last executing test programs: 4.827541638s ago: executing program 0 (id=41707): perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x513, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x202, 0x0, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) gettid() socket$kcm(0x15, 0x5, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b81, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x9, 0x9, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x21, 0x2, 0xa) setsockopt$sock_attach_bpf(r0, 0x110, 0x2, &(0x7f00000000c0), 0x4) 4.611937234s ago: executing program 2 (id=41700): setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x300060c1) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x5, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8458, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 4.610930745s ago: executing program 0 (id=41710): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) socketpair(0x1, 0x5, 0x0, 0x0) socket$kcm(0x2, 0x3, 0x2) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x61, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 4.4236172s ago: executing program 2 (id=41702): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='cpu.weight\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000001c0)={[{0x2d, 'cpu'}]}, 0x5) write$cgroup_int(r3, &(0x7f0000000580)=0xe605, 0x12) 4.286898665s ago: executing program 0 (id=41704): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"}) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x10) r4 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r4, 0x84, 0x78, &(0x7f00000000c0)=r3, 0x4) 4.197856827s ago: executing program 1 (id=41716): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) socketpair(0x1, 0x5, 0x0, 0x0) socket$kcm(0x2, 0x3, 0x2) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x61, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 4.197416598s ago: executing program 2 (id=41706): openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="8c38f0ff10"], 0x0, 0x42, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000c9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, 0x0, 0x61}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000), 0xfdef) 4.080480811s ago: executing program 2 (id=41709): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000001800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xfe367, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="06000000040000001810000089"], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=""/103, &(0x7f0000000600), &(0x7f0000000500), 0x80, r3, 0x0, 0x7}, 0x38) 4.061748162s ago: executing program 3 (id=41711): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000f0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r1, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x0) socket$kcm(0x2, 0x3, 0x106) 3.918217927s ago: executing program 1 (id=41712): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0xe, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000100000085000000a0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 3.832882809s ago: executing program 2 (id=41713): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20002, 0x0, @perf_config_ext={0x5, 0x400007ff}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x8, 0x0, 0x8b, 0x0, 0x1, 0x420, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x8726, 0xa}, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2}, 0x0, 0x4, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) 3.832625169s ago: executing program 1 (id=41714): setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x300060c1) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x5, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8458, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 3.640355885s ago: executing program 1 (id=41715): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000010000e1850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$inet(r3, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x0) 3.530852799s ago: executing program 1 (id=41717): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372ce22fdb9"], 0xfdef) 3.348033775s ago: executing program 0 (id=41718): ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000000)={0x5, 0x80, 0x8, 0xeb, 0x7, 0x9, 0x0, 0x6, 0x10220, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_config_ext={0xffffffffffffffc0, 0x2}, 0x90020, 0x1, 0x1, 0x1c, 0x24, 0x408, 0x1, 0x0, 0x483, 0x0, 0x20008}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x5, r0}, 0x38) r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x19, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000070a00006a0a00fe0000000c850000005b000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) 2.897829359s ago: executing program 3 (id=41719): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x7, 0x9}, 0x92c, 0x2, 0x0, 0x1, 0x9, 0x800000, 0x1, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$cgroup_procs(r0, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000300)=r2, 0x12) write$cgroup_freezer_state(r1, &(0x7f0000000080)='THAWED\x00', 0x7) 2.732308514s ago: executing program 3 (id=41720): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r0) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 2.557031639s ago: executing program 3 (id=41721): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x101084, 0x10000, 0x0, 0x5, 0x7, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x1e, 0x4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000002e00000016400000000000005c00000000002816"], 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f00000006c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random=' \x00'}) 2.324797727s ago: executing program 0 (id=41722): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff7ffa}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) socketpair(0x1, 0x5, 0x0, 0x0) socket$kcm(0x2, 0x3, 0x2) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x61, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 233.441673ms ago: executing program 0 (id=41723): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000a0000000000000a07000000080000000000000b0400000009000000010000130c0000000740"], 0x0, 0x4a, 0x0, 0x1, 0x800, 0x10000}, 0x28) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x13, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x38b137f9a619bb39, 0x14, '\x00', 0x0, @fallback=0x2e, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0xcc0, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860186dd", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x60000002) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x739, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 223.012593ms ago: executing program 3 (id=41724): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0xf8, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x7, 0x4, 0x18, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b06d25a806c8c6f94f90324fc600e0005000a000200053582c137153e3708000180040010500400", 0x33fe0}], 0x1}, 0x0) 148.873306ms ago: executing program 2 (id=41725): setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @empty}, 0x10, 0x0}, 0x300060c1) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x5, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8458, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 148.531366ms ago: executing program 1 (id=41726): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x250a, 0x0, 0x0, 0x7, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002240)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000015c0)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r2}, &(0x7f0000000540), &(0x7f0000000700)=r1}, 0x3d) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 0s ago: executing program 3 (id=41727): r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) kernel console output (not intermixed with test programs): [ 2556.829842][T19682] netlink: 'syz.1.36869': attribute type 29 has an invalid length. [ 2561.142059][T19724] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.36897'. [ 2561.581057][T19744] netlink: 'syz.2.36906': attribute type 29 has an invalid length. [ 2561.598621][T19744] netlink: 'syz.2.36906': attribute type 29 has an invalid length. [ 2561.636720][T19744] netlink: 'syz.2.36906': attribute type 29 has an invalid length. [ 2561.646837][T19744] netlink: 'syz.2.36906': attribute type 29 has an invalid length. [ 2561.677810][T19744] netlink: 'syz.2.36906': attribute type 29 has an invalid length. [ 2561.688140][T19744] netlink: 'syz.2.36906': attribute type 29 has an invalid length. [ 2561.879514][T19754] netlink: 'syz.0.36900': attribute type 19 has an invalid length. [ 2561.889832][T19753] netlink: 'syz.3.36909': attribute type 29 has an invalid length. [ 2561.898372][T19754] netlink: 40 bytes leftover after parsing attributes in process `syz.0.36900'. [ 2561.911117][T19753] netlink: 'syz.3.36909': attribute type 29 has an invalid length. [ 2561.948091][T19753] netlink: 'syz.3.36909': attribute type 29 has an invalid length. [ 2561.961752][T19753] netlink: 'syz.3.36909': attribute type 29 has an invalid length. [ 2561.973438][T19753] netlink: 'syz.3.36909': attribute type 29 has an invalid length. [ 2561.982958][T19753] netlink: 'syz.3.36909': attribute type 29 has an invalid length. [ 2563.115662][T19772] delete_channel: no stack [ 2563.124717][T19772] delete_channel: no stack [ 2573.357788][T19819] delete_channel: no stack [ 2573.374353][T19818] netlink: 'syz.2.36926': attribute type 19 has an invalid length. [ 2573.382439][T19818] netlink: 40 bytes leftover after parsing attributes in process `syz.2.36926'. [ 2573.397477][T19819] delete_channel: no stack [ 2580.555503][T19851] delete_channel: no stack [ 2580.566075][T19851] delete_channel: no stack [ 2580.927606][T19862] delete_channel: no stack [ 2580.935468][T19862] delete_channel: no stack [ 2581.394715][T19868] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.36950'. [ 2581.600492][T19879] delete_channel: no stack [ 2581.624692][T19879] delete_channel: no stack [ 2583.417427][T19891] delete_channel: no stack [ 2583.428473][T19891] delete_channel: no stack [ 2583.997324][T19892] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.36960'. [ 2584.014119][T19892] openvswitch: netlink: IP tunnel dst address not specified [ 2584.358397][T19906] delete_channel: no stack [ 2584.365496][T19906] delete_channel: no stack [ 2586.894163][T19928] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.36976'. [ 2586.948117][T19928] openvswitch: netlink: IP tunnel dst address not specified [ 2589.730384][T19964] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.36988'. [ 2589.741364][T19964] openvswitch: netlink: IP tunnel dst address not specified [ 2590.114915][T19969] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.37001'. [ 2590.142723][T19969] openvswitch: netlink: IP tunnel dst address not specified [ 2590.940229][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2590.953478][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2591.316229][T19987] netlink: 'syz.0.36999': attribute type 5 has an invalid length. [ 2594.335419][T20024] netlink: 'syz.3.37013': attribute type 5 has an invalid length. [ 2598.853531][T20079] netlink: 'syz.1.37034': attribute type 30 has an invalid length. [ 2599.347381][T20093] syzkaller0: entered promiscuous mode [ 2599.357109][T20093] syzkaller0: entered allmulticast mode [ 2602.680008][T20112] netlink: 'syz.2.37046': attribute type 30 has an invalid length. [ 2603.210849][T20126] syzkaller0: entered promiscuous mode [ 2603.216546][T20126] syzkaller0: entered allmulticast mode [ 2607.603689][T20149] syzkaller0: entered promiscuous mode [ 2607.609228][T20149] syzkaller0: entered allmulticast mode [ 2611.357658][T20177] netlink: 14 bytes leftover after parsing attributes in process `syz.3.37070'. [ 2611.642235][T20185] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.37077'. [ 2613.705947][T20227] netlink: 14 bytes leftover after parsing attributes in process `syz.2.37088'. [ 2614.051524][T20230] netlink: 61967 bytes leftover after parsing attributes in process `syz.2.37091'. [ 2614.505271][T20245] netlink: 'syz.1.37098': attribute type 2 has an invalid length. [ 2614.534324][T20245] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37098'. [ 2615.294714][T20255] netlink: 14 bytes leftover after parsing attributes in process `syz.1.37105'. [ 2616.379564][T20283] netlink: 'syz.2.37116': attribute type 2 has an invalid length. [ 2616.388431][T20283] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37116'. [ 2616.997593][T20312] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.37127'. [ 2617.317973][T20322] pim6reg1: entered promiscuous mode [ 2617.324109][T20322] pim6reg1: entered allmulticast mode [ 2617.324246][T20320] netlink: 'syz.0.37131': attribute type 2 has an invalid length. [ 2617.339833][T20320] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37131'. [ 2617.877186][T20341] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.37141'. [ 2618.835593][T20360] pim6reg1: entered promiscuous mode [ 2618.840961][T20360] pim6reg1: entered allmulticast mode [ 2619.507377][T20373] pim6reg1: entered promiscuous mode [ 2619.512768][T20373] pim6reg1: entered allmulticast mode [ 2620.745471][T20385] pim6reg1: entered promiscuous mode [ 2620.778628][T20385] pim6reg1: entered allmulticast mode [ 2621.560185][T20401] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.37166'. [ 2623.622242][T20435] netlink: 199824 bytes leftover after parsing attributes in process `syz.0.37184'. [ 2640.206270][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.215654][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.224914][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.234242][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.243581][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.252714][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.262000][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.271162][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.280346][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2640.289493][T20610] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.352152][T20685] net_ratelimit: 3383 callbacks suppressed [ 2651.352173][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.367243][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.376422][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.385739][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.394882][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.403992][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.413127][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.422225][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.431334][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2651.440531][T20685] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2652.380239][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2652.388836][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2658.736050][T20712] net_ratelimit: 3319 callbacks suppressed [ 2658.736071][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.751179][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.759892][T20710] syzkaller0: left promiscuous mode [ 2658.760435][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.774541][T20710] syzkaller0: left allmulticast mode [ 2658.775459][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.789929][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.799245][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.808446][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.817602][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.826819][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2658.835989][T20712] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2680.306212][T20826] netlink: 'syz.3.37353': attribute type 11 has an invalid length. [ 2680.336594][T20826] netlink: 126292 bytes leftover after parsing attributes in process `syz.3.37353'. [ 2681.659759][T20845] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.37362'. [ 2681.942149][T20859] netlink: 'syz.0.37365': attribute type 11 has an invalid length. [ 2681.957402][T20859] netlink: 126292 bytes leftover after parsing attributes in process `syz.0.37365'. [ 2682.145406][T20863] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.37368'. [ 2682.215221][T20867] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37371'. [ 2682.337342][T20869] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37384'. [ 2682.366600][T20871] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.37376'. [ 2682.406207][T20875] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.37372'. [ 2682.562636][T20882] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.37388'. [ 2682.643336][T20885] netlink: 'syz.0.37381': attribute type 9 has an invalid length. [ 2682.785480][T20889] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.37385'. [ 2683.302905][T20909] netlink: 