last executing test programs: 2.977036907s ago: executing program 3 (id=40442): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c000000000000000000000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b007f000001e000000200000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000000000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f000001000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000001c00000000000000000000004700000044aa00210a2101"], 0x230}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x40}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000700), &(0x7f0000000740)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000002c0)={r1, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20) r2 = socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x10000000000) 2.958388518s ago: executing program 1 (id=40443): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0xc045d6e08e8aad4e, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x520, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0xa99, 0x3}, 0x8500, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socketpair$unix(0x1, 0x5, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x8020) 2.86772971s ago: executing program 0 (id=40444): bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x7}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_config_ext={0x2, 0x2}, 0x2006, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) gettid() socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) 2.634815468s ago: executing program 1 (id=40445): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000c80)=ANY=[@ANYBLOB="9feb010018000000000000006d01"], 0x0, 0x192, 0x0, 0x1, 0x1}, 0x28) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90324fc60100005000a000200053582c137153e37000c0680050002000300", 0x33fe0}], 0x1}, 0x0) 2.634644038s ago: executing program 3 (id=40446): r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 2.56128821s ago: executing program 0 (id=40447): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0xc001, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x817a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x80000000, 0x3fff8000}, 0x110, 0x32, 0x43a1bd77, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000000000000feffffff18010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f9ffffff8500000015000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400e71400000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a70000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b70300000008000085000000a0000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0x10, 0x70, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.56109026s ago: executing program 2 (id=40449): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7f}, 0x100904, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000004bffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000680), 0x5, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_pid(r3, &(0x7f0000000000), 0x2a979d) 2.466716223s ago: executing program 3 (id=40450): bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x0, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x40, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 1.992087788s ago: executing program 2 (id=40451): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r1}, 0xc) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 1.952367959s ago: executing program 0 (id=40452): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'gre0\x00', 0x10}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000084000000000100000100000000", @ANYRES32, @ANYRESHEX=0x0], 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080)) 1.952123969s ago: executing program 1 (id=40453): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380), 0x5}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc4f, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x1a, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, r2, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94) syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) 1.381049227s ago: executing program 3 (id=40454): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x20000003, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) close(r0) r1 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r1, &(0x7f00000014c0)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, 0x0}, 0x0) recvmsg$unix(r0, &(0x7f0000004680)={0x0, 0x0, &(0x7f00000045c0)=[{0x0}, {&(0x7f00000025c0)=""/4096, 0x1000}], 0x2, &(0x7f0000004600)}, 0x1a0) write$cgroup_devices(r0, &(0x7f00000005c0)=ANY=[], 0xfffffeff) 1.380040747s ago: executing program 0 (id=40462): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) close(0x3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x4, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000010000ee850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24048045}, 0x20000000) 1.379415777s ago: executing program 2 (id=40455): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c000000000000000000000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b007f000001e000000200000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000000000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f000001000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000001c00000000000000000000004700000044aa00210a2101"], 0x230}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x12, 0x6, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x40}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000700), &(0x7f0000000740)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000002c0)={r1, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20) r2 = socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x10000000000) 1.378828167s ago: executing program 1 (id=40463): bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x0, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x40, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 422.717287ms ago: executing program 1 (id=40456): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000891) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x2}, 0x8004, 0xcdd, 0x43a1bd76, 0x4, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x200000000000000) 421.869337ms ago: executing program 2 (id=40457): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0xc045d6e08e8aad4e, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x520, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0xa99, 0x3}, 0x8500, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socketpair$unix(0x1, 