last executing test programs: 1m21.381291114s ago: executing program 2 (id=25): write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xa, 0x6, 0x3a0, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000a40), &(0x7f00000001c0), 0x1800, r0}, 0x38) 1m6.677576317s ago: executing program 2 (id=25): write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xa, 0x6, 0x3a0, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000a40), &(0x7f00000001c0), 0x1800, r0}, 0x38) 47.503572583s ago: executing program 2 (id=25): write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xa, 0x6, 0x3a0, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000a40), &(0x7f00000001c0), 0x1800, r0}, 0x38) 34.222262181s ago: executing program 2 (id=25): write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xa, 0x6, 0x3a0, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000a40), &(0x7f00000001c0), 0x1800, r0}, 0x38) 20.976716135s ago: executing program 2 (id=25): write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xa, 0x6, 0x3a0, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000a40), &(0x7f00000001c0), 0x1800, r0}, 0x38) 9.150365035s ago: executing program 2 (id=25): write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xa, 0x6, 0x3a0, 0x5}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000a40), &(0x7f00000001c0), 0x1800, r0}, 0x38) 3.470285315s ago: executing program 0 (id=1659): r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xff00000000000000, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) 3.330501277s ago: executing program 0 (id=1662): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000002000000000000020071102200000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x12}, 0x80) 3.220895787s ago: executing program 0 (id=1666): perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x74b, 0xffff}, 0x8400}, 0x0, 0xfffffdbfffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$kcm(0x2b, 0x1, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r1, &(0x7f00000004c0)={&(0x7f0000000140)={0x2, 0x0, @local}, 0x10, 0x0}, 0x4008804) r2 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={0x1, 0x0, 0x0}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89fb, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x4, 0xc3, &(0x7f0000000600)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x1e) perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x1, 0x7f, 0x5, 0xf7, 0x0, 0x6, 0x80, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000000500), 0xa}, 0x8100, 0x9, 0x7, 0x8, 0x670000000000000, 0x4, 0x0, 0x0, 0x40, 0x0, 0x5aac}, 0x0, 0x2, r0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400060000120800040043000000a8001f000a00014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) sendmsg$inet(r1, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 2.868928648s ago: executing program 0 (id=1671): bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000000)={r0}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x4}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r1, &(0x7f0000000200), 0x20000000}, 0x20) recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/92, 0x5c}], 0x1}, 0x40020000) 1.878403975s ago: executing program 0 (id=1675): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0}, 0x10) r0 = perf_event_open$cgroup(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc35, 0xfffffffffffffffd}, 0x4082, 0x3, 0x7, 0x9, 0x0, 0x80200000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ID(r0, 0x4008240b, &(0x7f00000013c0)) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x2c, &(0x7f0000000140), 0x4) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f0000000440), 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x81, 0x4, 0xffffffff, 0x16, 0xffffffffffffffff, 0xffffffff}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200", @ANYRES32=r3], 0x0, 0x10, 0x0, 0x0, 0x0, 0x17, '\x00', 0x0, 0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6c}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8000000, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r5 = syz_clone(0x8002000, &(0x7f0000000340)="a543e6dc680448d726252f25fb3237d0fb2b695703ac7d2c287ffa3c5434fd70cdccf0f811118afe044d6d3eacc56929911137c46600621d604568d79c203d88f0564f997d37dd48396e9512d908fa1763b94bd2ff6df9339b59b02cc18c7a822dedfeb65a82e8658a4195f139d2830fe588579c3243230ae3c53cb339a6a9a50a50ea43a997b1c03fc2e2f6894f", 0x8e, &(0x7f0000000400), &(0x7f0000000500), &(0x7f0000000680)="1b49ec5aaa085565688ce83e42f048e2adc304a8ea08063c26709fba9939297d5f43eedbb8b74038201650511b453ae209336569bff2e8c3ccf20a3c73e67c1c006bc31abac39b3d10048746ce76c42b8e72ee62d1f04a3d1bdcf7da4c06fa6eb872839cfc3413364f42c2079e26a1920518411582e5638ff42bbc8db498f03170a0af00aeb4823d81c5ad260e112b0a70988ac25d4c279a") perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 1.871898796s ago: executing program 3 (id=1676): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x8, &(0x7f0000004380)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000002000008500000051000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7235f1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a49bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x91}, 0x2b) 1.711687729s ago: executing program 3 (id=1677): bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={0xffffffffffffffff, &(0x7f0000000300), 0x20000000}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x16, 0x0, &(0x7f0000000380)=""/22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x10, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000003f000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000011000000bf09000000000000550901000074f6967d00000000000000180100002020702500000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.638878846s ago: executing program 4 (id=1678): socket$kcm(0x1e, 0x4, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuset.effective_mems\x00', 0x26e1, 0x0) close(r0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wg2\x00', @random="b410848f00"}) 1.59414493s ago: executing program 3 (id=1679): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x1200, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000011008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b001c000d000020ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0) 1.498741048s ago: executing program 4 (id=1680): r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001ac0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169b740ac03d7c64cee49ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d54f45a24effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c7724e9e7e7babf61fe358ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261ed1d4515f46290d5c6579b63358fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f13dff7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63e774e940bfeb0de83f42fd565a299f741f9b00be4e8fcaf4ec85daceb16d9e8a438e3eb2556570e381b03d9e3c245728648ed9ff22dc963ed105c851c3481125b4c0c8a08a0c9930190902af109fc56b64cc952f298ebe73d7b18052e0147356228ca171b06274a871e2cf9609e0b4cdad36c3250bc8f56f95a6ed"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) write$cgroup_int(r2, &(0x7f0000000600), 0x12) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 1.270542038s ago: executing program 3 (id=1681): perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xffc7}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000001000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) 1.269795138s ago: executing program 4 (id=1682): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, 0x0, 0x0}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001f80)={{r0, 0xffffffffffffffff}, &(0x7f0000001f00), &(0x7f0000001f40)='%ps \x00'}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000022c0)={0xffffffffffffffff, 0xe0, &(0x7f0000002300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000001fc0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, &(0x7f0000002000), &(0x7f0000002000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbf, &(0x7f0000002080)=[{}], 0xfffffd8a, 0x10, &(0x7f00000020c0), &(0x7f0000002100), 0x6b31c7850835401a, 0xe8, 0x8, 0x8, &(0x7f0000002140)}}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x8, 0x92, 0x40, 0x600, r3, 0x2, '\x00', r4, 0xffffffffffffffff, 0x2, 0x0, 0x20000004, 0xd}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="000000000e00000000000000000040007b8af8ff00000000bf434b69af24f7afddc3b17f125fbf5ea200000000000006020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdir(0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8922, &(0x7f0000000080)) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000f80)=@generic={&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}, 0x18) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@generic={&(0x7f0000000fc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r2}, 0x18) r6 = socket$kcm(0xa, 0x2, 0x11) sendmsg$kcm(r6, &(0x7f0000003840)={&(0x7f0000000040)=@in={0x2, 0x4e23, @empty}, 0x80, 0x0, 0x0, &(0x7f0000001ec0)=ANY=[@ANYBLOB="295bf1e8260707100000000a002900000033fdc400"], 0x10}, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r7 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r7, 0x84, 0xd, &(0x7f0000000000), 0x8) perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x3, 0x0) 1.202803014s ago: executing program 1 (id=1683): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000003f840000000000000008"], 0x18}, 0x41) 1.202512914s ago: executing program 3 (id=1684): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0x2663}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x541b, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b904021d080202000000fcfe02a1180015000600142603600e1208000f0000810401a80016040a00014003000000036010fab94dcf5c0460c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791823a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1, 0x0, 0x6000, 0x7400}, 0x0) 1.109733212s ago: executing program 1 (id=1685): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000d40)}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x3, 0x3, 0x7}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00'}) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)='%ps \x00'}, 0x20) r1 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000488c) setsockopt$sock_attach_bpf(r1, 0x1, 0xd, &(0x7f0000000080), 0x24) close(r1) 1.016281761s ago: executing program 1 (id=1686): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0) write$cgroup_subtree(r0, 0x0, 0x15) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x5, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) write$cgroup_int(r1, &(0x7f0000000600), 0x12) r2 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000001080)={0x6, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xd}, 0xfff6}, r2, 0x0, 0xffffffffffffffff, 0x9) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff0000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 926.688488ms ago: executing program 3 (id=1687): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000e000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xda00) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00'}, 0x10) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000040)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'sit0\x00', @local}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000e00)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400)}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'sit0\x00', @random="4f33e363a4b1"}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708dfffffffffff7a8af8a90acde300bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000950000000000008f79056ee301000000ffffffff657856149ab2fc3a6375ca8f8bcacce7ccffe2c1409db416ab7e8622a30d3e04afb6c7800e8183ec2ba01c2d2745476010c394eed1de468d418e466c7881fc89a4f69b4e56c4c0619b53c3d882de4e8a21f7f6de7b1b15788e05000000000000004777cf2a9d79330b59bac06507cc85ac92f1da232d0d89aabc4bb45ddfa5a4ea95ebe13f96a74d0000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280), 0x84, r0}, 0x38) 766.676123ms ago: executing program 4 (id=1688): r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x29000000, 0x2, 0x0, 0x0) 594.719687ms ago: executing program 1 (id=1689): r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1, 0x0, 0x440a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21ca0000cf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c98cda2948ef0f440d7cad29567e15a7d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf225571f2487fc86acc2bff7d5664abebd6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f94306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552d703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8498856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b262341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa086d2a39f13f60b51136a945f780687aad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f91b52fc0b241c2db99a187c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f9ac2f7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b152d19612297c63bb20e1e0469f7615f67a9218cbace38f5236821314f76302b98afa93044b83989339ca10e6ae30e70e17a82f03e915b8425e8e7a91614306d2ae0bc3550d856f2d7293672b5673d264fc886b0c8bdf436a0fcd21bf9da7bdca98e34cd6e59b0a7ce4ba1b466561aaa35448dff47bb1d7df23d467689a66"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x3, &(0x7f0000000180)=ANY=[@ANYRES8=r1], &(0x7f0000000000)='GPL\x00', 0x4, 0xcf, &(0x7f0000000340)=""/207, 0x0, 0x40, '\x00', 0x0, 0x5}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) (async, rerun: 32) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) (async, rerun: 32) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) r5 = perf_event_open$cgroup(&(0x7f0000000440)={0x5, 0x80, 0x6, 0x2, 0x6, 0xab, 0x0, 0x7, 0x41000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000200), 0x8}, 0x111010, 0x0, 0x100, 0x4, 0x3ff, 0x3, 0x3, 0x0, 0x1, 0x0, 0x5}, r4, 0x3, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000240)='-\x00') (async, rerun: 32) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) (async, rerun: 32) ioctl$SIOCSIFHWADDR(r4, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\\\x00\x00 \x00'}) (async) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000000000004}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080b01000000e8fe55a1180015000600142603600e120800290000000401040016000a0001", 0x37}], 0x1}, 0x0) (async) r6 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0xfe33) (async) r7 = socket$kcm(0x2, 0x4, 0x0) (async) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x89f0, &(0x7f0000000080)) (async) ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000000)={r8}) (async) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x480, 0x0) 538.792172ms ago: executing program 4 (id=1690): r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000440)={r0, 0x20, &(0x7f0000000400)={0xfffffffffffffffe, 0x0, 0x0, &(0x7f0000000780)=""/164, 0xa4}}, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000023008000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000100950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb4413c0bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdee75dca3772be2c9d2d29dbaadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e82800026f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde713d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504baa0446e1437af6fa875d9d32fdada251e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4868fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e6b04c7c379e541afe1c5393e4e97c0146d7dc4915525c8bd6c044565badf8cc24727e70e619fa5a7c76a886946446162645e4ad8178185ba9aa929fb924eb2b3cc9ca3cf3a603683711a6f4aa84ffaec2c3b3ee0b13707916ec3cd5d000000000000000000005e717dbc2dfd109e05e37d975b3da80b38d9e021d75cc47a4df9804c36468f767cf23742d78f3d1f0d54ed01d0e282e8d73534e091e7582a53abec46e93d6908a1346180b59d64f70d7046faf247d17f96d9d1dff63704040ce49f2e66431a65155b71339237b591c482b5de7559f856fe20ac39adecdb5f64c003ac1f547bf1b151e84e8eb9ea69d3d752263d24c9d69b1762888ce75a91bdab16cd94d89b072d1bbeeba99cf52b45cdcfb12445b9b9d39bdb0fdfce46edc108aecd16d06f3c4a4e8bb71bdbfb6076d79321f7af34ab3e3b5b5747fda21c18546976e6df51f5cf3c372a550cca7f21d8cef069c0b5a4c3daeb11a0456c000f0fd1f039e1539ac31e037476fdfdc2da415ab02be45bc0f91369bd504e1b6e7403eee4bc957970c5b82259be461703e739f5802da2d036800fbe99198601e5639deb87f6e90a63a5c04993ea41a1ddd1d70548ee41b889705f99ea317f41dd59404d4f2941e4"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xd000000}, 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48) 331.461631ms ago: executing program 4 (id=1691): r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x26e1, 0x0) close(r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x4}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000200)={r3, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xa, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x2a}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x4000}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_pid(r1, 0x0, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) write$cgroup_subtree(r1, 0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, 0x0, 0x8080) sendmsg$kcm(r4, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x40047451, 0x2000000a) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$TUNSETOFFLOAD(r0, 0x40047451, 0x20000015) 328.075311ms ago: executing program 1 (id=1692): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) (async) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'perf_event'}, {0x0, 'net'}]}, 0x11) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000001240)="b9ff03076804268c989e14f088a8657986dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r5 = openat$cgroup_devices(r4, &(0x7f0000000680)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000140)=ANY=[@ANYBLOB='b 75:*\trmr'], 0xa) 68.555554ms ago: executing program 0 (id=1693): r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001ac0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169b740ac03d7c64cee49ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d54f45a24effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c7724e9e7e7babf61fe358ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261ed1d4515f46290d5c6579b63358fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f13dff7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63e774e940bfeb0de83f42fd565a299f741f9b00be4e8fcaf4ec85daceb16d9e8a438e3eb2556570e381b03d9e3c245728648ed9ff22dc963ed105c851c3481125b4c0c8a08a0c9930190902af109fc56b64cc952f298ebe73d7b18052e0147356228ca171b06274a871e2cf9609e0b4cdad36c3250bc8f56f95a6ed"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) write$cgroup_int(r2, &(0x7f0000000600), 0x12) perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=1694): perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x891a, &(0x7f0000000140)={'lo\x00', @random="0200ff7fffff"}) socket$kcm(0x2, 0x922000000001, 0x106) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0x1}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010110007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) kernel console output (not intermixed with test programs): ysvec_apic_timer_interrupt+0x16/0x20 [ 133.336521][ T6043] should_fail+0x38a/0x4c0 [ 133.340953][ T6043] _copy_to_user+0x2d/0x130 [ 133.345466][ T6043] simple_read_from_buffer+0xc6/0x150 [ 133.350854][ T6043] proc_fail_nth_read+0x1a3/0x210 [ 133.355889][ T6043] ? proc_fault_inject_write+0x390/0x390 [ 133.361531][ T6043] ? fsnotify_perm+0x442/0x590 [ 133.366300][ T6043] ? proc_fault_inject_write+0x390/0x390 [ 133.371939][ T6043] vfs_read+0x2fc/0xe10 [ 133.376108][ T6043] ? kernel_read+0x1f0/0x1f0 [ 133.380701][ T6043] ? rcu_nmi_exit+0x70/0xf0 [ 133.385217][ T6043] ? __fget_files+0x413/0x480 [ 133.389905][ T6043] ? mutex_lock_nested+0x17/0x20 [ 133.394845][ T6043] ? __fdget_pos+0x2cb/0x380 [ 133.399471][ T6043] ? ksys_read+0x77/0x2c0 [ 133.403805][ T6043] ksys_read+0x1a2/0x2c0 [ 133.408055][ T6043] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 133.414218][ T6043] ? vfs_write+0xe50/0xe50 [ 133.418636][ T6043] ? syscall_enter_from_user_mode+0x37/0x240 [ 133.424620][ T6043] ? syscall_enter_from_user_mode+0x2e/0x240 [ 133.430605][ T6043] do_syscall_64+0x3b/0xb0 [ 133.435024][ T6043] ? clear_bhb_loop+0x15/0x70 [ 133.439714][ T6043] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 133.445607][ T6043] RIP: 0033:0x7f2c7675893c [ 133.450018][ T6043] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 133.469622][ T6043] RSP: 002b:00007f2c74bd3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 133.478043][ T6043] RAX: ffffffffffffffda RBX: 00007f2c76912f80 RCX: 00007f2c7675893c [ 133.486191][ T6043] RDX: 000000000000000f RSI: 00007f2c74bd30a0 RDI: 0000000000000007 [ 133.494161][ T6043] RBP: 00007f2c74bd3090 R08: 0000000000000000 R09: 0000000000000000 [ 133.502137][ T6043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 133.510121][ T6043] R13: 0000000000000000 R14: 00007f2c76912f80 R15: 00007ffe3b43c108 [ 133.518116][ T6043] [ 133.813893][ T6051] device sit0 left promiscuous mode [ 134.031991][ T3832] Bluetooth: hci0: command 0x040f tx timeout [ 134.589044][ T6052] device sit0 entered promiscuous mode [ 134.712642][ T5873] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 134.869005][ T5873] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 134.890517][ T5873] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 134.927821][ T5873] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 135.185012][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.242366][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 135.264022][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 135.282386][ T6101] validate_nla: 1 callbacks suppressed [ 135.282636][ T6101] netlink: 'syz.3.792': attribute type 9 has an invalid length. [ 135.305659][ T5873] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.320785][ T6102] netlink: 'syz.0.791': attribute type 21 has an invalid length. [ 135.325358][ T6103] netlink: 'syz.3.792': attribute type 9 has an invalid length. [ 135.349718][ T6102] netlink: 144 bytes leftover after parsing attributes in process `syz.0.791'. [ 135.371264][ T6103] netlink: 399 bytes leftover after parsing attributes in process `syz.3.792'. [ 135.380364][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 135.398061][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 135.401339][ T6101] netlink: 399 bytes leftover after parsing attributes in process `syz.3.792'. [ 135.412206][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.422113][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.441869][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.450738][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 135.461686][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 135.470353][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.477519][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.487749][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 135.530380][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 135.626873][ T6108] device sit0 left promiscuous mode [ 136.265040][ T25] Bluetooth: hci0: command 0x0419 tx timeout [ 138.135279][ T6111] device sit0 entered promiscuous mode [ 138.608000][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 138.675758][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.728714][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 138.926541][ T5873] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 138.967784][ T5873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 139.037244][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 139.067205][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 139.143373][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.168156][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.190777][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.248633][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.481570][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 139.781817][ T6157] device syzkaller0 entered promiscuous mode [ 139.833675][ T6161] netlink: 40 bytes leftover after parsing attributes in process `syz.4.811'. [ 140.069006][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 140.175034][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.188421][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 140.198430][ T6173] netlink: 'syz.4.815': attribute type 16 has an invalid length. [ 140.210749][ T6173] netlink: 48 bytes leftover after parsing attributes in process `syz.4.815'. [ 140.274697][ T6177] netlink: 'syz.3.817': attribute type 11 has an invalid length. [ 140.308468][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 140.311944][ T6177] netlink: 'syz.3.817': attribute type 11 has an invalid length. [ 140.340548][ T6177] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.817'. [ 140.352550][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 140.408756][ T6184] FAULT_INJECTION: forcing a failure. [ 140.408756][ T6184] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 140.410401][ T5873] device veth0_vlan entered promiscuous mode [ 140.443947][ T6184] CPU: 1 PID: 6184 Comm: syz.0.820 Not tainted 5.15.166-syzkaller #0 [ 140.452157][ T6184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 140.462212][ T6184] Call Trace: [ 140.465484][ T6184] [ 140.468403][ T6184] dump_stack_lvl+0x1e3/0x2d0 [ 140.473071][ T6184] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 140.478701][ T6184] ? panic+0x860/0x860 [ 140.482801][ T6184] ? validate_chain+0x112/0x5930 [ 140.487727][ T6184] ? validate_chain+0x112/0x5930 [ 140.492656][ T6184] should_fail+0x38a/0x4c0 [ 140.497065][ T6184] _copy_from_user+0x2d/0x170 [ 140.501727][ T6184] __copy_msghdr_from_user+0xaf/0x7c0 [ 140.507089][ T6184] ? __ia32_sys_shutdown+0x60/0x60 [ 140.512195][ T6184] ___sys_sendmsg+0x166/0x2e0 [ 140.516855][ T6184] ? __sys_sendmsg+0x260/0x260 [ 140.521624][ T6184] ? __fdget+0x191/0x220 [ 140.525852][ T6184] __se_sys_sendmsg+0x19a/0x260 [ 140.530686][ T6184] ? __x64_sys_sendmsg+0x80/0x80 [ 140.535621][ T6184] ? syscall_enter_from_user_mode+0x2e/0x240 [ 140.541588][ T6184] ? lockdep_hardirqs_on+0x94/0x130 [ 140.546782][ T6184] ? syscall_enter_from_user_mode+0x2e/0x240 [ 140.552760][ T6184] do_syscall_64+0x3b/0xb0 [ 140.557170][ T6184] ? clear_bhb_loop+0x15/0x70 [ 140.561832][ T6184] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 140.567709][ T6184] RIP: 0033:0x7f2c76759ef9 [ 140.572109][ T6184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.591696][ T6184] RSP: 002b:00007f2c74bd3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.600092][ T6184] RAX: ffffffffffffffda RBX: 00007f2c76912f80 RCX: 00007f2c76759ef9 [ 140.608042][ T6184] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000003 [ 140.615992][ T6184] RBP: 00007f2c74bd3090 R08: 0000000000000000 R09: 0000000000000000 [ 140.623943][ T6184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.631986][ T6184] R13: 0000000000000000 R14: 00007f2c76912f80 R15: 00007ffe3b43c108 [ 140.639947][ T6184] [ 140.654677][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 140.675986][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 140.686080][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 140.694611][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 140.709090][ T5873] device veth1_vlan entered promiscuous mode [ 140.730530][ T6190] netlink: 210 bytes leftover after parsing attributes in process `syz.4.822'. [ 140.762687][ T6192] netlink: 'syz.0.823': attribute type 10 has an invalid length. [ 140.925082][ T5873] device veth0_macvtap entered promiscuous mode [ 140.963554][ T6196] netlink: 'syz.3.825': attribute type 33 has an invalid length. [ 140.972957][ T6196] netlink: 36 bytes leftover after parsing attributes in process `syz.3.825'. [ 140.982617][ T6196] device batadv0 entered promiscuous mode [ 140.990117][ T6196] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 141.016325][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 141.027258][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 141.043657][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 141.087324][ T5873] device veth1_macvtap entered promiscuous mode [ 141.162531][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.210093][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.267502][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.278602][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.288675][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.299122][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.309565][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.320570][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.341758][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 141.349368][ T6210] netlink: 'syz.4.831': attribute type 12 has an invalid length. [ 141.360377][ T6210] netlink: 132 bytes leftover after parsing attributes in process `syz.4.831'. [ 141.419794][ T6212] device sit0 left promiscuous mode [ 142.033302][ T6219] device sit0 entered promiscuous mode [ 142.061824][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 142.070377][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 142.125132][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.152028][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.163657][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.179429][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.193069][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.207981][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.219779][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.234137][ T5873] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.246959][ T5873] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.265251][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.280595][ T6230] netlink: 'syz.1.837': attribute type 13 has an invalid length. [ 142.302844][ T6230] macvtap0: refused to change device tx_queue_len [ 142.332179][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 142.402815][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 142.528020][ T5873] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.596583][ T5873] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.609668][ T5873] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.631518][ T5873] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.455078][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.486048][ T6269] netlink: 56 bytes leftover after parsing attributes in process `syz.1.852'. [ 143.526125][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.651552][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 143.743013][ T3642] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.804826][ T3642] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.890473][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 143.998919][ T6282] tun0: tun_chr_ioctl cmd 1074025680 [ 144.020609][ T6282] netlink: 'syz.1.858': attribute type 10 has an invalid length. [ 144.091535][ T6282] device veth1_macvtap left promiscuous mode [ 144.225768][ T6282] bridge0: port 5(macsec0) entered blocking state [ 144.246049][ T6282] bridge0: port 5(macsec0) entered disabled state [ 144.303613][ T6282] device macsec0 entered promiscuous mode [ 144.482386][ T6304] device sit0 left promiscuous mode [ 144.570609][ T6302] device sit0 entered promiscuous mode [ 144.791752][ T3642] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.951136][ T3642] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.158570][ T3642] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.240082][ T6321] netlink: 168 bytes leftover after parsing attributes in process `syz.0.869'. [ 145.365209][ T6321] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 145.421488][ T3642] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.443440][ T6321] syz.0.869 (6321) used greatest stack depth: 17472 bytes left [ 146.067611][ T6331] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 146.299910][ T6345] netlink: 'syz.3.879': attribute type 11 has an invalid length. [ 146.307719][ T6345] netlink: 140 bytes leftover after parsing attributes in process `syz.3.879'. [ 146.457835][ T6340] chnl_net:caif_netlink_parms(): no params data found [ 146.641034][ T6351] netlink: 'syz.4.881': attribute type 28 has an invalid length. [ 146.660787][ T6351] netlink: 2 bytes leftover after parsing attributes in process `syz.4.881'. [ 146.748620][ T6356] netlink: 'syz.3.882': attribute type 13 has an invalid length. [ 146.809550][ T6355] device sit0 left promiscuous mode [ 147.479318][ T6364] device sit0 entered promiscuous mode [ 147.564238][ T6340] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.580171][ T6340] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.619702][ T6340] device bridge_slave_0 entered promiscuous mode [ 147.667179][ T6370] device sit0 left promiscuous mode [ 147.857037][ T6382] netlink: 'syz.3.887': attribute type 3 has an invalid length. [ 147.877414][ T6382] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.887'. [ 148.310783][ T1292] Bluetooth: hci0: command 0x0409 tx timeout [ 148.411268][ T6340] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.434118][ T6340] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.448473][ T6340] device bridge_slave_1 entered promiscuous mode [ 148.515547][ T6381] bridge0: port 4(team0) entered blocking state [ 148.523168][ T6381] bridge0: port 4(team0) entered disabled state [ 148.549327][ T6381] device team0 entered promiscuous mode [ 148.557716][ T6381] device team_slave_0 entered promiscuous mode [ 148.578061][ T6381] device team_slave_1 entered promiscuous mode [ 148.587105][ T6377] device sit0 entered promiscuous mode [ 148.715561][ T3642] device hsr_slave_0 left promiscuous mode [ 148.754462][ T3642] device hsr_slave_1 left promiscuous mode [ 148.781418][ T3642] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.799145][ T3642] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.817899][ T3642] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.841382][ T3642] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.862018][ T3642] device bridge_slave_1 left promiscuous mode [ 148.868635][ T3642] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.889566][ T3642] device bridge_slave_0 left promiscuous mode [ 148.906064][ T3642] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.922224][ T3642] device veth1_macvtap left promiscuous mode [ 148.928603][ T3642] device veth0_macvtap left promiscuous mode [ 148.935014][ T3642] device veth1_vlan left promiscuous mode [ 148.940983][ T3642] device veth0_vlan left promiscuous mode [ 149.185634][ T3642] team0 (unregistering): Port device team_slave_1 removed [ 149.198321][ T3642] team0 (unregistering): Port device team_slave_0 removed [ 149.209848][ T3642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.228704][ T3642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.291267][ T3642] bond0 (unregistering): Released all slaves [ 149.338325][ T6340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.350163][ T6340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.405436][ T6420] device sit0 left promiscuous mode [ 149.817815][ T6424] device sit0 entered promiscuous mode [ 150.036342][ T6340] team0: Port device team_slave_0 added [ 150.056444][ T6340] team0: Port device team_slave_1 added [ 150.431401][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 150.770002][ T6340] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 150.777441][ T6340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.805860][ T6340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.839503][ T6340] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 150.873808][ T6340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.908499][ T6340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 150.967645][ T6449] netlink: 'syz.3.912': attribute type 2 has an invalid length. [ 151.071594][ T6340] device hsr_slave_0 entered promiscuous mode [ 151.089832][ T6340] device hsr_slave_1 entered promiscuous mode [ 151.181714][ T6463] netlink: 'syz.0.920': attribute type 2 has an invalid length. [ 151.189377][ T6463] netlink: 132 bytes leftover after parsing attributes in process `syz.0.920'. [ 152.512679][ T6504] Bluetooth: hci0: command 0x040f tx timeout [ 152.770545][ C1] eth0: bad gso: type: 1, size: 1408 [ 152.805097][ T6340] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 152.827671][ T6340] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 152.878897][ T6536] netlink: 'syz.0.943': attribute type 10 has an invalid length. [ 152.910860][ T6536] device veth1_macvtap left promiscuous mode [ 153.026084][ T6340] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 153.076665][ T6340] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 153.394210][ T6551] device syzkaller0 entered promiscuous mode [ 153.419969][ T6555] netlink: 'syz.3.953': attribute type 10 has an invalid length. [ 153.474636][ T6340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.517852][ T6558] device sit0 left promiscuous mode [ 154.147923][ T6574] FAULT_INJECTION: forcing a failure. [ 154.147923][ T6574] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.184274][ T6574] CPU: 0 PID: 6574 Comm: syz.3.958 Not tainted 5.15.166-syzkaller #0 [ 154.192373][ T6574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 154.202429][ T6574] Call Trace: [ 154.205698][ T6574] [ 154.208620][ T6574] dump_stack_lvl+0x1e3/0x2d0 [ 154.213297][ T6574] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 154.218923][ T6574] ? panic+0x860/0x860 [ 154.222992][ T6574] ? validate_chain+0x112/0x5930 [ 154.227930][ T6574] ? validate_chain+0x112/0x5930 [ 154.232875][ T6574] should_fail+0x38a/0x4c0 [ 154.237294][ T6574] _copy_from_user+0x2d/0x170 [ 154.241967][ T6574] iovec_from_user+0x13b/0x390 [ 154.246732][ T6574] __import_iovec+0x72/0x4b0 [ 154.251322][ T6574] ? __ia32_sys_shutdown+0x60/0x60 [ 154.256437][ T6574] import_iovec+0xe6/0x120 [ 154.260852][ T6574] ___sys_sendmsg+0x215/0x2e0 [ 154.265529][ T6574] ? __sys_sendmsg+0x260/0x260 [ 154.270330][ T6574] ? __fdget+0x191/0x220 [ 154.274569][ T6574] __se_sys_sendmsg+0x19a/0x260 [ 154.279415][ T6574] ? __x64_sys_sendmsg+0x80/0x80 [ 154.284366][ T6574] ? syscall_enter_from_user_mode+0x2e/0x240 [ 154.290348][ T6574] ? lockdep_hardirqs_on+0x94/0x130 [ 154.295549][ T6574] ? syscall_enter_from_user_mode+0x2e/0x240 [ 154.301533][ T6574] do_syscall_64+0x3b/0xb0 [ 154.305948][ T6574] ? clear_bhb_loop+0x15/0x70 [ 154.310623][ T6574] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 154.316511][ T6574] RIP: 0033:0x7f0034b82ef9 [ 154.320921][ T6574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.340518][ T6574] RSP: 002b:00007f0032ffc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 154.348926][ T6574] RAX: ffffffffffffffda RBX: 00007f0034d3bf80 RCX: 00007f0034b82ef9 [ 154.356897][ T6574] RDX: 000000000a000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 154.364871][ T6574] RBP: 00007f0032ffc090 R08: 0000000000000000 R09: 0000000000000000 [ 154.372975][ T6574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.381054][ T6574] R13: 0000000000000000 R14: 00007f0034d3bf80 R15: 00007ffe788b17b8 [ 154.389052][ T6574] [ 154.546848][ T6340] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.593073][ T6509] Bluetooth: hci0: command 0x0419 tx timeout [ 154.633784][ T6562] netlink: 140 bytes leftover after parsing attributes in process `syz.4.955'. [ 154.658097][ T6562] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 154.695175][ T6564] device sit0 entered promiscuous mode [ 154.729820][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 154.739960][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.779238][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.810826][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.848638][ T3615] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.856050][ T3615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.877811][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.889047][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.906398][ T3615] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.913535][ T3615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.934884][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 154.959088][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 154.982389][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.056902][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.093836][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.117692][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 155.127834][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.138088][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 155.170728][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.186194][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.195899][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.205777][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.218551][ T6340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 155.492462][ T6615] netlink: 'syz.0.971': attribute type 10 has an invalid length. [ 155.509608][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 155.518300][ C1] eth0: bad gso: type: 1, size: 1408 [ 155.519630][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 155.540954][ T6340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.618879][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 155.637232][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 155.658308][ T6626] device sit0 left promiscuous mode [ 155.912410][ T6633] device sit0 entered promiscuous mode [ 156.456400][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 156.474752][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 156.556240][ T6340] device veth0_vlan entered promiscuous mode [ 156.579581][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 156.590724][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 156.609090][ T6648] netlink: 'syz.0.980': attribute type 10 has an invalid length. [ 156.639906][ T6340] device veth1_vlan entered promiscuous mode [ 156.683015][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 156.702432][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 156.718443][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 156.737938][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 156.754024][ T6340] device veth0_macvtap entered promiscuous mode [ 156.789895][ T6340] device veth1_macvtap entered promiscuous mode [ 156.838946][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.868419][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.883820][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.896347][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.906550][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.919791][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.938971][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.949593][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.963318][ T6340] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.987157][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 157.000661][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.030035][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 157.056337][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.091736][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.111290][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.136646][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.164545][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.191484][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.218641][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.244329][ T6340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.277886][ T6340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.318375][ T6340] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.339781][ T6665] netlink: 'syz.3.984': attribute type 10 has an invalid length. [ 157.390286][ T6665] device wlan1 entered promiscuous mode [ 157.408719][ T6665] team0: Port device wlan1 added [ 157.427918][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 157.443418][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 157.476325][ T6340] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.496496][ T6340] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.518596][ T6340] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.541319][ T6340] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.753260][ T3642] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.786723][ T3642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.836994][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 157.842115][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.870181][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.899546][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 157.929845][ T6675] device sit0 left promiscuous mode [ 158.001827][ T6680] FAULT_INJECTION: forcing a failure. [ 158.001827][ T6680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.062002][ T6679] device sit0 entered promiscuous mode [ 158.145223][ T6680] CPU: 1 PID: 6680 Comm: syz.1.992 Not tainted 5.15.166-syzkaller #0 [ 158.153585][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 158.163649][ T6680] Call Trace: [ 158.166936][ T6680] [ 158.169872][ T6680] dump_stack_lvl+0x1e3/0x2d0 [ 158.174562][ T6680] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 158.180203][ T6680] ? panic+0x860/0x860 [ 158.184301][ T6680] should_fail+0x38a/0x4c0 [ 158.188731][ T6680] _copy_from_user+0x2d/0x170 [ 158.193516][ T6680] __copy_msghdr_from_user+0xaf/0x7c0 [ 158.198899][ T6680] ? perf_trace_run_bpf_submit+0xf7/0x1d0 [ 158.204638][ T6680] ? __ia32_sys_shutdown+0x60/0x60 [ 158.209795][ T6680] ___sys_sendmsg+0x166/0x2e0 [ 158.214487][ T6680] ? __sys_sendmsg+0x260/0x260 [ 158.219390][ T6680] ? __fdget+0x191/0x220 [ 158.223647][ T6680] __se_sys_sendmsg+0x19a/0x260 [ 158.228512][ T6680] ? __x64_sys_sendmsg+0x80/0x80 [ 158.233472][ T6680] ? syscall_enter_from_user_mode+0x2e/0x240 [ 158.239542][ T6680] ? lockdep_hardirqs_on+0x94/0x130 [ 158.244747][ T6680] ? syscall_enter_from_user_mode+0x2e/0x240 [ 158.250737][ T6680] do_syscall_64+0x3b/0xb0 [ 158.255155][ T6680] ? clear_bhb_loop+0x15/0x70 [ 158.259838][ T6680] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 158.265734][ T6680] RIP: 0033:0x7fdfc5232ef9 [ 158.270152][ T6680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.289760][ T6680] RSP: 002b:00007fdfc36ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.298189][ T6680] RAX: ffffffffffffffda RBX: 00007fdfc53ebf80 RCX: 00007fdfc5232ef9 [ 158.306173][ T6680] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 158.314148][ T6680] RBP: 00007fdfc36ac090 R08: 0000000000000000 R09: 0000000000000000 [ 158.322125][ T6680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.330101][ T6680] R13: 0000000000000000 R14: 00007fdfc53ebf80 R15: 00007ffee49b7bd8 [ 158.338207][ T6680] [ 158.537883][ T6687] netlink: 'syz.1.995': attribute type 3 has an invalid length. [ 158.545662][ T6687] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.995'. [ 158.773798][ T6683] netlink: 'syz.0.994': attribute type 12 has an invalid length. [ 158.782437][ T6683] netlink: 'syz.0.994': attribute type 1 has an invalid length. [ 158.790158][ T6683] netlink: 40 bytes leftover after parsing attributes in process `syz.0.994'. [ 158.801457][ T6683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.815349][ T6684] netlink: 14 bytes leftover after parsing attributes in process `syz.4.993'. [ 159.106839][ T6714] netlink: 'syz.1.1005': attribute type 10 has an invalid length. [ 159.124213][ T6714] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1005'. [ 159.419882][ T6718] device sit0 left promiscuous mode [ 159.497104][ T3642] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.576535][ T6720] device sit0 entered promiscuous mode [ 159.956720][ T3642] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.216637][ T3642] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.288480][ T3642] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.819582][ T6765] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1023'. [ 160.865618][ T6759] device sit0 left promiscuous mode [ 161.575369][ T6761] device sit0 entered promiscuous mode [ 161.633005][ T6776] netlink: 'syz.1.1028': attribute type 10 has an invalid length. [ 161.700680][ T6781] FAULT_INJECTION: forcing a failure. [ 161.700680][ T6781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 161.744190][ T6781] CPU: 1 PID: 6781 Comm: syz.4.1029 Not tainted 5.15.166-syzkaller #0 [ 161.752368][ T6781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 161.762431][ T6781] Call Trace: [ 161.765711][ T6781] [ 161.768639][ T6781] dump_stack_lvl+0x1e3/0x2d0 [ 161.773327][ T6781] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 161.778967][ T6781] ? panic+0x860/0x860 [ 161.783126][ T6781] ? validate_chain+0x112/0x5930 [ 161.788084][ T6781] ? validate_chain+0x112/0x5930 [ 161.793032][ T6781] should_fail+0x38a/0x4c0 [ 161.797455][ T6781] _copy_from_user+0x2d/0x170 [ 161.802133][ T6781] __copy_msghdr_from_user+0x587/0x7c0 [ 161.807603][ T6781] ? __ia32_sys_shutdown+0x60/0x60 [ 161.812738][ T6781] ___sys_sendmsg+0x166/0x2e0 [ 161.817422][ T6781] ? __sys_sendmsg+0x260/0x260 [ 161.822223][ T6781] ? __fdget+0x191/0x220 [ 161.826473][ T6781] __se_sys_sendmsg+0x19a/0x260 [ 161.831326][ T6781] ? __x64_sys_sendmsg+0x80/0x80 [ 161.836270][ T6781] ? syscall_enter_from_user_mode+0x2e/0x240 [ 161.842251][ T6781] ? lockdep_hardirqs_on+0x94/0x130 [ 161.847448][ T6781] ? syscall_enter_from_user_mode+0x2e/0x240 [ 161.853519][ T6781] do_syscall_64+0x3b/0xb0 [ 161.857932][ T6781] ? clear_bhb_loop+0x15/0x70 [ 161.862606][ T6781] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 161.868500][ T6781] RIP: 0033:0x7f1afbeabef9 [ 161.872919][ T6781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.892524][ T6781] RSP: 002b:00007f1afa325038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.900940][ T6781] RAX: ffffffffffffffda RBX: 00007f1afc064f80 RCX: 00007f1afbeabef9 [ 161.908910][ T6781] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000003 [ 161.917069][ T6781] RBP: 00007f1afa325090 R08: 0000000000000000 R09: 0000000000000000 [ 161.925145][ T6781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.933124][ T6781] R13: 0000000000000000 R14: 00007f1afc064f80 R15: 00007fff648e2508 [ 161.939339][ T6786] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 161.941109][ T6781] [ 162.059643][ T6760] chnl_net:caif_netlink_parms(): no params data found [ 162.080556][ T6794] netlink: 'syz.3.1034': attribute type 10 has an invalid length. [ 162.319408][ T6760] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.326871][ T6760] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.335336][ T6760] device bridge_slave_0 entered promiscuous mode [ 162.344608][ T6760] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.352577][ T6760] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.361460][ T6760] device bridge_slave_1 entered promiscuous mode [ 162.393268][ T6808] device sit0 left promiscuous mode [ 162.911454][ T6494] Bluetooth: hci0: command 0x0409 tx timeout [ 163.131333][ T6814] device sit0 entered promiscuous mode [ 163.414658][ T6760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.497002][ T3642] device hsr_slave_0 left promiscuous mode [ 163.517266][ T3642] device hsr_slave_1 left promiscuous mode [ 163.532147][ T6847] netlink: 'syz.3.1050': attribute type 4 has an invalid length. [ 163.544414][ T3642] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.569165][ T6847] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1050'. [ 163.579197][ T3642] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.587774][ T3642] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.596030][ T3642] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.604365][ T3642] device bridge_slave_1 left promiscuous mode [ 163.610608][ T3642] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.630891][ T3642] device bridge_slave_0 left promiscuous mode [ 163.638558][ T3642] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.664777][ T3642] device veth1_macvtap left promiscuous mode [ 163.678272][ T3642] device veth0_macvtap left promiscuous mode [ 163.693324][ T3642] device veth1_vlan left promiscuous mode [ 163.706192][ T3642] device veth0_vlan left promiscuous mode [ 164.150526][ T3642] team0 (unregistering): Port device team_slave_1 removed [ 164.176414][ T3642] team0 (unregistering): Port device team_slave_0 removed [ 164.198090][ T3642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.233625][ T3642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.441553][ T3642] bond0 (unregistering): Released all slaves [ 164.521038][ T6840] netlink: 'syz.3.1050': attribute type 17 has an invalid length. [ 164.529548][ T6840] netlink: 'syz.3.1050': attribute type 16 has an invalid length. [ 164.538251][ T6840] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1050'. [ 164.560958][ T6760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.969752][ T6760] team0: Port device team_slave_0 added [ 164.991711][ T6627] Bluetooth: hci0: command 0x041b tx timeout [ 165.061999][ T6760] team0: Port device team_slave_1 added [ 165.204133][ T6760] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.211797][ T6760] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.258267][ T6760] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.314400][ T6760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.354390][ T6760] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.423398][ T6760] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.488949][ T6884] device sit0 left promiscuous mode [ 166.140495][ T6892] device sit0 entered promiscuous mode [ 166.189908][ T6898] netlink: 'syz.0.1072': attribute type 10 has an invalid length. [ 166.294330][ T6907] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1075'. [ 166.434689][ T6760] device hsr_slave_0 entered promiscuous mode [ 166.506761][ T6760] device hsr_slave_1 entered promiscuous mode [ 166.983540][ T6934] device sit0 left promiscuous mode [ 167.115937][ T6494] Bluetooth: hci0: command 0x040f tx timeout [ 168.745441][ T6937] device sit0 entered promiscuous mode [ 169.151527][ T6627] Bluetooth: hci0: command 0x0419 tx timeout [ 169.374867][ T6941] A link change request failed with some changes committed already. Interface Y4`Ҙ may have been left with an inconsistent configuration, please check. [ 169.404263][ T6946] netlink: 'syz.0.1089': attribute type 28 has an invalid length. [ 169.417470][ T6946] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1089'. [ 169.765246][ T6760] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 169.963508][ T6760] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 170.283180][ T6760] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 170.455523][ T6760] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 170.591313][ T6627] Bluetooth: hci4: command 0x0406 tx timeout [ 170.756433][ T6760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.815896][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.853869][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.885227][ T6760] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.942090][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.957864][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.983568][ T454] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.990759][ T454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.000560][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.039874][ T7008] device sit0 left promiscuous mode [ 171.314327][ T7014] device sit0 entered promiscuous mode [ 171.511510][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.520282][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.540727][ T3808] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.547890][ T3808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.692511][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.751831][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.769677][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.782848][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.806431][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.856532][ T7036] netlink: 'syz.3.1120': attribute type 2 has an invalid length. [ 171.901534][ T7043] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1122'. [ 172.031360][ T7049] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1122'. [ 172.146814][ T6760] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 172.211622][ T6760] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.261252][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.282532][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.293280][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.307031][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.360962][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.374224][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.416834][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 173.582475][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.589981][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.704497][ T6760] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.860132][ T7124] device sit0 left promiscuous mode [ 174.413894][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 174.444174][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 174.497348][ T7127] device sit0 entered promiscuous mode [ 174.900029][ T7146] netlink: 'syz.0.1140': attribute type 29 has an invalid length. [ 175.166800][ T7154] syz.3.1143[7154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 175.166896][ T7154] syz.3.1143[7154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 175.725592][ T6760] device veth0_vlan entered promiscuous mode [ 175.779482][ T7146] netlink: 'syz.0.1140': attribute type 29 has an invalid length. [ 175.788206][ T7162] netlink: 'syz.3.1147': attribute type 9 has an invalid length. [ 175.805499][ T7162] netlink: 61951 bytes leftover after parsing attributes in process `syz.3.1147'. [ 175.853680][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 175.888616][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 175.932388][ T7165] netlink: 'syz.4.1148': attribute type 10 has an invalid length. [ 175.947275][ T6760] device veth1_vlan entered promiscuous mode [ 175.964363][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 175.975551][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 176.036970][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 176.066702][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 176.124053][ T6760] device veth0_macvtap entered promiscuous mode [ 176.143729][ T7171] netlink: 'syz.3.1150': attribute type 10 has an invalid length. [ 176.164466][ T7171] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1150'. [ 176.225283][ T7171] device ipvlan1 entered promiscuous mode [ 176.348384][ T7171] bridge0: port 5(ipvlan1) entered blocking state [ 176.358903][ T7171] bridge0: port 5(ipvlan1) entered disabled state [ 176.380996][ T7171] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 176.423096][ T6760] device veth1_macvtap entered promiscuous mode [ 176.450327][ T7181] netlink: 'syz.4.1155': attribute type 10 has an invalid length. [ 176.577320][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.589741][ T7196] FAULT_INJECTION: forcing a failure. [ 176.589741][ T7196] name failslab, interval 1, probability 0, space 0, times 0 [ 176.625652][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.631193][ T7196] CPU: 0 PID: 7196 Comm: syz.0.1160 Not tainted 5.15.166-syzkaller #0 [ 176.643601][ T7196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 176.653664][ T7196] Call Trace: [ 176.656938][ T7196] [ 176.659866][ T7196] dump_stack_lvl+0x1e3/0x2d0 [ 176.664554][ T7196] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 176.667331][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.670187][ T7196] ? panic+0x860/0x860 [ 176.684621][ T7196] ? __might_sleep+0xc0/0xc0 [ 176.689215][ T7196] ? netlink_insert+0xcac/0x1280 [ 176.694160][ T7196] should_fail+0x38a/0x4c0 [ 176.698581][ T7196] should_failslab+0x5/0x20 [ 176.703079][ T7196] slab_pre_alloc_hook+0x53/0xc0 [ 176.708034][ T7196] kmem_cache_alloc_node+0x49/0x2c0 [ 176.712829][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.713225][ T7196] ? __alloc_skb+0xdd/0x590 [ 176.727484][ T7196] __alloc_skb+0xdd/0x590 [ 176.728362][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.731811][ T7196] netlink_sendmsg+0x6f8/0xd60 [ 176.731843][ T7196] ? netlink_getsockopt+0x5b0/0x5b0 [ 176.731863][ T7196] ? aa_sock_msg_perm+0x91/0x150 [ 176.731883][ T7196] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 176.731899][ T7196] ? security_socket_sendmsg+0x7d/0xa0 [ 176.731915][ T7196] ? netlink_getsockopt+0x5b0/0x5b0 [ 176.731935][ T7196] ____sys_sendmsg+0x59e/0x8f0 [ 176.760618][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.762386][ T7196] ? iovec_from_user+0x300/0x390 [ 176.762417][ T7196] ? __sys_sendmsg_sock+0x30/0x30 [ 176.762449][ T7196] ___sys_sendmsg+0x252/0x2e0 [ 176.762471][ T7196] ? __sys_sendmsg+0x260/0x260 [ 176.762524][ T7196] ? __fdget+0x191/0x220 [ 176.762546][ T7196] __se_sys_sendmsg+0x19a/0x260 [ 176.762565][ T7196] ? __x64_sys_sendmsg+0x80/0x80 [ 176.762590][ T7196] ? syscall_enter_from_user_mode+0x2e/0x240 [ 176.773883][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.777914][ T7196] ? lockdep_hardirqs_on+0x94/0x130 [ 176.790333][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.792593][ T7196] ? syscall_enter_from_user_mode+0x2e/0x240 [ 176.792620][ T7196] do_syscall_64+0x3b/0xb0 [ 176.792636][ T7196] ? clear_bhb_loop+0x15/0x70 [ 176.792652][ T7196] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 176.792672][ T7196] RIP: 0033:0x7f2c76759ef9 [ 176.792688][ T7196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.792702][ T7196] RSP: 002b:00007f2c74bd3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.792721][ T7196] RAX: ffffffffffffffda RBX: 00007f2c76912f80 RCX: 00007f2c76759ef9 [ 176.805227][ T6760] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.807112][ T7196] RDX: 000000000a000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 176.829835][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.837385][ T7196] RBP: 00007f2c74bd3090 R08: 0000000000000000 R09: 0000000000000000 [ 176.837401][ T7196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.837411][ T7196] R13: 0000000000000000 R14: 00007f2c76912f80 R15: 00007ffe3b43c108 [ 176.837436][ T7196] [ 176.969576][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.987131][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.001560][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.018363][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.048526][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.064601][ T6760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 177.076719][ T6760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.103913][ T6760] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.158956][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 177.188103][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 177.213464][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 177.277753][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 177.392322][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 177.402716][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 177.483456][ T6760] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.547252][ T6760] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.567892][ T6760] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.584577][ T6760] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.754511][ T7242] netlink: 'syz.0.1174': attribute type 10 has an invalid length. [ 177.849699][ T4291] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.876486][ T4291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.900448][ T3642] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.903818][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 177.931911][ T3642] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.958452][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 178.037997][ T7248] netlink: 'syz.4.1180': attribute type 10 has an invalid length. [ 178.669498][ T3642] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.819246][ T3642] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.099586][ T3642] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.166849][ T3642] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.903145][ T7278] netlink: 1038 bytes leftover after parsing attributes in process `syz.4.1191'. [ 179.922409][ T7282] FAULT_INJECTION: forcing a failure. [ 179.922409][ T7282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.964671][ T7286] netlink: 'syz.3.1189': attribute type 10 has an invalid length. [ 179.974861][ T7278] netlink: 'syz.4.1191': attribute type 29 has an invalid length. [ 179.997249][ T7282] CPU: 1 PID: 7282 Comm: syz.1.1193 Not tainted 5.15.166-syzkaller #0 [ 180.005436][ T7282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 180.015484][ T7282] Call Trace: [ 180.018746][ T7282] [ 180.021665][ T7282] dump_stack_lvl+0x1e3/0x2d0 [ 180.026334][ T7282] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 180.031950][ T7282] ? panic+0x860/0x860 [ 180.036021][ T7282] should_fail+0x38a/0x4c0 [ 180.040431][ T7282] _copy_from_user+0x2d/0x170 [ 180.045106][ T7282] iovec_from_user+0x13b/0x390 [ 180.049864][ T7282] __import_iovec+0x72/0x4b0 [ 180.054442][ T7282] ? __ia32_sys_shutdown+0x60/0x60 [ 180.059558][ T7282] import_iovec+0xe6/0x120 [ 180.063971][ T7282] ___sys_sendmsg+0x215/0x2e0 [ 180.068642][ T7282] ? __sys_sendmsg+0x260/0x260 [ 180.073448][ T7282] ? __fdget+0x191/0x220 [ 180.077682][ T7282] __se_sys_sendmsg+0x19a/0x260 [ 180.082873][ T7282] ? __x64_sys_sendmsg+0x80/0x80 [ 180.087807][ T7282] ? syscall_enter_from_user_mode+0x2e/0x240 [ 180.093773][ T7282] ? lockdep_hardirqs_on+0x94/0x130 [ 180.098955][ T7282] ? syscall_enter_from_user_mode+0x2e/0x240 [ 180.104922][ T7282] do_syscall_64+0x3b/0xb0 [ 180.109322][ T7282] ? clear_bhb_loop+0x15/0x70 [ 180.113981][ T7282] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 180.119858][ T7282] RIP: 0033:0x7fdfc5232ef9 [ 180.124262][ T7282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.144025][ T7282] RSP: 002b:00007fdfc36ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 180.152424][ T7282] RAX: ffffffffffffffda RBX: 00007fdfc53ebf80 RCX: 00007fdfc5232ef9 [ 180.160381][ T7282] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 180.168334][ T7282] RBP: 00007fdfc36ac090 R08: 0000000000000000 R09: 0000000000000000 [ 180.176288][ T7282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.184247][ T7282] R13: 0000000000000000 R14: 00007fdfc53ebf80 R15: 00007ffee49b7bd8 [ 180.192226][ T7282] [ 180.212787][ T7278] netlink: 'syz.4.1191': attribute type 29 has an invalid length. [ 180.240693][ T7287] netlink: 'syz.4.1191': attribute type 29 has an invalid length. [ 180.249205][ T7288] netlink: 'syz.4.1191': attribute type 29 has an invalid length. [ 180.298391][ T3642] device hsr_slave_0 left promiscuous mode [ 180.313384][ T3642] device hsr_slave_1 left promiscuous mode [ 180.322061][ T3642] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.353452][ T3642] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 180.368060][ T3642] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.376524][ T3642] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.384516][ T3642] device bridge_slave_1 left promiscuous mode [ 180.390744][ T3642] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.399562][ T3642] device bridge_slave_0 left promiscuous mode [ 180.406092][ T3642] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.426306][ T3642] device veth1_macvtap left promiscuous mode [ 180.432530][ T3642] device veth0_macvtap left promiscuous mode [ 180.438656][ T3642] device veth1_vlan left promiscuous mode [ 180.444787][ T3642] device veth0_vlan left promiscuous mode [ 180.662332][ T3642] team0 (unregistering): Port device team_slave_1 removed [ 180.711123][ T3642] team0 (unregistering): Port device team_slave_0 removed [ 180.750613][ T3642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 180.776668][ T3642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 180.860139][ T3642] bond0 (unregistering): Released all slaves [ 180.907255][ T7278] netlink: 'syz.4.1191': attribute type 29 has an invalid length. [ 180.920196][ T7292] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1195'. [ 180.934248][ T7300] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1198'. [ 181.165359][ T7284] chnl_net:caif_netlink_parms(): no params data found [ 181.397994][ T7323] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.1206'. [ 181.457589][ T7284] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.468852][ T7284] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.501960][ T7284] device bridge_slave_0 entered promiscuous mode [ 181.532641][ T7284] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.539864][ T7284] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.574125][ T7284] device bridge_slave_1 entered promiscuous mode [ 181.715485][ T7284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.764028][ T7284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.902331][ T7284] team0: Port device team_slave_0 added [ 181.946752][ T7284] team0: Port device team_slave_1 added [ 182.031580][ T6390] Bluetooth: hci0: command 0x0409 tx timeout [ 182.050675][ T7356] device sit0 left promiscuous mode [ 182.721434][ T7363] device sit0 entered promiscuous mode [ 182.860213][ T7370] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1225'. [ 182.899054][ T7375] netlink: 'syz.3.1227': attribute type 21 has an invalid length. [ 182.925051][ T7284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.951580][ T7284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.030726][ T7284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.079511][ T7284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 183.091723][ T7393] FAULT_INJECTION: forcing a failure. [ 183.091723][ T7393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.101543][ T7284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.125341][ T7393] CPU: 1 PID: 7393 Comm: syz.1.1233 Not tainted 5.15.166-syzkaller #0 [ 183.138839][ T7393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 183.144391][ T7284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 183.148894][ T7393] Call Trace: [ 183.148913][ T7393] [ 183.148921][ T7393] dump_stack_lvl+0x1e3/0x2d0 [ 183.170242][ T7393] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 183.175885][ T7393] ? panic+0x860/0x860 [ 183.179972][ T7393] ? validate_chain+0x112/0x5930 [ 183.184917][ T7393] ? validate_chain+0x112/0x5930 [ 183.189872][ T7393] should_fail+0x38a/0x4c0 [ 183.194300][ T7393] _copy_from_user+0x2d/0x170 [ 183.198983][ T7393] iovec_from_user+0x13b/0x390 [ 183.203757][ T7393] __import_iovec+0x72/0x4b0 [ 183.208433][ T7393] ? __ia32_sys_shutdown+0x60/0x60 [ 183.213547][ T7393] import_iovec+0xe6/0x120 [ 183.217997][ T7393] ___sys_sendmsg+0x215/0x2e0 [ 183.222677][ T7393] ? __sys_sendmsg+0x260/0x260 [ 183.227481][ T7393] ? __fdget+0x191/0x220 [ 183.231821][ T7393] __se_sys_sendmsg+0x19a/0x260 [ 183.236762][ T7393] ? __x64_sys_sendmsg+0x80/0x80 [ 183.241706][ T7393] ? syscall_enter_from_user_mode+0x2e/0x240 [ 183.247685][ T7393] ? lockdep_hardirqs_on+0x94/0x130 [ 183.252919][ T7393] ? syscall_enter_from_user_mode+0x2e/0x240 [ 183.258921][ T7393] do_syscall_64+0x3b/0xb0 [ 183.263332][ T7393] ? clear_bhb_loop+0x15/0x70 [ 183.268008][ T7393] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 183.273900][ T7393] RIP: 0033:0x7fdfc5232ef9 [ 183.278317][ T7393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.297926][ T7393] RSP: 002b:00007fdfc36ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 183.306345][ T7393] RAX: ffffffffffffffda RBX: 00007fdfc53ebf80 RCX: 00007fdfc5232ef9 [ 183.314312][ T7393] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000003 [ 183.322279][ T7393] RBP: 00007fdfc36ac090 R08: 0000000000000000 R09: 0000000000000000 [ 183.330243][ T7393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.338212][ T7393] R13: 0000000000000000 R14: 00007fdfc53ebf80 R15: 00007ffee49b7bd8 [ 183.346200][ T7393] [ 183.450111][ T7284] device hsr_slave_0 entered promiscuous mode [ 183.488355][ T7284] device hsr_slave_1 entered promiscuous mode [ 183.530383][ T7397] netlink: 'syz.1.1236': attribute type 10 has an invalid length. [ 183.589901][ T7401] device sit0 left promiscuous mode [ 184.059055][ T7406] device sit0 entered promiscuous mode [ 184.111347][ T6390] Bluetooth: hci0: command 0x041b tx timeout [ 184.713153][ T7419] device sit0 left promiscuous mode [ 184.978183][ T7427] device sit0 entered promiscuous mode [ 185.312235][ T7284] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 185.358835][ T7284] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 185.391603][ T7284] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 185.466968][ T7451] netlink: 'syz.1.1257': attribute type 21 has an invalid length. [ 185.479337][ T7451] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1257'. [ 185.506523][ T7284] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 185.792501][ T7284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.873227][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.913368][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.954903][ T7284] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.072509][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.089899][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.145097][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.152248][ T4291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.173456][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.185451][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.193826][ T6630] Bluetooth: hci0: command 0x040f tx timeout [ 186.213957][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.221035][ T4291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.245896][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.282069][ T7484] netlink: 'syz.0.1269': attribute type 21 has an invalid length. [ 186.290117][ T7484] IPv6: NLM_F_CREATE should be specified when creating new route [ 186.305726][ T7484] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 186.313404][ T7484] IPv6: NLM_F_CREATE should be set when creating new route [ 186.320715][ T7484] IPv6: NLM_F_CREATE should be set when creating new route [ 186.327999][ T7484] IPv6: NLM_F_CREATE should be set when creating new route [ 186.351413][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.379575][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.429420][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.464755][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.502778][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.536098][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.550593][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.559735][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.570059][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.587044][ T7284] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.608853][ T7284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.618702][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.645653][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.692547][ T7506] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1278'. [ 186.995919][ T7532] device sit0 left promiscuous mode [ 187.214963][ T7533] device sit0 entered promiscuous mode [ 187.379002][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.386835][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 187.400376][ T7284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.465778][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 187.497516][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 187.578940][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 187.604476][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 187.627932][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 187.655139][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 187.685849][ T7284] device veth0_vlan entered promiscuous mode [ 187.746450][ T7284] device veth1_vlan entered promiscuous mode [ 187.786573][ T7555] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 187.902781][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 187.934438][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 187.953263][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 187.975167][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 188.009045][ T7559] netlink: 'syz.0.1296': attribute type 28 has an invalid length. [ 188.020673][ T7559] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1296'. [ 188.035408][ T7284] device veth0_macvtap entered promiscuous mode [ 188.120940][ T7565] device sit0 left promiscuous mode [ 188.271433][ T6630] Bluetooth: hci0: command 0x0419 tx timeout [ 188.811613][ T7569] device sit0 entered promiscuous mode [ 188.868089][ T7570] netlink: 'syz.1.1298': attribute type 39 has an invalid length. [ 188.883608][ T7570] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 188.915502][ T7579] netlink: 'syz.4.1303': attribute type 21 has an invalid length. [ 188.938385][ T7579] netlink: 'syz.4.1303': attribute type 1 has an invalid length. [ 188.947222][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 188.963057][ T7284] device veth1_macvtap entered promiscuous mode [ 189.047199][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 189.080034][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.135056][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 189.152310][ T7608] syz.4.1309[7608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.152395][ T7608] syz.4.1309[7608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.168517][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.185686][ T7608] syz.4.1309[7608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.213857][ T7608] syz.4.1309[7608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.230471][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 189.267741][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.278353][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 189.289019][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.300496][ T7284] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.313746][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 189.342093][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 189.361785][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.389624][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.410188][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.420933][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.431038][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.441742][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.451923][ T7284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.462569][ T7284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.475282][ T7284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.493091][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 189.507488][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 189.526083][ T7284] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.536390][ T7284] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.545357][ T7284] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.560355][ T7284] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.647786][ T7617] device sit0 left promiscuous mode [ 190.204053][ T7630] netlink: 'syz.4.1321': attribute type 4 has an invalid length. [ 190.220830][ T7630] netlink: 'syz.4.1321': attribute type 16 has an invalid length. [ 190.229329][ T7630] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1321'. [ 190.453751][ T7620] device sit0 entered promiscuous mode [ 190.537806][ T7623] netlink: 'syz.0.1319': attribute type 2 has an invalid length. [ 190.726294][ C1] eth0: bad gso: type: 1, size: 1408 [ 190.823102][ T7073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.891455][ T7073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.930516][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 190.978678][ T7073] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.999240][ T7073] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.054570][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 191.072541][ T6390] Bluetooth: hci5: command 0x0406 tx timeout [ 191.461362][ T7649] device veth1_macvtap entered promiscuous mode [ 191.944599][ T7073] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.326243][ T7073] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.407155][ T7073] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.467236][ T7073] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.191050][ T7073] device hsr_slave_0 left promiscuous mode [ 193.213164][ T7073] device hsr_slave_1 left promiscuous mode [ 193.227007][ T7073] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 193.246637][ T7073] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 193.270181][ T7073] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.299116][ T7073] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 193.319381][ T7073] device bridge_slave_1 left promiscuous mode [ 193.333037][ T7073] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.349282][ T7073] device bridge_slave_0 left promiscuous mode [ 193.405553][ T7073] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.421490][ C1] eth0: bad gso: type: 1, size: 1408 [ 193.445105][ C1] eth0: bad gso: type: 1, size: 1408 [ 193.466575][ T7073] device veth1_macvtap left promiscuous mode [ 193.496824][ T7073] device veth0_macvtap left promiscuous mode [ 193.504641][ T7073] device veth1_vlan left promiscuous mode [ 193.510560][ T7073] device veth0_vlan left promiscuous mode [ 193.709165][ T7073] team0 (unregistering): Port device team_slave_1 removed [ 193.726575][ T7073] team0 (unregistering): Port device team_slave_0 removed [ 193.746234][ T7073] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.768544][ T7073] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.829244][ T7073] bond0 (unregistering): Released all slaves [ 193.876338][ T7679] netlink: 'syz.1.1341': attribute type 16 has an invalid length. [ 193.884781][ T7679] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1341'. [ 193.898321][ T7691] device pim6reg1 entered promiscuous mode [ 193.906102][ T7699] netlink: 'syz.4.1346': attribute type 10 has an invalid length. [ 194.120836][ T1388] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.129998][ T1388] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.324855][ T7723] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1356'. [ 194.387018][ T7712] device syzkaller0 entered promiscuous mode [ 194.398056][ T7682] chnl_net:caif_netlink_parms(): no params data found [ 194.684392][ T7743] FAULT_INJECTION: forcing a failure. [ 194.684392][ T7743] name failslab, interval 1, probability 0, space 0, times 0 [ 194.744246][ T7745] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1362'. [ 194.746538][ T7743] CPU: 0 PID: 7743 Comm: syz.3.1361 Not tainted 5.15.166-syzkaller #0 [ 194.761435][ T7743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 194.771489][ T7743] Call Trace: [ 194.774772][ T7743] [ 194.777702][ T7743] dump_stack_lvl+0x1e3/0x2d0 [ 194.778972][ T7745] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 194.782384][ T7743] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 194.782408][ T7743] ? panic+0x860/0x860 [ 194.782428][ T7743] ? __might_sleep+0xc0/0xc0 [ 194.812770][ T7743] should_fail+0x38a/0x4c0 [ 194.817174][ T7743] should_failslab+0x5/0x20 [ 194.821660][ T7743] slab_pre_alloc_hook+0x53/0xc0 [ 194.826609][ T7743] __kmalloc_node_track_caller+0x6b/0x390 [ 194.832332][ T7743] ? netlink_sendmsg+0x6f8/0xd60 [ 194.837257][ T7743] ? kmem_cache_alloc_node+0x154/0x2c0 [ 194.842698][ T7743] ? __alloc_skb+0xdd/0x590 [ 194.847185][ T7743] ? netlink_sendmsg+0x6f8/0xd60 [ 194.852104][ T7743] __alloc_skb+0x12c/0x590 [ 194.856506][ T7743] netlink_sendmsg+0x6f8/0xd60 [ 194.861343][ T7743] ? netlink_getsockopt+0x5b0/0x5b0 [ 194.866526][ T7743] ? aa_sock_msg_perm+0x91/0x150 [ 194.871443][ T7743] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 194.876705][ T7743] ? security_socket_sendmsg+0x7d/0xa0 [ 194.882147][ T7743] ? netlink_getsockopt+0x5b0/0x5b0 [ 194.887329][ T7743] ____sys_sendmsg+0x59e/0x8f0 [ 194.892086][ T7743] ? iovec_from_user+0x300/0x390 [ 194.897010][ T7743] ? __sys_sendmsg_sock+0x30/0x30 [ 194.902122][ T7743] ___sys_sendmsg+0x252/0x2e0 [ 194.906790][ T7743] ? __sys_sendmsg+0x260/0x260 [ 194.911560][ T7743] ? __fdget+0x191/0x220 [ 194.915879][ T7743] __se_sys_sendmsg+0x19a/0x260 [ 194.920709][ T7743] ? __x64_sys_sendmsg+0x80/0x80 [ 194.925629][ T7743] ? syscall_enter_from_user_mode+0x2e/0x240 [ 194.931695][ T7743] ? lockdep_hardirqs_on+0x94/0x130 [ 194.936879][ T7743] ? syscall_enter_from_user_mode+0x2e/0x240 [ 194.942841][ T7743] do_syscall_64+0x3b/0xb0 [ 194.947236][ T7743] ? clear_bhb_loop+0x15/0x70 [ 194.951887][ T7743] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 194.957767][ T7743] RIP: 0033:0x7f0034b82ef9 [ 194.962160][ T7743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.981745][ T7743] RSP: 002b:00007f0032ffc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 194.990136][ T7743] RAX: ffffffffffffffda RBX: 00007f0034d3bf80 RCX: 00007f0034b82ef9 [ 194.998087][ T7743] RDX: 000000000a000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 195.006036][ T7743] RBP: 00007f0032ffc090 R08: 0000000000000000 R09: 0000000000000000 [ 195.013986][ T7743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.021934][ T7743] R13: 0000000000000000 R14: 00007f0034d3bf80 R15: 00007ffe788b17b8 [ 195.029895][ T7743] [ 195.127573][ T7682] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.139500][ T7682] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.159757][ T7682] device bridge_slave_0 entered promiscuous mode [ 195.211392][ T7682] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.241267][ T7682] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.249256][ T7682] device bridge_slave_1 entered promiscuous mode [ 195.366948][ T7682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.388118][ T7682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.398026][ T6390] Bluetooth: hci0: command 0x0409 tx timeout [ 195.665217][ T7764] device sit0 left promiscuous mode [ 196.221253][ T6390] Bluetooth: hci2: command 0x0406 tx timeout [ 196.231682][ T6390] Bluetooth: hci1: command 0x0406 tx timeout [ 196.253635][ T7765] device sit0 entered promiscuous mode [ 196.320645][ T7682] team0: Port device team_slave_0 added [ 196.425319][ T7682] team0: Port device team_slave_1 added [ 196.440196][ T7791] netlink: 'syz.1.1376': attribute type 10 has an invalid length. [ 196.597679][ T7682] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.626184][ T7682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.667860][ T7682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.714341][ T7804] netlink: 'syz.4.1380': attribute type 10 has an invalid length. [ 196.796474][ T7803] device syzkaller0 entered promiscuous mode [ 196.840167][ T7682] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.857659][ T7682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.900104][ T7682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.959896][ T7682] device hsr_slave_0 entered promiscuous mode [ 196.976894][ T7682] device hsr_slave_1 entered promiscuous mode [ 197.382739][ T7817] device sit0 