'syz.2.37393': attribute type 9 has an invalid length. [ 2683.908909][T20933] netlink: 'syz.3.37406': attribute type 9 has an invalid length. [ 2684.149054][T20941] netlink: 'syz.3.37419': attribute type 9 has an invalid length. [ 2686.865556][T20981] netlink: 'syz.3.37431': attribute type 6 has an invalid length. [ 2686.883286][T20981] __nla_validate_parse: 2 callbacks suppressed [ 2686.883306][T20981] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.37431'. [ 2688.525057][T21002] netlink: 168 bytes leftover after parsing attributes in process `syz.2.37446'. [ 2689.313919][T21017] netlink: 'syz.2.37445': attribute type 6 has an invalid length. [ 2689.348053][T21017] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.37445'. [ 2689.676372][T21033] netlink: 168 bytes leftover after parsing attributes in process `syz.0.37449'. [ 2689.874412][T21040] netlink: 'syz.3.37453': attribute type 1 has an invalid length. [ 2689.892647][T21040] netlink: 'syz.3.37453': attribute type 4 has an invalid length. [ 2689.915910][T21040] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.37453'. [ 2691.444655][T21065] netlink: 'syz.2.37466': attribute type 1 has an invalid length. [ 2691.523555][T21065] netlink: 'syz.2.37466': attribute type 4 has an invalid length. [ 2691.550758][T21065] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.37466'. [ 2692.272017][T21091] netlink: 'syz.1.37476': attribute type 1 has an invalid length. [ 2692.280526][T21091] netlink: 'syz.1.37476': attribute type 4 has an invalid length. [ 2692.289058][T21091] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.37476'. [ 2692.668992][T21097] netlink: 'syz.1.37486': attribute type 1 has an invalid length. [ 2692.721626][T21097] netlink: 'syz.1.37486': attribute type 4 has an invalid length. [ 2692.745211][T21097] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.37486'. [ 2699.042852][T21194] netlink: 'syz.3.37511': attribute type 10 has an invalid length. [ 2699.083505][T21194] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37511'. [ 2699.135296][T21194] net_ratelimit: 6648 callbacks suppressed [ 2699.135320][T21194] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 2701.967661][T21219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2702.197938][T21232] netlink: 'syz.1.37527': attribute type 10 has an invalid length. [ 2702.213806][T21232] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37527'. [ 2702.233234][T21232] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 2705.757833][T21262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2713.816199][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.835701][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2714.606851][T21402] netlink: 'syz.0.37603': attribute type 3 has an invalid length. [ 2714.631570][T21402] netlink: 132 bytes leftover after parsing attributes in process `syz.0.37603'. [ 2717.960275][T21435] netlink: 'syz.1.37617': attribute type 3 has an invalid length. [ 2717.969021][T21435] netlink: 132 bytes leftover after parsing attributes in process `syz.1.37617'. [ 2718.195744][T21443] netlink: 65027 bytes leftover after parsing attributes in process `syz.3.37624'. [ 2720.055907][T21469] netlink: 'syz.1.37633': attribute type 3 has an invalid length. [ 2720.102345][T21469] netlink: 132 bytes leftover after parsing attributes in process `syz.1.37633'. [ 2721.080557][T21477] netlink: 65027 bytes leftover after parsing attributes in process `syz.1.37637'. [ 2722.950257][T21491] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.37642'. [ 2724.514343][T21506] netlink: 'syz.2.37649': attribute type 3 has an invalid length. [ 2724.645406][T21506] netlink: 132 bytes leftover after parsing attributes in process `syz.2.37649'. [ 2729.991171][T21522] sctp: [Deprecated]: syz.3.37667 (pid 21522) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2729.991171][T21522] Use struct sctp_sack_info instead [ 2730.132545][T21525] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.37659'. [ 2731.290647][T21543] netlink: 'syz.1.37668': attribute type 39 has an invalid length. [ 2731.420566][T21547] netlink: 'syz.0.37665': attribute type 29 has an invalid length. [ 2731.462766][T21547] netlink: 'syz.0.37665': attribute type 29 has an invalid length. [ 2732.459393][T21593] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.37692'. [ 2732.483956][T21593] netlink: zone id is out of range [ 2732.489194][T21593] netlink: zone id is out of range [ 2732.513616][T21593] netlink: zone id is out of range [ 2732.519670][T21593] netlink: zone id is out of range [ 2732.534003][T21593] netlink: zone id is out of range [ 2732.543656][T21593] netlink: zone id is out of range [ 2732.563490][T21593] netlink: zone id is out of range [ 2732.568999][T21593] netlink: zone id is out of range [ 2732.579828][T21593] netlink: zone id is out of range [ 2732.593317][T21593] netlink: zone id is out of range [ 2733.044411][T21603] netlink: 'syz.2.37696': attribute type 10 has an invalid length. [ 2733.181419][T21603] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2733.217808][T21603] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 2735.644034][ T7794] Bluetooth: hci3: unexpected event 0x31 length: 15 > 6 [ 2736.185761][T21685] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.37730'. [ 2736.204939][T21685] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.37730'. [ 2736.645858][T21703] syz.2.37739: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 2736.699225][T21703] CPU: 0 PID: 21703 Comm: syz.2.37739 Not tainted syzkaller #0 [ 2736.707040][T21703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2736.717159][T21703] Call Trace: [ 2736.720455][T21703] [ 2736.723414][T21703] dump_stack_lvl+0x18c/0x250 [ 2736.728228][T21703] ? show_regs_print_info+0x20/0x20 [ 2736.733468][T21703] ? load_image+0x420/0x420 [ 2736.738038][T21703] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2736.744523][T21703] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 2736.751076][T21703] warn_alloc+0x246/0x340 [ 2736.755423][T21703] ? stack_trace_save+0xaa/0x100 [ 2736.760411][T21703] ? zone_watermark_ok_safe+0x230/0x230 [ 2736.766000][T21703] ? kasan_set_track+0x5f/0x70 [ 2736.771050][T21703] ? kasan_set_track+0x4e/0x70 [ 2736.775838][T21703] ? __kasan_kmalloc+0x8f/0xa0 [ 2736.780881][T21703] ? xsk_init_queue+0xad/0x100 [ 2736.785662][T21703] ? xsk_setsockopt+0x4e5/0x760 [ 2736.790513][T21703] ? do_sock_setsockopt+0x175/0x1a0 [ 2736.795751][T21703] ? __x64_sys_setsockopt+0x182/0x200 [ 2736.801339][T21703] __vmalloc_node_range+0x126/0x1330 [ 2736.806726][T21703] ? free_vm_area+0x50/0x50 [ 2736.811279][T21703] vmalloc_user+0x74/0x80 [ 2736.815637][T21703] ? xskq_create+0xbf/0x170 [ 2736.820154][T21703] xskq_create+0xbf/0x170 [ 2736.824527][T21703] xsk_init_queue+0xad/0x100 [ 2736.829158][T21703] xsk_setsockopt+0x4e5/0x760 [ 2736.834060][T21703] ? xsk_poll+0x680/0x680 [ 2736.838399][T21703] ? __fget_files+0x28/0x4b0 [ 2736.843043][T21703] ? __fget_files+0x28/0x4b0 [ 2736.847757][T21703] ? aa_sock_opt_perm+0x74/0x100 [ 2736.852706][T21703] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 2736.858288][T21703] ? security_socket_setsockopt+0x7e/0xa0 [ 2736.864200][T21703] ? xsk_poll+0x680/0x680 [ 2736.868546][T21703] do_sock_setsockopt+0x175/0x1a0 [ 2736.873587][T21703] ? __fdget+0x180/0x210 [ 2736.877836][T21703] __x64_sys_setsockopt+0x182/0x200 [ 2736.883110][T21703] do_syscall_64+0x55/0xb0 [ 2736.887618][T21703] ? clear_bhb_loop+0x40/0x90 [ 2736.892329][T21703] ? clear_bhb_loop+0x40/0x90 [ 2736.897016][T21703] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2736.902951][T21703] RIP: 0033:0x7f9f4339ce59 [ 2736.907474][T21703] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2736.927218][T21703] RSP: 002b:00007f9f44242028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2736.935831][T21703] RAX: ffffffffffffffda RBX: 00007f9f43615fa0 RCX: 00007f9f4339ce59 [ 2736.943924][T21703] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 2736.951938][T21703] RBP: 00007f9f43432d6f R08: 0000000000000004 R09: 0000000000000000 [ 2736.960244][T21703] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 2736.968223][T21703] R13: 00007f9f43616038 R14: 00007f9f43615fa0 R15: 00007ffc09572488 [ 2736.976396][T21703] [ 2736.981666][T21703] Mem-Info: [ 2736.986373][T21703] active_anon:11103 inactive_anon:0 isolated_anon:0 [ 2736.986373][T21703] active_file:18603 inactive_file:41046 isolated_file:0 [ 2736.986373][T21703] unevictable:768 dirty:190 writeback:0 [ 2736.986373][T21703] slab_reclaimable:10956 slab_unreclaimable:98719 [ 2736.986373][T21703] mapped:24066 shmem:1361 pagetables:529 [ 2736.986373][T21703] sec_pagetables:0 bounce:0 [ 2736.986373][T21703] kernel_misc_reclaimable:0 [ 2736.986373][T21703] free:1339227 free_pcp:5419 free_cma:0 [ 2737.035181][T21703] Node 0 active_anon:44412kB inactive_anon:0kB active_file:74412kB inactive_file:163984kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96264kB dirty:760kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9880kB pagetables:2116kB sec_pagetables:0kB all_unreclaimable? no [ 2737.070981][T21703] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 2737.107204][T21703] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2737.164821][T21703] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 2737.171469][T21703] Node 0 DMA32 free:1440400kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:44472kB inactive_anon:0kB active_file:74412kB inactive_file:163156kB unevictable:1536kB writepending:760kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:11572kB local_pcp:3640kB free_cma:0kB [ 2737.209138][T21703] lowmem_reserve[]: 0 0 0 0 0 [ 2737.214579][T21703] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2737.248394][T21703] lowmem_reserve[]: 0 0 0 0 0 [ 2737.259480][T21703] Node 1 Normal free:3901144kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:10816kB local_pcp:0kB free_cma:0kB [ 2737.289834][T21703] lowmem_reserve[]: 0 0 0 0 0 [ 2737.295117][T21703] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2737.308500][T21703] Node 0 DMA32: 1278*4kB (UME) 1095*8kB (UME) 1172*16kB (UME) 1417*32kB (UME) 1080*64kB (UME) 326*128kB (UME) 153*256kB (UME) 114*512kB (UM) 81*1024kB (UM) 21*2048kB (UME) 251*4096kB (UM) = 1440400kB [ 2737.329483][T21703] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 2737.342306][T21703] Node 1 Normal: 280*4kB (UME) 63*8kB (UME) 32*16kB (UME) 238*32kB (UME) 79*64kB (UME) 24*128kB (UME) 3*256kB (UME) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 947*4096kB (UM) = 3901144kB [ 2737.361743][T21703] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2737.371821][T21703] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2737.391270][T21703] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2737.401972][T21703] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2737.412034][T21703] 61010 total pagecache pages [ 2737.422631][T21703] 0 pages in swap cache [ 2737.448219][T21703] Free swap = 124996kB [ 2737.452665][T21703] Total swap = 124996kB [ 2737.468485][T21703] 2097051 pages RAM [ 2737.472373][T21703] 0 pages HighMem/MovableOnly [ 2737.497814][T21703] 416933 pages reserved [ 2737.502057][T21703] 0 pages cma reserved [ 2737.655173][ T7794] Bluetooth: hci1: unexpected subevent 0x05 length: 150 > 12 [ 2738.366198][T21747] net_ratelimit: 80 callbacks suppressed [ 2738.366219][T21747] wlan0: mtu greater than device maximum [ 2739.486361][ T7794] Bluetooth: hci3: Malformed Event: 0x2f [ 2739.733164][ T7794] Bluetooth: hci1: command 0x0406 tx timeout [ 2749.667876][T21889] netlink: 'syz.0.37807': attribute type 10 has an invalid length. [ 2749.713754][T21889] batadv0: left promiscuous mode [ 2749.850077][T21889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2749.878075][T21889] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 2751.138165][T21906] netlink: 'syz.3.37819': attribute type 29 has an invalid length. [ 2751.147611][T21906] netlink: 'syz.3.37819': attribute type 29 has an invalid length. [ 2751.343497][T21913] sctp: [Deprecated]: syz.1.37820 (pid 21913) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2751.343497][T21913] Use struct sctp_sack_info instead [ 2752.515734][T21946] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.37837'. [ 2763.197584][T22121] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.37912'. [ 2764.105559][T22137] netlink: 60243 bytes leftover after parsing attributes in process `syz.3.37921'. [ 2764.128280][T22137] netlink: 4 bytes leftover after parsing attributes in process `syz.3.37921'. [ 2764.275497][T22142] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.37920'. [ 2764.379135][T22148] sctp: [Deprecated]: syz.0.37922 (pid 22148) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2764.379135][T22148] Use struct sctp_sack_info instead [ 2764.545522][T22154] netlink: 'syz.3.37926': attribute type 21 has an invalid length. [ 2764.582169][T22154] netlink: 'syz.3.37926': attribute type 13 has an invalid length. [ 2764.592091][T22154] netlink: 6188 bytes leftover after parsing attributes in process `syz.3.37926'. [ 2764.697092][ T7794] Bluetooth: hci1: ISO packet too small [ 2768.963165][ T7794] Bluetooth: hci0: ISO packet too small [ 2769.350886][T22207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2769.466947][T22211] netlink: 'syz.1.37951': attribute type 1 has an invalid length. [ 2769.475022][T22211] netlink: 'syz.1.37951': attribute type 4 has an invalid length. [ 2769.485266][T22211] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.37951'. [ 2771.948678][T22270] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37988'. [ 2772.668856][T22299] netlink: 539 bytes leftover after parsing attributes in process `syz.3.37993'. [ 2773.737173][T22312] netlink: 'syz.0.37998': attribute type 22 has an invalid length. [ 2773.785050][ T7794] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 2774.377150][T22336] netlink: 'syz.3.38010': attribute type 2 has an invalid length. [ 2774.385752][T22336] netlink: 'syz.3.38010': attribute type 1 has an invalid length. [ 2774.397884][T22336] netlink: 'syz.3.38010': attribute type 8 has an invalid length. [ 2774.415801][T22336] netlink: 88 bytes leftover after parsing attributes in process `syz.3.38010'. [ 2775.258084][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2775.271708][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2775.721184][T22371] syzkaller0: entered promiscuous mode [ 2775.726993][T22371] syzkaller0: entered allmulticast mode [ 2775.785181][T22375] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38020'. [ 2775.813155][T22317] Bluetooth: hci2: command 0x0406 tx timeout [ 2779.822484][T22462] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.38068'. [ 2782.958854][T22317] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2783.632210][T22531] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38092'. [ 2783.673210][T22531] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2783.785672][T22530] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2784.901113][T22550] netlink: 152 bytes leftover after parsing attributes in process `syz.1.38103'. [ 2784.935153][T22550] tc_dump_action: action bad kind [ 2785.999168][T22576] tun0: tun_chr_ioctl cmd 2147767520 [ 2786.478713][T22582] netlink: 'syz.3.38119': attribute type 1 has an invalid length. [ 2786.491213][T22582] netlink: 'syz.3.38119': attribute type 4 has an invalid length. [ 2786.499738][T22582] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.38119'. [ 2788.376640][T22626] netlink: 'syz.0.38137': attribute type 3 has an invalid length. [ 2788.393476][T22626] netlink: 'syz.0.38137': attribute type 1 has an invalid length. [ 2788.408837][T22626] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.38137'. [ 2788.982154][T22637] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.38155'. [ 2789.079261][T22643] netlink: 'syz.1.38148': attribute type 39 has an invalid length. [ 2789.433457][T22651] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.38152'. [ 2805.867203][T22929] netlink: 'syz.1.38272': attribute type 11 has an invalid length. [ 2805.875442][T22929] netlink: 184116 bytes leftover after parsing attributes in process `syz.1.38272'. [ 2805.963797][T22929] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 2805.983187][T22929] CPU: 0 PID: 22929 Comm: syz.1.38272 Not tainted syzkaller #0 [ 2805.990820][T22929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2806.000929][T22929] Call Trace: [ 2806.004343][T22929] [ 2806.007294][T22929] dump_stack_lvl+0x18c/0x250 [ 2806.012021][T22929] ? show_regs_print_info+0x20/0x20 [ 2806.017248][T22929] ? load_image+0x420/0x420 [ 2806.021800][T22929] sysfs_warn_dup+0x8e/0xa0 [ 2806.026441][T22929] sysfs_do_create_link_sd+0xc0/0x110 [ 2806.031841][T22929] device_add_class_symlinks+0x1cf/0x240 [ 2806.039105][T22929] device_add+0x507/0xc50 [ 2806.043488][T22929] wiphy_register+0x1dad/0x2ae0 [ 2806.048400][T22929] ? cfg80211_event_work+0x40/0x40 [ 2806.053623][T22929] ? minstrel_ht_alloc+0x88a/0x990 [ 2806.058773][T22929] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2806.064864][T22929] ieee80211_register_hw+0x3464/0x4250 [ 2806.070368][T22929] ? ieee80211_tasklet_handler+0x20/0x20 [ 2806.076051][T22929] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2806.082151][T22929] ? __debug_object_init+0xec/0x450 [ 2806.087380][T22929] ? __asan_memset+0x22/0x40 [ 2806.091999][T22929] ? __hrtimer_init+0x186/0x270 [ 2806.096872][T22929] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2806.102641][T22929] ? mac80211_hwsim_free+0x220/0x220 [ 2806.108207][T22929] ? rcu_is_watching+0x15/0xb0 [ 2806.113011][T22929] ? kstrndup+0xbd/0x140 [ 2806.117299][T22929] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2806.122452][T22929] ? __nla_validate+0x50/0x50 [ 2806.127177][T22929] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2806.133561][T22929] ? __nla_parse+0x40/0x50 [ 2806.138010][T22929] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2806.144374][T22929] genl_family_rcv_msg_doit+0x211/0x310 [ 2806.149964][T22929] ? end_current_label_crit_section+0x170/0x170 [ 2806.156239][T22929] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2806.162160][T22929] ? bpf_lsm_capable+0x9/0x10 [ 2806.167205][T22929] ? security_capable+0x89/0xb0 [ 2806.172094][T22929] genl_rcv_msg+0x619/0x7a0 [ 2806.176632][T22929] ? genl_bind+0x360/0x360 [ 2806.181062][T22929] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2806.187406][T22929] ? ref_tracker_free+0x690/0x840 [ 2806.193107][T22929] netlink_rcv_skb+0x241/0x4d0 [ 2806.198090][T22929] ? genl_bind+0x360/0x360 [ 2806.202731][T22929] ? netlink_ack+0x1180/0x1180 [ 2806.207614][T22929] ? __lock_acquire+0x7d40/0x7d40 [ 2806.212666][T22929] ? down_read+0x1ac/0x2e0 [ 2806.217196][T22929] genl_rcv+0x28/0x40 [ 2806.221229][T22929] netlink_unicast+0x751/0x8d0 [ 2806.226057][T22929] netlink_sendmsg+0x8d0/0xbf0 [ 2806.230877][T22929] ? netlink_getsockopt+0x590/0x590 [ 2806.236121][T22929] ? aa_sock_msg_perm+0x94/0x150 [ 2806.241164][T22929] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2806.246727][T22929] ? security_socket_sendmsg+0x80/0xa0 [ 2806.252209][T22929] ? netlink_getsockopt+0x590/0x590 [ 2806.257430][T22929] ____sys_sendmsg+0x5ba/0x960 [ 2806.262227][T22929] ? __asan_memset+0x22/0x40 [ 2806.266844][T22929] ? __sys_sendmsg_sock+0x30/0x30 [ 2806.271894][T22929] ? __import_iovec+0x5f2/0x850 [ 2806.276771][T22929] ? import_iovec+0x73/0xa0 [ 2806.281294][T22929] ___sys_sendmsg+0x2a6/0x360 [ 2806.286099][T22929] ? __sys_sendmsg+0x2a0/0x2a0 [ 2806.290963][T22929] ? __lock_acquire+0x7d40/0x7d40 [ 2806.296032][T22929] __se_sys_sendmsg+0x1c2/0x2b0 [ 2806.300909][T22929] ? __x64_sys_sendmsg+0x80/0x80 [ 2806.305891][T22929] ? lockdep_hardirqs_on+0x98/0x150 [ 2806.311132][T22929] do_syscall_64+0x55/0xb0 [ 2806.315563][T22929] ? clear_bhb_loop+0x40/0x90 [ 2806.320278][T22929] ? clear_bhb_loop+0x40/0x90 [ 2806.325097][T22929] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2806.331080][T22929] RIP: 0033:0x7fc12f59ce59 [ 2806.335516][T22929] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2806.355765][T22929] RSP: 002b:00007fc13039c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2806.364305][T22929] RAX: ffffffffffffffda RBX: 00007fc12f815fa0 RCX: 00007fc12f59ce59 [ 2806.372298][T22929] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 2806.380369][T22929] RBP: 00007fc12f632d6f R08: 0000000000000000 R09: 0000000000000000 [ 2806.388381][T22929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2806.396383][T22929] R13: 00007fc12f816038 R14: 00007fc12f815fa0 R15: 00007ffeacea5758 [ 2806.404651][T22929] [ 2806.712955][T22942] netlink: 'syz.1.38274': attribute type 3 has an invalid length. [ 2806.773503][T22942] netlink: 'syz.1.38274': attribute type 6 has an invalid length. [ 2806.789751][T22942] netlink: 144448 bytes leftover after parsing attributes in process `syz.1.38274'. [ 2807.725678][T22961] netlink: 152 bytes leftover after parsing attributes in process `syz.1.38294'. [ 2807.742296][T22960] netlink: 'syz.0.38282': attribute type 9 has an invalid length. [ 2807.771137][T22960] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.38282'. [ 2809.121695][T22969] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2811.648818][T23022] netlink: 208064 bytes leftover after parsing attributes in process `syz.3.38311'. [ 2811.704040][T23022] netlink: 'syz.3.38311': attribute type 1 has an invalid length. [ 2812.828269][T23071] netlink: 60 bytes leftover after parsing attributes in process `syz.3.38332'. [ 2812.853358][T23071] netlink: 60 bytes leftover after parsing attributes in process `syz.3.38332'. [ 2813.114751][T23082] netlink: 168 bytes leftover after parsing attributes in process `syz.2.38337'. [ 2815.689712][T23122] netlink: 15794 bytes leftover after parsing attributes in process `syz.2.38355'. [ 2825.206088][T23209] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.38395'. [ 2827.701097][T23244] netlink: 'syz.2.38411': attribute type 11 has an invalid length. [ 2827.722930][T23244] netlink: 184116 bytes leftover after parsing attributes in process `syz.2.38411'. [ 2827.751755][T23244] debugfs: Directory '!!' with parent 'ieee80211' already present! [ 2829.831442][T23280] netlink: 'syz.2.38425': attribute type 11 has an invalid length. [ 2829.863316][T23280] netlink: 184116 bytes leftover after parsing attributes in process `syz.2.38425'. [ 2829.896117][T23280] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 2829.937568][T23280] CPU: 0 PID: 23280 Comm: syz.2.38425 Not tainted syzkaller #0 [ 2829.945307][T23280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2829.955459][T23280] Call Trace: [ 2829.958772][T23280] [ 2829.961757][T23280] dump_stack_lvl+0x18c/0x250 [ 2829.966495][T23280] ? show_regs_print_info+0x20/0x20 [ 2829.971736][T23280] ? load_image+0x420/0x420 [ 2829.976302][T23280] sysfs_warn_dup+0x8e/0xa0 [ 2829.980861][T23280] sysfs_do_create_link_sd+0xc0/0x110 [ 2829.986302][T23280] device_add_class_symlinks+0x1cf/0x240 [ 2829.992016][T23280] device_add+0x507/0xc50 [ 2829.996510][T23280] wiphy_register+0x1dad/0x2ae0 [ 2830.001624][T23280] ? cfg80211_event_work+0x40/0x40 [ 2830.006881][T23280] ? minstrel_ht_alloc+0x88a/0x990 [ 2830.012237][T23280] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2830.018472][T23280] ieee80211_register_hw+0x3464/0x4250 [ 2830.024035][T23280] ? ieee80211_tasklet_handler+0x20/0x20 [ 2830.029733][T23280] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2830.035702][T23280] ? __debug_object_init+0xec/0x450 [ 2830.041072][T23280] ? __asan_memset+0x22/0x40 [ 2830.045721][T23280] ? __hrtimer_init+0x186/0x270 [ 2830.050631][T23280] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2830.056529][T23280] ? mac80211_hwsim_free+0x220/0x220 [ 2830.061873][T23280] ? rcu_is_watching+0x15/0xb0 [ 2830.066709][T23280] ? kstrndup+0xbd/0x140 [ 2830.071027][T23280] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2830.076200][T23280] ? __nla_validate+0x50/0x50 [ 2830.080957][T23280] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2830.087390][T23280] ? __nla_parse+0x40/0x50 [ 2830.091885][T23280] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2830.098376][T23280] genl_family_rcv_msg_doit+0x211/0x310 [ 2830.103993][T23280] ? end_current_label_crit_section+0x170/0x170 [ 2830.110826][T23280] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2830.116787][T23280] ? bpf_lsm_capable+0x9/0x10 [ 2830.121529][T23280] ? security_capable+0x89/0xb0 [ 2830.126465][T23280] genl_rcv_msg+0x619/0x7a0 [ 2830.131055][T23280] ? genl_bind+0x360/0x360 [ 2830.135546][T23280] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2830.142028][T23280] ? ref_tracker_free+0x690/0x840 [ 2830.147124][T23280] netlink_rcv_skb+0x241/0x4d0 [ 2830.151937][T23280] ? genl_bind+0x360/0x360 [ 2830.156381][T23280] ? netlink_ack+0x1180/0x1180 [ 2830.161262][T23280] ? __lock_acquire+0x7d40/0x7d40 [ 2830.166314][T23280] ? down_read+0x1ac/0x2e0 [ 2830.170765][T23280] genl_rcv+0x28/0x40 [ 2830.174851][T23280] netlink_unicast+0x751/0x8d0 [ 2830.179744][T23280] netlink_sendmsg+0x8d0/0xbf0 [ 2830.184624][T23280] ? netlink_getsockopt+0x590/0x590 [ 2830.189862][T23280] ? aa_sock_msg_perm+0x94/0x150 [ 2830.194827][T23280] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2830.200154][T23280] ? security_socket_sendmsg+0x80/0xa0 [ 2830.205635][T23280] ? netlink_getsockopt+0x590/0x590 [ 2830.210880][T23280] ____sys_sendmsg+0x5ba/0x960 [ 2830.215672][T23280] ? __asan_memset+0x22/0x40 [ 2830.220304][T23280] ? __sys_sendmsg_sock+0x30/0x30 [ 2830.225426][T23280] ? __import_iovec+0x5f2/0x850 [ 2830.230297][T23280] ? import_iovec+0x73/0xa0 [ 2830.234841][T23280] ___sys_sendmsg+0x2a6/0x360 [ 2830.239543][T23280] ? __sys_sendmsg+0x2a0/0x2a0 [ 2830.244383][T23280] __se_sys_sendmsg+0x1c2/0x2b0 [ 2830.249257][T23280] ? __x64_sys_sendmsg+0x80/0x80 [ 2830.254326][T23280] ? lockdep_hardirqs_on+0x98/0x150 [ 2830.259554][T23280] do_syscall_64+0x55/0xb0 [ 2830.263983][T23280] ? clear_bhb_loop+0x40/0x90 [ 2830.268679][T23280] ? clear_bhb_loop+0x40/0x90 [ 2830.273383][T23280] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2830.279384][T23280] RIP: 0033:0x7f9f4339ce59 [ 2830.283902][T23280] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2830.304045][T23280] RSP: 002b:00007f9f44242028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2830.312487][T23280] RAX: ffffffffffffffda RBX: 00007f9f43615fa0 RCX: 00007f9f4339ce59 [ 2830.320565][T23280] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 2830.328547][T23280] RBP: 00007f9f43432d6f R08: 0000000000000000 R09: 0000000000000000 [ 2830.336536][T23280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2830.344518][T23280] R13: 00007f9f43616038 R14: 00007f9f43615fa0 R15: 00007ffc09572488 [ 2830.352522][T23280] [ 2836.099880][T23368] netlink: 'syz.2.38459': attribute type 14 has an invalid length. [ 2836.133136][T23368] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.38459'. [ 2836.742612][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2836.749326][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2844.518296][T23461] syz.1.38497[23461] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2844.518631][T23461] syz.1.38497[23461] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2852.701214][T23540] netlink: 'syz.1.38532': attribute type 1 has an invalid length. [ 2852.867589][T23540] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.38532'. [ 2870.075428][T23734] netlink: 156 bytes leftover after parsing attributes in process `syz.3.38604'. [ 2870.573736][T16809] Bluetooth: hci1: ISO packet too small [ 2871.005538][T23749] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38608'. [ 2873.074687][T16809] Bluetooth: hci1: ISO packet too small [ 2873.425009][T23788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2875.690707][T23823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2875.790950][T23827] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38635'. [ 2875.804967][T23827] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2875.831712][T23824] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2877.943265][T23853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2878.119464][T23857] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2878.227181][T23857] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38651'. [ 2878.249642][T23857] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2879.942832][T23881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2880.481057][T23894] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38666'. [ 2880.530334][T23891] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2880.583400][T23894] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2882.879297][T23915] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2883.248088][T23923] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38677'. [ 2883.254987][T23919] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2883.279473][T23923] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2885.417667][T23947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2886.001884][T23962] sctp: [Deprecated]: syz.2.38692 (pid 23962) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2886.001884][T23962] Use struct sctp_sack_info instead [ 2888.796379][T23994] netlink: 'syz.3.38707': attribute type 39 has an invalid length. [ 2892.440850][T24038] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2892.477289][T24040] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38723'. [ 2892.502625][T24040] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2893.355380][T24054] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38738'. [ 2893.405393][T24054] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2893.481886][T24051] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2895.397263][T24086] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.38744'. [ 2895.417291][T24086] netlink: zone id is out of range [ 2895.422495][T24086] netlink: zone id is out of range [ 2895.453670][T24086] netlink: zone id is out of range [ 2895.458882][T24086] netlink: zone id is out of range [ 2895.483244][T24086] netlink: zone id is out of range [ 2895.488569][T24086] netlink: zone id is out of range [ 2895.555405][T24091] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2898.125087][T24128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2898.202750][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2898.202933][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2898.340370][T24130] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.38760'. [ 2898.350459][T24130] net_ratelimit: 84 callbacks suppressed [ 2898.350477][T24130] netlink: zone id is out of range [ 2898.373287][T24130] netlink: zone id is out of range [ 2898.383401][T24130] netlink: zone id is out of range [ 2898.395388][T24130] netlink: zone id is out of range [ 2898.408165][T24130] netlink: zone id is out of range [ 2898.419459][T24130] netlink: zone id is out of range [ 2898.433283][T24130] netlink: zone id is out of range [ 2898.444590][T24130] netlink: zone id is out of range [ 2898.456562][T24130] netlink: zone id is out of range [ 2898.481396][T24130] netlink: zone id is out of range [ 2904.130548][T16809] Bluetooth: hci1: unexpected event 0x31 length: 15 > 6 [ 2907.648585][T16809] Bluetooth: hci2: unexpected event 0x31 length: 15 > 6 [ 2907.990486][T16809] Bluetooth: hci2: unexpected subevent 0x05 length: 150 > 12 [ 2908.041687][T24218] syz.0.38799: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 2908.113186][T24218] CPU: 1 PID: 24218 Comm: syz.0.38799 Not tainted syzkaller #0 [ 2908.120819][T24218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2908.130914][T24218] Call Trace: [ 2908.134232][T24218] [ 2908.137201][T24218] dump_stack_lvl+0x18c/0x250 [ 2908.142246][T24218] ? show_regs_print_info+0x20/0x20 [ 2908.147871][T24218] ? load_image+0x420/0x420 [ 2908.152527][T24218] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2908.159181][T24218] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 2908.165736][T24218] warn_alloc+0x246/0x340 [ 2908.170117][T24218] ? stack_trace_save+0xaa/0x100 [ 2908.175103][T24218] ? zone_watermark_ok_safe+0x230/0x230 [ 2908.180721][T24218] ? kasan_set_track+0x5f/0x70 [ 2908.185543][T24218] ? kasan_set_track+0x4e/0x70 [ 2908.190346][T24218] ? __kasan_kmalloc+0x8f/0xa0 [ 2908.195154][T24218] ? xsk_init_queue+0xad/0x100 [ 2908.200050][T24218] ? xsk_setsockopt+0x4e5/0x760 [ 2908.204935][T24218] ? do_sock_setsockopt+0x175/0x1a0 [ 2908.210193][T24218] ? __x64_sys_setsockopt+0x182/0x200 [ 2908.215617][T24218] __vmalloc_node_range+0x126/0x1330 [ 2908.220980][T24218] ? free_vm_area+0x50/0x50 [ 2908.225540][T24218] vmalloc_user+0x74/0x80 [ 2908.229918][T24218] ? xskq_create+0xbf/0x170 [ 2908.234460][T24218] xskq_create+0xbf/0x170 [ 2908.238845][T24218] xsk_init_queue+0xad/0x100 [ 2908.243569][T24218] xsk_setsockopt+0x4e5/0x760 [ 2908.248565][T24218] ? xsk_poll+0x680/0x680 [ 2908.253238][T24218] ? __fget_files+0x28/0x4b0 [ 2908.257880][T24218] ? __fget_files+0x28/0x4b0 [ 2908.262511][T24218] ? aa_sock_opt_perm+0x74/0x100 [ 2908.267540][T24218] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 2908.273145][T24218] ? security_socket_setsockopt+0x7e/0xa0 [ 2908.279019][T24218] ? xsk_poll+0x680/0x680 [ 2908.283408][T24218] do_sock_setsockopt+0x175/0x1a0 [ 2908.288481][T24218] ? __fdget+0x180/0x210 [ 2908.292866][T24218] __x64_sys_setsockopt+0x182/0x200 [ 2908.298122][T24218] do_syscall_64+0x55/0xb0 [ 2908.302666][T24218] ? clear_bhb_loop+0x40/0x90 [ 2908.307377][T24218] ? clear_bhb_loop+0x40/0x90 [ 2908.312102][T24218] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2908.318328][T24218] RIP: 0033:0x7f12af19ce59 [ 2908.322792][T24218] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2908.342455][T24218] RSP: 002b:00007f12affbf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2908.350923][T24218] RAX: ffffffffffffffda RBX: 00007f12af415fa0 RCX: 00007f12af19ce59 [ 