 1173.659077][T19028] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4423'. [ 1173.723982][T19028] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4423'. [ 1174.602207][T14124] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1174.831472][T19043] netlink: 'syz.0.4432': attribute type 19 has an invalid length. [ 1174.859170][T19043] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4432'. [ 1175.909017][T19058] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4437'. [ 1175.939310][T19058] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4437'. [ 1176.059439][T19062] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4437'. [ 1177.534311][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.540998][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.949546][T19075] netlink: 'syz.1.4443': attribute type 19 has an invalid length. [ 1178.957603][T19075] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4443'. [ 1183.258866][T19105] netlink: 'syz.1.4454': attribute type 19 has an invalid length. [ 1183.267451][T19105] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4454'. [ 1188.415080][T19164] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4477'. [ 1188.436475][T19164] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4477'. [ 1188.458394][T19164] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4477'. [ 1191.707527][T19186] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4487'. [ 1191.758864][T19186] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4487'. [ 1191.798925][T19188] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4487'. [ 1192.670053][T19205] sit0: entered promiscuous mode [ 1193.326999][T19215] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4498'. [ 1193.476276][T19215] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4498'. [ 1193.563997][T19217] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4498'. [ 1196.135291][T19241] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4507'. [ 1196.200130][T19241] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4507'. [ 1196.234070][T19244] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4507'. [ 1197.199832][T19262] netlink: 'syz.1.4516': attribute type 10 has an invalid length. [ 1197.485701][T19272] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4519'. [ 1197.504379][T19272] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4519'. [ 1197.534184][T19272] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4519'. [ 1198.858704][T19294] FAULT_INJECTION: forcing a failure. [ 1198.858704][T19294] name failslab, interval 1, probability 0, space 0, times 0 [ 1198.903301][T19294] CPU: 1 PID: 19294 Comm: syz.2.4527 Not tainted syzkaller #0 [ 1198.910846][T19294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1198.920916][T19294] Call Trace: [ 1198.924217][T19294] [ 1198.927160][T19294] dump_stack_lvl+0x18c/0x250 [ 1198.931873][T19294] ? show_regs_print_info+0x20/0x20 [ 1198.937091][T19294] ? load_image+0x400/0x400 [ 1198.941608][T19294] ? __might_sleep+0xe0/0xe0 [ 1198.946222][T19294] ? __lock_acquire+0x7d40/0x7d40 [ 1198.951275][T19294] should_fail_ex+0x39d/0x4d0 [ 1198.955977][T19294] should_failslab+0x9/0x20 [ 1198.960512][T19294] slab_pre_alloc_hook+0x59/0x310 [ 1198.965558][T19294] ? percpu_ref_put+0x12/0x100 [ 1198.970348][T19294] ? apparmor_sk_alloc_security+0x77/0x100 [ 1198.976186][T19294] __kmem_cache_alloc_node+0x53/0x250 [ 1198.981592][T19294] ? apparmor_sk_alloc_security+0x77/0x100 [ 1198.987431][T19294] kmalloc_trace+0x2a/0xe0 [ 1198.991874][T19294] apparmor_sk_alloc_security+0x77/0x100 [ 1198.997529][T19294] security_sk_alloc+0x6e/0xa0 [ 1199.002326][T19294] sk_prot_alloc+0x101/0x210 [ 1199.006949][T19294] sk_alloc+0x3a/0x360 [ 1199.011043][T19294] inet_create+0x7a0/0xfe0 [ 1199.015489][T19294] ? inet_create+0x9c/0xfe0 [ 1199.020011][T19294] __sock_create+0x4a6/0x940 [ 1199.024621][T19294] mptcp_subflow_create_socket+0x10b/0xac0 [ 1199.030447][T19294] ? perf_trace_run_bpf_submit+0x125/0x1c0 [ 1199.036273][T19294] ? __mptcp_subflow_connect+0x1450/0x1450 [ 1199.042097][T19294] ? mark_lock+0x94/0x320 [ 1199.046451][T19294] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1199.052450][T19294] __mptcp_nmpc_sk+0x157/0x740 [ 1199.057230][T19294] ? __bpf_trace_subflow_check_data_avail+0x160/0x160 [ 1199.064003][T19294] ? __local_bh_enable_ip+0x13a/0x1c0 [ 1199.069394][T19294] ? lockdep_hardirqs_on+0x98/0x150 [ 1199.074606][T19294] ? __local_bh_enable_ip+0x13a/0x1c0 [ 1199.079995][T19294] mptcp_sendmsg_fastopen+0x7f/0x4d0 [ 1199.085305][T19294] mptcp_sendmsg+0x14b2/0x16d0 [ 1199.090094][T19294] ? __bpf_trace_bpf_trace_printk+0x100/0x100 [ 1199.096199][T19294] ? verify_lock_unused+0x140/0x140 [ 1199.101430][T19294] ? aa_sk_perm+0x83c/0x970 [ 1199.105966][T19294] ? perf_trace_run_bpf_submit+0x125/0x1c0 [ 1199.111821][T19294] ? aa_af_perm+0x330/0x330 [ 1199.116350][T19294] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 1199.122787][T19294] ? mptcp_shutdown+0x80/0x80 [ 1199.127480][T19294] ? sock_rps_record_flow+0x19/0x3f0 [ 1199.132789][T19294] ? inet_sendmsg+0xe9/0x2f0 [ 1199.137398][T19294] ? inet_send_prepare+0x260/0x260 [ 1199.142531][T19294] ____sys_sendmsg+0x5ba/0x960 [ 1199.147335][T19294] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1199.153513][T19294] ? __asan_memset+0x22/0x40 [ 1199.158121][T19294] ? __sys_sendmsg_sock+0x30/0x30 [ 1199.163158][T19294] ? __import_iovec+0x3fa/0x850 [ 1199.168032][T19294] ? import_iovec+0x73/0xa0 [ 1199.172577][T19294] ___sys_sendmsg+0x2a6/0x360 [ 1199.177275][T19294] ? __sys_sendmsg+0x2a0/0x2a0 [ 1199.182114][T19294] __se_sys_sendmsg+0x1c2/0x2b0 [ 1199.186983][T19294] ? __x64_sys_sendmsg+0x80/0x80 [ 1199.191951][T19294] ? syscall_enter_from_user_mode+0x2e/0x80 [ 1199.197859][T19294] do_syscall_64+0x55/0xa0 [ 1199.202306][T19294] ? clear_bhb_loop+0x40/0x90 [ 1199.207008][T19294] ? clear_bhb_loop+0x40/0x90 [ 1199.211741][T19294] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1199.217646][T19294] RIP: 0033:0x7f9bbb39bf79 [ 1199.222084][T19294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1199.241706][T19294] RSP: 002b:00007f9bbc1c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1199.250134][T19294] RAX: ffffffffffffffda RBX: 00007f9bbb615fa0 RCX: 00007f9bbb39bf79 [ 1199.258141][T19294] RDX: 0000000034004000 RSI: 0000200000000240 RDI: 0000000000000006 [ 1199.266170][T19294] RBP: 00007f9bbc1c7090 R08: 0000000000000000 R09: 0000000000000000 [ 1199.274153][T19294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1199.282154][T19294] R13: 00007f9bbb616038 R14: 00007f9bbb615fa0 R15: 00007ffe1a83ee08 [ 1199.290187][T19294] [ 1199.377604][T19300] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4530'. [ 1199.412172][T19300] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4530'. [ 1199.439027][T19300] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4530'. [ 1199.630573][T19306] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.4534'. [ 1205.315499][T19353] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4543'. [ 1205.348814][T19353] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4543'. [ 1205.391861][T19353] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4543'. [ 1205.732511][T13780] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1208.065026][T19409] netlink: 'syz.0.4568': attribute type 10 has an invalid length. [ 1210.016792][T19452] netlink: 'syz.3.4584': attribute type 10 has an invalid length. [ 1210.314620][T19454] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.4588'. [ 1211.138515][T19466] netlink: 'syz.2.4590': attribute type 10 has an invalid length. [ 1211.173410][T19466] netdevsim netdevsim2 ÿÿÿÿÿÿ: entered promiscuous mode [ 