0x5, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x8020) 421.743817ms ago: executing program 3 (id=40458): bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x7}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_config_ext={0x2, 0x2}, 0x2006, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) gettid() socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) 411.804547ms ago: executing program 0 (id=40466): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x2, @perf_config_ext={0x0, 0x6}, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x0, 0x82240, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8}, 0x2, 0x6, 0x0, 0x8, 0x43fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$kcm(0xf, 0x3, 0x2) socket$kcm(0x2c, 0x3, 0x0) r0 = socket$kcm(0x2c, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='freezer.parent_freezing\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x11b, 0x3, &(0x7f0000000040)=r1, 0x4) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)="5c00000014006b030231a6080c000af32c0cae934c46a7539602000f00e5aa000017d34460bc24ea000007000000000000002756f475ce36c2d13b48df000000000000ecb8f6ec63c9f4d4938037e786a6d1000000e6657594f1817d", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 177.029875ms ago: executing program 2 (id=40459): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000c80)=ANY=[@ANYBLOB="9feb010018000000000000006d01"], 0x0, 0x192, 0x0, 0x1, 0x1}, 0x28) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90324fc60100005000a000200053582c137153e37000c0680050002000300", 0x33fe0}], 0x1}, 0x0) 176.143795ms ago: executing program 1 (id=40470): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0xc001, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x817a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x80000000, 0x3fff8000}, 0x110, 0x32, 0x43a1bd77, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000000000000feffffff18010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f9ffffff8500000015000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400e71400000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a70000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b70300000008000085000000a0000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0x10, 0x70, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 171.741495ms ago: executing program 0 (id=40460): r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 171.185365ms ago: executing program 3 (id=40461): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="110000005a"], 0xfe33) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) socket$kcm(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='hugetlb.1GB.usage_in_bytes\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) syz_clone(0x630c0700, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0x2ee0}], 0x13, 0x0, 0x0, 0x10000000}, 0x12cd) 0s ago: executing program 2 (id=40464): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000810000087b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): 90][T14486] veth0_vlan: left promiscuous mode [ 2289.275129][T14486] veth0_vlan: entered promiscuous mode [ 2289.292346][T14486] team0: Device veth0_vlan failed to register rx_handler [ 2289.372948][T14488] netlink: 44 bytes leftover after parsing attributes in process `syz.3.34627'. [ 2289.525873][T14494] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.34630'. [ 2290.222596][T14507] validate_nla: 12 callbacks suppressed [ 2290.222632][T14507] netlink: 'syz.3.34636': attribute type 3 has an invalid length. [ 2290.272952][T14507] netlink: 132 bytes leftover after parsing attributes in process `syz.3.34636'. [ 2291.474685][T14518] netlink: 'syz.0.34639': attribute type 10 has an invalid length. [ 2291.504601][T14518] veth0_vlan: left promiscuous mode [ 2291.554661][T14518] veth0_vlan: entered promiscuous mode [ 2291.625761][T14518] team0: Device veth0_vlan failed to register rx_handler [ 2292.535686][T14543] netlink: 'syz.0.34657': attribute type 10 has an invalid length. [ 2292.565331][T14543] team0: Port device macvlan0 added [ 2292.653447][T14546] netlink: 'syz.2.34648': attribute type 3 has an invalid length. [ 2292.690040][T14546] netlink: 132 bytes leftover after parsing attributes in process `syz.2.34648'. [ 2292.853710][T14554] netlink: 'syz.3.34653': attribute type 10 has an invalid length. [ 2292.870995][T14554] veth0_vlan: left promiscuous mode [ 2292.891599][T14554] veth0_vlan: entered promiscuous mode [ 2292.938953][T14554] team0: Device veth0_vlan failed to register rx_handler [ 2293.272658][ T5906] Bluetooth: hci2: Malformed LE Event: 0x1d [ 2293.398638][T14576] netlink: 'syz.0.34665': attribute type 9 has an invalid length. [ 2293.419863][T14576] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.34665'. [ 2293.523053][T14583] netlink: 'syz.0.34665': attribute type 9 has an invalid length. [ 2293.542937][T14583] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.34665'. [ 2294.590357][T14594] netlink: 'syz.3.34671': attribute type 10 has an invalid length. [ 2294.599395][T14594] veth0_vlan: left promiscuous mode [ 2294.624948][T14594] veth0_vlan: entered promiscuous mode [ 2294.661292][T14594] team0: Device veth0_vlan failed to register rx_handler [ 2295.375268][T14617] netlink: 'syz.1.34686': attribute type 10 has an invalid length. [ 2295.397119][T14617] veth0_vlan: left promiscuous mode [ 2295.415359][T14617] veth0_vlan: entered promiscuous mode [ 2295.436358][T14617] team0: Device veth0_vlan failed to register rx_handler [ 2295.983110][T14633] netlink: 'syz.1.34698': attribute type 10 has an invalid length. [ 2296.020906][T14633] veth0_vlan: left promiscuous mode [ 2296.066847][T14633] veth0_vlan: entered promiscuous mode [ 2296.114901][T14633] team0: Device veth0_vlan failed to register rx_handler [ 2296.713663][T14644] netlink: 'syz.0.34695': attribute type 10 has an invalid length. [ 2296.750009][T14644] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.34695'. [ 2296.770257][T14644] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 2297.693770][T14657] netlink: 'syz.2.34700': attribute type 9 has an invalid length. [ 2297.706706][T14657] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.34700'. [ 2297.830047][T14658] netlink: 'syz.2.34700': attribute type 9 has an invalid length. [ 2297.837972][T14658] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.34700'. [ 2298.768817][T14679] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.34712'. [ 2298.919185][T14682] netlink: 