left promiscuous mode [ 197.471444][ T6494] Bluetooth: hci0: command 0x041b tx timeout [ 197.853322][ T7826] FAULT_INJECTION: forcing a failure. [ 197.853322][ T7826] name failslab, interval 1, probability 0, space 0, times 0 [ 197.890984][ T7826] CPU: 1 PID: 7826 Comm: syz.1.1389 Not tainted 5.15.166-syzkaller #0 [ 197.899166][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 197.909218][ T7826] Call Trace: [ 197.912494][ T7826] [ 197.915428][ T7826] dump_stack_lvl+0x1e3/0x2d0 [ 197.920118][ T7826] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 197.925750][ T7826] ? panic+0x860/0x860 [ 197.929826][ T7826] ? __might_sleep+0xc0/0xc0 [ 197.934415][ T7826] ? netlink_insert+0xcac/0x1280 [ 197.939363][ T7826] should_fail+0x38a/0x4c0 [ 197.943818][ T7826] should_failslab+0x5/0x20 [ 197.948320][ T7826] slab_pre_alloc_hook+0x53/0xc0 [ 197.953268][ T7826] kmem_cache_alloc_node+0x49/0x2c0 [ 197.958479][ T7826] ? __alloc_skb+0xdd/0x590 [ 197.963004][ T7826] __alloc_skb+0xdd/0x590 [ 197.967353][ T7826] netlink_sendmsg+0x6f8/0xd60 [ 197.972271][ T7826] ? netlink_getsockopt+0x5b0/0x5b0 [ 197.977482][ T7826] ? aa_sock_msg_perm+0x91/0x150 [ 197.982428][ T7826] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 197.987715][ T7826] ? security_socket_sendmsg+0x7d/0xa0 [ 197.993169][ T7826] ? netlink_getsockopt+0x5b0/0x5b0 [ 197.998393][ T7826] ____sys_sendmsg+0x59e/0x8f0 [ 198.003160][ T7826] ? iovec_from_user+0x300/0x390 [ 198.008110][ T7826] ? __sys_sendmsg_sock+0x30/0x30 [ 198.013163][ T7826] ___sys_sendmsg+0x252/0x2e0 [ 198.017865][ T7826] ? __sys_sendmsg+0x260/0x260 [ 198.022707][ T7826] ? __fdget+0x191/0x220 [ 198.026956][ T7826] __se_sys_sendmsg+0x19a/0x260 [ 198.031811][ T7826] ? __x64_sys_sendmsg+0x80/0x80 [ 198.036768][ T7826] ? syscall_enter_from_user_mode+0x2e/0x240 [ 198.042746][ T7826] ? lockdep_hardirqs_on+0x94/0x130 [ 198.047946][ T7826] ? syscall_enter_from_user_mode+0x2e/0x240 [ 198.053932][ T7826] do_syscall_64+0x3b/0xb0 [ 198.058345][ T7826] ? clear_bhb_loop+0x15/0x70 [ 198.063030][ T7826] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 198.068922][ T7826] RIP: 0033:0x7fdfc5232ef9 [ 198.073340][ T7826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.092943][ T7826] RSP: 002b:00007fdfc36ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.101356][ T7826] RAX: ffffffffffffffda RBX: 00007fdfc53ebf80 RCX: 00007fdfc5232ef9 [ 198.109334][ T7826] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 198.117389][ T7826] RBP: 00007fdfc36ac090 R08: 0000000000000000 R09: 0000000000000000 [ 198.125360][ T7826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.133344][ T7826] R13: 0000000000000000 R14: 00007fdfc53ebf80 R15: 00007ffee49b7bd8 [ 198.141353][ T7826] [ 198.258440][ T7819] device sit0 entered promiscuous mode [ 198.439452][ T7845] netlink: 'syz.0.1392': attribute type 10 has an invalid length. [ 198.491433][ T7846] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1396'. [ 198.535538][ T7682] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 198.569258][ T7682] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 198.584064][ T7848] netlink: 'syz.3.1397': attribute type 10 has an invalid length. [ 198.606053][ T7682] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 198.625770][ T7682] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 198.636502][ T7850] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1398'. [ 198.913752][ T7682] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.064427][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.101875][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.183482][ T7682] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.268176][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.280494][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.301867][ T7063] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.308958][ T7063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.359167][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.387227][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.397180][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.407669][ T7063] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.414783][ T7063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.425396][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.438224][ T7063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.482615][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.517971][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.552106][ T6627] Bluetooth: hci0: command 0x040f tx timeout [ 199.554930][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.587576][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.635925][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.677777][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.748573][ T7682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.881815][ T7682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.012464][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.020487][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.055484][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.154352][ T7907] device sit0 left promiscuous mode [ 200.692007][ T7913] device sit0 entered promiscuous mode [ 200.771245][ T7918] netlink: 'syz.3.1425': attribute type 46 has an invalid length. [ 200.806056][ T7918] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1425'. [ 200.998388][ T7930] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1428'. [ 201.327715][ T7944] FAULT_INJECTION: forcing a failure. [ 201.327715][ T7944] name failslab, interval 1, probability 0, space 0, times 0 [ 201.369511][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.385484][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.399285][ T7944] CPU: 1 PID: 7944 Comm: syz.0.1432 Not tainted 5.15.166-syzkaller #0 [ 201.407455][ T7944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 201.417505][ T7944] Call Trace: [ 201.420777][ T7944] [ 201.423704][ T7944] dump_stack_lvl+0x1e3/0x2d0 [ 201.428388][ T7944] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 201.434016][ T7944] ? panic+0x860/0x860 [ 201.438089][ T7944] ? __might_sleep+0xc0/0xc0 [ 201.442681][ T7944] should_fail+0x38a/0x4c0 [ 201.447107][ T7944] should_failslab+0x5/0x20 [ 201.451609][ T7944] slab_pre_alloc_hook+0x53/0xc0 [ 201.456543][ T7944] __kmalloc+0x6e/0x300 [ 201.460689][ T7944] ? sock_kmalloc+0x93/0xf0 [ 201.465194][ T7944] sock_kmalloc+0x93/0xf0 [ 201.469519][ T7944] ____sys_sendmsg+0x219/0x8f0 [ 201.474280][ T7944] ? iovec_from_user+0x300/0x390 [ 201.479224][ T7944] ? __sys_sendmsg_sock+0x30/0x30 [ 201.484262][ T7944] ___sys_sendmsg+0x252/0x2e0 [ 201.488941][ T7944] ? __sys_sendmsg+0x260/0x260 [ 201.493753][ T7944] ? __fdget+0x191/0x220 [ 201.497998][ T7944] __se_sys_sendmsg+0x19a/0x260 [ 201.502856][ T7944] ? __x64_sys_sendmsg+0x80/0x80 [ 201.507800][ T7944] ? syscall_enter_from_user_mode+0x2e/0x240 [ 201.513775][ T7944] ? lockdep_hardirqs_on+0x94/0x130 [ 201.519143][ T7944] ? syscall_enter_from_user_mode+0x2e/0x240 [ 201.525122][ T7944] do_syscall_64+0x3b/0xb0 [ 201.529637][ T7944] ? clear_bhb_loop+0x15/0x70 [ 201.534310][ T7944] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 201.540202][ T7944] RIP: 0033:0x7f2c76759ef9 [ 201.544611][ T7944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.564212][ T7944] RSP: 002b:00007f2c74bd3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.572623][ T7944] RAX: ffffffffffffffda RBX: 00007f2c76912f80 RCX: 00007f2c76759ef9 [ 201.580673][ T7944] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000003 [ 201.588637][ T7944] RBP: 00007f2c74bd3090 R08: 0000000000000000 R09: 0000000000000000 [ 201.596600][ T7944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.604573][ T7944] R13: 0000000000000000 R14: 00007f2c76912f80 R15: 00007ffe3b43c108 [ 201.612555][ T7944] [ 201.641872][ T6618] Bluetooth: hci0: command 0x0419 tx timeout [ 201.657003][ T7682] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.730278][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 201.748346][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 201.808670][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 201.824442][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 201.863521][ T7682] device veth0_vlan entered promiscuous mode [ 201.874820][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 201.918680][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 201.974355][ T7682] device veth1_vlan entered promiscuous mode [ 202.026607][ T7954] netlink: 'syz.0.1438': attribute type 10 has an invalid length. [ 202.086175][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 202.104040][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 202.127854][ T7682] device veth0_macvtap entered promiscuous mode [ 202.221645][ T7958] device sit0 left promiscuous mode [ 202.234632][ T7965] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.1441'. [ 202.527932][ T7962] device sit0 entered promiscuous mode [ 202.712473][ T7682] device veth1_macvtap entered promiscuous mode [ 202.767082][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.811738][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.829205][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.840451][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.864239][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.883429][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.941524][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 202.963493][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.997948][ T7682] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.013418][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.024839][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 203.033634][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.046604][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.094852][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.121314][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.141195][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.168018][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.180534][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.199167][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.210474][ T7682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.222871][ T7682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.238475][ T7682] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.404801][ T8012] device sit0 left promiscuous mode [ 203.660603][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 203.682507][ T454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 203.704770][ T7682] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.716314][ T7682] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.744721][ T7682] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.766465][ T7682] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.795867][ T8017] device sit0 entered promiscuous mode [ 203.983594][ T8036] netlink: 'syz.0.1470': attribute type 10 has an invalid length. [ 204.230337][ T7063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.251845][ T7063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.323686][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 204.357207][ T4291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.412588][ T4291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.461740][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 204.515295][ T8051] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1476'. [ 204.668429][ T8061] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1481'. [ 204.802739][ C1] eth0: bad gso: type: 1, size: 1408 [ 205.179592][ T8083] A link change request failed with some changes committed already. Interface Y4`Ҙ may have been left with an inconsistent configuration, please check. [ 205.338439][ T4291] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.531634][ T4291] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.638509][ T4291] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.702549][ T4291] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.440061][ T8093] netlink: 'syz.1.1490': attribute type 28 has an invalid length. [ 206.470700][ T8093] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1490'. [ 206.805552][ T4291] device hsr_slave_0 left promiscuous mode [ 206.828724][ T4291] device hsr_slave_1 left promiscuous mode [ 206.847064][ T4291] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 206.858963][ T4291] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.877358][ T4291] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 206.887703][ T4291] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 206.898457][ T4291] device bridge_slave_1 left promiscuous mode [ 206.904981][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.916421][ T4291] device bridge_slave_0 left promiscuous mode [ 206.924330][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.955957][ T4291] device veth1_macvtap left promiscuous mode [ 206.987853][ T4291] device veth0_macvtap left promiscuous mode [ 206.994793][ T4291] device veth1_vlan left promiscuous mode [ 207.000675][ T4291] device veth0_vlan left promiscuous mode [ 207.029036][ T8128] netlink: 'syz.3.1502': attribute type 1 has an invalid length. [ 207.065505][ T8128] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.1502'. [ 207.378261][ T4291] team0 (unregistering): Port device team_slave_1 removed [ 207.406494][ T4291] team0 (unregistering): Port device team_slave_0 removed [ 207.426300][ T4291] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.450180][ T4291] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.580888][ T4291] bond0 (unregistering): Released all slaves [ 207.642082][ T8117] device sit0 left promiscuous mode [ 207.721681][ T8123] device sit0 entered promiscuous mode [ 208.014029][ T8105] chnl_net:caif_netlink_parms(): no params data found [ 208.150861][ T8105] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.158286][ T8105] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.166573][ T8105] device bridge_slave_0 entered promiscuous mode [ 208.175003][ T8163] netlink: 'syz.4.1513': attribute type 2 has an invalid length. [ 208.187673][ T8105] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.215845][ T8105] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.228970][ T8105] device bridge_slave_1 entered promiscuous mode [ 208.365926][ T8105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.407655][ T8105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.477216][ T8105] team0: Port device team_slave_0 added [ 208.495872][ T8105] team0: Port device team_slave_1 added [ 208.549468][ T8105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.571123][ T8105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.618422][ T6618] Bluetooth: hci0: command 0x0409 tx timeout [ 208.649460][ T8105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.704085][ T8105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.711211][ T8105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.737638][ T8105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.803327][ T8178] device sit0 left promiscuous mode [ 209.809412][ T8105] device hsr_slave_0 entered promiscuous mode [ 209.857625][ T8105] device hsr_slave_1 entered promiscuous mode [ 209.902486][ T8218] netlink: 'syz.4.1534': attribute type 10 has an invalid length. [ 210.485171][ T8255] FAULT_INJECTION: forcing a failure. [ 210.485171][ T8255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.498978][ T8255] CPU: 1 PID: 8255 Comm: syz.3.1547 Not tainted 5.15.166-syzkaller #0 [ 210.507142][ T8255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 210.517199][ T8255] Call Trace: [ 210.520479][ T8255] [ 210.523409][ T8255] dump_stack_lvl+0x1e3/0x2d0 [ 210.528090][ T8255] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 210.533722][ T8255] ? panic+0x860/0x860 [ 210.537792][ T8255] ? __lock_acquire+0x1ff0/0x1ff0 [ 210.542812][ T8255] should_fail+0x38a/0x4c0 [ 210.547224][ T8255] _copy_from_iter+0x243/0xe90 [ 210.552065][ T8255] ? copy_mc_pipe_to_iter+0x760/0x760 [ 210.557440][ T8255] ? __virt_addr_valid+0x3bb/0x460 [ 210.562549][ T8255] ? 