2908.358950][T24218] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 2908.366971][T24218] RBP: 00007f12af232d6f R08: 0000000000000004 R09: 0000000000000000 [ 2908.375250][T24218] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 2908.383275][T24218] R13: 00007f12af416038 R14: 00007f12af415fa0 R15: 00007ffcf78348f8 [ 2908.391404][T24218] [ 2908.456975][T24218] Mem-Info: [ 2908.460191][T24218] active_anon:11075 inactive_anon:0 isolated_anon:0 [ 2908.460191][T24218] active_file:18603 inactive_file:41112 isolated_file:0 [ 2908.460191][T24218] unevictable:768 dirty:197 writeback:0 [ 2908.460191][T24218] slab_reclaimable:10891 slab_unreclaimable:100264 [ 2908.460191][T24218] mapped:23999 shmem:1361 pagetables:510 [ 2908.460191][T24218] sec_pagetables:0 bounce:0 [ 2908.460191][T24218] kernel_misc_reclaimable:0 [ 2908.460191][T24218] free:1329685 free_pcp:11887 free_cma:0 [ 2908.519743][T24218] Node 0 active_anon:44500kB inactive_anon:0kB active_file:74412kB inactive_file:164248kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95996kB dirty:788kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9916kB pagetables:2140kB sec_pagetables:0kB all_unreclaimable? no [ 2908.556043][T24218] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 2908.608763][T24218] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2908.639654][T24218] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 2908.646668][T24218] Node 0 DMA32 free:1401976kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:44560kB inactive_anon:0kB active_file:74412kB inactive_file:163420kB unevictable:1536kB writepending:788kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:36492kB local_pcp:17776kB free_cma:0kB [ 2908.679653][T24218] lowmem_reserve[]: 0 0 0 0 0 [ 2908.685169][T24218] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2908.745431][T24218] lowmem_reserve[]: 0 0 0 0 0 [ 2908.756764][T24218] Node 1 Normal free:3901400kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:10560kB local_pcp:10560kB free_cma:0kB [ 2908.888291][T24218] lowmem_reserve[]: 0 0 0 0 0 [ 2908.914750][T24218] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2908.987366][T24218] Node 0 DMA32: 308*4kB (ME) 383*8kB (UME) 339*16kB (UME) 692*32kB (UME) 1024*64kB (UME) 350*128kB (UME) 179*256kB (UME) 117*512kB (UM) 81*1024kB (UM) 21*2048kB (UME) 251*4096kB (UM) = 1401976kB [ 2909.039762][T24218] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 2909.070874][T24218] Node 1 Normal: 280*4kB (UME) 63*8kB (UME) 32*16kB (UME) 244*32kB (UME) 80*64kB (UME) 24*128kB (UME) 3*256kB (UME) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 947*4096kB (UM) = 3901400kB [ 2909.119636][T24218] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2909.146625][T24218] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2909.171982][T24218] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2909.201533][T24218] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2909.231210][T24218] 63651 total pagecache pages [ 2909.246852][T24218] 0 pages in swap cache [ 2909.262822][T24218] Free swap = 124996kB [ 2909.287482][T24218] Total swap = 124996kB [ 2909.291709][T24218] 2097051 pages RAM [ 2909.316988][T24218] 0 pages HighMem/MovableOnly [ 2909.321743][T24218] 416933 pages reserved [ 2909.393492][T24218] 0 pages cma reserved [ 2909.966057][T16809] Bluetooth: hci0: unexpected subevent 0x05 length: 150 > 12 [ 2910.053063][T16809] Bluetooth: hci2: command 0x0406 tx timeout [ 2912.053150][T16809] Bluetooth: hci0: command 0x0406 tx timeout [ 2914.132329][T24306] net_ratelimit: 80 callbacks suppressed [ 2914.132350][T24306] wlan0: mtu greater than device maximum [ 2917.975836][T24378] netlink: 'syz.0.38865': attribute type 9 has an invalid length. [ 2917.994560][T24378] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.38865'. [ 2918.172460][T24381] netlink: 'syz.0.38865': attribute type 9 has an invalid length. [ 2918.181010][T24381] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.38865'. [ 2922.410393][T24451] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.38895'. [ 2924.202016][T24484] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.38907'. [ 2924.765761][T24491] netlink: 'syz.3.38911': attribute type 21 has an invalid length. [ 2924.790719][T24491] netlink: 'syz.3.38911': attribute type 19 has an invalid length. [ 2924.806200][T24491] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.38911'. [ 2926.129520][T24516] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.38921'. [ 2926.602840][T24527] netlink: 'syz.1.38925': attribute type 21 has an invalid length. [ 2926.637105][T24527] netlink: 'syz.1.38925': attribute type 19 has an invalid length. [ 2926.665511][T24527] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.38925'. [ 2928.097850][T24540] netlink: 'syz.2.38932': attribute type 3 has an invalid length. [ 2928.137724][T24540] netlink: 'syz.2.38932': attribute type 1 has an invalid length. [ 2928.164161][T24540] netlink: 116 bytes leftover after parsing attributes in process `syz.2.38932'. [ 2928.212696][T24540] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 2933.449708][T24666] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.38985'. [ 2933.966413][T24682] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.39000'. [ 2934.215741][T24689] netlink: 'syz.1.38993': attribute type 3 has an invalid length. [ 2934.238928][T24689] netlink: 'syz.1.38993': attribute type 1 has an invalid length. [ 2934.252903][T24689] netlink: 116 bytes leftover after parsing attributes in process `syz.1.38993'. [ 2934.269227][T24689] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 2934.720577][T24700] netlink: 'syz.2.39001': attribute type 10 has an invalid length. [ 2934.985174][T24700] veth0_macvtap: left promiscuous mode [ 2935.627079][T24709] netlink: 'syz.1.39011': attribute type 9 has an invalid length. [ 2935.651013][T24709] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.39011'. [ 2935.795432][T24712] netlink: 'syz.1.39011': attribute type 9 has an invalid length. [ 2935.829949][T24712] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.39011'. [ 2936.506309][T24734] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.39013'. [ 2936.898221][T16809] Bluetooth: hci1: Dropping invalid advertising data [ 2936.906140][T16809] Bluetooth: hci1: Malformed LE Event: 0x02 [ 2937.290682][T24754] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.39022'. [ 2937.585994][T24764] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.39025'. [ 2938.422916][T24783] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.39042'. [ 2938.438987][T24783] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2938.509377][T24787] syzkaller0: entered promiscuous mode [ 2938.515233][T24787] syzkaller0: entered allmulticast mode [ 2938.835995][T24795] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.39039'. [ 2940.926334][T24835] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.39060'. [ 2941.000117][T24837] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.39061'. [ 2941.024907][T24839] netlink: 'syz.1.39063': attribute type 10 has an invalid length. [ 2941.104067][T24839] veth0_macvtap: left promiscuous mode [ 2944.509230][T24915] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.39100'. [ 2944.552471][T24918] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.39099'. [ 2945.273140][T24943] netlink: 'syz.0.39112': attribute type 21 has an invalid length. [ 2948.358792][T24951] netlink: 'syz.0.39114': attribute type 10 has an invalid length. [ 2948.369293][T24951] veth0_macvtap: left promiscuous mode [ 2949.345098][T24980] netlink: 'syz.3.39129': attribute type 10 has an invalid length. [ 2949.446664][T24980] veth0_macvtap: left promiscuous mode [ 2950.597033][T25013] netlink: 'syz.1.39144': attribute type 10 has an invalid length. [ 2950.779155][T25015] syz.2.39145[25015] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2950.779415][T25015] syz.2.39145[25015] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2951.984339][T25043] syz.0.39156[25043] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2952.014189][T25043] syz.0.39156[25043] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2953.802562][T25070] syz.3.39169[25070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2953.825531][T25070] syz.3.39169[25070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2954.119610][T25082] netlink: 156 bytes leftover after parsing attributes in process `syz.2.39173'. [ 2955.759519][T25107] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.39184'. [ 2955.791957][ T3663] tipc: Subscription rejected, illegal request [ 2956.003902][T25116] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2956.012279][T25116] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2956.034813][T25116] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2956.042396][T25116] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2956.147117][T25116] bond0: (slave batadv0): Releasing backup interface [ 2959.617952][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2959.633366][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2965.082830][T25188] netlink: 156 bytes leftover after parsing attributes in process `syz.3.39220'. [ 2966.288630][T25221] netlink: 156 bytes leftover after parsing attributes in process `syz.0.39234'. [ 2969.408625][T16809] Bluetooth: hci1: Malformed LE Event: 0x02 [ 2969.789402][T25284] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2969.811059][T25284] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2969.885875][T25284] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2969.917074][T25284] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2969.935121][T16809] Bluetooth: hci0: Malformed LE Event: 0x02 [ 2969.972037][T25284] bridge0: port 3(batadv0) entered disabled state [ 2970.102548][T25284] batadv0 (unregistering): left allmulticast mode [ 2970.123414][T25284] bridge0: port 3(batadv0) entered disabled state [ 2971.369773][T16809] Bluetooth: hci2: Malformed LE Event: 0x02 [ 2971.526750][T25314] syzkaller0: entered promiscuous mode [ 2971.532309][T25314] syzkaller0: entered allmulticast mode [ 2975.607691][T25326] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2975.615306][T25326] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2975.623875][T25326] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2975.631342][T25326] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2975.675168][T25326] bond0: (slave batadv0): Releasing backup interface [ 2978.755031][T25434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2995.571188][T25667] syzkaller0: entered promiscuous mode [ 2995.582799][T25667] syzkaller0: entered allmulticast mode [ 2999.800081][T25729] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.39439'. [ 3001.054486][T25761] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.39454'. [ 3002.314446][T25788] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.39466'. [ 3013.913462][T25963] syzkaller0: entered promiscuous mode [ 3013.939744][T25963] syzkaller0: entered allmulticast mode [ 3020.156303][T26070] syzkaller0: entered promiscuous mode [ 3020.162509][T26070] syzkaller0: entered allmulticast mode [ 3021.031439][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 3021.037928][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 3027.046606][T26100] syzkaller0: entered promiscuous mode [ 3027.052230][T26100] syzkaller0: entered allmulticast mode [ 3031.687975][T26136] sctp: [Deprecated]: syz.3.39612 (pid 26136) Use of struct sctp_assoc_value in delayed_ack socket option. [ 3031.687975][T26136] Use struct sctp_sack_info instead [ 3037.053380][T26181] sctp: [Deprecated]: syz.2.39631 (pid 26181) Use of struct sctp_assoc_value in delayed_ack socket option. [ 3037.053380][T26181] Use struct sctp_sack_info instead [ 3042.013421][T26214] sctp: [Deprecated]: syz.0.39645 (pid 26214) Use of struct sctp_assoc_value in delayed_ack socket option. [ 3042.013421][T26214] Use struct sctp_sack_info instead [ 3042.173682][T26216] netlink: 'syz.3.39647': attribute type 10 has an invalid length. [ 3042.338115][T26216] team0: Device vxcan1 is of different type [ 3044.229723][T26254] netlink: 'syz.2.39661': attribute type 10 has an invalid length. [ 3044.488553][T26254] team0: Device vxcan1 is of different type [ 3044.932274][T26270] sctp: [Deprecated]: syz.1.39664 (pid 26270) Use of struct sctp_assoc_value in delayed_ack socket option. [ 3044.932274][T26270] Use struct sctp_sack_info instead [ 3046.265044][T26285] netlink: 'syz.1.39673': attribute type 10 has an invalid length. [ 3046.451297][T26290] netlink: 'syz.0.39675': attribute type 6 has an invalid length. [ 3046.457455][T26285] team0: Device vxcan1 is of different type [ 3046.464837][T26290] netlink: 212824 bytes leftover after parsing attributes in process `syz.0.39675'. [ 3048.560878][T26321] netlink: 'syz.0.39688': attribute type 10 has an invalid length. [ 3048.711954][T26321] team0: Device vxcan1 is of different type [ 3052.528357][T26408] netlink: 'syz.2.39733': attribute type 1 has an invalid length. [ 3052.539767][T26408] netlink: 'syz.2.39733': attribute type 4 has an invalid length. [ 3052.549429][T26408] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.39733'. [ 3053.410310][T26434] syzkaller0: entered promiscuous mode [ 3053.418240][T26434] syzkaller0: entered allmulticast mode [ 3062.161266][T26518] syzkaller0: entered promiscuous mode [ 3062.183213][T26518] syzkaller0: entered allmulticast mode [ 3064.577601][T16809] Bluetooth: hci0: unexpected event 0x2c length: 151 > 17 [ 3064.577643][T16809] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 3065.844444][T26561] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.39784'. [ 3067.557191][T26585] syzkaller0: entered promiscuous mode [ 3067.563223][T26585] syzkaller0: entered allmulticast mode [ 3072.297610][T26635] syzkaller0: entered promiscuous mode [ 3072.312782][T26635] syzkaller0: entered allmulticast mode [ 3079.099828][T26677] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.39834'. [ 3079.104058][T26675] netlink: 2220 bytes leftover after parsing attributes in process `syz.1.39832'. [ 3079.109645][T26677] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 3081.049942][T26714] netlink: 2220 bytes leftover after parsing attributes in process `syz.0.39847'. [ 3081.349144][T26720] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.39849'. [ 3081.364719][T26720] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 3081.708719][T26730] netlink: 'syz.2.39854': attribute type 2 has an invalid length. [ 3081.735101][T26730] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.39854'. [ 3082.456169][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 3082.462687][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 3082.732318][T26740] netlink: 2220 bytes leftover after parsing attributes in process `syz.2.39860'. [ 3084.840375][T26767] netlink: 'syz.3.39870': attribute type 2 has an invalid length. [ 3085.138899][T26767] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.39870'. [ 3086.322302][T26792] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 3086.551295][T26804] netlink: 'syz.0.39885': attribute type 2 has an invalid length. [ 3086.561693][T26804] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.39885'. [ 3087.339380][T26818] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 3087.379264][T26821] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.39894'. [ 3087.748855][T26825] netlink: 'syz.1.39895': attribute type 2 has an invalid length. [ 3087.762392][T26825] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.39895'. [ 3088.665108][T26847] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.39905'. [ 3092.955630][T26908] netlink: 'syz.2.39931': attribute type 29 has an invalid length. [ 3092.985992][T26908] netlink: 'syz.2.39931': attribute type 29 has an invalid length. [ 3093.022945][T26909] netlink: 'syz.2.39931': attribute type 29 has an invalid length. [ 3093.061987][T26908] netlink: 'syz.2.39931': attribute type 29 has an invalid length. [ 3093.096279][T26908] netlink: 'syz.2.39931': attribute type 29 has an invalid length. [ 3093.167086][T26908] netlink: 'syz.2.39931': attribute type 29 has an invalid length. [ 3094.533062][ T8] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 3095.234047][T26930] netlink: 'syz.0.39938': attribute type 2 has an invalid length. [ 3095.244344][T26930] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.39938'. [ 3095.510134][T26937] syzkaller0: left promiscuous mode [ 3095.544383][T26937] syzkaller0: left allmulticast mode [ 3097.445587][T26958] netlink: 'syz.3.39953': attribute type 2 has an invalid length. [ 3097.455497][T26958] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.39953'. [ 3097.796355][T26975] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.39959'. [ 3098.668526][T26984] netlink: 'syz.0.39961': attribute type 29 has an invalid length. [ 3098.677393][T26984] netlink: 'syz.0.39961': attribute type 29 has an invalid length. [ 