'syz.1.34713': attribute type 10 has an invalid length. [ 2298.929086][T14682] veth0_vlan: left promiscuous mode [ 2298.943883][T14682] veth0_vlan: entered promiscuous mode [ 2298.980669][T14682] team0: Device veth0_vlan failed to register rx_handler [ 2299.096732][T14687] netlink: 'syz.2.34716': attribute type 10 has an invalid length. [ 2299.119875][T14687] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.34716'. [ 2299.135851][T14687] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 2299.375691][T14696] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2299.386716][T14696] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2299.419927][T14696] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2299.430262][T14696] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2299.442961][T14696] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2299.453305][T14696] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2299.464770][T14696] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2299.697817][T14709] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.34726'. [ 2299.828872][T14715] netlink: 'syz.3.34729': attribute type 10 has an invalid length. [ 2299.845888][T14715] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.34729'. [ 2299.856186][T14715] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 2300.907714][T14735] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.34738'. [ 2301.567057][T14747] netlink: 60 bytes leftover after parsing attributes in process `syz.1.34745'. [ 2301.580354][T14747] netlink: 60 bytes leftover after parsing attributes in process `syz.1.34745'. [ 2304.217743][T14770] netlink: 'syz.3.34754': attribute type 10 has an invalid length. [ 2304.399277][T14770] team0: Device wg1 is of different type [ 2304.947313][T14791] netlink: 'syz.3.34763': attribute type 9 has an invalid length. [ 2304.956249][T14791] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.34763'. [ 2305.026362][T14794] netlink: 'syz.3.34763': attribute type 9 has an invalid length. [ 2305.037508][T14794] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.34763'. [ 2305.340858][T14802] netlink: 'syz.1.34767': attribute type 10 has an invalid length. [ 2305.455747][T14802] team0: Device wg1 is of different type [ 2306.094268][T14828] netlink: 'syz.1.34777': attribute type 9 has an invalid length. [ 2306.102238][T14828] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.34777'. [ 2306.206353][T14828] netlink: 'syz.1.34777': attribute type 9 has an invalid length. [ 2306.230249][T14828] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.34777'. [ 2306.256287][T14831] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.279563][T14831] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.307427][T14831] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.338416][T14831] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.349667][T14831] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.361177][T14831] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.371749][T14831] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.473359][T14835] netlink: 'syz.3.34780': attribute type 22 has an invalid length. [ 2306.810833][T14841] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.816011][T14845] netlink: 'syz.0.34782': attribute type 10 has an invalid length. [ 2306.827242][T14841] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2306.839302][T14841] batman_adv: batadv0: adding TT local entry 00:00:00:e1:ff:ff to non-existent VLAN 815 [ 2307.214805][T14845] team0: Device wg1 is of different type [ 2308.585111][T14894] netlink: 'syz.2.34805': attribute type 22 has an invalid length. [ 2310.619213][T14932] netlink: 'syz.0.34816': attribute type 22 has an invalid length. [ 2311.306637][T14952] netlink: 'syz.0.34829': attribute type 1 has an invalid length. [ 2311.315095][T14952] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.34829'. [ 2311.426803][T14959] netlink: 'syz.2.34832': attribute type 1 has an invalid length. [ 2311.438209][T14959] netlink: 'syz.2.34832': attribute type 4 has an invalid length. [ 2311.446575][T14959] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.34832'. [ 2324.688714][T15167] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2325.299785][T15190] netlink: 'syz.2.34933': attribute type 5 has an invalid length. [ 2325.753756][T15206] netlink: 'syz.0.34945': attribute type 5 has an invalid length. [ 2326.580954][T15234] netlink: 'syz.1.34952': attribute type 5 has an invalid length. [ 2328.360953][T15264] netlink: 'syz.2.34963': attribute type 10 has an invalid length. [ 2328.443599][T15264] team0: Device wg1 is of different type [ 2331.987584][T15295] netlink: 'syz.0.34976': attribute type 10 has an invalid length. [ 2332.037603][T15295] team0: Device wg1 is of different type [ 2337.878601][T15391] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.35022'. [ 2338.010253][T15394] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.35023'. [ 2338.143699][T15397] netlink: 'syz.1.35025': attribute type 1 has an invalid length. [ 2338.155534][T15397] netlink: 'syz.1.35025': attribute type 4 has an invalid length. [ 2338.166061][T15397] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.35025'. [ 2338.851454][T15412] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.35030'. [ 2341.330188][T15463] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.35050'. [ 2344.105868][T15500] netlink: 'syz.2.35067': attribute type 9 has an invalid length. [ 2344.260583][T15509] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.35071'. [ 2344.693423][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2344.702537][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2346.190690][T15532] netlink: 'syz.1.35079': attribute type 9 has an invalid length. [ 2347.033418][T15550] netlink: 'syz.1.35089': attribute type 22 has an invalid length. [ 2347.201552][T15554] netlink: 'syz.3.35092': attribute type 9 has an invalid length. [ 2347.880552][T15574] netlink: 'syz.2.35099': attribute type 22 has an invalid length. [ 2348.389161][T15576] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.35102'. [ 2348.511202][T15583] netlink: 'syz.0.35101': attribute type 9 has an invalid length. [ 2348.776661][T15589] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.35107'. [ 2348.993979][T15596] netlink: 'syz.0.35110': attribute type 22 has an invalid length. [ 2349.919073][T15615] netlink: 'syz.0.35117': attribute type 9 has an invalid length. [ 2351.210557][T15637] netlink: 'syz.1.35126': attribute