0xffffffff81000000 [ 210.566693][ T8255] ? __check_object_size+0x300/0x410 [ 210.571970][ T8255] netlink_sendmsg+0x800/0xd60 [ 210.576736][ T8255] ? netlink_getsockopt+0x5b0/0x5b0 [ 210.581925][ T8255] ? aa_sock_msg_perm+0x91/0x150 [ 210.586852][ T8255] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 210.592118][ T8255] ? security_socket_sendmsg+0x7d/0xa0 [ 210.597558][ T8255] ? netlink_getsockopt+0x5b0/0x5b0 [ 210.602738][ T8255] ____sys_sendmsg+0x59e/0x8f0 [ 210.607484][ T8255] ? iovec_from_user+0x300/0x390 [ 210.612433][ T8255] ? __sys_sendmsg_sock+0x30/0x30 [ 210.617451][ T8255] ___sys_sendmsg+0x252/0x2e0 [ 210.622198][ T8255] ? __sys_sendmsg+0x260/0x260 [ 210.626971][ T8255] ? __fdget+0x191/0x220 [ 210.631196][ T8255] __se_sys_sendmsg+0x19a/0x260 [ 210.636031][ T8255] ? __x64_sys_sendmsg+0x80/0x80 [ 210.640960][ T8255] ? syscall_enter_from_user_mode+0x2e/0x240 [ 210.646922][ T8255] ? lockdep_hardirqs_on+0x94/0x130 [ 210.652109][ T8255] ? syscall_enter_from_user_mode+0x2e/0x240 [ 210.658119][ T8255] do_syscall_64+0x3b/0xb0 [ 210.662513][ T8255] ? clear_bhb_loop+0x15/0x70 [ 210.667168][ T8255] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 210.673040][ T8255] RIP: 0033:0x7f0034b82ef9 [ 210.677438][ T8255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.697142][ T8255] RSP: 002b:00007f0032ffc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 210.705551][ T8255] RAX: ffffffffffffffda RBX: 00007f0034d3bf80 RCX: 00007f0034b82ef9 [ 210.713502][ T8255] RDX: 000000000a000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 210.721458][ T8255] RBP: 00007f0032ffc090 R08: 0000000000000000 R09: 0000000000000000 [ 210.729407][ T8255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.737359][ T8255] R13: 0000000000000000 R14: 00007f0034d3bf80 R15: 00007ffe788b17b8 [ 210.745328][ T8255] [ 210.761591][ T6495] Bluetooth: hci0: command 0x041b tx timeout [ 210.829434][ T8257] device macvlan1 entered promiscuous mode [ 210.970274][ T8105] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 211.014597][ T8105] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 211.030970][ T8105] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 211.056399][ T8105] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 211.081012][ T8259] netlink: 140 bytes leftover after parsing attributes in process `syz.3.1550'. [ 211.100725][ T8259] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 211.278723][ T8105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.299948][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.310351][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.411503][ T8105] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.438148][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.448965][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.457557][ T3642] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.464637][ T3642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.539160][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.555879][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.592632][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.618919][ T3642] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.626061][ T3642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.680963][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.707648][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.770939][ T8286] netlink: 'syz.3.1557': attribute type 2 has an invalid length. [ 211.775974][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.790602][ T8286] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.1557'. [ 211.827068][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.828840][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.829600][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.836730][ T8105] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 211.876564][ T8105] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 211.902521][ T8286] netlink: 'syz.3.1557': attribute type 10 has an invalid length. [ 211.919258][ T8286] device macvlan0 entered promiscuous mode [ 211.953201][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.962289][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.971091][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.980560][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.989381][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.000482][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.018467][ T8294] netlink: 'syz.0.1561': attribute type 10 has an invalid length. [ 212.263258][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 212.320417][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 212.430233][ T8105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.447069][ T8313] device sit0 left promiscuous mode [ 212.831535][ T6495] Bluetooth: hci0: command 0x040f tx timeout [ 213.168362][ T8317] device sit0 entered promiscuous mode [ 213.234019][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 213.245987][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 213.277893][ T8105] device veth0_vlan entered promiscuous mode [ 213.299246][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 213.319058][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 213.365446][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 213.393780][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 213.405052][ T8105] device veth1_vlan entered promiscuous mode [ 213.414704][ T8328] FAULT_INJECTION: forcing a failure. [ 213.414704][ T8328] name failslab, interval 1, probability 0, space 0, times 0 [ 213.429975][ T8328] CPU: 0 PID: 8328 Comm: syz.0.1573 Not tainted 5.15.166-syzkaller #0 [ 213.438152][ T8328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 213.448209][ T8328] Call Trace: [ 213.451490][ T8328] [ 213.454410][ T8328] dump_stack_lvl+0x1e3/0x2d0 [ 213.459081][ T8328] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 213.464702][ T8328] ? panic+0x860/0x860 [ 213.468765][ T8328] ? __might_sleep+0xc0/0xc0 [ 213.473358][ T8328] should_fail+0x38a/0x4c0 [ 213.477773][ T8328] should_failslab+0x5/0x20 [ 213.482270][ T8328] slab_pre_alloc_hook+0x53/0xc0 [ 213.487204][ T8328] __kmalloc_node_track_caller+0x6b/0x390 [ 213.492909][ T8328] ? netlink_sendmsg+0x6f8/0xd60 [ 213.497833][ T8328] ? kmem_cache_alloc_node+0x154/0x2c0 [ 213.503281][ T8328] ? __alloc_skb+0xdd/0x590 [ 213.507776][ T8328] ? netlink_sendmsg+0x6f8/0xd60 [ 213.512789][ T8328] __alloc_skb+0x12c/0x590 [ 213.517196][ T8328] netlink_sendmsg+0x6f8/0xd60 [ 213.521964][ T8328] ? netlink_getsockopt+0x5b0/0x5b0 [ 213.527151][ T8328] ? aa_sock_msg_perm+0x91/0x150 [ 213.532105][ T8328] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 213.537373][ T8328] ? security_socket_sendmsg+0x7d/0xa0 [ 213.542820][ T8328] ? netlink_getsockopt+0x5b0/0x5b0 [ 213.548012][ T8328] ____sys_sendmsg+0x59e/0x8f0 [ 213.552766][ T8328] ? iovec_from_user+0x300/0x390 [ 213.557705][ T8328] ? __sys_sendmsg_sock+0x30/0x30 [ 213.562825][ T8328] ___sys_sendmsg+0x252/0x2e0 [ 213.567857][ T8328] ? __sys_sendmsg+0x260/0x260 [ 213.572698][ T8328] ? __fdget+0x191/0x220 [ 213.576955][ T8328] __se_sys_sendmsg+0x19a/0x260 [ 213.581813][ T8328] ? __x64_sys_sendmsg+0x80/0x80 [ 213.586757][ T8328] ? syscall_enter_from_user_mode+0x2e/0x240 [ 213.592730][ T8328] ? lockdep_hardirqs_on+0x94/0x130 [ 213.597927][ T8328] ? syscall_enter_from_user_mode+0x2e/0x240 [ 213.603906][ T8328] do_syscall_64+0x3b/0xb0 [ 213.608313][ T8328] ? clear_bhb_loop+0x15/0x70 [ 213.612978][ T8328] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 213.618862][ T8328] RIP: 0033:0x7f2c76759ef9 [ 213.623268][ T8328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.642861][ T8328] RSP: 002b:00007f2c74bd3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 213.651261][ T8328] RAX: ffffffffffffffda RBX: 00007f2c76912f80 RCX: 00007f2c76759ef9 [ 213.659218][ T8328] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 213.667174][ T8328] RBP: 00007f2c74bd3090 R08: 0000000000000000 R09: 0000000000000000 [ 213.675128][ T8328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.683083][ T8328] R13: 0000000000000000 R14: 00007f2c76912f80 R15: 00007ffe3b43c108 [ 213.691066][ T8328] [ 213.730218][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 213.738726][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 213.757364][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.766252][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.777557][ T8105] device veth0_macvtap entered promiscuous mode [ 213.811633][ T8105] device veth1_macvtap entered promiscuous mode [ 213.851067][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.862300][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.872531][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.882999][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.892847][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.903555][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.914783][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 213.925265][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.936704][ T8105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.944951][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 213.965467][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 213.988902][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 213.999228][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 214.010169][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.028130][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.039274][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.049763][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.060778][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.071393][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.081795][ T8105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.092351][ T8105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.103719][ T8105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.112893][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 214.128609][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 214.167487][ T8105] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.187540][ T8105] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.197399][ T8105] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.210357][ T8105] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.237634][ T8341] device lo entered promiscuous mode [ 214.248673][ T8341] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 214.398027][ T4291] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.445011][ T4291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.510122][ T8344] device sit0 left promiscuous mode [ 214.931688][ T6630] Bluetooth: hci0: command 0x0419 tx timeout [ 215.160293][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 215.179001][ T8345] device sit0 entered promiscuous mode [ 215.230501][ T8356] netlink: 'syz.0.1585': attribute type 21 has an invalid length. [ 215.248574][ T8356] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1585'. [ 215.273627][ T8356] netlink: 'syz.0.1585': attribute type 4 has an invalid length. [ 215.296426][ T8356] netlink: 'syz.0.1585': attribute type 5 has an invalid length. [ 215.318823][ T8356] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1585'. [ 215.357791][ T8368] netlink: 'syz.1.1587': attribute type 10 has an invalid length. [ 215.371834][ T7073] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.380446][ T7073] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.409849][ T8374] FAULT_INJECTION: forcing a failure. [ 215.409849][ T8374] name failslab, interval 1, probability 0, space 0, times 0 [ 215.421629][ T7067] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 215.438330][ T8374] CPU: 1 PID: 8374 Comm: syz.3.1591 Not tainted 5.15.166-syzkaller #0 [ 215.446506][ T8374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 215.456561][ T8374] Call Trace: [ 215.459840][ T8374] [ 215.462771][ T8374] dump_stack_lvl+0x1e3/0x2d0 [ 215.467459][ T8374] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 215.473093][ T8374] ? panic+0x860/0x860 [ 215.477161][ T8374] ? __might_sleep+0xc0/0xc0 [ 215.481736][ T8374] ? bpf_trace_run2+0x222/0x340 [ 215.486584][ T8374] should_fail+0x38a/0x4c0 [ 215.491000][ T8374] should_failslab+0x5/0x20 [ 215.495495][ T8374] slab_pre_alloc_hook+0x53/0xc0 [ 215.500429][ T8374] __kmalloc+0x6e/0x300 [ 215.504573][ T8374] ? tomoyo_realpath_from_path+0xd8/0x5e0 [ 215.510290][ T8374] tomoyo_realpath_from_path+0xd8/0x5e0 [ 215.515837][ T8374] tomoyo_path_number_perm+0x225/0x810 [ 215.521295][ T8374] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 215.526774][ T8374] ? __fget_files+0x413/0x480 [ 215.531461][ T8374] security_file_ioctl+0x6d/0xa0 [ 215.536402][ T8374] __se_sys_ioctl+0x47/0x160 [ 215.541076][ T8374] do_syscall_64+0x3b/0xb0 [ 215.545490][ T8374] ? clear_bhb_loop+0x15/0x70 [ 215.550288][ T8374] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 215.556185][ T8374] RIP: 0033:0x7f0034b82ef9 [ 215.560596][ T8374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.580200][ T8374] RSP: 002b:00007f0032ffc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.588613][ T8374] RAX: ffffffffffffffda RBX: 00007f0034d3bf80 RCX: 00007f0034b82ef9 [ 215.596669][ T8374] RDX: 0000000020000080 RSI: 00000000000089f3 RDI: 0000000000000007 [ 215.604630][ T8374] RBP: 00007f0032ffc090 R08: 0000000000000000 R09: 0000000000000000 [ 215.612590][ T8374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.620556][ T8374] R13: 0000000000000000 R14: 00007f0034d3bf80 R15: 00007ffe788b17b8 [ 215.628530][ T8374] [ 215.650443][ T8374] ERROR: Out of memory at tomoyo_realpath_from_path. [ 215.777425][ T8382] netlink: 'syz.3.1595': attribute type 3 has an invalid length. [ 215.786124][ T8382] netlink: 16114 bytes leftover after parsing attributes in process `syz.3.1595'. [ 216.069098][ T8389] device sit0 left promiscuous mode [ 216.366598][ T8392] device sit0 entered promiscuous mode [ 217.013041][ T7067] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.469437][ T7067] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.528151][ T7067] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.575383][ T7067] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.266942][ T7067] device hsr_slave_0 left promiscuous mode [ 218.274424][ T7067] device hsr_slave_1 left promiscuous mode [ 218.280767][ T7067] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.288347][ T7067] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.296334][ T7067] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.303934][ T7067] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.312618][ T7067] device bridge_slave_1 left promiscuous mode [ 218.319711][ T7067] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.379224][ T7067] device bridge_slave_0 left promiscuous mode [ 218.422391][ T7067] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.474922][ T7067] device veth1_macvtap left promiscuous mode [ 218.482552][ T7067] device veth0_macvtap left promiscuous mode [ 218.492612][ T7067] device veth1_vlan left promiscuous mode [ 218.498471][ T7067] device veth0_vlan left promiscuous mode [ 218.542143][ T8437] netlink: 'syz.4.1616': attribute type 1 has an invalid length. [ 218.549891][ T8437] netlink: 191416 bytes leftover after parsing attributes in process `syz.4.1616'. [ 218.923395][ T7067] team0 (unregistering): Port device team_slave_1 removed [ 218.938955][ T7067] team0 (unregistering): Port device team_slave_0 removed [ 218.951280][ T7067] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.964708][ T7067] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 219.031860][ T7067] bond0 (unregistering): Released all slaves [ 219.090888][ T8431] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1613'. [ 219.102832][ T8434] netlink: 'syz.4.1616': attribute type 25 has an invalid length. [ 219.110658][ T8434] netlink: 'syz.4.1616': attribute type 7 has an invalid length. [ 219.157914][ T8441] device sit0 entered promiscuous mode [ 219.265311][ T8445] FAULT_INJECTION: forcing a failure. [ 219.265311][ T8445] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.284933][ T8445] CPU: 0 PID: 8445 Comm: syz.4.1618 Not tainted 5.15.166-syzkaller #0 [ 219.293113][ T8445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 219.303163][ T8445] Call Trace: [ 219.306580][ T8445] [ 219.309550][ T8445] dump_stack_lvl+0x1e3/0x2d0 [ 219.314245][ T8445] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 219.319887][ T8445] ? panic+0x860/0x860 [ 219.323976][ T8445] should_fail+0x38a/0x4c0 [ 219.328395][ T8445] _copy_from_user+0x2d/0x170 [ 219.333070][ T8445] ____sys_sendmsg+0x2f9/0x8f0 [ 219.337833][ T8445] ? iovec_from_user+0x300/0x390 [ 219.342770][ T8445] ? __sys_sendmsg_sock+0x30/0x30 [ 219.347804][ T8445] ___sys_sendmsg+0x252/0x2e0 [ 219.352479][ T8445] ? __sys_sendmsg+0x260/0x260 [ 219.357274][ T8445] ? __fdget+0x191/0x220 [ 219.361509][ T8445] __se_sys_sendmsg+0x19a/0x260 [ 219.366356][ T8445] ? __x64_sys_sendmsg+0x80/0x80 [ 219.371294][ T8445] ? syscall_enter_from_user_mode+0x2e/0x240 [ 219.377270][ T8445] ? lockdep_hardirqs_on+0x94/0x130 [ 219.382470][ T8445] ? syscall_enter_from_user_mode+0x2e/0x240 [ 219.388451][ T8445] do_syscall_64+0x3b/0xb0 [ 219.392875][ T8445] ? clear_bhb_loop+0x15/0x70 [ 219.397644][ T8445] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 219.403624][ T8445] RIP: 0033:0x7f1afbeabef9 [ 219.408142][ T8445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.427949][ T8445] RSP: 002b:00007f1afa325038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.436546][ T8445] RAX: ffffffffffffffda RBX: 00007f1afc064f80 RCX: 00007f1afbeabef9 [ 219.444517][ T8445] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000003 [ 219.452482][ T8445] RBP: 00007f1afa325090 R08: 0000000000000000 R09: 0000000000000000 [ 219.460454][ T8445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.468418][ T8445] R13: 0000000000000000 R14: 00007f1afc064f80 R15: 00007fff648e2508 [ 219.476416][ T8445] [ 219.747450][ T8454] netlink: 'syz.0.1623': attribute type 2 has an invalid length. [ 219.857406][ T8463] netlink: 'syz.1.1624': attribute type 10 has an invalid length. [ 219.966359][ T8468] netlink: 'syz.1.1626': attribute type 1 has an invalid length. [ 220.013524][ T8438] chnl_net:caif_netlink_parms(): no params data found [ 220.039189][ T8468] netlink: 112865 bytes leftover after parsing attributes in process `syz.1.1626'. [ 220.265014][ T8438] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.273563][ T8438] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.283834][ T8438] device bridge_slave_0 entered promiscuous mode [ 220.322695][ T8476] netlink: 7423 bytes leftover after parsing attributes in process `syz.4.1630'. [ 220.411525][ T8438] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.464680][ T8438] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.492054][ T8438] device bridge_slave_1 entered