3098.705870][T26984] netlink: 'syz.0.39961': attribute type 29 has an invalid length. [ 3098.738730][T26984] netlink: 'syz.0.39961': attribute type 29 has an invalid length. [ 3098.766651][T26984] netlink: 'syz.0.39961': attribute type 29 has an invalid length. [ 3098.883399][T26984] netlink: 'syz.0.39961': attribute type 29 has an invalid length. [ 3102.205724][T16809] Bluetooth: hci3: unexpected event 0x07 length: 15 < 255 [ 3105.151964][T27091] __sock_release: fasync list not empty! [ 3105.211268][T27095] netlink: 'syz.1.40006': attribute type 29 has an invalid length. [ 3105.222467][T27095] netlink: 'syz.1.40006': attribute type 29 has an invalid length. [ 3105.240624][T27095] netlink: 'syz.1.40006': attribute type 29 has an invalid length. [ 3105.259331][T27095] netlink: 'syz.1.40006': attribute type 29 has an invalid length. [ 3105.276133][T27095] netlink: 'syz.1.40006': attribute type 29 has an invalid length. [ 3105.333850][T27095] netlink: 'syz.1.40006': attribute type 29 has an invalid length. [ 3106.133994][T27121] __sock_release: fasync list not empty! [ 3107.015231][T27138] netlink: 'syz.3.40028': attribute type 29 has an invalid length. [ 3107.035707][T27138] netlink: 'syz.3.40028': attribute type 29 has an invalid length. [ 3107.079157][T27141] netlink: 'syz.3.40028': attribute type 29 has an invalid length. [ 3107.187659][T27138] netlink: 'syz.3.40028': attribute type 29 has an invalid length. [ 3108.212146][T27151] __sock_release: fasync list not empty! [ 3111.999787][T27212] validate_nla: 2 callbacks suppressed [ 3111.999807][T27212] netlink: 'syz.1.40062': attribute type 33 has an invalid length. [ 3112.016242][T27212] netlink: 40 bytes leftover after parsing attributes in process `syz.1.40062'. [ 3112.139923][T27214] syzkaller0: entered promiscuous mode [ 3112.146002][T27214] syzkaller0: entered allmulticast mode [ 3117.080331][T27268] netlink: 'syz.3.40084': attribute type 4 has an invalid length. [ 3117.149813][T27268] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.40084'. [ 3119.705342][T27304] netlink: 'syz.0.40111': attribute type 4 has an invalid length. [ 3119.723180][T27304] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.40111'. [ 3125.299032][T27365] lo: left promiscuous mode [ 3125.303882][T27365] lo: entered allmulticast mode [ 3125.312926][T27370] Q6`Ҙ: renamed from lo [ 3126.383946][T27392] netlink: 'syz.2.40139': attribute type 3 has an invalid length. [ 3126.443079][T27392] netlink: 132 bytes leftover after parsing attributes in process `syz.2.40139'. [ 3126.512349][T27397] netlink: 'syz.3.40141': attribute type 10 has an invalid length. [ 3126.555018][T27397] netlink: 40 bytes leftover after parsing attributes in process `syz.3.40141'. [ 3126.574331][T27397] veth0_vlan: left promiscuous mode [ 3126.601174][T27397] veth0_vlan: entered promiscuous mode [ 3126.638726][T27397] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 3126.764144][T27401] netlink: 'syz.0.40143': attribute type 4 has an invalid length. [ 3126.781879][T27401] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.40143'. [ 3128.487050][T27434] netlink: 'syz.2.40156': attribute type 21 has an invalid length. [ 3128.510156][T27434] netlink: 'syz.2.40156': attribute type 16 has an invalid length. [ 3128.532115][T27434] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.40156'. [ 3128.661006][T27441] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.40158'. [ 3128.671703][T27441] netlink: zone id is out of range [ 3128.679795][T27441] netlink: zone id is out of range [ 3128.685496][T27441] netlink: zone id is out of range [ 3128.691949][T27441] netlink: zone id is out of range [ 3128.723088][T27441] netlink: zone id is out of range [ 3128.756985][T27441] netlink: zone id is out of range [ 3128.810375][T27441] netlink: zone id is out of range [ 3128.865598][T27441] netlink: zone id is out of range [ 3128.870780][T27441] netlink: zone id is out of range [ 3137.460975][T27512] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.40190'. [ 3140.486340][T27521] syzkaller0: entered promiscuous mode [ 3143.896973][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 3143.912982][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 3144.015879][T27553] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.40208'. [ 3144.216171][T27565] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.40211'. [ 3144.524236][T27567] netlink: 'syz.1.40212': attribute type 3 has an invalid length. [ 3144.540407][T27567] netlink: 132 bytes leftover after parsing attributes in process `syz.1.40212'. [ 3148.083998][T27594] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.40222'. [ 3148.166787][T27596] netlink: 'syz.3.40226': attribute type 3 has an invalid length. [ 3148.182073][T27596] netlink: 132 bytes leftover after parsing attributes in process `syz.3.40226'. [ 3151.270683][T27646] netlink: 'syz.3.40248': attribute type 4 has an invalid length. [ 3151.289638][T27646] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.40248'. [ 3151.920274][T27657] netlink: 'syz.1.40260': attribute type 4 has an invalid length. [ 3151.940830][T27657] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.40260'. [ 3154.062091][T27694] netlink: 'syz.2.40267': attribute type 4 has an invalid length. [ 3154.071972][T27694] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.40267'. [ 3155.483719][T27706] netlink: 'syz.1.40282': attribute type 4 has an invalid length. [ 3155.498178][T27706] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.40282'. [ 3159.771905][T27738] netlink: 'syz.3.40289': attribute type 4 has an invalid length. [ 3159.782448][T27738] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.40289'. [ 3160.692106][T27775] netlink: 'syz.0.40311': attribute type 4 has an invalid length. [ 3160.701461][T27775] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.40311'. [ 3162.972447][T27826] netlink: 'syz.0.40326': attribute type 1 has an invalid length. [ 3162.981933][T27826] netlink: 'syz.0.40326': attribute type 4 has an invalid length. [ 3162.990347][T27826] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.40326'. [ 3164.265724][T27853] netlink: 'syz.2.40336': attribute type 1 has an invalid length. [ 3164.283127][T27853] netlink: 'syz.2.40336': attribute type 4 has an invalid length. [ 3164.291266][T27853] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.40336'. [ 3165.127360][T27885] netlink: 'syz.3.40348': attribute type 1 has an invalid length. [ 3165.135627][T27885] netlink: 'syz.3.40348': attribute type 4 has an invalid length. [ 3165.143966][T27885] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.40348'. [ 3165.492036][T27894] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.40362'. [ 3165.516861][T27894] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 3165.526700][T27894] CPU: 0 PID: 27894 Comm: syz.3.40362 Not tainted syzkaller #0 [ 3165.534486][T27894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3165.544598][T27894] Call Trace: [ 3165.547924][T27894] [ 3165.550893][T27894] dump_stack_lvl+0x18c/0x250 [ 3165.555640][T27894] ? show_regs_print_info+0x20/0x20 [ 3165.560886][T27894] ? load_image+0x420/0x420 [ 3165.565538][T27894] sysfs_warn_dup+0x8e/0xa0 [ 3165.570099][T27894] sysfs_do_create_link_sd+0xc0/0x110 [ 3165.575729][T27894] device_add_class_symlinks+0x1cf/0x240 [ 3165.581434][T27894] device_add+0x507/0xc50 [ 3165.585793][T27894] wiphy_register+0x1dad/0x2ae0 [ 3165.590720][T27894] ? cfg80211_event_work+0x40/0x40 [ 3165.595867][T27894] ? minstrel_ht_alloc+0x88a/0x990 [ 3165.601205][T27894] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 3165.607331][T27894] ieee80211_register_hw+0x3464/0x4250 [ 3165.612914][T27894] ? ieee80211_tasklet_handler+0x20/0x20 [ 3165.618580][T27894] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3165.624958][T27894] ? __debug_object_init+0xec/0x450 [ 3165.630209][T27894] ? __asan_memset+0x22/0x40 [ 3165.635054][T27894] ? __hrtimer_init+0x186/0x270 [ 3165.639955][T27894] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 3165.645731][T27894] ? mac80211_hwsim_free+0x220/0x220 [ 3165.651036][T27894] ? rcu_is_watching+0x15/0xb0 [ 3165.655840][T27894] ? kstrndup+0xbd/0x140 [ 3165.660135][T27894] hwsim_new_radio_nl+0xdc9/0x1a90 [ 3165.665322][T27894] ? __nla_validate+0x50/0x50 [ 3165.670035][T27894] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3165.676407][T27894] ? __nla_parse+0x40/0x50 [ 3165.680856][T27894] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 3165.687221][T27894] genl_family_rcv_msg_doit+0x211/0x310 [ 3165.692880][T27894] ? end_current_label_crit_section+0x170/0x170 [ 3165.699446][T27894] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 3165.705581][T27894] ? bpf_lsm_capable+0x9/0x10 [ 3165.710299][T27894] ? security_capable+0x89/0xb0 [ 3165.715288][T27894] genl_rcv_msg+0x619/0x7a0 [ 3165.719993][T27894] ? genl_bind+0x360/0x360 [ 3165.724523][T27894] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3165.730887][T27894] ? ref_tracker_free+0x690/0x840 [ 3165.735967][T27894] netlink_rcv_skb+0x241/0x4d0 [ 3165.740965][T27894] ? genl_bind+0x360/0x360 [ 3165.745511][T27894] ? netlink_ack+0x1180/0x1180 [ 3165.750316][T27894] ? __lock_acquire+0x7d40/0x7d40 [ 3165.755475][T27894] ? down_read+0x1ac/0x2e0 [ 3165.759939][T27894] genl_rcv+0x28/0x40 [ 3165.764027][T27894] netlink_unicast+0x751/0x8d0 [ 3165.768814][T27894] netlink_sendmsg+0x8d0/0xbf0 [ 3165.773608][T27894] ? netlink_getsockopt+0x590/0x590 [ 3165.778823][T27894] ? aa_sock_msg_perm+0x94/0x150 [ 3165.783784][T27894] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3165.789082][T27894] ? security_socket_sendmsg+0x80/0xa0 [ 3165.794564][T27894] ? netlink_getsockopt+0x590/0x590 [ 3165.799785][T27894] ____sys_sendmsg+0x5ba/0x960 [ 3165.804583][T27894] ? __asan_memset+0x22/0x40 [ 3165.809318][T27894] ? __sys_sendmsg_sock+0x30/0x30 [ 3165.814461][T27894] ? __import_iovec+0x5f2/0x850 [ 3165.819422][T27894] ? import_iovec+0x73/0xa0 [ 3165.823950][T27894] ___sys_sendmsg+0x2a6/0x360 [ 3165.828655][T27894] ? __sys_sendmsg+0x2a0/0x2a0 [ 3165.833516][T27894] __se_sys_sendmsg+0x1c2/0x2b0 [ 3165.838384][T27894] ? __x64_sys_sendmsg+0x80/0x80 [ 3165.843455][T27894] ? lockdep_hardirqs_on+0x98/0x150 [ 3165.848692][T27894] do_syscall_64+0x55/0xb0 [ 3165.853153][T27894] ? clear_bhb_loop+0x40/0x90 [ 3165.857847][T27894] ? clear_bhb_loop+0x40/0x90 [ 3165.862535][T27894] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3165.868456][T27894] RIP: 0033:0x7fd346b9ce59 [ 3165.873058][T27894] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3165.892767][T27894] RSP: 002b:00007fd347b3d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3165.901214][T27894] RAX: ffffffffffffffda RBX: 00007fd346e15fa0 RCX: 00007fd346b9ce59 [ 3165.909200][T27894] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 3165.917201][T27894] RBP: 00007fd346c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 3165.925202][T27894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3165.933468][T27894] R13: 00007fd346e16038 R14: 00007fd346e15fa0 R15: 00007ffc4ad59bf8 [ 3165.941495][T27894] [ 3165.976288][T27901] netlink: 'syz.2.40357': attribute type 4 has an invalid length. [ 3165.984621][T27901] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.40357'. [ 3168.563745][T27954] netlink: 830 bytes leftover after parsing attributes in process `syz.2.40383'. [ 3169.337358][T27976] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.40392'. [ 3169.375792][T27976] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 3169.403008][T27976] CPU: 1 PID: 27976 Comm: syz.1.40392 Not tainted syzkaller #0 [ 3169.410646][T27976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3169.420752][T27976] Call Trace: [ 3169.424085][T27976] [ 3169.427228][T27976] dump_stack_lvl+0x18c/0x250 [ 3169.431959][T27976] ? show_regs_print_info+0x20/0x20 [ 3169.437210][T27976] ? load_image+0x420/0x420 [ 3169.441787][T27976] sysfs_warn_dup+0x8e/0xa0 [ 3169.446339][T27976] sysfs_do_create_link_sd+0xc0/0x110 [ 3169.451748][T27976] device_add_class_symlinks+0x1cf/0x240 [ 3169.457416][T27976] device_add+0x507/0xc50 [ 3169.461784][T27976] wiphy_register+0x1dad/0x2ae0 [ 3169.466711][T27976] ? cfg80211_event_work+0x40/0x40 [ 3169.472450][T27976] ? minstrel_ht_alloc+0x88a/0x990 [ 3169.477598][T27976] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 3169.483726][T27976] ieee80211_register_hw+0x3464/0x4250 [ 3169.489531][T27976] ? ieee80211_tasklet_handler+0x20/0x20 [ 3169.495223][T27976] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3169.501366][T27976] ? __debug_object_init+0xec/0x450 [ 3169.506595][T27976] ? __asan_memset+0x22/0x40 [ 3169.511411][T27976] ? __hrtimer_init+0x186/0x270 [ 3169.516383][T27976] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 3169.522149][T27976] ? mac80211_hwsim_free+0x220/0x220 [ 3169.527723][T27976] ? rcu_is_watching+0x15/0xb0 [ 3169.532514][T27976] ? kstrndup+0xbd/0x140 [ 3169.536792][T27976] hwsim_new_radio_nl+0xdc9/0x1a90 [ 3169.541933][T27976] ? __nla_validate+0x50/0x50 [ 3169.546646][T27976] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3169.553002][T27976] ? __nla_parse+0x40/0x50 [ 3169.557528][T27976] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 3169.563880][T27976] genl_family_rcv_msg_doit+0x211/0x310 [ 3169.569536][T27976] ? end_current_label_crit_section+0x170/0x170 [ 3169.575799][T27976] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 3169.581722][T27976] ? bpf_lsm_capable+0x9/0x10 [ 3169.586506][T27976] ? security_capable+0x89/0xb0 [ 3169.591382][T27976] genl_rcv_msg+0x619/0x7a0 [ 3169.595929][T27976] ? genl_bind+0x360/0x360 [ 3169.600363][T27976] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3169.606721][T27976] ? ref_tracker_free+0x690/0x840 [ 3169.611776][T27976] netlink_rcv_skb+0x241/0x4d0 [ 3169.616560][T27976] ? genl_bind+0x360/0x360 [ 3169.620994][T27976] ? netlink_ack+0x1180/0x1180 [ 3169.625793][T27976] ? __lock_acquire+0x7d40/0x7d40 [ 3169.630847][T27976] ? down_read+0x1ac/0x2e0 [ 3169.635286][T27976] genl_rcv+0x28/0x40 [ 3169.639283][T27976] netlink_unicast+0x751/0x8d0 [ 3169.644076][T27976] netlink_sendmsg+0x8d0/0xbf0 [ 3169.648886][T27976] ? netlink_getsockopt+0x590/0x590 [ 3169.654104][T27976] ? aa_sock_msg_perm+0x94/0x150 [ 3169.659062][T27976] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3169.664374][T27976] ? security_socket_sendmsg+0x80/0xa0 [ 3169.669864][T27976] ? netlink_getsockopt+0x590/0x590 [ 3169.675077][T27976] ____sys_sendmsg+0x5ba/0x960 [ 3169.679869][T27976] ? __asan_memset+0x22/0x40 [ 3169.684480][T27976] ? __sys_sendmsg_sock+0x30/0x30 [ 3169.689544][T27976] ? __import_iovec+0x5f2/0x850 [ 3169.694437][T27976] ? import_iovec+0x73/0xa0 [ 3169.698960][T27976] ___sys_sendmsg+0x2a6/0x360 [ 3169.703768][T27976] ? __sys_sendmsg+0x2a0/0x2a0 [ 3169.708605][T27976] __se_sys_sendmsg+0x1c2/0x2b0 [ 3169.713500][T27976] ? __x64_sys_sendmsg+0x80/0x80 [ 3169.718666][T27976] ? syscall_enter_from_user_mode+0x20/0x80 [ 3169.724960][T27976] ? lockdep_hardirqs_on+0x98/0x150 [ 3169.730187][T27976] do_syscall_64+0x55/0xb0 [ 3169.734636][T27976] ? clear_bhb_loop+0x40/0x90 [ 3169.739562][T27976] ? clear_bhb_loop+0x40/0x90 [ 3169.744277][T27976] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3169.750899][T27976] RIP: 0033:0x7fc12f59ce59 [ 3169.755533][T27976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3169.775974][T27976] RSP: 002b:00007fc13039c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3169.784778][T27976] RAX: ffffffffffffffda RBX: 00007fc12f815fa0 RCX: 00007fc12f59ce59 [ 3169.792854][T27976] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 3169.800839][T27976] RBP: 00007fc12f632d6f R08: 0000000000000000 R09: 0000000000000000 [ 3169.808908][T27976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3169.816892][T27976] R13: 00007fc12f816038 R14: 00007fc12f815fa0 R15: 00007ffeacea5758 [ 3169.824896][T27976] [ 3171.950046][T28028] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.40408'. [ 3171.965854][T28028] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 3172.005663][T28028] CPU: 1 PID: 28028 Comm: syz.0.40408 Not tainted syzkaller #0 [ 3172.013324][T28028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3172.023882][T28028] Call Trace: [ 3172.027199][T28028] [ 3172.030170][T28028] dump_stack_lvl+0x18c/0x250 [ 3172.034909][T28028] ? show_regs_print_info+0x20/0x20 [ 3172.040267][T28028] ? load_image+0x420/0x420 [ 3172.044844][T28028] sysfs_warn_dup+0x8e/0xa0 [ 3172.049426][T28028] sysfs_do_create_link_sd+0xc0/0x110 [ 3172.055036][T28028] device_add_class_symlinks+0x1cf/0x240 [ 3172.060824][T28028] device_add+0x507/0xc50 [ 3172.065207][T28028] wiphy_register+0x1dad/0x2ae0 [ 3172.070142][T28028] ? cfg80211_event_work+0x40/0x40 [ 3172.075306][T28028] ? minstrel_ht_alloc+0x88a/0x990 [ 3172.080488][T28028] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 3172.086678][T28028] ieee80211_register_hw+0x3464/0x4250 [ 3172.092267][T28028] ? ieee80211_tasklet_handler+0x20/0x20 [ 