type 11 has an invalid length. [ 2351.218707][T15637] netlink: 176 bytes leftover after parsing attributes in process `syz.1.35126'. [ 2352.634666][T15676] netlink: 'syz.0.35146': attribute type 11 has an invalid length. [ 2352.647048][T15676] netlink: 176 bytes leftover after parsing attributes in process `syz.0.35146'. [ 2356.602561][T15793] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.35202'. [ 2357.144398][T15824] net_ratelimit: 18 callbacks suppressed [ 2357.144417][T15824] skbuff: bad partial csum: csum=65535/127 headroom=178 headlen=65664 [ 2358.244818][T15865] netlink: 'syz.1.35233': attribute type 3 has an invalid length. [ 2358.252963][T15865] netlink: 201336 bytes leftover after parsing attributes in process `syz.1.35233'. [ 2359.724190][T15918] netlink: 'syz.2.35248': attribute type 10 has an invalid length. [ 2359.759982][T15918] netlink: 212412 bytes leftover after parsing attributes in process `syz.2.35248'. [ 2359.769432][T15918] openvswitch: netlink: Flow key attr not present in new flow. [ 2359.973441][T15928] netlink: 212912 bytes leftover after parsing attributes in process `syz.2.35252'. [ 2359.989653][T15928] openvswitch: netlink: IP tunnel dst address not specified [ 2363.378562][T15963] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.35267'. [ 2364.381037][T16011] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.35290'. [ 2364.395898][T16011] openvswitch: netlink: IP tunnel dst address not specified [ 2365.628238][T16048] netlink: 212912 bytes leftover after parsing attributes in process `syz.0.35305'. [ 2365.664236][T16048] openvswitch: netlink: IP tunnel dst address not specified [ 2366.553816][T16056] netlink: 'syz.0.35312': attribute type 9 has an invalid length. [ 2366.588529][T16056] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.35312'. [ 2367.176007][T16073] netlink: 212912 bytes leftover after parsing attributes in process `syz.1.35321'. [ 2367.193688][T16073] openvswitch: netlink: IP tunnel dst address not specified [ 2367.687276][T16084] syzkaller0: entered promiscuous mode [ 2367.695247][T16084] syzkaller0: entered allmulticast mode [ 2368.656445][T16100] netlink: 212912 bytes leftover after parsing attributes in process `syz.3.35332'. [ 2368.667212][T16100] openvswitch: netlink: IP tunnel dst address not specified [ 2374.862741][T16147] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.35352'. [ 2375.189321][T16160] netlink: 208064 bytes leftover after parsing attributes in process `syz.3.35357'. [ 2375.906669][T16186] netlink: 208064 bytes leftover after parsing attributes in process `syz.1.35368'. [ 2377.082736][T16217] netlink: 208064 bytes leftover after parsing attributes in process `syz.0.35380'. [ 2378.139757][T16247] sock: sock_timestamping_bind_phc: sock not bind to device [ 2378.200290][T16251] netlink: 208064 bytes leftover after parsing attributes in process `syz.2.35395'. [ 2378.481449][T16253] netlink: 208064 bytes leftover after parsing attributes in process `syz.3.35406'. [ 2379.694852][T16284] sock: sock_timestamping_bind_phc: sock not bind to device [ 2379.943200][T16293] netlink: 208064 bytes leftover after parsing attributes in process `syz.1.35410'. [ 2381.250923][T16311] sock: sock_timestamping_bind_phc: sock not bind to device [ 2383.211224][T16354] netlink: 'syz.1.35438': attribute type 20 has an invalid length. [ 2383.229516][T16354] netlink: 'syz.1.35438': attribute type 21 has an invalid length. [ 2383.243378][T16354] netlink: 'syz.1.35438': attribute type 23 has an invalid length. [ 2383.264720][T16354] netlink: 'syz.1.35438': attribute type 25 has an invalid length. [ 2383.273234][T16354] netlink: 'syz.1.35438': attribute type 27 has an invalid length. [ 2383.289391][T16354] netlink: 'syz.1.35438': attribute type 28 has an invalid length. [ 2383.305160][T16354] netlink: 'syz.1.35438': attribute type 29 has an invalid length. [ 2383.319590][T16354] netlink: 'syz.1.35438': attribute type 30 has an invalid length. [ 2383.339571][T16358] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.35439'. [ 2385.293993][T16408] netlink: 61967 bytes leftover after parsing attributes in process `syz.2.35463'. [ 2388.257052][T16473] syz.0.35494[16473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2388.257200][T16473] syz.0.35494[16473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2389.025000][T16501] syz.1.35506[16501] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2389.040918][T16501] syz.1.35506[16501] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2389.667139][T16525] syz.3.35517[16525] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2389.700019][T16525] syz.3.35517[16525] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2393.631955][T16615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2395.211472][T16663] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.35581'. [ 2406.124422][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2406.139819][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2412.359051][T16942] netlink: 'syz.2.35702': attribute type 33 has an invalid length. [ 2412.367208][T16942] netlink: 164 bytes leftover after parsing attributes in process `syz.2.35702'. [ 2412.381405][T16940] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.35703'. [ 2415.707838][T16973] netlink: 'syz.3.35716': attribute type 33 has an invalid length. [ 2415.719912][T16973] netlink: 164 bytes leftover after parsing attributes in process `syz.3.35716'. [ 2415.823224][T16978] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.35717'. [ 2416.716418][T16977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2416.908921][ T5906] Bluetooth: hci1: unexpected subevent 0x03 length: 150 > 9 [ 2417.115350][T16999] netlink: 'syz.3.35731': attribute type 10 has an invalid length. [ 2417.139325][T16999] netlink: 2 bytes leftover after parsing attributes in process `syz.3.35731'. [ 2417.156666][T16999] bond0: entered promiscuous mode [ 2417.170461][T16999] bond_slave_0: entered promiscuous mode [ 2417.176401][T16999] bond_slave_1: entered promiscuous mode [ 2417.188139][T16999] bridge0: entered promiscuous mode [ 2417.194540][T16999] batadv0: entered promiscuous mode [ 2417.204719][T16999] bridge0: port 4(bond0) entered blocking state [ 2417.211311][T16999] bridge0: port 4(bond0) entered disabled state [ 2417.218297][T16999] bond0: entered allmulticast mode [ 2417.228001][T16999] bond_slave_0: entered allmulticast mode [ 2417.233957][T16999] bond_slave_1: entered allmulticast mode [ 2417.244118][T16999] bridge0: entered