promiscuous mode [ 220.563393][ T8484] device sit0 left promiscuous mode [ 220.675616][ T6625] Bluetooth: hci0: command 0x0409 tx timeout [ 220.813487][ T8500] netlink: 'syz.0.1637': attribute type 29 has an invalid length. [ 221.234935][ T8493] device sit0 entered promiscuous mode [ 221.317161][ T8500] netlink: 'syz.0.1637': attribute type 29 has an invalid length. [ 221.376659][ T8438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.417882][ T8438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.643557][ T8438] team0: Port device team_slave_0 added [ 221.684289][ T8438] team0: Port device team_slave_1 added [ 221.771923][ T8438] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.801335][ T8438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.906285][ T8438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.984561][ T8547] device sit0 left promiscuous mode [ 222.621548][ T8552] device sit0 entered promiscuous mode [ 222.659077][ T8555] netlink: 'syz.4.1657': attribute type 10 has an invalid length. [ 222.682063][ T8438] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 222.689286][ T8438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.727916][ T8438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 222.751324][ T6625] Bluetooth: hci0: command 0x041b tx timeout [ 222.848487][ T8438] device hsr_slave_0 entered promiscuous mode [ 222.866632][ T8438] device hsr_slave_1 entered promiscuous mode [ 223.055434][ T8583] netlink: 'syz.0.1666': attribute type 31 has an invalid length. [ 223.102872][ T8583] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 223.149993][ T8589] netlink: 26 bytes leftover after parsing attributes in process `syz.1.1668'. [ 223.187419][ T8590] netlink: 26 bytes leftover after parsing attributes in process `syz.1.1668'. [ 223.386702][ T8594] device sit0 left promiscuous mode [ 224.100779][ T8599] netlink: 15487 bytes leftover after parsing attributes in process `syz.4.1672'. [ 224.202485][ T8600] device sit0 entered promiscuous mode [ 224.316206][ T8610] A link change request failed with some changes committed already. Interface Y4`Ҙ may have been left with an inconsistent configuration, please check. [ 224.662721][ T8623] netlink: 'syz.3.1679': attribute type 28 has an invalid length. [ 224.741861][ T8623] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1679'. [ 224.778788][ T8438] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 224.831954][ T6630] Bluetooth: hci0: command 0x040f tx timeout [ 224.849828][ T8438] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 224.904229][ T8438] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 224.962654][ T8438] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 225.500747][ T8438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.571648][ T8642] device sit0 left promiscuous mode [ 226.111568][ T27] INFO: task syz.1.63:3818 blocked for more than 143 seconds. [ 226.119281][ T8648] device sit0 entered promiscuous mode [ 226.131464][ T27] Not tainted 5.15.166-syzkaller #0 [ 226.151687][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 226.181130][ T27] task:syz.1.63 state:D stack:24672 pid: 3818 ppid: 3574 flags:0x00004002 [ 226.190781][ T27] Call Trace: [ 226.217923][ T27] [ 226.220913][ T27] __schedule+0x12c4/0x45b0 [ 226.242054][ T27] ? perf_event_release_kernel+0x5f4/0x900 [ 226.247917][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 226.275362][ T27] ? release_firmware_map_entry+0x190/0x190 [ 226.312411][ T27] ? __mutex_unlock_slowpath+0x218/0x750 [ 226.318109][ T27] schedule+0x11b/0x1f0 [ 226.351808][ T27] perf_pending_task_sync+0x13c/0x1c0 [ 226.357268][ T27] _free_event+0x34/0xe60 [ 226.371467][ T27] perf_event_release_kernel+0x873/0x900 [ 226.377202][ T27] ? __might_sleep+0xc0/0xc0 [ 226.382885][ T27] ? calc_timer_values+0x420/0x420 [ 226.388047][ T27] ? ima_file_free+0xeb/0x3c0 [ 226.401287][ T27] perf_release+0x37/0x40 [ 226.405659][ T27] ? perf_mmap+0x1310/0x1310 [ 226.410262][ T27] __fput+0x3fe/0x8e0 [ 226.421287][ T27] task_work_run+0x129/0x1a0 [ 226.425937][ T27] do_exit+0x6a3/0x2480 [ 226.430127][ T27] ? put_task_struct+0x80/0x80 [ 226.451592][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 226.457666][ T27] do_group_exit+0x144/0x310 [ 226.471424][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 226.476683][ T27] get_signal+0xc66/0x14e0 [ 226.491764][ T27] arch_do_signal_or_restart+0xc3/0x1890 [ 226.497465][ T27] ? futex_exit_release+0x1e0/0x1e0 [ 226.511270][ T27] ? read_lock_is_recursive+0x10/0x10 [ 226.516813][ T27] ? get_sigframe_size+0x10/0x10 [ 226.531417][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 226.536483][ T27] ? __sys_bpf+0x343/0x670 [ 226.540977][ T27] ? exit_to_user_mode_loop+0x39/0x130 [ 226.561706][ T27] exit_to_user_mode_loop+0x97/0x130 [ 226.567050][ T27] exit_to_user_mode_prepare+0xb1/0x140 [ 226.581378][ T27] syscall_exit_to_user_mode+0x5d/0x240 [ 226.586982][ T27] do_syscall_64+0x47/0xb0 [ 226.601339][ T27] ? clear_bhb_loop+0x15/0x70 [ 226.606156][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 226.621211][ T27] RIP: 0033:0x7f7178a04ef9 [ 226.625676][ T27] RSP: 002b:00007f7176e3c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 226.651380][ T27] RAX: 0000000000000001 RBX: 00007f7178bbe138 RCX: 00007f7178a04ef9 [ 226.674785][ T27] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f7178bbe13c [ 226.694827][ T27] RBP: 00007f7178bbe130 R08: 0000000000000010 R09: 0000000000000000 [ 226.714575][ T27] R10: 0000000000000009 R11: 0000000000000246 R12: 00007f7178bbe13c [ 226.735229][ T27] R13: 0000000000000000 R14: 00007ffcc5a6a260 R15: 00007ffcc5a6a348 [ 226.759318][ T27] [ 226.767847][ T27] [ 226.767847][ T27] Showing all locks held in the system: [ 226.791533][ T27] 1 lock held by khungtaskd/27: [ 226.805547][ T27] #0: ffffffff8c91fbe0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 226.815747][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.830590][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.833081][ T27] 3 locks held by kworker/u4:2/154: [ 226.857693][ T8438] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.862548][ T27] 2 locks held by getty/3320: [ 226.878478][ T27] #0: ffff88802a7c2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 226.886974][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.903238][ T27] #1: ffffc9000209b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 226.907712][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.914409][ T6630] Bluetooth: hci0: command 0x0419 tx timeout [ 226.940745][ T27] 3 locks held by kworker/0:8/3638: [ 226.944185][ T3642] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.953120][ T27] #0: ffff888017070938 [ 226.953140][ T3642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.973494][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 226.978960][ T27] ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 226.992697][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.006519][ T27] #1: ffffc900030f7d20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 227.022389][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 227.031068][ T3642] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.034127][ T27] #2: [ 227.038283][ T3642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.040475][ T27] ffff8880219ca240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x2cd/0x4120 [ 227.065496][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.083138][ T27] 3 locks held by kworker/u4:6/3642: [ 227.095687][ T27] 3 locks held by kworker/0:13/5085: [ 227.095874][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 227.108717][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 227.134088][ T27] #1: ffffc900031c7d20 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 227.145029][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 227.159854][ T27] #2: ffffffff8c9240b0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x9c/0x4e0 [ 227.174471][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.183238][ T27] 2 locks held by kworker/1:21/6625: [ 227.192219][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.195595][ T27] #0: ffff888017072138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 227.211953][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 227.230286][ T27] #1: ffffc90003107d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 227.254067][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 227.259810][ T27] 3 locks held by kworker/1:24/6630: [ 227.262560][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 227.275312][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 227.294599][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 227.298860][ T27] #1: ffffc900032f7d20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 227.312749][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 227.336379][ T27] #2: ffff88806539e240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x2cd/0x4120 [ 227.348099][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 227.359748][ T27] 4 locks held by kworker/u4:11/7067: [ 227.369626][ T8438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 227.373693][ T27] #0: ffff8880171d5938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 227.404886][ T27] #1: ffffc900039e7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 227.428279][ T27] #2: ffffffff8da25a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 [ 227.451504][ T27] #3: ffffffff8c9240b0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x9c/0x4e0 [ 227.491328][ T27] 3 locks held by syz.0.1675/8616: [ 227.496483][ T27] 2 locks held by syz.0.1693/8665: [ 227.524392][ T27] #0: ffffffff8c96d428 (event_mutex){+.+.}-{3:3}, at: perf_uprobe_destroy+0x2a/0x160 [ 227.542308][ T27] #1: ffffffff8c9241a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740 [ 227.572840][ T27] 2 locks held by syz.1.1694/8668: [ 227.577989][ T27] #0: ffffffff968b8b18 (&pmus_srcu){....}-{0:0}, at: rcu_lock_acquire+0x9/0x30 [ 227.607180][ T27] #1: ffffffff8c96d428 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x4f/0x2d0 [ 227.632204][ T27] 1 lock held by modprobe/8672: [ 227.648082][ T27] [ 227.650438][ T27] ============================================= [ 227.650438][ T27] [ 227.682355][ T27] NMI backtrace for cpu 1 [ 227.686703][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.166-syzkaller #0 [ 227.694769][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 227.705003][ T27] Call Trace: [ 227.708277][ T27] [ 227.709815][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 227.711204][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 227.711232][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 227.711251][ T27] ? panic+0x860/0x860 [ 227.722136][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 227.723159][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 227.723188][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 227.740827][ T8438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 227.745182][ T27] ? __wake_up_klogd+0xd5/0x100 [ 227.745209][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 227.745229][ T27] ? _printk+0xd1/0x120 [ 227.745247][ T27] ? panic+0x860/0x860 [ 227.745264][ T27] ? __wake_up_klogd+0xcc/0x100 [ 227.745280][ T27] ? panic+0x860/0x860 [ 227.745299][ T27] ? __rcu_read_unlock+0x92/0x100 [ 227.745317][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 227.745342][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 227.745363][ T27] watchdog+0xe72/0xeb0 [ 227.745390][ T27] kthread+0x3f6/0x4f0 [ 227.745406][ T27] ? hungtask_pm_notify+0x50/0x50 [ 227.745421][ T27] ? kthread_blkcg+0xd0/0xd0 [ 227.745438][ T27] ret_from_fork+0x1f/0x30 [ 227.745468][ T27] [ 227.745732][ T27] Sending NMI from CPU 1 to CPUs 0: [ 227.796831][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 227.797047][ C0] NMI backtrace for cpu 0 [ 227.797058][ C0] CPU: 0 PID: 3642 Comm: kworker/u4:6 Not tainted 5.15.166-syzkaller #0 [ 227.797073][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 227.797082][ C0] Workqueue: events_unbound linkwatch_event [ 227.797104][ C0] RIP: 0010:io_serial_in+0x72/0xb0 [ 227.797122][ C0] Code: 84 c1 04 fd 89 e9 41 d3 e6 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 45 8a 4e fd 44 03 33 44 89 f2 ec <0f> b6 c0 5b 41 5e 41 5f 5d c3 89 e9 80 e1 07 38 c1 7c ad 48 89 ef [ 227.797135][ C0] RSP: 0018:ffffc900030c7390 EFLAGS: 00000002 [ 227.797146][ C0] RAX: 1ffffffff2d71c00 RBX: ffffffff96b8e080 RCX: 0000000000000000 [ 227.797157][ C0] RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000020 [ 227.797166][ C0] RBP: 0000000000000000 R08: ffffffff847b9872 R09: 0000000000000003 [ 227.797175][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffffffff2d71c5d [ 227.797186][ C0] R13: ffffffff96b8e040 R14: 00000000000003fd R15: dffffc0000000000 [ 227.797196][ C0] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 227.797212][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 227.797222][ C0] CR2: 00007ff535e92440 CR3: 0000000065eaf000 CR4: 00000000003506f0 [ 227.797235][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 227.797243][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 227.797252][ C0] Call Trace: [ 227.797257][ C0] [ 227.797262][ C0] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 227.797279][ C0] ? read_lock_is_recursive+0x10/0x10 [ 227.797296][ C0] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 227.797311][ C0] ? unknown_nmi_error+0xd0/0xd0 [ 227.797340][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 227.797354][ C0] ? nmi_handle+0xf7/0x370 [ 227.797370][ C0] ? io_serial_in+0x72/0xb0 [ 227.797385][ C0] ? default_do_nmi+0x62/0x150 [ 227.797401][ C0] ? exc_nmi+0xa8/0x100 [ 227.797414][ C0] ? end_repeat_nmi+0x16/0x31 [ 227.797430][ C0] ? io_serial_in+0x42/0xb0 [ 227.797447][ C0] ? io_serial_in+0x72/0xb0 [ 227.797463][ C0] ? io_serial_in+0x72/0xb0 [ 227.797479][ C0] ? io_serial_in+0x72/0xb0 [ 227.797494][ C0] [ 227.797498][ C0] [ 227.797504][ C0] wait_for_xmitr+0xec/0x260 [ 227.797522][ C0] serial8250_console_putchar+0x19/0x50 [ 227.797538][ C0] uart_console_write+0xa9/0x100 [ 227.797552][ C0] ? serial8250_console_write+0x1180/0x1180 [ 227.797571][ C0] serial8250_console_write+0xc8e/0x1180 [ 227.797594][ C0] ? serial8250_set_defaults+0x5f0/0x5f0 [ 227.797611][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 227.797624][ C0] ? do_raw_spin_lock+0x14a/0x370 [ 227.797647][ C0] console_unlock+0xced/0x12b0 [ 227.797667][ C0] ? console_trylock_spinning+0x3f0/0x3f0 [ 227.797684][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 227.797700][ C0] ? print_irqtrace_events+0x210/0x210 [ 227.797714][ C0] ? do_raw_spin_unlock+0x137/0x8b0 [ 227.797734][ C0] ? vprintk_emit+0x150/0x150 [ 227.797751][ C0] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 227.797768][ C0] vprintk_emit+0xbf/0x150 [ 227.797783][ C0] _printk+0xd1/0x120 [ 227.797797][ C0] ? __local_bh_enable_ip+0x164/0x1f0 [ 227.797811][ C0] ? lockdep_hardirqs_on+0x94/0x130 [ 227.797827][ C0] ? addrconf_notify+0x752/0xf30 [ 227.797840][ C0] ? addrconf_link_ready+0x49/0x1b0 [ 227.797853][ C0] ? panic+0x860/0x860 [ 227.797867][ C0] ? clusterip_netdev_event+0x425/0x440 [ 227.797888][ C0] ? addrconf_link_ready+0xdd/0x1b0 [ 227.797903][ C0] addrconf_notify+0xa80/0xf30 [ 227.797919][ C0] raw_notifier_call_chain+0xd0/0x170 [ 227.797937][ C0] netdev_state_change+0x1a3/0x250 [ 227.797953][ C0] ? netdev_features_change+0x1b0/0x1b0 [ 227.797968][ C0] ? dev_activate+0xafb/0x12c0 [ 227.797985][ C0] ? __netdev_watchdog_up+0x9a/0x210 [ 227.798000][ C0] linkwatch_do_dev+0x10c/0x160 [ 227.798017][ C0] __linkwatch_run_queue+0x4ca/0x7f0 [ 227.798035][ C0] ? linkwatch_run_queue+0x10/0x10 [ 227.798055][ C0] linkwatch_event+0x48/0x50 [ 227.798070][ C0] process_one_work+0x8a1/0x10c0 [ 227.798093][ C0] ? worker_detach_from_pool+0x260/0x260 [ 227.798110][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 227.798126][ C0] ? kthread_data+0x4e/0xc0 [ 227.798140][ C0] ? wq_worker_running+0x97/0x170 [ 227.798155][ C0] worker_thread+0xaca/0x1280 [ 227.798170][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 227.798197][ C0] kthread+0x3f6/0x4f0 [ 227.798209][ C0] ? rcu_lock_release+0x20/0x20 [ 227.798223][ C0] ? kthread_blkcg+0xd0/0xd0 [ 227.798238][ C0] ret_from_fork+0x1f/0x30 [ 227.798260][ C0] [ 227.814416][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 227.834723][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 227.834886][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.166-syzkaller #0 [ 228.314706][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 228.324742][ T27] Call Trace: [ 228.328005][ T27] [ 228.330916][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 228.335574][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 228.341187][ T27] ? panic+0x860/0x860 [ 228.345272][ T27] panic+0x318/0x860 [ 228.349147][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 228.354776][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 228.360912][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 228.366092][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 228.372168][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 228.378300][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 228.384433][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 228.390749][ T27] watchdog+0xeb0/0xeb0 [ 228.394904][ T27] kthread+0x3f6/0x4f0 [ 228.398949][ T27] ? hungtask_pm_notify+0x50/0x50 [ 228.403959][ T27] ? kthread_blkcg+0xd0/0xd0 [ 228.408535][ T27] ret_from_fork+0x1f/0x30 [ 228.412964][ T27] [ 228.416193][ T27] Kernel Offset: disabled [ 228.420511][ T27] Rebooting in 86400 seconds..