3172.098006][T28028] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3172.103921][T28028] ? __debug_object_init+0xec/0x450 [ 3172.109150][T28028] ? __asan_memset+0x22/0x40 [ 3172.113780][T28028] ? __hrtimer_init+0x186/0x270 [ 3172.118699][T28028] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 3172.125096][T28028] ? mac80211_hwsim_free+0x220/0x220 [ 3172.130427][T28028] ? rcu_is_watching+0x15/0xb0 [ 3172.135226][T28028] ? kstrndup+0xbd/0x140 [ 3172.139606][T28028] hwsim_new_radio_nl+0xdc9/0x1a90 [ 3172.144757][T28028] ? __nla_validate+0x50/0x50 [ 3172.149483][T28028] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3172.156017][T28028] ? __nla_parse+0x40/0x50 [ 3172.160452][T28028] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 3172.166809][T28028] genl_family_rcv_msg_doit+0x211/0x310 [ 3172.172386][T28028] ? end_current_label_crit_section+0x170/0x170 [ 3172.178661][T28028] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 3172.184618][T28028] ? bpf_lsm_capable+0x9/0x10 [ 3172.189336][T28028] ? security_capable+0x89/0xb0 [ 3172.194240][T28028] genl_rcv_msg+0x619/0x7a0 [ 3172.198988][T28028] ? genl_bind+0x360/0x360 [ 3172.203731][T28028] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3172.210084][T28028] ? ref_tracker_free+0x690/0x840 [ 3172.215252][T28028] netlink_rcv_skb+0x241/0x4d0 [ 3172.220054][T28028] ? genl_bind+0x360/0x360 [ 3172.224507][T28028] ? netlink_ack+0x1180/0x1180 [ 3172.229406][T28028] ? __lock_acquire+0x7d40/0x7d40 [ 3172.234481][T28028] ? down_read+0x1ac/0x2e0 [ 3172.238916][T28028] genl_rcv+0x28/0x40 [ 3172.243091][T28028] netlink_unicast+0x751/0x8d0 [ 3172.247889][T28028] netlink_sendmsg+0x8d0/0xbf0 [ 3172.252778][T28028] ? netlink_getsockopt+0x590/0x590 [ 3172.258099][T28028] ? aa_sock_msg_perm+0x94/0x150 [ 3172.263149][T28028] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3172.268489][T28028] ? security_socket_sendmsg+0x80/0xa0 [ 3172.273985][T28028] ? netlink_getsockopt+0x590/0x590 [ 3172.279384][T28028] ____sys_sendmsg+0x5ba/0x960 [ 3172.284266][T28028] ? __asan_memset+0x22/0x40 [ 3172.288890][T28028] ? __sys_sendmsg_sock+0x30/0x30 [ 3172.293936][T28028] ? __import_iovec+0x5f2/0x850 [ 3172.298813][T28028] ? import_iovec+0x73/0xa0 [ 3172.303334][T28028] ___sys_sendmsg+0x2a6/0x360 [ 3172.308037][T28028] ? __sys_sendmsg+0x2a0/0x2a0 [ 3172.312884][T28028] __se_sys_sendmsg+0x1c2/0x2b0 [ 3172.317767][T28028] ? __x64_sys_sendmsg+0x80/0x80 [ 3172.322738][T28028] ? lockdep_hardirqs_on+0x98/0x150 [ 3172.328011][T28028] do_syscall_64+0x55/0xb0 [ 3172.332483][T28028] ? clear_bhb_loop+0x40/0x90 [ 3172.337223][T28028] ? clear_bhb_loop+0x40/0x90 [ 3172.341923][T28028] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3172.347937][T28028] RIP: 0033:0x7f12af19ce59 [ 3172.352398][T28028] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3172.372582][T28028] RSP: 002b:00007f12affbf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3172.381048][T28028] RAX: ffffffffffffffda RBX: 00007f12af415fa0 RCX: 00007f12af19ce59 [ 3172.389067][T28028] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 3172.397152][T28028] RBP: 00007f12af232d6f R08: 0000000000000000 R09: 0000000000000000 [ 3172.405165][T28028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3172.413164][T28028] R13: 00007f12af416038 R14: 00007f12af415fa0 R15: 00007ffcf78348f8 [ 3172.421180][T28028] [ 3173.327705][T28060] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.40429'. [ 3173.340316][T28060] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 3173.348528][T28060] CPU: 1 PID: 28060 Comm: syz.2.40429 Not tainted syzkaller #0 [ 3173.356226][T28060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3173.366329][T28060] Call Trace: [ 3173.369641][T28060] [ 3173.372603][T28060] dump_stack_lvl+0x18c/0x250 [ 3173.377337][T28060] ? show_regs_print_info+0x20/0x20 [ 3173.382603][T28060] ? load_image+0x420/0x420 [ 3173.387248][T28060] sysfs_warn_dup+0x8e/0xa0 [ 3173.391794][T28060] sysfs_do_create_link_sd+0xc0/0x110 [ 3173.397212][T28060] device_add_class_symlinks+0x1cf/0x240 [ 3173.403048][T28060] device_add+0x507/0xc50 [ 3173.407433][T28060] wiphy_register+0x1dad/0x2ae0 [ 3173.412361][T28060] ? cfg80211_event_work+0x40/0x40 [ 3173.417874][T28060] ? minstrel_ht_alloc+0x88a/0x990 [ 3173.423048][T28060] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 3173.429203][T28060] ieee80211_register_hw+0x3464/0x4250 [ 3173.434768][T28060] ? ieee80211_tasklet_handler+0x20/0x20 [ 3173.440453][T28060] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3173.446581][T28060] ? __debug_object_init+0xec/0x450 [ 3173.451834][T28060] ? __asan_memset+0x22/0x40 [ 3173.456643][T28060] ? __hrtimer_init+0x186/0x270 [ 3173.461532][T28060] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 3173.467295][T28060] ? mac80211_hwsim_free+0x220/0x220 [ 3173.472592][T28060] ? rcu_is_watching+0x15/0xb0 [ 3173.477388][T28060] ? kstrndup+0xbd/0x140 [ 3173.481665][T28060] hwsim_new_radio_nl+0xdc9/0x1a90 [ 3173.486817][T28060] ? __nla_validate+0x50/0x50 [ 3173.491612][T28060] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3173.497973][T28060] ? __nla_parse+0x40/0x50 [ 3173.502441][T28060] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 3173.508880][T28060] genl_family_rcv_msg_doit+0x211/0x310 [ 3173.514485][T28060] ? end_current_label_crit_section+0x170/0x170 [ 3173.520937][T28060] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 3173.526987][T28060] ? bpf_lsm_capable+0x9/0x10 [ 3173.531913][T28060] ? security_capable+0x89/0xb0 [ 3173.537027][T28060] genl_rcv_msg+0x619/0x7a0 [ 3173.541779][T28060] ? genl_bind+0x360/0x360 [ 3173.546425][T28060] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 3173.553631][T28060] ? ref_tracker_free+0x690/0x840 [ 3173.558962][T28060] netlink_rcv_skb+0x241/0x4d0 [ 3173.563766][T28060] ? genl_bind+0x360/0x360 [ 3173.568234][T28060] ? netlink_ack+0x1180/0x1180 [ 3173.573047][T28060] ? __lock_acquire+0x7d40/0x7d40 [ 3173.578194][T28060] ? down_read+0x1ac/0x2e0 [ 3173.582674][T28060] genl_rcv+0x28/0x40 [ 3173.586683][T28060] netlink_unicast+0x751/0x8d0 [ 3173.591601][T28060] netlink_sendmsg+0x8d0/0xbf0 [ 3173.596571][T28060] ? netlink_getsockopt+0x590/0x590 [ 3173.601879][T28060] ? aa_sock_msg_perm+0x94/0x150 [ 3173.606871][T28060] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3173.612178][T28060] ? security_socket_sendmsg+0x80/0xa0 [ 3173.617654][T28060] ? netlink_getsockopt+0x590/0x590 [ 3173.622876][T28060] ____sys_sendmsg+0x5ba/0x960 [ 3173.627681][T28060] ? __asan_memset+0x22/0x40 [ 3173.632290][T28060] ? __sys_sendmsg_sock+0x30/0x30 [ 3173.637354][T28060] ? __import_iovec+0x5f2/0x850 [ 3173.642250][T28060] ? import_iovec+0x73/0xa0 [ 3173.646770][T28060] ___sys_sendmsg+0x2a6/0x360 [ 3173.651552][T28060] ? __sys_sendmsg+0x2a0/0x2a0 [ 3173.656569][T28060] __se_sys_sendmsg+0x1c2/0x2b0 [ 3173.661439][T28060] ? __x64_sys_sendmsg+0x80/0x80 [ 3173.666420][T28060] ? lockdep_hardirqs_on+0x98/0x150 [ 3173.671826][T28060] do_syscall_64+0x55/0xb0 [ 3173.676442][T28060] ? clear_bhb_loop+0x40/0x90 [ 3173.681158][T28060] ? clear_bhb_loop+0x40/0x90 [ 3173.685941][T28060] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3173.691860][T28060] RIP: 0033:0x7f9f4339ce59 [ 3173.696292][T28060] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3173.716545][T28060] RSP: 002b:00007f9f44242028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3173.725243][T28060] RAX: ffffffffffffffda RBX: 00007f9f43615fa0 RCX: 00007f9f4339ce59 [ 3173.733427][T28060] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 3173.741700][T28060] RBP: 00007f9f43432d6f R08: 0000000000000000 R09: 0000000000000000 [ 3173.749691][T28060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3173.757700][T28060] R13: 00007f9f43616038 R14: 00007f9f43615fa0 R15: 00007ffc09572488 [ 3173.765797][T28060] [ 3175.481133][T28082] netlink: 830 bytes leftover after parsing attributes in process `syz.1.40437'. [ 3176.170254][T28100] netlink: 830 bytes leftover after parsing attributes in process `syz.0.40453'. [ 3176.579185][T28113] netlink: 'syz.3.40451': attribute type 29 has an invalid length. [ 3176.634928][T28113] netlink: 'syz.3.40451': attribute type 29 has an invalid length. [ 3176.652592][T28116] netlink: 'syz.3.40451': attribute type 29 has an invalid length. [ 3176.670273][T28113] netlink: 'syz.3.40451': attribute type 29 has an invalid length. [ 3176.727598][T28116] netlink: 'syz.3.40451': attribute type 29 has an invalid length. [ 3179.642507][T28169] netlink: 'syz.0.40475': attribute type 29 has an invalid length. [ 3179.656059][T28169] netlink: 'syz.0.40475': attribute type 29 has an invalid length. [ 3179.688769][T28173] netlink: 'syz.0.40475': attribute type 29 has an invalid length. [ 3179.719406][T28169] netlink: 'syz.0.40475': attribute type 29 has an invalid length. [ 3179.768942][T28169] netlink: 'syz.0.40475': attribute type 29 has an invalid length. [ 3182.226979][T28208] netlink: 'syz.1.40490': attribute type 29 has an invalid length. [ 3183.901300][T28208] netlink: 'syz.1.40490': attribute type 29 has an invalid length. [ 3187.335633][T16809] Bluetooth: hci2: hcon ffff88801f3a0000 sent 1 < count 16384 [ 3192.944478][T16809] Bluetooth: hci3: hcon ffff888057f28000 sent 1 < count 16384 [ 3193.055587][T28375] __sock_release: fasync list not empty! [ 3193.997076][T28401] __sock_release: fasync list not empty! [ 3194.120109][T16809] Bluetooth: hci3: unexpected subevent 0x06 length: 150 > 10 [ 3194.133258][T16809] Bluetooth: min 0 < 6 [ 3195.215098][T28432] __sock_release: fasync list not empty! [ 3195.655487][T16809] Bluetooth: hci0: unexpected subevent 0x06 length: 150 > 10 [ 3196.049023][T28450] netlink: 44 bytes leftover after parsing attributes in process `syz.3.40596'. [ 3196.217066][T16809] Bluetooth: hci3: command 0x0406 tx timeout [ 3197.733022][T16809] Bluetooth: hci0: command 0x0406 tx timeout [ 3198.095523][T28470] netlink: 'syz.2.40605': attribute type 29 has an invalid length. [ 3198.138471][T28467] syzkaller0: entered promiscuous mode [ 3198.144222][T28467] syzkaller0: entered allmulticast mode [ 3198.153754][T28470] netlink: 'syz.2.40605': attribute type 29 has an invalid length. [ 3198.162965][T28474] netlink: 'syz.2.40605': attribute type 29 has an invalid length. [ 3198.184759][T28476] netlink: 'syz.2.40605': attribute type 29 has an invalid length. [ 3198.221395][T28470] netlink: 'syz.2.40605': attribute type 29 has an invalid length. [ 3198.682772][T16809] Bluetooth: hci2: unexpected event 0x08 length: 151 > 4 [ 3202.989767][T16809] Bluetooth: hci3: unexpected event 0x08 length: 151 > 4 [ 3203.845956][T28502] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.40621'. [ 3205.337833][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 3205.353741][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 3205.543395][T28566] syzkaller0: entered promiscuous mode [ 3205.551315][T28566] syzkaller0: entered allmulticast mode [ 3205.561944][T28568] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.40647'. [ 3206.053193][T16809] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 3206.064179][T28541] Bluetooth: hci2: command 0x0406 tx timeout [ 3206.077552][T28579] netlink: 'syz.0.40660': attribute type 29 has an invalid length. [ 3208.515645][T28579] netlink: 'syz.0.40660': attribute type 29 has an invalid length. [ 3210.825204][T28612] syz.1.40662[28612] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 3210.825645][T28612] syz.1.40662[28612] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 3210.996918][T28623] netlink: 'syz.2.40666': attribute type 1 has an invalid length. [ 3211.834377][T28655] syzkaller0: entered promiscuous mode [ 3211.843745][T28655] syzkaller0: entered allmulticast mode [ 3212.004939][T28661] syzkaller0: entered promiscuous mode [ 3212.010514][T28661] syzkaller0: entered allmulticast mode [ 3212.036900][T28664] netlink: 'syz.1.40678': attribute type 1 has an invalid length. [ 3214.384808][T28701] @: renamed from bond_slave_0 (while UP) [ 3215.519701][T28715] syzkaller0: entered promiscuous mode [ 3215.530789][T28715] syzkaller0: entered allmulticast mode [ 3217.599301][T28748] syzkaller0: entered promiscuous mode [ 3217.605509][T28748] syzkaller0: entered allmulticast mode [ 3224.388386][T28854] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.40754'. [ 3229.045430][T28931] netlink: 'syz.0.40782': attribute type 2 has an invalid length. [ 3229.067944][T28931] netlink: 'syz.0.40782': attribute type 1 has an invalid length. [ 3229.093796][T28931] netlink: 198036 bytes leftover after parsing attributes in process `syz.0.40782'. [ 3230.246386][T28943] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.40788'. [ 3230.765076][T28961] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.40794'. [ 3230.996288][T28964] netlink: 'syz.2.40795': attribute type 21 has an invalid length. [ 3231.007411][T28964] netlink: 'syz.2.40795': attribute type 10 has an invalid length. [ 3231.016506][T28964] netlink: 'syz.2.40795': attribute type 12 has an invalid length. [ 3231.027032][T28964] netlink: 'syz.2.40795': attribute type 13 has an invalid length. [ 3231.039140][T28964] netlink: 'syz.2.40795': attribute type 14 has an invalid length. [ 3231.050778][T28964] netlink: 'syz.2.40795': attribute type 15 has an invalid length. [ 3231.060649][T28964] netlink: 'syz.2.40795': attribute type 16 has an invalid length. [ 3231.070776][T28964] netlink: 'syz.2.40795': attribute type 19 has an invalid length. [ 3231.079433][T28964] netlink: 12226 bytes leftover after parsing attributes in process `syz.2.40795'. [ 3234.622534][T29024] validate_nla: 2 callbacks suppressed [ 3234.622555][T29024] netlink: 'syz.3.40819': attribute type 2 has an invalid length. [ 3234.640728][T29024] netlink: 'syz.3.40819': attribute type 1 has an invalid length. [ 3234.650151][T29024] netlink: 198036 bytes leftover after parsing attributes in process `syz.3.40819'. [ 3235.453229][T29037] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.40826'. [ 3235.955464][T29052] netlink: 'syz.1.40830': attribute type 2 has an invalid length. [ 3235.981268][T29052] netlink: 'syz.1.40830': attribute type 1 has an invalid length. [ 3236.003186][T29052] netlink: 198036 bytes leftover after parsing attributes in process `syz.1.40830'. [ 3237.780820][T29092] netlink: 'syz.0.40850': attribute type 21 has an invalid length. [ 3237.813064][T29092] netlink: 'syz.0.40850': attribute type 10 has an invalid length. [ 3237.821041][T29092] netlink: 'syz.0.40850': attribute type 12 has an invalid length. [ 3237.848756][T29092] netlink: 'syz.0.40850': attribute type 13 has an invalid length. [ 3237.883147][T29092] netlink: 'syz.0.40850': attribute type 14 has an invalid length. [ 3237.901751][T29092] netlink: 'syz.0.40850': attribute type 15 has an invalid length. [ 3237.912936][T29092] netlink: 12226 bytes leftover after parsing attributes in process `syz.0.40850'. [ 3240.409803][T29122] validate_nla: 4 callbacks suppressed [ 3240.409823][T29122] netlink: 'syz.3.40863': attribute type 10 has an invalid length. [ 3240.432308][T29122] bridge0: port 2(bridge_slave_1) entered disabled state [ 3240.439696][T29122] bridge0: port 1(bridge_slave_0) entered disabled state [ 3240.482761][T29122] bridge0: port 2(bridge_slave_1) entered blocking state [ 3240.490067][T29122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3240.497731][T29122] bridge0: port 1(bridge_slave_0) entered blocking state [ 3240.505091][T29122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3240.534746][T29122] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 3240.698386][T29133] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.40866'. [ 3241.960797][T29154] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.40874'. [ 3241.986335][T29154] net_ratelimit: 43 callbacks suppressed [ 3241.986420][T29154] netlink: zone id is out of range [ 3242.009875][T29154] netlink: zone id is out of range [ 3242.029272][T29154] netlink: zone id is out of range [ 3242.037113][T29154] netlink: zone id is out of range [ 3242.043818][T29154] netlink: zone id is out of range [ 3242.050139][T29154] netlink: zone id is out of range [ 3242.091256][T29154] netlink: zone id is out of range [ 3242.111328][T29154] netlink: zone id is out of range [ 3242.132555][T29154] netlink: zone id is out of range [ 3242.147573][T29154] netlink: zone id is out of range [ 3243.565550][T29168] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.40878'. [ 3244.197535][T29184] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.40887'. [ 3245.297499][T29210] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.40898'. [ 3246.115333][T29239] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.40910'. [ 3246.274267][T29249] warn_alloc: 2 callbacks suppressed [ 3246.274347][T29249] syz.0.40915: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 3246.337675][T29249] CPU: 1 PID: 29249 Comm: syz.0.40915 Not tainted syzkaller #0 [ 3246.345488][T29249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3246.355601][T29249] Call Trace: [ 3246.359005][T29249] [ 