allmulticast mode [ 2417.252872][T16999] batadv0: entered allmulticast mode [ 2417.275146][T17005] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.35732'. [ 2417.293139][T16999] bond0: left allmulticast mode [ 2417.298426][T16999] bond_slave_0: left allmulticast mode [ 2417.304791][T16999] bond_slave_1: left allmulticast mode [ 2417.315376][T16999] bridge0: left allmulticast mode [ 2417.321280][T16999] batadv0: left allmulticast mode [ 2417.326672][T17003] netlink: 'syz.0.35729': attribute type 33 has an invalid length. [ 2417.343638][T17003] netlink: 164 bytes leftover after parsing attributes in process `syz.0.35729'. [ 2417.913960][T17024] netlink: 199824 bytes leftover after parsing attributes in process `syz.1.35742'. [ 2419.274086][T17054] netlink: 199824 bytes leftover after parsing attributes in process `syz.0.35754'. [ 2419.423458][T17061] netlink: 'syz.1.35756': attribute type 3 has an invalid length. [ 2419.454399][T17061] netlink: 'syz.1.35756': attribute type 6 has an invalid length. [ 2419.464548][T17061] netlink: 144448 bytes leftover after parsing attributes in process `syz.1.35756'. [ 2420.222470][T17090] netlink: 'syz.2.35771': attribute type 2 has an invalid length. [ 2420.250944][T17090] netlink: 'syz.2.35771': attribute type 1 has an invalid length. [ 2420.269943][T17090] netlink: 'syz.2.35771': attribute type 8 has an invalid length. [ 2420.293193][T17090] netlink: 44 bytes leftover after parsing attributes in process `syz.2.35771'. [ 2422.494320][T17144] netlink: 'syz.0.35794': attribute type 10 has an invalid length. [ 2422.516326][T17144] netlink: 2 bytes leftover after parsing attributes in process `syz.0.35794'. [ 2422.527013][T17144] bond0: entered promiscuous mode [ 2422.537633][T17144] bond_slave_0: entered promiscuous mode [ 2422.544048][T17144] bond_slave_1: entered promiscuous mode [ 2422.555113][T17144] bridge0: port 3(bond0) entered blocking state [ 2422.564408][T17144] bridge0: port 3(bond0) entered disabled state [ 2422.575731][T17144] bond0: entered allmulticast mode [ 2422.581387][T17144] bond_slave_0: entered allmulticast mode [ 2422.587404][T17144] bond_slave_1: entered allmulticast mode [ 2422.615239][T17144] bridge0: port 3(bond0) entered blocking state [ 2422.621765][T17144] bridge0: port 3(bond0) entered forwarding state [ 2423.152309][T17153] netlink: 'syz.2.35797': attribute type 3 has an invalid length. [ 2423.166107][T17153] netlink: 'syz.2.35797': attribute type 6 has an invalid length. [ 2423.175159][T17153] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.35797'. [ 2425.543366][T17190] netlink: 'syz.2.35813': attribute type 10 has an invalid length. [ 2425.566899][T17190] netlink: 2 bytes leftover after parsing attributes in process `syz.2.35813'. [ 2425.578579][T17190] bond0: entered promiscuous mode [ 2425.584279][T17190] bond_slave_0: entered promiscuous mode [ 2425.590618][T17190] bond_slave_1: entered promiscuous mode [ 2425.597475][T17190] batadv_slave_0: entered promiscuous mode [ 2426.241326][T17205] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.35822'. [ 2426.265433][T17205] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2427.134098][T17208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2447.271481][T17474] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.35938'. [ 2451.944751][T17549] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.35970'. [ 2451.973083][T17549] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 2452.855003][T17576] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.35982'. [ 2453.231223][T17576] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 2456.659869][T17605] syzkaller0: entered promiscuous mode [ 2456.669538][T17605] syzkaller0: entered allmulticast mode [ 2459.880275][T17622] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 2462.279182][T17630] netlink: 'syz.2.36004': attribute type 10 has an invalid length. [ 2462.289780][T17630] netlink: 40 bytes leftover after parsing attributes in process `syz.2.36004'. [ 2462.299369][T17630] caif0: entered promiscuous mode [ 2462.309762][T17630] caif0: entered allmulticast mode [ 2462.314929][T17630] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2462.450200][T17641] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.36010'. [ 2462.532064][T17646] netlink: 168 bytes leftover after parsing attributes in process `syz.3.36012'. [ 2462.633424][T17650] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.36013'. [ 2463.038760][T17665] syzkaller0: entered promiscuous mode [ 2463.045408][T17665] syzkaller0: entered allmulticast mode [ 2463.061991][T17666] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.36022'. [ 2465.238757][T17684] netlink: 168 bytes leftover after parsing attributes in process `syz.0.36028'. [ 2465.240476][T17687] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.36030'. [ 2465.423207][T17691] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 2465.447776][T17694] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.36034'. [ 2465.744378][T17706] netlink: 'syz.0.36039': attribute type 10 has an invalid length. [ 2465.755767][T17706] netlink: 40 bytes leftover after parsing attributes in process `syz.0.36039'. [ 2465.768633][T17706] caif0: entered promiscuous mode [ 2465.777046][T17706] caif0: entered allmulticast mode [ 2465.782585][T17706] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2465.934088][T17716] netlink: 'syz.3.36053': attribute type 10 has an invalid length. [ 2465.943136][T17716] netlink: 40 bytes leftover after parsing attributes in process `syz.3.36053'. [ 2465.961478][T17716] caif0: entered promiscuous mode [ 2465.967654][T17716] caif0: entered allmulticast mode [ 2465.974368][T17716] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2466.607657][T17740] syzkaller0: entered promiscuous mode [ 2466.613288][T17740] syzkaller0: entered allmulticast mode [ 2467.567190][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2467.579718][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2469.023098][T17756] netlink: 'syz.1.36058': attribute type 10 has an invalid length. [ 2469.054393][T17756] netlink: 40 bytes leftover after parsing attributes in process `syz.1.36058'. [ 2469.074248][T17756] caif0: entered promiscuous mode [ 2469.090328][T17756] caif0: entered allmulticast mode [ 2469.100132][T17756] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2469.496542][T17761] netlink: 'syz.0.36064': attribute type 6 has an invalid length. [ 2469.549828][T17761] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.36064'. [ 