1211.726200][T19477] FAULT_INJECTION: forcing a failure. [ 1211.726200][T19477] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.771549][T19477] CPU: 1 PID: 19477 Comm: syz.1.4595 Not tainted syzkaller #0 [ 1211.779087][T19477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1211.789177][T19477] Call Trace: [ 1211.792485][T19477] [ 1211.795446][T19477] dump_stack_lvl+0x18c/0x250 [ 1211.800172][T19477] ? show_regs_print_info+0x20/0x20 [ 1211.805415][T19477] ? load_image+0x400/0x400 [ 1211.809952][T19477] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1211.815990][T19477] ? __asan_memset+0x22/0x40 [ 1211.820637][T19477] should_fail_ex+0x39d/0x4d0 [ 1211.825372][T19477] should_failslab+0x9/0x20 [ 1211.829931][T19477] slab_pre_alloc_hook+0x59/0x310 [ 1211.834997][T19477] ? __debug_object_init+0xec/0x450 [ 1211.840266][T19477] kmem_cache_alloc+0x5a/0x2d0 [ 1211.845067][T19477] ? slab_build_skb+0x2b/0x3f0 [ 1211.849876][T19477] slab_build_skb+0x2b/0x3f0 [ 1211.854532][T19477] bpf_prog_test_run_skb+0x3c8/0x12b0 [ 1211.859944][T19477] ? __fget_files+0x28/0x4b0 [ 1211.864573][T19477] ? __fget_files+0x28/0x4b0 [ 1211.869214][T19477] ? __fget_files+0x43d/0x4b0 [ 1211.873947][T19477] ? cpu_online+0x60/0x60 [ 1211.878329][T19477] bpf_prog_test_run+0x321/0x390 [ 1211.883307][T19477] __sys_bpf+0x49d/0x890 [ 1211.887631][T19477] ? bpf_link_show_fdinfo+0x390/0x390 [ 1211.893056][T19477] ? lock_chain_count+0x20/0x20 [ 1211.897934][T19477] __x64_sys_bpf+0x7c/0x90 [ 1211.902367][T19477] do_syscall_64+0x55/0xa0 [ 1211.906804][T19477] ? clear_bhb_loop+0x40/0x90 [ 1211.911509][T19477] ? clear_bhb_loop+0x40/0x90 [ 1211.916207][T19477] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1211.922118][T19477] RIP: 0033:0x7fe1f119bf79 [ 1211.926548][T19477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1211.946178][T19477] RSP: 002b:00007fe1f20d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1211.954610][T19477] RAX: ffffffffffffffda RBX: 00007fe1f1415fa0 RCX: 00007fe1f119bf79 [ 1211.962600][T19477] RDX: 0000000000000050 RSI: 0000200000000000 RDI: 000000000000000a [ 1211.970589][T19477] RBP: 00007fe1f20d4090 R08: 0000000000000000 R09: 0000000000000000 [ 1211.978579][T19477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1211.986567][T19477] R13: 00007fe1f1416038 R14: 00007fe1f1415fa0 R15: 00007fff5aad1a78 [ 1211.994575][T19477] [ 1212.061590][T19479] netlink: 17279 bytes leftover after parsing attributes in process `syz.0.4596'. [ 1213.059436][T19495] netlink: 'syz.1.4603': attribute type 19 has an invalid length. [ 1213.100623][T19495] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4603'. [ 1213.197087][T19502] FAULT_INJECTION: forcing a failure. [ 1213.197087][T19502] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.251363][T19502] CPU: 1 PID: 19502 Comm: syz.3.4605 Not tainted syzkaller #0 [ 1213.258891][T19502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1213.268975][T19502] Call Trace: [ 1213.272280][T19502] [ 1213.275233][T19502] dump_stack_lvl+0x18c/0x250 [ 1213.279954][T19502] ? show_regs_print_info+0x20/0x20 [ 1213.285190][T19502] ? load_image+0x400/0x400 [ 1213.289729][T19502] ? __might_sleep+0xe0/0xe0 [ 1213.294351][T19502] ? __lock_acquire+0x7d40/0x7d40 [ 1213.299421][T19502] should_fail_ex+0x39d/0x4d0 [ 1213.304157][T19502] should_failslab+0x9/0x20 [ 1213.308713][T19502] slab_pre_alloc_hook+0x59/0x310 [ 1213.313777][T19502] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1213.319525][T19502] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1213.325269][T19502] __kmem_cache_alloc_node+0x53/0x250 [ 1213.330687][T19502] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1213.336445][T19502] __kmalloc+0xa4/0x230 [ 1213.340662][T19502] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1213.346260][T19502] tomoyo_path_number_perm+0x248/0x620 [ 1213.351771][T19502] ? tomoyo_path_number_perm+0x217/0x620 [ 1213.357444][T19502] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1213.362962][T19502] ? trace_call_bpf+0xc3/0x6c0 [ 1213.367769][T19502] ? trace_call_bpf+0xc3/0x6c0 [ 1213.372569][T19502] ? trace_call_bpf+0x5e9/0x6c0 [ 1213.377467][T19502] ? __fget_files+0x28/0x4b0 [ 1213.382069][T19502] ? __fget_files+0x28/0x4b0 [ 1213.386691][T19502] security_file_ioctl+0x70/0xa0 [ 1213.391659][T19502] __se_sys_ioctl+0x48/0x170 [ 1213.396271][T19502] do_syscall_64+0x55/0xa0 [ 1213.400715][T19502] ? clear_bhb_loop+0x40/0x90 [ 1213.405403][T19502] ? clear_bhb_loop+0x40/0x90 [ 1213.410093][T19502] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1213.415998][T19502] RIP: 0033:0x7f6e70b9bf79 [ 1213.420432][T19502] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1213.440049][T19502] RSP: 002b:00007f6e71b10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1213.448476][T19502] RAX: ffffffffffffffda RBX: 00007f6e70e15fa0 RCX: 00007f6e70b9bf79 [ 1213.456459][T19502] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 000000000000000b [ 1213.464453][T19502] RBP: 00007f6e71b10090 R08: 0000000000000000 R09: 0000000000000000 [ 1213.472527][T19502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.480513][T19502] R13: 00007f6e70e16038 R14: 00007f6e70e15fa0 R15: 00007ffd21c82928 [ 1213.488507][T19502] [ 1213.616405][T19502] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1214.054207][T19505] netlink: 'syz.2.4607': attribute type 10 has an invalid length. [ 1214.096095][T19505] netlink: 9279 bytes leftover after parsing attributes in process `syz.2.4607'. [ 1214.631096][T19531] netlink: 'syz.1.4617': attribute type 19 has an invalid length. [ 1214.659730][T19531] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4617'. [ 1215.031417][T19544] netlink: 152 bytes leftover after parsing attributes in process `syz.3.4622'. [ 1215.078987][T19544] netlink: 6 bytes leftover after parsing attributes in process `syz.3.4622'. [ 1215.974881][T19561] netlink: 'syz.1.4629': attribute type 19 has an invalid length. [ 1215.994760][T19561] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4629'. [ 1216.025717][T19563] FAULT_INJECTION: forcing a failure. [ 1216.025717][T19563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1216.061033][T19563] CPU: 0 PID: 19563 Comm: syz.2.4630 Not tainted syzkaller #0 [ 1216.068597][T19563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1216.078725][T19563] Call Trace: [ 1216.082072][T19563] [ 1216.085053][T19563] dump_stack_lvl+0x18c/0x250 [ 1216.089811][T19563] ? show_regs_print_info+0x20/0x20 [ 1216.095093][T19563] ? load_image+0x400/0x400 [ 1216.099692][T19563] ? __lock_acquire+0x7d40/0x7d40 [ 1216.104801][T19563] ? snprintf+0xe9/0x140 [ 1216.109129][T19563] should_fail_ex+0x39d/0x4d0 [ 1216.113896][T19563] _copy_to_user+0x2f/0xa0 [ 1216.118397][T19563] simple_read_from_buffer+0xe7/0x150 [ 1216.123866][T19563] proc_fail_nth_read+0x1e8/0x260 [ 1216.129000][T19563] ? proc_fault_inject_write+0x360/0x360 [ 1216.134737][T19563] ? fsnotify_perm+0x271/0x5e0 [ 1216.139588][T19563] ? proc_fault_inject_write+0x360/0x360 [ 1216.145300][T19563] vfs_read+0x28b/0x970 [ 1216.149555][T19563] ? kernel_read+0x1e0/0x1e0 [ 1216.154210][T19563] ? __fget_files+0x28/0x4b0 [ 1216.158877][T19563] ? __fget_files+0x28/0x4b0 [ 1216.163539][T19563] ? __fget_files+0x43d/0x4b0 [ 1216.168305][T19563] ? __fdget_pos+0x2a3/0x330 [ 1216.172957][T19563] ? ksys_read+0x75/0x260 [ 1216.177361][T19563] ksys_read+0x150/0x260 [ 1216.181690][T19563] ? vfs_write+0x990/0x990 [ 1216.186190][T19563] ? lockdep_hardirqs_on+0x98/0x150 [ 1216.191472][T19563] do_syscall_64+0x55/0xa0 [ 1216.195968][T19563] ? clear_bhb_loop+0x40/0x90 [ 1216.200736][T19563] ? clear_bhb_loop+0x40/0x90 [ 1216.205488][T19563] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1216.211434][T19563] RIP: 0033:0x7f9bbb35c84e [ 1216.215915][T19563] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1216.235586][T19563] RSP: 002b:00007f9bbc1c6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1216.244088][T19563] RAX: ffffffffffffffda RBX: 00007f9bbc1c76c0 RCX: 00007f9bbb35c84e [ 1216.252120][T19563] RDX: 000000000000000f RSI: 00007f9bbc1c70a0 RDI: 0000000000000007 [ 1216.260154][T19563] RBP: 00007f9bbc1c7090 R08: 0000000000000000 R09: 0000000000000000 [ 1216.268194][T19563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1216.276236][T19563] R13: 00007f9bbb616038 R14: 00007f9bbb615fa0 R15: 00007ffe1a83ee08 [ 1216.284329][T19563] [ 1216.684499][T19569] netlink: 'syz.0.4639': attribute type 19 has an invalid length. [ 1216.708931][T19569] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4639'. [ 1218.177962][T19609] sit0: entered promiscuous mode [ 1218.193332][T19609] sit0: left allmulticast mode [ 1218.226310][T19606] netlink: 'syz.3.4646': attribute type 19 has an invalid length. [ 1218.257571][T19606] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4646'. [ 1218.564827][T19617] FAULT_INJECTION: forcing a failure. [ 1218.564827][T19617] name failslab, interval 1, probability 0, space 0, times 0 [ 1218.611681][T19617] CPU: 1 PID: 19617 Comm: syz.3.4650 Not tainted syzkaller #0 [ 1218.619197][T19617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1218.629322][T19617] Call Trace: [ 1218.632628][T19617] [ 1218.635583][T19617] dump_stack_lvl+0x18c/0x250 [ 1218.640326][T19617] ? show_regs_print_info+0x20/0x20 [ 1218.645576][T19617] ? load_image+0x400/0x400 [ 1218.650137][T19617] ? __might_sleep+0xe0/0xe0 [ 1218.654776][T19617] ? __lock_acquire+0x7d40/0x7d40 [ 1218.659851][T19617] should_fail_ex+0x39d/0x4d0 [ 1218.664583][T19617] should_failslab+0x9/0x20 [ 1218.669123][T19617] slab_pre_alloc_hook+0x59/0x310 [ 1218.674190][T19617] ? subflow_ulp_init+0x95/0x530 [ 1218.679159][T19617] __kmem_cache_alloc_node+0x53/0x250 [ 1218.684572][T19617] ? tcp_set_ulp+0xb1/0x5f0 [ 1218.689114][T19617] ? subflow_ulp_init+0x95/0x530 [ 1218.694089][T19617] kmalloc_trace+0x2a/0xe0 [ 1218.698543][T19617] subflow_ulp_init+0x95/0x530 [ 1218.703434][T19617] ? tcp_set_ulp+0xb1/0x5f0 [ 1218.707975][T19617] tcp_set_ulp+0x536/0x5f0 [ 1218.712454][T19617] mptcp_subflow_create_socket+0x60e/0xac0 [ 1218.718295][T19617] ? verify_lock_unused+0x140/0x140 [ 1218.723543][T19617] ? __mptcp_subflow_connect+0x1450/0x1450 [ 1218.729398][T19617] ? mark_lock+0x94/0x320 [ 1218.733747][T19617] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1218.739766][T19617] __mptcp_nmpc_sk+0x157/0x740 [ 1218.744571][T19617] ? __bpf_trace_subflow_check_data_avail+0x160/0x160 [ 1218.751364][T19617] ? __local_bh_enable_ip+0x13a/0x1c0 [ 1218.756771][T19617] ? lockdep_hardirqs_on+0x98/0x150 [ 1218.762016][T19617] ? __local_bh_enable_ip+0x13a/0x1c0 [ 1218.767422][T19617] mptcp_sendmsg_fastopen+0x7f/0x4d0 [ 1218.772764][T19617] mptcp_sendmsg+0x14b2/0x16d0 [ 1218.777588][T19617] ? __lock_acquire+0x1273/0x7d40 [ 1218.782676][T19617] ? verify_lock_unused+0x140/0x140 [ 1218.787923][T19617] ? aa_sk_perm+0x83c/0x970 [ 1218.792464][T19617] ? aa_af_perm+0x330/0x330 [ 1218.797004][T19617] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 1218.803439][T19617] ? mptcp_shutdown+0x80/0x80 [ 1218.808144][T19617] ? sock_rps_record_flow+0x19/0x3f0 [ 1218.813459][T19617] ? inet_sendmsg+0xe9/0x2f0 [ 1218.818084][T19617] ? inet_send_prepare+0x260/0x260 [ 1218.823229][T19617] ____sys_sendmsg+0x5ba/0x960 [ 1218.828036][T19617] ? __lock_acquire+0x7d40/0x7d40 [ 1218.833088][T19617] ? __asan_memset+0x22/0x40 [ 1218.837723][T19617] ? __sys_sendmsg_sock+0x30/0x30 [ 1218.842896][T19617] ? __import_iovec+0x3fa/0x850 [ 1218.847801][T19617] ? import_iovec+0x73/0xa0 [ 1218.852344][T19617] ___sys_sendmsg+0x2a6/0x360 [ 1218.857056][T19617] ? get_pid_task+0x20/0x1e0 [ 