3246.361989][T29249] dump_stack_lvl+0x18c/0x250 [ 3246.366742][T29249] ? show_regs_print_info+0x20/0x20 [ 3246.372034][T29249] ? load_image+0x420/0x420 [ 3246.376670][T29249] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 3246.383165][T29249] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 3246.389780][T29249] warn_alloc+0x246/0x340 [ 3246.394268][T29249] ? stack_trace_save+0xaa/0x100 [ 3246.399384][T29249] ? zone_watermark_ok_safe+0x230/0x230 [ 3246.405066][T29249] ? kasan_set_track+0x5f/0x70 [ 3246.409942][T29249] ? kasan_set_track+0x4e/0x70 [ 3246.414803][T29249] ? __kasan_kmalloc+0x8f/0xa0 [ 3246.420108][T29249] ? xsk_init_queue+0xad/0x100 [ 3246.425122][T29249] ? xsk_setsockopt+0x4e5/0x760 [ 3246.430039][T29249] ? do_sock_setsockopt+0x175/0x1a0 [ 3246.435444][T29249] ? __x64_sys_setsockopt+0x182/0x200 [ 3246.440956][T29249] __vmalloc_node_range+0x126/0x1330 [ 3246.446328][T29249] ? free_vm_area+0x50/0x50 [ 3246.451114][T29249] vmalloc_user+0x74/0x80 [ 3246.455670][T29249] ? xskq_create+0xbf/0x170 [ 3246.460213][T29249] xskq_create+0xbf/0x170 [ 3246.464795][T29249] xsk_init_queue+0xad/0x100 [ 3246.469950][T29249] xsk_setsockopt+0x4e5/0x760 [ 3246.474768][T29249] ? xsk_poll+0x680/0x680 [ 3246.479195][T29249] ? __fget_files+0x28/0x4b0 [ 3246.483837][T29249] ? __fget_files+0x28/0x4b0 [ 3246.488471][T29249] ? aa_sock_opt_perm+0x74/0x100 [ 3246.493730][T29249] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 3246.499688][T29249] ? security_socket_setsockopt+0x7e/0xa0 [ 3246.505545][T29249] ? xsk_poll+0x680/0x680 [ 3246.510208][T29249] do_sock_setsockopt+0x175/0x1a0 [ 3246.515528][T29249] ? __fdget+0x180/0x210 [ 3246.519921][T29249] __x64_sys_setsockopt+0x182/0x200 [ 3246.525468][T29249] do_syscall_64+0x55/0xb0 [ 3246.529994][T29249] ? clear_bhb_loop+0x40/0x90 [ 3246.534781][T29249] ? clear_bhb_loop+0x40/0x90 [ 3246.539495][T29249] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3246.545859][T29249] RIP: 0033:0x7f12af19ce59 [ 3246.550641][T29249] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3246.570571][T29249] RSP: 002b:00007f12affbf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 3246.579031][T29249] RAX: ffffffffffffffda RBX: 00007f12af415fa0 RCX: 00007f12af19ce59 [ 3246.587232][T29249] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 3246.595424][T29249] RBP: 00007f12af232d6f R08: 0000000000000004 R09: 0000000000000000 [ 3246.603545][T29249] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 3246.611736][T29249] R13: 00007f12af416038 R14: 00007f12af415fa0 R15: 00007ffcf78348f8 [ 3246.619751][T29249] [ 3246.645691][T29249] Mem-Info: [ 3246.649042][T29249] active_anon:13334 inactive_anon:0 isolated_anon:0 [ 3246.649042][T29249] active_file:18603 inactive_file:41242 isolated_file:0 [ 3246.649042][T29249] unevictable:768 dirty:218 writeback:0 [ 3246.649042][T29249] slab_reclaimable:11152 slab_unreclaimable:99469 [ 3246.649042][T29249] mapped:24000 shmem:1361 pagetables:556 [ 3246.649042][T29249] sec_pagetables:0 bounce:0 [ 3246.649042][T29249] kernel_misc_reclaimable:0 [ 3246.649042][T29249] free:1332726 free_pcp:7208 free_cma:0 [ 3246.743052][T29249] Node 0 active_anon:53736kB inactive_anon:0kB active_file:74412kB inactive_file:164768kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96000kB dirty:872kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9904kB pagetables:2224kB sec_pagetables:0kB all_unreclaimable? no [ 3246.815530][T29249] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 3246.883151][T29249] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3246.923473][T29249] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 3246.933261][T29249] Node 0 DMA32 free:1411640kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:55196kB inactive_anon:0kB active_file:74412kB inactive_file:163940kB unevictable:1536kB writepending:872kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:19228kB local_pcp:15904kB free_cma:0kB [ 3246.977911][T29249] lowmem_reserve[]: 0 0 0 0 0 [ 3246.986540][T29249] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3247.031985][T29249] lowmem_reserve[]: 0 0 0 0 0 [ 3247.042999][T29249] Node 1 Normal free:3901400kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:10560kB local_pcp:10560kB free_cma:0kB [ 3247.091562][T29249] lowmem_reserve[]: 0 0 0 0 0 [ 3247.103152][T29249] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 3247.146362][T29249] Node 0 DMA32: 65*4kB (UE) 473*8kB (UE) 753*16kB (UME) 1054*32kB (UME) 1911*64kB (UME) 756*128kB (UME) 330*256kB (UME) 206*512kB (UM) 104*1024kB (UM) 26*2048kB (UME) 193*4096kB (UM) = 1409116kB [ 3247.217105][T29249] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 3247.266425][T29249] Node 1 Normal: 280*4kB (UME) 63*8kB (UME) 32*16kB (UME) 244*32kB (UME) 80*64kB (UME) 24*128kB (UME) 3*256kB (UME) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 947*4096kB (UM) = 3901400kB [ 3247.319238][T29249] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3247.342988][T29249] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3247.362915][T29249] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3247.387500][T29249] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 3247.416445][T29249] 61206 total pagecache pages [ 3247.421529][T29249] 0 pages in swap cache [ 3247.440610][T29249] Free swap = 124996kB [ 3247.452051][T29249] Total swap = 124996kB [ 3247.462879][T29249] 2097051 pages RAM [ 3247.471506][T29249] 0 pages HighMem/MovableOnly [ 3247.483145][T29249] 416933 pages reserved [ 3247.487595][T29249] 0 pages cma reserved [ 3247.712425][T29268] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.40924'. [ 3249.758872][T29296] netlink: 'syz.2.40934': attribute type 10 has an invalid length. [ 3252.358666][T29327] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.40945'. [ 3254.068278][T29358] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.40960'. [ 3255.629812][T29385] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.40970'. [ 3256.240395][T29407] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.40977'. [ 3256.480367][T29413] netlink: 'syz.2.40981': attribute type 1 has an invalid length. [ 3256.488710][T29413] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.40981'. [ 3257.151584][T29431] syzkaller0: entered promiscuous mode [ 3257.168603][T29431] syzkaller0: entered allmulticast mode [ 3257.176149][T29434] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.40987'. [ 3257.459970][T29444] netlink: 'syz.3.40992': attribute type 1 has an invalid length. [ 3257.498270][T29444] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.40992'. [ 3259.070729][T29463] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.41002'. [ 3259.237465][T29471] netlink: 'syz.1.41005': attribute type 1 has an invalid length. [ 3259.248591][T29471] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.41005'. [ 3259.842433][T29478] syzkaller0: entered promiscuous mode [ 3259.859344][T29478] syzkaller0: entered allmulticast mode [ 3260.002473][T29487] netlink: 'syz.0.41011': attribute type 10 has an invalid length. [ 3260.815166][T29508] netlink: 'syz.0.41019': attribute type 1 has an invalid length. [ 3260.828213][T29508] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.41019'. [ 3260.954195][T29510] syzkaller0: entered promiscuous mode [ 3260.959831][T29510] syzkaller0: entered allmulticast mode [ 3266.526217][T29597] netlink: 'syz.3.41046': attribute type 29 has an invalid length. [ 3266.671301][T29597] netlink: 'syz.3.41046': attribute type 29 has an invalid length. [ 3266.713313][T29600] netlink: 'syz.3.41046': attribute type 29 has an invalid length. [ 3266.780959][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 3266.787459][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 3266.931172][T29603] netlink: 'syz.1.41047': attribute type 10 has an invalid length. [ 3267.089862][T29607] -: renamed from syzkaller0 (while UP) [ 3267.327765][T29613] netlink: 'syz.0.41057': attribute type 29 has an invalid length. [ 3267.410013][T29613] netlink: 'syz.0.41057': attribute type 29 has an invalid length. [ 3267.456894][T29614] netlink: 'syz.0.41057': attribute type 29 has an invalid length. [ 3267.906995][T28541] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 3268.291494][T29632] syzkaller0: entered promiscuous mode [ 3268.334323][T29632] syzkaller0: entered allmulticast mode [ 3269.087850][T29647] netlink: 'syz.1.41060': attribute type 29 has an invalid length. [ 3269.144600][T29647] netlink: 'syz.1.41060': attribute type 29 has an invalid length. [ 3269.170180][T29652] netlink: 'syz.1.41060': attribute type 29 has an invalid length. [ 3269.356504][T29648] -: renamed from syzkaller0 [ 3269.415418][T28541] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 3270.565080][T28541] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 3270.881069][T29693] -: renamed from syzkaller0 [ 3272.088743][T28541] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 3275.761660][T29774] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.41112'. [ 3280.869206][T29837] netlink: 'syz.1.41138': attribute type 3 has an invalid length. [ 3281.129721][T29849] netlink: 209820 bytes leftover after parsing attributes in process `syz.2.41145'. [ 3281.870032][T29864] netlink: 'syz.3.41151': attribute type 3 has an invalid length. [ 3282.293175][T28541] Bluetooth: hci3: unexpected subevent 0x04 length: 150 > 11 [ 3283.675816][T29891] netlink: 'syz.2.41162': attribute type 3 has an invalid length. [ 3283.807504][T28541] Bluetooth: hci2: unexpected subevent 0x04 length: 150 > 11 [ 3283.979000][T29903] netlink: 'syz.1.41168': attribute type 21 has an invalid length. [ 3283.996004][T29903] netlink: 'syz.1.41168': attribute type 12 has an invalid length. [ 3284.014891][T29903] netlink: 'syz.1.41168': attribute type 13 has an invalid length. [ 3284.063011][T29903] netlink: 'syz.1.41168': attribute type 14 has an invalid length. [ 3284.071046][T29903] netlink: 'syz.1.41168': attribute type 15 has an invalid length. [ 3284.093040][T29903] netlink: 'syz.1.41168': attribute type 16 has an invalid length. [ 3284.109970][T29903] netlink: 'syz.1.41168': attribute type 19 has an invalid length. [ 3284.126382][T29903] netlink: 9622 bytes leftover after parsing attributes in process `syz.1.41168'. [ 3285.954199][T29939] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.41178'. [ 3286.366548][T29952] validate_nla: 7 callbacks suppressed [ 3286.366568][T29952] netlink: 'syz.3.41186': attribute type 3 has an invalid length. [ 3288.573130][T29977] netlink: 'syz.2.41194': attribute type 21 has an invalid length. [ 3288.595849][T29977] netlink: 'syz.2.41194': attribute type 12 has an invalid length. [ 3288.609375][T29977] netlink: 'syz.2.41194': attribute type 13 has an invalid length. [ 3288.638256][T29977] netlink: 'syz.2.41194': attribute type 14 has an invalid length. [ 3288.655424][T29977] netlink: 'syz.2.41194': attribute type 15 has an invalid length. [ 3288.669917][T29977] netlink: 'syz.2.41194': attribute type 16 has an invalid length. [ 3288.694618][T29977] netlink: 'syz.2.41194': attribute type 19 has an invalid length. [ 3288.702723][T29977] netlink: 'syz.2.41194': attribute type 21 has an invalid length. [ 3288.723029][T29977] netlink: 'syz.2.41194': attribute type 22 has an invalid length. [ 3288.731278][T29977] netlink: 9622 bytes leftover after parsing attributes in process `syz.2.41194'. [ 3289.359215][T29993] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.41200'. [ 3290.013065][T30003] netlink: 14 bytes leftover after parsing attributes in process `syz.1.41206'. [ 3290.396689][T30016] netlink: 40 bytes leftover after parsing attributes in process `syz.1.41210'. [ 3290.433068][T30016] macvlan1: entered promiscuous mode [ 3290.451464][T30016] batman_adv: batadv0: Adding interface: macvlan1 [ 3290.470756][T30016] batman_adv: batadv0: The MTU of interface macvlan1 is too small (299) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3290.533396][T30016] batman_adv: batadv0: Interface activated: macvlan1 [ 3292.074559][T30027] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.41215'. [ 3295.865312][T30062] syzkaller0: entered promiscuous mode [ 3296.195595][T30077] validate_nla: 5 callbacks suppressed [ 3296.195615][T30077] netlink: 'syz.0.41232': attribute type 3 has an invalid length. [ 3296.223119][T30077] netlink: 'syz.0.41232': attribute type 1 has an invalid length. [ 3296.241955][T30077] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.41232'. [ 3299.965447][T30081] netlink: 'syz.3.41234': attribute type 10 has an invalid length. [ 3299.973871][T30081] netlink: 40 bytes leftover after parsing attributes in process `syz.3.41234'. [ 3299.983031][T30081] macvlan1: entered promiscuous mode [ 3299.989848][T30081] net_ratelimit: 446 callbacks suppressed [ 3299.989859][T30081] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check. [ 3300.100677][T30103] netlink: 'syz.2.41241': attribute type 3 has an invalid length. [ 3300.108835][T30103] netlink: 'syz.2.41241': attribute type 1 has an invalid length. [ 3300.117316][T30103] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.41241'. [ 3300.664076][T30120] netlink: 'syz.3.41248': attribute type 1 has an invalid length. [ 3300.751082][T30120] netlink: 'syz.3.41248': attribute type 3 has an invalid length. [ 3300.802100][T30120] netlink: 132 bytes leftover after parsing attributes in process `syz.3.41248'. [ 3302.153207][T30132] syzkaller0: entered promiscuous mode [ 3305.475039][T30175] netlink: 'syz.1.41269': attribute type 1 has an invalid length. [ 3305.494199][T30175] netlink: 'syz.1.41269': attribute type 3 has an invalid length. [ 3305.502985][T30175] netlink: 132 bytes leftover after parsing attributes in process `syz.1.41269'. [ 3308.151033][T30205] netlink: 'syz.2.41280': attribute type 1 has an invalid length. [ 3308.171399][T30205] netlink: 'syz.2.41280': attribute type 3 has an invalid length. [ 3308.194267][T30205] netlink: 132 bytes leftover after parsing attributes in process `syz.2.41280'. [ 3311.435602][T30255] netlink: 'syz.0.41291': attribute type 1 has an invalid length. [ 3311.483040][T30255] netlink: 'syz.0.41291': attribute type 3 has an invalid length. [ 3311.513096][T30255] netlink: 132 bytes leftover after parsing attributes in process `syz.0.41291'. [ 3314.773451][T30293] __sock_release: fasync list not empty! [ 3317.908177][T28541] Bluetooth: hci0: unexpected event 0x3c length: 151 > 7 [ 3317.979464][T30334] veth0_vlan: left promiscuous mode [ 3318.031859][T30334] veth0_vlan: entered promiscuous mode [ 3318.524619][T30345] __sock_release: fasync list not empty! [ 3319.218202][T28541] Bluetooth: hci2: unexpected event 0x3c length: 151 > 7 [ 3319.227812][T30363] veth0_vlan: entered allmulticast mode [ 3319.265458][T30363] veth0_vlan: left promiscuous mode [ 3319.289346][T30363] veth0_vlan: entered promiscuous mode [ 3319.417438][T30369] __sock_release: fasync list not empty! [ 3319.901007][T30383] netlink: 152 bytes leftover after parsing attributes in process `syz.2.41346'. [ 3320.225984][T28541] Bluetooth: hci1: unexpected event 0x3c length: 151 > 7 [ 3320.812561][T30394] __sock_release: fasync list not empty! [ 3320.864502][T30396] veth0_vlan: left promiscuous mode [ 3320.880445][T30396] veth0_vlan: entered promiscuous mode [ 3321.390386][T30407] syzkaller0: entered promiscuous mode [ 3321.399842][T28541] Bluetooth: hci2: unexpected event 0x03 length: 15 > 11 [ 3324.201750][T28541] Bluetooth: hci0: unexpected event 0x01 length: 151 > 1 [ 3324.948440][T30435] veth0_vlan: entered allmulticast mode [ 3324.995427][T30435] veth0_vlan: left promiscuous mode [ 3325.021552][T30435] veth0_vlan: entered promiscuous mode [ 3325.679697][T30446] netlink: 152 bytes leftover after parsing attributes in process `syz.1.41370'. [ 3326.665431][T28541] Bluetooth: hci2: unexpected event 0x01 length: 151 > 1 [ 3327.009063][T28541] Bluetooth: hci1: unexpected event 0x03 length: 15 > 11 [ 3327.044643][T30460] veth0_vlan: left promiscuous mode [ 3327.062631][T30464] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.41386'. [ 3327.097813][T30464] netlink: zone id is out of range [ 3327.120447][T30464] netlink: zone id is out of range [ 3327.129063][T30460] veth0_vlan: entered promiscuous mode [ 3327.136525][T30464] netlink: del zone limit has 8 unknown bytes [ 3327.589234][T30474] netlink: 152 bytes leftover after parsing attributes in process `syz.3.41381'. [ 3327.739128][T30481] veth0_vlan: left promiscuous mode [ 3327.752492][T30481] veth0_vlan: entered promiscuous mode [ 3328.217342][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 3328.225764][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 3328.393036][T30490] veth0_vlan: left promiscuous mode [ 3328.407526][T30490] veth0_vlan: entered promiscuous mode [ 3329.801983][T30518] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.41402'. [ 3331.160837][T30528] veth0_vlan: left promiscuous mode [ 3331.177523][T30528] veth0_vlan: entered promiscuous mode [ 3332.965232][T30559] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.41414'. [ 3333.435923][T30568] veth0_vlan: left promiscuous mode [ 3333.464875][T30568] veth0_vlan: entered promiscuous mode [ 3334.659922][T30589] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.41425'. [ 3335.517146][T30595] veth0_vlan: left promiscuous mode [ 3335.527170][T30595] veth0_vlan: entered promiscuous mode [ 3337.496554][T30625] veth0_vlan: left promiscuous mode [ 3337.522215][T30625] veth0_vlan: entered promiscuous mode [ 3337.612901][T30629] syzkaller0: entered promiscuous mode [ 3337.624102][T30629] syzkaller0: entered allmulticast mode [ 3339.011782][T28541] Bluetooth: hci2: unexpected event 0x32 length: 15 > 9 [ 3341.536950][T30655] veth0_vlan: left promiscuous mode [ 3341.595308][T30655] veth0_vlan: entered promiscuous mode [ 3341.893591][T30663] : renamed from vlan0 (while UP) [ 3343.244759][T30682] syzkaller0: entered promiscuous mode [ 3343.250330][T30682] syzkaller0: entered allmulticast mode [ 3344.031375][T30697] netlink: 132 bytes leftover after parsing attributes in process `syz.2.41471'. [ 3346.854115][T28541] Bluetooth: hci3: unexpected event 0x32 length: 15 > 9 [ 3348.066240][T30736] : renamed from vlan0 (while UP) [ 3352.543026][T30764] netlink: 132 bytes leftover after parsing attributes in process `syz.1.41496'. [ 3356.734541][T30812] netlink: 132 bytes leftover after parsing attributes in process `syz.3.41519'. [ 3356.921121][T30818] delete_channel: no stack [ 3357.325779][T30834] veth0_vlan: left promiscuous mode [ 3357.331401][T30834] vlan0: entered allmulticast mode [ 3357.408216][T28541] Bluetooth: hci1: ISO packet for unknown connection handle 8 [ 3358.478398][T30864] netlink: 132 bytes leftover after parsing attributes in process `syz.0.41539'. [ 3361.360730][T30882] syzkaller0: entered promiscuous mode [ 3361.403999][T30882] syzkaller0: entered allmulticast mode [ 3361.956709][T30891] netlink: 132 bytes leftover after parsing attributes in process `syz.0.41559'. [ 3362.765448][T30909] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.41565'. [ 3362.781660][T30909] netlink: 4612 bytes leftover after parsing attributes in process `syz.0.41565'. [ 3362.797982][T30909] netlink: 9 bytes leftover after parsing attributes in process `syz.0.41565'. [ 3363.144527][T30915] syzkaller0: entered promiscuous mode [ 3363.154825][T30915] syzkaller0: entered allmulticast mode [ 3363.931163][T30925] netlink: 132 bytes leftover after parsing attributes in process `syz.2.41569'. [ 3366.027493][T30967] netlink: 132 bytes leftover after parsing attributes in process `syz.3.41588'. [ 3366.065867][T30973] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.41592'. [ 3368.337199][T31026] netlink: 132 bytes leftover after parsing attributes in process `syz.0.41608'. [ 3371.700396][T31055] netlink: 132 bytes leftover after parsing attributes in process `syz.0.41628'. [ 3372.036292][T31058] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.41626'. [ 3374.902113][T31081] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.41638'. [ 3375.525514][T31094] netlink: 132 bytes leftover after parsing attributes in process `syz.0.41641'. [ 3379.756977][T31131] netlink: 132 bytes leftover after parsing attributes in process `syz.3.41656'. [ 3379.788714][T31138] netlink: 128 bytes leftover after parsing attributes in process `syz.0.41659'. [ 3379.835717][T31138] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 3379.900060][T31142] netlink: 'syz.1.41661': attribute type 10 has an invalid length. [ 3379.939359][T31142] team0: Port device wlan1 added [ 3380.153112][T31152] netlink: 'syz.1.41665': attribute type 10 has an invalid length. [ 3380.172701][T31152] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 3380.631270][T31166] netlink: 128 bytes leftover after parsing attributes in process `syz.2.41671'. [ 3380.718783][T31166] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 3381.222051][T31172] netlink: 132 bytes leftover after parsing attributes in process `syz.0.41672'. [ 3381.757893][T31179] netlink: 'syz.2.41676': attribute type 10 has an invalid length. [ 3381.775399][T31179] team0: Port device wlan1 added [ 3381.924706][T31184] netlink: 'syz.0.41677': attribute type 10 has an invalid length. [ 3384.373970][T26176] wlan1: Trigger new scan to find an IBSS to join [ 3384.922135][T31184] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 3385.128080][T31203] netlink: 'syz.2.41692': attribute type 10 has an invalid length. [ 3388.161074][T31203] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 3388.194824][T31206] netlink: 128 bytes leftover after parsing attributes in process `syz.1.41683'. [ 3388.209739][T31206] A link change request failed with some changes committed already. Interface Q6`Ҙ may have been left with an inconsistent configuration, please check. [ 3388.658067][T31225] netlink: 'syz.0.41689': attribute type 10 has an invalid length. [ 3388.671654][T31225] team0: Port device wlan1 added [ 3389.544733][T31240] netlink: 'syz.3.41696': attribute type 10 has an invalid length. [ 3389.656714][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 3389.664774][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 3389.704774][T31240] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 3389.945654][T31255] netlink: 'syz.3.41701': attribute type 10 has an invalid length. [ 3389.980652][T31255] team0: Port device wlan1 added [ 3390.005770][T31253] netlink: 'syz.0.41710': attribute type 10 has an invalid length. [ 3390.346121][T31268] netlink: 'syz.1.41716': attribute type 10 has an invalid length. [ 3390.373820][T26176] wlan1: Trigger new scan to find an IBSS to join [ 3391.420048][ T3663] wlan1: Trigger new scan to find an IBSS to join [ 3391.470407][ T2938] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 3394.181384][T31306] netlink: 'syz.0.41722': attribute type 10 has an invalid length. [ 3394.353293][T31310] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.41724'. [ 3394.388999][T31310] openvswitch: netlink: Key type 4112 is out of range max 32 [ 3394.785119][T31317] ================================================================== [ 3394.793313][T31317] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900 [ 3394.801310][T31317] Write of size 32 at addr ffff88806b806f10 by task syz.3.41727/31317 [ 3394.809490][T31317] [ 3394.811891][T31317] CPU: 0 PID: 31317 Comm: syz.3.41727 Not tainted syzkaller #0 [ 3394.819583][T31317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3394.829666][T31317] Call Trace: [ 3394.832973][T31317] [ 3394.836026][T31317] dump_stack_lvl+0x18c/0x250 [ 3394.840938][T31317] ? __lock_acquire+0x7d40/0x7d40 [ 3394.846004][T31317] ? show_regs_print_info+0x20/0x20 [ 3394.851333][T31317] ? load_image+0x420/0x420 [ 3394.855861][T31317] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 3394.861352][T31317] ? __virt_addr_valid+0x18c/0x540 [ 3394.866514][T31317] ? __virt_addr_valid+0x469/0x540 [ 3394.871634][T31317] print_report+0xa8/0x210 [ 3394.876071][T31317] ? __bpf_get_stackid+0x6bf/0x900 [ 3394.881198][T31317] kasan_report+0x117/0x150 [ 3394.885733][T31317] ? __bpf_get_stackid+0x6bf/0x900 [ 3394.890865][T31317] kasan_check_range+0x241/0x290 [ 3394.895846][T31317] ? __bpf_get_stackid+0x6bf/0x900 [ 3394.900992][T31317] __asan_memcpy+0x40/0x70 [ 3394.905422][T31317] __bpf_get_stackid+0x6bf/0x900 [ 3394.910464][T31317] bpf_get_stackid_pe+0x2f0/0x410 [ 3394.915503][T31317] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 3394.920969][T31317] bpf_overflow_handler+0x1fc/0x510 [ 3394.926185][T31317] ? bpf_overflow_handler+0xde/0x510 [ 3394.931480][T31317] ? tp_perf_event_destroy+0x20/0x20 [ 3394.936864][T31317] ? __perf_event_account_interrupt+0x187/0x280 [ 3394.943128][T31317] __perf_event_overflow+0x447/0x630 [ 3394.948428][T31317] perf_swevent_overflow+0x268/0x340 [ 3394.953731][T31317] ? perf_event_switch_output+0x790/0x790 [ 3394.959480][T31317] ? rcu_is_watching+0x15/0xb0 [ 3394.964259][T31317] perf_swevent_event+0x45c/0x570 [ 3394.969293][T31317] ? perf_tp_event+0x1520/0x1520 [ 3394.974409][T31317] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3394.980342][T31317] ? _raw_spin_unlock+0x40/0x40 [ 3394.985226][T31317] ___perf_sw_event+0x4a7/0x730 [ 3394.990088][T31317] ? wake_up_new_task+0x6f1/0xa60 [ 3394.995139][T31317] ? ___perf_sw_event+0x199/0x730 [ 3395.000173][T31317] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 3395.006706][T31317] ? put_pid+0xde/0x120 [ 3395.010983][T31317] ? perf_trace_preemptirq_template+0xac/0x330 [ 3395.017591][T31317] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 3395.023585][T31317] ? lock_chain_count+0x20/0x20 [ 3395.028446][T31317] __perf_sw_event+0x139/0x270 [ 3395.033218][T31317] do_user_addr_fault+0x123e/0x12c0 [ 3395.038429][T31317] ? rcu_is_watching+0x15/0xb0 [ 3395.043205][T31317] exc_page_fault+0x64/0x100 [ 3395.047814][T31317] ? clear_bhb_loop+0x40/0x90 [ 3395.052501][T31317] asm_exc_page_fault+0x26/0x30 [ 3395.057367][T31317] RIP: 0033:0x7ffc4adf4a21 [ 3395.061789][T31317] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 3395.081405][T31317] RSP: 002b:00007fd347b3cff0 EFLAGS: 00010203 [ 3395.087485][T31317] RAX: 002b4d75afd335e0 RBX: 00007ffc4adf00b0 RCX: 0000000000000018 [ 3395.095472][T31317] RDX: 000000002ba705ad RSI: 00007fd347b3d0b0 RDI: 7fffffffffffffff [ 3395.103450][T31317] RBP: 00007fd347b3d030 R08: 0000000000000d42 R09: 0000000000745d1e [ 3395.111450][T31317] R10: 000006cd0eeb57c8 R11: 00000000000a4744 R12: 0000000000000010 [ 3395.119517][T31317] R13: 00007fd346e16038 R14: 00007ffc4adf0080 R15: 00000000000a4744 [ 3395.127687][T31317] [ 3395.130711][T31317] [ 3395.133052][T31317] Allocated by task 31317: [ 3395.137523][T31317] kasan_set_track+0x4e/0x70 [ 3395.142129][T31317] __kasan_kmalloc+0x8f/0xa0 [ 3395.146727][T31317] __kmalloc_node+0xb4/0x230 [ 3395.151332][T31317] bpf_map_area_alloc+0x5e/0x110 [ 3395.156283][T31317] prealloc_elems_and_freelist+0x86/0x1c0 [ 3395.162011][T31317] stack_map_alloc+0x33a/0x4c0 [ 3395.166883][T31317] map_create+0x877/0x12f0 [ 3395.171314][T31317] __sys_bpf+0x651/0x890 [ 3395.175560][T31317] __x64_sys_bpf+0x7c/0x90 [ 3395.179983][T31317] do_syscall_64+0x55/0xb0 [ 3395.184405][T31317] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3395.190307][T31317] [ 3395.192637][T31317] The buggy address belongs to the object at ffff88806b806f00 [ 3395.192637][T31317] which belongs to the cache kmalloc-cg-64 of size 64 [ 3395.206830][T31317] The buggy address is located 16 bytes inside of [ 3395.206830][T31317] allocated 40-byte region [ffff88806b806f00, ffff88806b806f28) [ 3395.220933][T31317] [ 3395.223284][T31317] The buggy address belongs to the physical page: [ 3395.229697][T31317] page:ffffea0001ae0180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b806 [ 3395.240043][T31317] memcg:ffff88807716b801 [ 3395.244379][T31317] anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 3395.252362][T31317] page_type: 0xffffffff() [ 3395.256701][T31317] raw: 00fff00000000800 ffff888017c4da00 ffffea0000c1b500 dead000000000005 [ 3395.265311][T31317] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff88807716b801 [ 3395.273892][T31317] page dumped because: kasan: bad access detected [ 3395.280400][T31317] page_owner tracks the page as allocated [ 3395.286116][T31317] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5161, tgid 5161 (syz-executor), ts 3167552089931, free_ts 3167551594450 [ 3395.305048][T31317] post_alloc_hook+0x1c1/0x200 [ 3395.309838][T31317] get_page_from_freelist+0x1951/0x19e0 [ 3395.315388][T31317] __alloc_pages+0x1f0/0x460 [ 3395.319981][T31317] alloc_slab_page+0x5d/0x160 [ 3395.324663][T31317] new_slab+0x87/0x2d0 [ 3395.328743][T31317] ___slab_alloc+0xc5d/0x12f0 [ 3395.333431][T31317] __kmem_cache_alloc_node+0x19e/0x250 [ 3395.338898][T31317] kmalloc_trace+0x2a/0xe0 [ 3395.343325][T31317] alloc_fdtable+0xca/0x2c0 [ 3395.347851][T31317] dup_fd+0x786/0xa50 [ 3395.351837][T31317] copy_files+0xc3/0x120 [ 3395.356090][T31317] copy_process+0x15ab/0x3dc0 [ 3395.360769][T31317] kernel_clone+0x24b/0x8a0 [ 3395.365302][T31317] __x64_sys_clone+0x1b7/0x230 [ 3395.370122][T31317] do_syscall_64+0x55/0xb0 [ 3395.374565][T31317] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3395.380474][T31317] page last free stack trace: [ 3395.385149][T31317] free_unref_page_prepare+0x7b2/0x8c0 [ 3395.390630][T31317] free_unref_page+0x32/0x2e0 [ 3395.395317][T31317] vfree+0x1a6/0x320 [ 3395.399220][T31317] do_ip6t_get_ctl+0xf21/0x1210 [ 3395.404272][T31317] nf_getsockopt+0x262/0x280 [ 3395.408902][T31317] ipv6_getsockopt+0x226/0x2e0 [ 3395.413734][T31317] do_sock_getsockopt+0x379/0x450 [ 3395.418768][T31317] __x64_sys_getsockopt+0x1d6/0x280 [ 3395.423986][T31317] do_syscall_64+0x55/0xb0 [ 3395.428418][T31317] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3395.434429][T31317] [ 3395.436760][T31317] Memory state around the buggy address: [ 3395.442425][T31317] ffff88806b806e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3395.450520][T31317] ffff88806b806e80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 3395.458605][T31317] >ffff88806b806f00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 3395.467170][T31317] ^ [ 3395.472544][T31317] ffff88806b806f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3395.480629][T31317] ffff88806b807000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3395.488805][T31317] ================================================================== [ 3395.496957][T31317] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 3395.504155][T31317] CPU: 0 PID: 31317 Comm: syz.3.41727 Not tainted syzkaller #0 [ 3395.511796][T31317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3395.521859][T31317] Call Trace: [ 3395.525148][T31317] [ 3395.528093][T31317] dump_stack_lvl+0x18c/0x250 [ 3395.532791][T31317] ? show_regs_print_info+0x20/0x20 [ 3395.537999][T31317] ? load_image+0x420/0x420 [ 3395.542525][T31317] panic+0x2dc/0x730 [ 3395.546453][T31317] ? __lock_acquire+0x7d40/0x7d40 [ 3395.551489][T31317] ? bpf_jit_dump+0xd0/0xd0 [ 3395.556011][T31317] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3395.561918][T31317] ? _raw_spin_unlock+0x40/0x40 [ 3395.566782][T31317] ? __bpf_get_stackid+0x6bf/0x900 [ 3395.571910][T31317] check_panic_on_warn+0x84/0xa0 [ 3395.577034][T31317] ? __bpf_get_stackid+0x6bf/0x900 [ 3395.582153][T31317] end_report+0x6f/0x130 [ 3395.586402][T31317] kasan_report+0x128/0x150 [ 3395.590916][T31317] ? __bpf_get_stackid+0x6bf/0x900 [ 3395.596039][T31317] kasan_check_range+0x241/0x290 [ 3395.600989][T31317] ? __bpf_get_stackid+0x6bf/0x900 [ 3395.606113][T31317] __asan_memcpy+0x40/0x70 [ 3395.610545][T31317] __bpf_get_stackid+0x6bf/0x900 [ 3395.615641][T31317] bpf_get_stackid_pe+0x2f0/0x410 [ 3395.620684][T31317] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 3395.626153][T31317] bpf_overflow_handler+0x1fc/0x510 [ 3395.631372][T31317] ? bpf_overflow_handler+0xde/0x510 [ 3395.636668][T31317] ? tp_perf_event_destroy+0x20/0x20 [ 3395.642056][T31317] ? __perf_event_account_interrupt+0x187/0x280 [ 3395.648323][T31317] __perf_event_overflow+0x447/0x630 [ 3395.653815][T31317] perf_swevent_overflow+0x268/0x340 [ 3395.659254][T31317] ? perf_event_switch_output+0x790/0x790 [ 3395.665161][T31317] ? rcu_is_watching+0x15/0xb0 [ 3395.670026][T31317] perf_swevent_event+0x45c/0x570 [ 3395.675060][T31317] ? perf_tp_event+0x1520/0x1520 [ 3395.680011][T31317] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3395.686004][T31317] ? _raw_spin_unlock+0x40/0x40 [ 3395.690880][T31317] ___perf_sw_event+0x4a7/0x730 [ 3395.695931][T31317] ? wake_up_new_task+0x6f1/0xa60 [ 3395.700984][T31317] ? ___perf_sw_event+0x199/0x730 [ 3395.706038][T31317] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 3395.712472][T31317] ? put_pid+0xde/0x120 [ 3395.716916][T31317] ? perf_trace_preemptirq_template+0xac/0x330 [ 3395.723085][T31317] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 3395.729162][T31317] ? lock_chain_count+0x20/0x20 [ 3395.734052][T31317] __perf_sw_event+0x139/0x270 [ 3395.738826][T31317] do_user_addr_fault+0x123e/0x12c0 [ 3395.744039][T31317] ? rcu_is_watching+0x15/0xb0 [ 3395.748815][T31317] exc_page_fault+0x64/0x100 [ 3395.753418][T31317] ? clear_bhb_loop+0x40/0x90 [ 3395.758194][T31317] asm_exc_page_fault+0x26/0x30 [ 3395.763057][T31317] RIP: 0033:0x7ffc4adf4a21 [ 3395.767483][T31317] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 3395.787219][T31317] RSP: 002b:00007fd347b3cff0 EFLAGS: 00010203 [ 3395.793731][T31317] RAX: 002b4d75afd335e0 RBX: 00007ffc4adf00b0 RCX: 0000000000000018 [ 3395.801764][T31317] RDX: 000000002ba705ad RSI: 00007fd347b3d0b0 RDI: 7fffffffffffffff [ 3395.809754][T31317] RBP: 00007fd347b3d030 R08: 0000000000000d42 R09: 0000000000745d1e [ 3395.817735][T31317] R10: 000006cd0eeb57c8 R11: 00000000000a4744 R12: 0000000000000010 [ 3395.825714][T31317] R13: 00007fd346e16038 R14: 00007ffc4adf0080 R15: 00000000000a4744 [ 3395.833700][T31317] [ 3395.837108][T31317] Kernel Offset: disabled [ 3395.841879][T31317] Rebooting in 86400 seconds..