1218.861682][T19617] ? __sys_sendmsg+0x2a0/0x2a0 [ 1218.866496][T19617] ? __lock_acquire+0x7d40/0x7d40 [ 1218.871573][T19617] __se_sys_sendmsg+0x1c2/0x2b0 [ 1218.876449][T19617] ? __x64_sys_sendmsg+0x80/0x80 [ 1218.881424][T19617] ? lockdep_hardirqs_on+0x98/0x150 [ 1218.886672][T19617] do_syscall_64+0x55/0xa0 [ 1218.891126][T19617] ? clear_bhb_loop+0x40/0x90 [ 1218.895835][T19617] ? clear_bhb_loop+0x40/0x90 [ 1218.900554][T19617] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1218.906474][T19617] RIP: 0033:0x7f6e70b9bf79 [ 1218.910924][T19617] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1218.930600][T19617] RSP: 002b:00007f6e71b10028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1218.939052][T19617] RAX: ffffffffffffffda RBX: 00007f6e70e15fa0 RCX: 00007f6e70b9bf79 [ 1218.947067][T19617] RDX: 0000000030004084 RSI: 0000200000000080 RDI: 0000000000000003 [ 1218.955081][T19617] RBP: 00007f6e71b10090 R08: 0000000000000000 R09: 0000000000000000 [ 1218.963078][T19617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1218.971068][T19617] R13: 00007f6e70e16038 R14: 00007f6e70e15fa0 R15: 00007ffd21c82928 [ 1218.979078][T19617] [ 1219.085423][ C0] [ 1219.085432][ C0] ================================ [ 1219.085439][ C0] WARNING: inconsistent lock state [ 1219.085456][ C0] syzkaller #0 Not tainted [ 1219.085466][ C0] -------------------------------- [ 1219.085471][ C0] inconsistent {INITIAL USE} -> {IN-NMI} usage. [ 1219.085479][ C0] syz.2.4652/19622 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 1219.085498][ C0] ffff888060accfa0 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket+0x17d/0x300 [ 1219.085552][ C0] {INITIAL USE} state was registered at: [ 1219.085559][ C0] lock_acquire+0x19e/0x420 [ 1219.085579][ C0] _raw_spin_lock+0x2e/0x40 [ 1219.085595][ C0] htab_lock_bucket+0x17d/0x300 [ 1219.085612][ C0] htab_lru_map_update_elem+0x2c6/0x990 [ 1219.085628][ C0] bpf_map_update_value+0x660/0x720 [ 1219.085659][ C0] map_update_elem+0x57b/0x700 [ 1219.085677][ C0] __sys_bpf+0x6b5/0x890 [ 1219.085710][ C0] __x64_sys_bpf+0x7c/0x90 [ 1219.085727][ C0] do_syscall_64+0x55/0xa0 [ 1219.085752][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1219.085771][ C0] irq event stamp: 1736 [ 1219.085778][ C0] hardirqs last enabled at (1735): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1219.085807][ C0] hardirqs last disabled at (1736): [] exc_debug+0x73/0x140 [ 1219.085839][ C0] softirqs last enabled at (1732): [] netlink_insert+0x109f/0x13a0 [ 1219.085870][ C0] softirqs last disabled at (1730): [] release_sock+0x2f/0x1c0 [ 1219.085903][ C0] [ 1219.085903][ C0] other info that might help us debug this: [ 1219.085909][ C0] Possible unsafe locking scenario: [ 1219.085909][ C0] [ 1219.085914][ C0] CPU0 [ 1219.085917][ C0] ---- [ 1219.085921][ C0] lock(&htab->lockdep_key); [ 1219.085934][ C0] [ 1219.085938][ C0] lock(&htab->lockdep_key); [ 1219.085950][ C0] [ 1219.085950][ C0] *** DEADLOCK *** [ 1219.085950][ C0] [ 1219.085954][ C0] no locks held by syz.2.4652/19622. [ 1219.085963][ C0] [ 1219.085963][ C0] stack backtrace: [ 1219.085969][ C0] CPU: 0 PID: 19622 Comm: syz.2.4652 Not tainted syzkaller #0 [ 1219.085988][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1219.085999][ C0] Call Trace: [ 1219.086007][ C0] <#DB> [ 1219.086014][ C0] dump_stack_lvl+0x18c/0x250 [ 1219.086045][ C0] ? show_regs_print_info+0x20/0x20 [ 1219.086076][ C0] ? print_usage_bug+0x475/0x690 [ 1219.086099][ C0] ? verify_lock_unused+0x18/0x140 [ 1219.086123][ C0] lock_acquire+0x2c2/0x420 [ 1219.086148][ C0] ? htab_lock_bucket+0x17d/0x300 [ 1219.086170][ C0] ? read_lock_is_recursive+0x20/0x20 [ 1219.086200][ C0] _raw_spin_lock+0x2e/0x40 [ 1219.086219][ C0] ? htab_lock_bucket+0x17d/0x300 [ 1219.086240][ C0] htab_lock_bucket+0x17d/0x300 [ 1219.086263][ C0] ? htab_lru_map_delete_node+0x760/0x760 [ 1219.086288][ C0] ? verify_lock_unused+0x18/0x140 [ 1219.086310][ C0] ? jhash+0x34e/0x740 [ 1219.086332][ C0] htab_lru_map_delete_elem+0x1a4/0x650 [ 1219.086358][ C0] ? htab_lru_map_update_elem+0x990/0x990 [ 1219.086379][ C0] ? perf_callchain+0x220/0x220 [ 1219.086404][ C0] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 1219.086425][ C0] bpf_overflow_handler+0x1fc/0x510 [ 1219.086454][ C0] ? perf_prepare_header+0x1e0/0x1e0 [ 1219.086476][ C0] ? bpf_overflow_handler+0xde/0x510 [ 1219.086503][ C0] ? tp_perf_event_destroy+0x20/0x20 [ 1219.086535][ C0] ? __perf_event_account_interrupt+0x187/0x280 [ 1219.086560][ C0] __perf_event_overflow+0x447/0x630 [ 1219.086586][ C0] perf_swevent_event+0x324/0x630 [ 1219.086612][ C0] ? perf_tp_event+0x1450/0x1450 [ 1219.086632][ C0] ? perf_trace_lock+0xfc/0x3b0 [ 1219.086667][ C0] perf_bp_event+0x2a7/0x380 [ 1219.086693][ C0] ? perf_event_free_bpf_prog+0x120/0x120 [ 1219.086715][ C0] ? rcu_is_watching+0x15/0xb0 [ 1219.086740][ C0] ? trace_call_bpf+0xc3/0x6c0 [ 1219.086768][ C0] ? lock_release+0xb5/0x8c0 [ 1219.086804][ C0] ? lock_acquire+0x2c2/0x420 [ 1219.086831][ C0] hw_breakpoint_exceptions_notify+0x23e/0x670 [ 1219.086859][ C0] notifier_call_chain+0x197/0x380 [ 1219.086906][ C0] ? atomic_notifier_call_chain+0x26/0x180 [ 1219.086930][ C0] atomic_notifier_call_chain+0xda/0x180 [ 1219.086955][ C0] notify_die+0x145/0x1a0 [ 1219.086980][ C0] ? srcu_init_notifier_head+0x90/0x90 [ 1219.087008][ C0] ? rcu_is_watching+0x15/0xb0 [ 1219.087034][ C0] notify_debug+0x2e/0x50 [ 1219.087051][ C0] exc_debug+0xde/0x140 [ 1219.087079][ C0] asm_exc_debug+0x1e/0x40 [ 1219.087097][ C0] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1219.087127][ C0] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01 [ 1219.087144][ C0] RSP: 0018:ffffc9000f287798 EFLAGS: 00050202 [ 1219.087161][ C0] RAX: ffffffff84272301 RBX: 0000000000000089 RCX: 0000000000000008 [ 1219.087175][ C0] RDX: 0000000000000001 RSI: 0000200000000301 RDI: ffff888067182e01 [ 1219.087188][ C0] RBP: ffffc9000f2878f0 R08: ffff888067182e08 R09: 1ffff1100ce305c1 [ 1219.087202][ C0] R10: dffffc0000000000 R11: ffffed100ce305c2 R12: ffff888067182d80 [ 1219.087215][ C0] R13: 0000200000000280 R14: ffffc9000f287e38 R15: 1ffff92001e50fc7 [ 1219.087234][ C0] ? _copy_from_iter+0x151/0x12e0 [ 1219.087267][ C0] [ 1219.087273][ C0] [ 1219.087279][ C0] _copy_from_iter+0x24e/0x12e0 [ 1219.087305][ C0] ? slab_post_alloc_hook+0x8a/0x4b0 [ 1219.087331][ C0] ? __virt_addr_valid+0x18c/0x540 [ 1219.087355][ C0] ? __lock_acquire+0x7d40/0x7d40 [ 1219.087376][ C0] ? rcu_is_watching+0x15/0xb0 [ 1219.087402][ C0] ? copyout_mc+0x70/0x70 [ 1219.087427][ C0] ? __virt_addr_valid+0x18c/0x540 [ 1219.087450][ C0] ? __virt_addr_valid+0x18c/0x540 [ 1219.087473][ C0] ? __virt_addr_valid+0x469/0x540 [ 1219.087497][ C0] ? __check_object_size+0x506/0xa20 [ 1219.087528][ C0] netlink_sendmsg+0x76b/0xbf0 [ 1219.087559][ C0] ? netlink_getsockopt+0x590/0x590 [ 1219.087586][ C0] ? aa_sock_msg_perm+0x94/0x150 [ 1219.087609][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1219.087642][ C0] ? security_socket_sendmsg+0x80/0xa0 [ 1219.087660][ C0] ? netlink_getsockopt+0x590/0x590 [ 1219.087686][ C0] ____sys_sendmsg+0x5ba/0x960 [ 1219.087721][ C0] ? __asan_memset+0x22/0x40 [ 1219.087758][ C0] ? __sys_sendmsg_sock+0x30/0x30 [ 1219.087773][ C0] ? __import_iovec+0x5f2/0x850 [ 1219.087802][ C0] ? import_iovec+0x73/0xa0 [ 1219.087830][ C0] ___sys_sendmsg+0x2a6/0x360 [ 1219.087848][ C0] ? __sys_sendmsg+0x2a0/0x2a0 [ 1219.087892][ C0] __se_sys_sendmsg+0x1c2/0x2b0 [ 1219.087911][ C0] ? __x64_sys_sendmsg+0x80/0x80 [ 1219.087935][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 1219.087954][ C0] do_syscall_64+0x55/0xa0 [ 1219.087977][ C0] ? clear_bhb_loop+0x40/0x90 [ 1219.087996][ C0] ? clear_bhb_loop+0x40/0x90 [ 1219.088015][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1219.088033][ C0] RIP: 0033:0x7f9bbb39bf79 [ 1219.088047][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1219.088061][ C0] RSP: 002b:00007f9bbc1c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1219.088079][ C0] RAX: ffffffffffffffda RBX: 00007f9bbb615fa0 RCX: 00007f9bbb39bf79 [ 1219.088092][ C0] RDX: 0000000000000010 RSI: 0000200000000240 RDI: 000000000000000e [ 1219.088103][ C0] RBP: 00007f9bbb4327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1219.088113][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1219.088123][ C0] R13: 00007f9bbb616038 R14: 00007f9bbb615fa0 R15: 00007ffe1a83ee08 [ 1219.088144][ C0] [ 1220.045800][T19628] FAULT_INJECTION: forcing a failure. [ 1220.045800][T19628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1220.094329][T19628] CPU: 1 PID: 19628 Comm: syz.3.4654 Not tainted syzkaller #0 [ 1220.101954][T19628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1220.112028][T19628] Call Trace: [ 1220.115328][T19628] [ 1220.118283][T19628] dump_stack_lvl+0x18c/0x250 [ 1220.123023][T19628] ? show_regs_print_info+0x20/0x20 [ 1220.128264][T19628] ? load_image+0x400/0x400 [ 1220.132790][T19628] ? lock_release+0xb5/0x8c0 [ 1220.137403][T19628] ? read_lock_is_recursive+0x20/0x20 [ 1220.142802][T19628] should_fail_ex+0x39d/0x4d0 [ 1220.147516][T19628] copyin+0x1a/0x90 [ 1220.151365][T19628] _copy_from_iter+0x54f/0x12e0 [ 1220.156259][T19628] ? copyout_mc+0x70/0x70 [ 1220.160638][T19628] ? __virt_addr_valid+0x18c/0x540 [ 1220.165795][T19628] ? __virt_addr_valid+0x469/0x540 [ 1220.170948][T19628] ? __check_object_size+0x506/0xa20 [ 1220.176277][T19628] skb_copy_datagram_from_iter+0xf4/0x6e0 [ 1220.182039][T19628] ? dev_get_by_index+0x22/0x2d0 [ 1220.187008][T19628] ? skb_put+0x11b/0x210 [ 1220.191275][T19628] packet_sendmsg+0x3566/0x4d70 [ 1220.196177][T19628] ? perf_tp_event+0x132d/0x1450 [ 1220.201145][T19628] ? perf_tp_event+0x1450/0x1450 [ 1220.206114][T19628] ? perf_trace_run_bpf_submit+0x1c0/0x1c0 [ 1220.211965][T19628] ? aa_sk_perm+0x83c/0x970 [ 1220.216522][T19628] ? packet_getsockopt+0xad0/0xad0 [ 1220.221672][T19628] ? rcu_is_watching+0x15/0xb0 [ 1220.226469][T19628] ? aa_sock_msg_perm+0x94/0x150 [ 1220.231451][T19628] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1220.236787][T19628] ? security_socket_sendmsg+0x80/0xa0 [ 1220.242290][T19628] ? packet_getsockopt+0xad0/0xad0 [ 1220.247430][T19628] ____sys_sendmsg+0x5ba/0x960 [ 1220.252217][T19628] ? rcu_is_watching+0x15/0xb0 [ 1220.257017][T19628] ? __asan_memset+0x22/0x40 [ 1220.261643][T19628] ? __sys_sendmsg_sock+0x30/0x30 [ 1220.266701][T19628] ? __import_iovec+0x3fa/0x850 [ 1220.271610][T19628] ? import_iovec+0x73/0xa0 [ 1220.276157][T19628] ___sys_sendmsg+0x2a6/0x360 [ 1220.280872][T19628] ? __sys_sendmsg+0x2a0/0x2a0 [ 1220.285667][T19628] ? lock_release+0xb5/0x8c0 [ 1220.290312][T19628] ? __lock_acquire+0x7d40/0x7d40 [ 1220.295380][T19628] __se_sys_sendmsg+0x1c2/0x2b0 [ 1220.300259][T19628] ? __x64_sys_sendmsg+0x80/0x80 [ 1220.305228][T19628] do_syscall_64+0x55/0xa0 [ 1220.309672][T19628] ? clear_bhb_loop+0x40/0x90 [ 1220.314376][T19628] ? clear_bhb_loop+0x40/0x90 [ 1220.319079][T19628] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1220.325004][T19628] RIP: 0033:0x7f6e70b9bf79 [ 1220.329459][T19628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1220.349097][T19628] RSP: 002b:00007f6e71b10028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1220.357535][T19628] RAX: ffffffffffffffda RBX: 00007f6e70e15fa0 RCX: 00007f6e70b9bf79 [ 1220.365536][T19628] RDX: 9cdc2384016f48f8 RSI: 0000200000000080 RDI: 0000000000000005 [ 1220.373541][T19628] RBP: 00007f6e71b10090 R08: 0000000000000000 R09: 0000000000000000 [ 1220.381537][T19628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1220.389529][T19628] R13: 00007f6e70e16038 R14: 00007f6e70e15fa0 R15: 00007ffd21c82928 [ 1220.397535][T19628]