2469.855317][T17776] netlink: 'syz.1.36067': attribute type 11 has an invalid length. [ 2469.909992][T17776] netlink: 'syz.1.36067': attribute type 2 has an invalid length. [ 2469.940806][T17776] netlink: 198100 bytes leftover after parsing attributes in process `syz.1.36067'. [ 2478.832257][T17961] netlink: 'syz.1.36155': attribute type 11 has an invalid length. [ 2478.854996][T17961] netlink: 184116 bytes leftover after parsing attributes in process `syz.1.36155'. [ 2478.881923][T17961] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 2480.692724][T18009] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.36174'. [ 2485.304135][T18055] netlink: 'syz.2.36202': attribute type 11 has an invalid length. [ 2485.327717][T18055] netlink: 184116 bytes leftover after parsing attributes in process `syz.2.36202'. [ 2485.356285][T18055] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2485.384108][T18055] CPU: 0 PID: 18055 Comm: syz.2.36202 Not tainted syzkaller #0 [ 2485.391719][T18055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2485.401808][T18055] Call Trace: [ 2485.405118][T18055] [ 2485.408067][T18055] dump_stack_lvl+0x18c/0x250 [ 2485.412800][T18055] ? show_regs_print_info+0x20/0x20 [ 2485.418031][T18055] ? load_image+0x420/0x420 [ 2485.422588][T18055] sysfs_warn_dup+0x8e/0xa0 [ 2485.427124][T18055] sysfs_do_create_link_sd+0xc0/0x110 [ 2485.432534][T18055] device_add_class_symlinks+0x1cf/0x240 [ 2485.438215][T18055] device_add+0x507/0xc50 [ 2485.442597][T18055] wiphy_register+0x1dad/0x2ae0 [ 2485.447512][T18055] ? cfg80211_event_work+0x40/0x40 [ 2485.452658][T18055] ? minstrel_ht_alloc+0x88a/0x990 [ 2485.457808][T18055] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2485.463920][T18055] ieee80211_register_hw+0x3464/0x4250 [ 2485.469441][T18055] ? ieee80211_tasklet_handler+0x20/0x20 [ 2485.475112][T18055] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2485.481048][T18055] ? __debug_object_init+0xec/0x450 [ 2485.486297][T18055] ? __asan_memset+0x22/0x40 [ 2485.490920][T18055] ? __hrtimer_init+0x186/0x270 [ 2485.495809][T18055] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2485.501623][T18055] ? mac80211_hwsim_free+0x220/0x220 [ 2485.506945][T18055] ? rcu_is_watching+0x15/0xb0 [ 2485.511742][T18055] ? kstrndup+0xbd/0x140 [ 2485.516031][T18055] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2485.521190][T18055] ? __nla_validate+0x50/0x50 [ 2485.525917][T18055] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2485.532299][T18055] ? __nla_parse+0x40/0x50 [ 2485.536757][T18055] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2485.543136][T18055] genl_family_rcv_msg_doit+0x211/0x310 [ 2485.548724][T18055] ? end_current_label_crit_section+0x170/0x170 [ 2485.555009][T18055] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2485.560956][T18055] ? bpf_lsm_capable+0x9/0x10 [ 2485.565676][T18055] ? security_capable+0x89/0xb0 [ 2485.570573][T18055] genl_rcv_msg+0x619/0x7a0 [ 2485.575125][T18055] ? genl_bind+0x360/0x360 [ 2485.579575][T18055] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2485.585955][T18055] netlink_rcv_skb+0x241/0x4d0 [ 2485.590764][T18055] ? genl_bind+0x360/0x360 [ 2485.595219][T18055] ? netlink_ack+0x1180/0x1180 [ 2485.600042][T18055] ? __lock_acquire+0x7d40/0x7d40 [ 2485.605123][T18055] ? down_read+0x1ac/0x2e0 [ 2485.609577][T18055] genl_rcv+0x28/0x40 [ 2485.613583][T18055] netlink_unicast+0x751/0x8d0 [ 2485.618388][T18055] netlink_sendmsg+0x8d0/0xbf0 [ 2485.623201][T18055] ? netlink_getsockopt+0x590/0x590 [ 2485.628436][T18055] ? aa_sock_msg_perm+0x94/0x150 [ 2485.633414][T18055] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2485.638756][T18055] ? security_socket_sendmsg+0x80/0xa0 [ 2485.644249][T18055] ? netlink_getsockopt+0x590/0x590 [ 2485.649482][T18055] ____sys_sendmsg+0x5ba/0x960 [ 2485.654285][T18055] ? __asan_memset+0x22/0x40 [ 2485.658904][T18055] ? __sys_sendmsg_sock+0x30/0x30 [ 2485.663954][T18055] ? __import_iovec+0x5f2/0x850 [ 2485.668840][T18055] ? import_iovec+0x73/0xa0 [ 2485.673372][T18055] ___sys_sendmsg+0x2a6/0x360 [ 2485.678091][T18055] ? __sys_sendmsg+0x2a0/0x2a0 [ 2485.682943][T18055] __se_sys_sendmsg+0x1c2/0x2b0 [ 2485.687835][T18055] ? __x64_sys_sendmsg+0x80/0x80 [ 2485.692827][T18055] ? lockdep_hardirqs_on+0x98/0x150 [ 2485.698074][T18055] do_syscall_64+0x55/0xb0 [ 2485.702517][T18055] ? clear_bhb_loop+0x40/0x90 [ 2485.707221][T18055] ? clear_bhb_loop+0x40/0x90 [ 2485.711928][T18055] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2485.717862][T18055] RIP: 0033:0x7fc06699ce59 [ 2485.722305][T18055] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2485.741950][T18055] RSP: 002b:00007fc0678c1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2485.750399][T18055] RAX: ffffffffffffffda RBX: 00007fc066c15fa0 RCX: 00007fc06699ce59 [ 2485.758406][T18055] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 2485.766404][T18055] RBP: 00007fc066a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 2485.774401][T18055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2485.782392][T18055] R13: 00007fc066c16038 R14: 00007fc066c15fa0 R15: 00007ffe3e2329b8 [ 2485.790403][T18055] [ 2488.276040][T18099] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.36214'. [ 2489.335070][T18102] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2489.597842][T18113] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.36220'. [ 2489.612284][T18113] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.36220'. [ 2493.058640][T18159] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.36238'. [ 2493.227562][ T5906] Bluetooth: hci3: Malformed LE Event: 0x02 [ 2493.480904][T18165] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.36241'. [ 2494.011140][T18177] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.36243'. [ 2494.064552][T18177] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.36243'. [ 2497.626984][T18196] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.36250'. [ 2497.661400][T18194] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.36252'. [ 2498.026369][T18206] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.36256'. [ 2498.081886][T18210] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.36256'. [ 2505.412921][T18260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2512.233239][T18324] wlan0: mtu greater than device maximum [ 2520.456763][T18377] netlink: 'syz.0.36318': attribute type 11 has an invalid length. [ 2520.489702][T18377] netlink: 168 bytes leftover after parsing attributes in process `syz.0.36318'. [ 2524.680770][T18412] netlink: 'syz.2.36334': attribute type 11 has an invalid length. [ 2524.688763][T18412] netlink: 168 bytes leftover after parsing attributes in process `syz.2.36334'. [ 2529.004352][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2529.012239][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2532.844574][T18462] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.36355'. [ 2532.882171][T18462] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2532.961561][ T5906] Bluetooth: hci1: Dropping invalid advertising data [ 2532.968383][ T5906] Bluetooth: hci1: Malformed LE Event: 0x02 [ 2533.082795][T18457] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2535.213855][T18527] A link change request failed with some changes committed already. Interface 26±ÿÿÿÿa–ïD may have been left with an inconsistent configuration, please check. [ 2535.253304][T18530] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.36377'. [ 2535.299932][T18530] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2536.118624][T18562] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2536.185511][T18562] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.36391'. [ 2536.213734][T18562] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2539.183891][T18587] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2539.552266][T18596] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2539.592512][T18597] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.36407'. [ 2539.608067][T18597] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2542.377031][T18619] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2542.723334][T18628] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2542.744924][T18630] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.36420'. [ 2542.755241][T18630] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2543.578716][T18658] A link change request failed with some changes committed already. Interface 26±ÿÿÿÿa–ïD may have been left with an inconsistent configuration, please check. [ 2543.624607][T18657] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.36435'. [ 2543.662144][T18657] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2545.798746][ T5906] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 2547.880274][T18724] Bluetooth: hci1: command 0x0406 tx timeout [ 2552.211563][T18780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2552.964509][T18791] syzkaller0: entered promiscuous mode [ 2552.991909][T18791] syzkaller0: entered allmulticast mode [ 2554.250443][T18804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2554.959464][T18815] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.36513'. [ 2554.979799][T18815] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2556.949238][T18828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2557.863354][T18803] netlink: 'syz.1.36509': attribute type 21 has an invalid length. [ 2557.874935][T18812] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2557.990438][T18832] netlink: 156 bytes leftover after parsing attributes in process `syz.3.36524'. [ 2558.350496][T18834] syzkaller0: entered promiscuous mode [ 2558.363493][T18834] syzkaller0: entered allmulticast mode [ 2566.193458][T18857] netlink: 'syz.2.36525': attribute type 10 has an invalid length. [ 2566.202567][T18857] veth0_macvtap: left promiscuous mode [ 2566.601971][T18881] netlink: 60243 bytes leftover after parsing attributes in process `syz.0.36538'. [ 2566.629117][T18881] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36538'. [ 2567.555806][T18909] netlink: 60243 bytes leftover after parsing attributes in process `syz.3.36550'. [ 2567.575705][T18909] netlink: 4 bytes leftover after parsing attributes in process `syz.3.36550'. [ 2567.985746][T18923] syzkaller0: entered promiscuous mode [ 2568.021985][T18923] syzkaller0: entered allmulticast mode [ 2570.698561][T18937] netlink: 60243 bytes leftover after parsing attributes in process `syz.2.36563'. [ 2570.708100][T18937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.36563'. [ 2574.234885][T18996] syzkaller0: entered promiscuous mode [ 2574.244356][T18996] syzkaller0: entered allmulticast mode [ 2577.547555][T19001] netlink: 156 bytes leftover after parsing attributes in process `syz.1.36587'. [ 2577.557951][T19005] netlink: 'syz.3.36590': attribute type 10 has an invalid length. [ 2577.622840][T19005] veth0_macvtap: left promiscuous mode [ 2578.143550][T19032] syzkaller0: entered promiscuous mode [ 2578.149096][T19032] syzkaller0: entered allmulticast mode [ 2580.910743][T19045] netlink: 'syz.0.36609': attribute type 10 has an invalid length. [ 2580.924216][T19045] veth0_macvtap: left promiscuous mode [ 2583.128241][T19106] netlink: 'syz.2.36634': attribute type 1 has an invalid length. [ 2583.145727][T19106] netlink: 'syz.2.36634': attribute type 4 has an invalid length. [ 2583.172595][T19106] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.36634'. [ 2583.280464][T18724] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 2583.400730][T10430] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 2583.717133][T19135] netlink: 'syz.3.36648': attribute type 1 has an invalid length. [ 2583.738886][T19135] netlink: 'syz.3.36648': attribute type 4 has an invalid length. [ 2583.748739][T19135] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.36648'. [ 2583.903738][ T5906] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 2584.222822][T19163] netlink: 'syz.1.36660': attribute type 1 has an invalid length. [ 2584.244139][T19163] netlink: 'syz.1.36660': attribute type 4 has an invalid length. [ 2584.252336][T19163] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.36660'. [ 2584.358770][T19149] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 2585.296500][T19171] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 2585.321380][T19171] Bluetooth: hci3: command 0x206c tx timeout [ 2585.335419][T18724] Bluetooth: hci3: Opcode 0x206c failed: -110 [ 2585.342753][T18724] Bluetooth: hci3: Opcode 0x2046 failed: -110 [ 2585.479759][T18724] Bluetooth: hci0: command 0x206c tx timeout [ 2585.485927][T10430] Bluetooth: hci0: Opcode 0x206c failed: -110 [ 2585.538682][T18724] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 2585.625930][T19209] syzkaller0: entered promiscuous mode [ 2585.639330][T19209] syzkaller0: entered allmulticast mode [ 2585.961604][T18724] Bluetooth: hci2: command 0x206c tx timeout [ 2585.961641][ T5906] Bluetooth: hci2: Opcode 0x206c failed: -110 [ 2586.448033][T18724] Bluetooth: hci1: command 0x206c tx timeout [ 2586.451149][T19149] Bluetooth: hci1: Opcode 0x206c failed: -110 [ 2587.404936][T18724] Bluetooth: hci3: command 0x206c tx timeout [ 2587.564675][T10430] Bluetooth: hci0: Opcode 0x2046 failed: -110 [ 2587.571161][T10430] Bluetooth: hci0: command 0x206c tx timeout [ 2588.039801][ T5906] Bluetooth: hci2: Opcode 0x2046 failed: -110 [ 2588.047422][ T5906] Bluetooth: hci2: command 0x206c tx timeout [ 2588.522701][T19149] Bluetooth: hci1: Opcode 0x2046 failed: -110 [ 2588.529330][ T5906] Bluetooth: hci1: command 0x206c tx timeout [ 2590.465978][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2590.472797][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2591.411784][T19331] sctp: [Deprecated]: syz.1.36732 (pid 19331) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2591.411784][T19331] Use struct sctp_sack_info instead [ 2591.819164][T19341] syzkaller0: entered promiscuous mode [ 2591.839988][T19341] syzkaller0: entered allmulticast mode [ 2592.422836][T19361] sctp: [Deprecated]: syz.0.36747 (pid 19361) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2592.422836][T19361] Use struct sctp_sack_info instead [ 2592.642801][T19365] sctp: [Deprecated]: syz.2.36758 (pid 19365) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2592.642801][T19365] Use struct sctp_sack_info instead [ 2592.812185][T19366] syzkaller0: entered promiscuous mode [ 2592.817726][T19366] syzkaller0: entered allmulticast mode [ 2594.139177][T19394] sctp: [Deprecated]: syz.3.36762 (pid 19394) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2594.139177][T19394] Use struct sctp_sack_info instead [ 2595.421142][T19422] sctp: [Deprecated]: syz.3.36775 (pid 19422) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2595.421142][T19422] Use struct sctp_sack_info instead [ 2595.483575][T19425] syzkaller0: entered promiscuous mode [ 2595.492086][T19425] syzkaller0: entered allmulticast mode [ 2596.816345][T19446] sctp: [Deprecated]: syz.0.36787 (pid 19446) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2596.816345][T19446] Use struct sctp_sack_info instead [ 2597.438212][T19467] netlink: 'syz.1.36795': attribute type 21 has an invalid length. [ 2597.460556][T19467] netlink: 'syz.1.36795': attribute type 19 has an invalid length. [ 2597.470662][T19467] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.36795'. [ 2597.838592][T19476] sctp: [Deprecated]: syz.0.36798 (pid 19476) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2597.838592][T19476] Use struct sctp_sack_info instead [ 2597.857709][T19471] syzkaller0: entered promiscuous mode [ 2597.873249][T19471] syzkaller0: entered allmulticast mode [ 2600.669894][T19502] netlink: 'syz.2.36811': attribute type 21 has an invalid length. [ 2600.677868][T19502] netlink: 'syz.2.36811': attribute type 19 has an invalid length. [ 2600.701505][T19502] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.36811'. [ 2602.161447][T19530] syzkaller0: entered promiscuous mode [ 2602.175074][T19530] syzkaller0: entered allmulticast mode [ 2602.207503][T19530] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 2602.285429][T19536] netlink: 'syz.3.36824': attribute type 21 has an invalid length. [ 2602.300096][T19536] netlink: 'syz.3.36824': attribute type 19 has an invalid length. [ 2602.308052][T19536] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.36824'. [ 2602.843385][T19560] netlink: 'syz.2.36833': attribute type 2 has an invalid length. [ 2602.855855][T19560] netlink: 1045 bytes leftover after parsing attributes in process `syz.2.36833'. [ 2604.397967][T19598] syzkaller0: entered promiscuous mode [ 2604.417835][T19598] syzkaller0: entered allmulticast mode [ 2604.755926][T19610] syzkaller0: entered promiscuous mode [ 2604.762316][T19610] syzkaller0: entered allmulticast mode [ 2607.018379][T19660] netlink: 'syz.0.36872': attribute type 14 has an invalid length. [ 2607.054707][T19660] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.36872'. [ 2607.501964][T19664] syzkaller0: entered promiscuous mode [ 2607.518385][T19664] syzkaller0: entered allmulticast mode [ 2607.863051][T19673] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.36878'. [ 2608.099431][T19678] netlink: 'syz.2.36881': attribute type 3 has an invalid length. [ 2608.107866][T19678] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.36881'. [ 2610.828751][T19708] syzkaller0: entered promiscuous mode [ 2610.835541][T19708] syzkaller0: entered allmulticast mode [ 2610.883693][T19709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2611.295536][T19723] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.36899'. [ 2615.537496][T19763] netlink: 'syz.0.36917': attribute type 21 has an invalid length. [ 2615.545923][T19763] netlink: 'syz.0.36917': attribute type 13 has an invalid length. [ 2615.554018][T19763] netlink: 6188 bytes leftover after parsing attributes in process `syz.0.36917'. [ 2618.887130][T19847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2621.628315][T19917] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.36986'. [ 2621.908214][T19931] netlink: 'syz.1.36993': attribute type 2 has an invalid length. [ 2621.920512][T19931] netlink: 'syz.1.36993': attribute type 1 has an invalid length. [ 2621.928384][T19931] netlink: 'syz.1.36993': attribute type 8 has an invalid length. [ 2621.941816][T19931] netlink: 88 bytes leftover after parsing attributes in process `syz.1.36993'. [ 2623.869315][T19973] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.37016'. [ 2624.002011][T19980] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.37019'. [ 2624.577122][T19990] syzkaller0: entered promiscuous mode [ 2624.585356][T19990] syzkaller0: entered allmulticast mode [ 2627.441926][T20005] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.37031'. [ 2631.031511][T20049] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.37047'. [ 2631.220615][T20052] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.37057'. [ 2633.339954][ T5906] Bluetooth: hci3: Malformed Event: 0x2f [ 2635.058614][T20080] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.37061'. [ 2635.448785][T20096] syzkaller0: entered promiscuous mode [ 2635.454621][T20096] syzkaller0: entered allmulticast mode [ 2638.206504][T20106] syzkaller0: left promiscuous mode [ 2638.219686][T20106] syzkaller0: left allmulticast mode [ 2638.597028][T20124] netlink: 'syz.3.37081': attribute type 3 has an invalid length. [ 2638.613060][T20124] netlink: 'syz.3.37081': attribute type 1 has an invalid length. [ 2638.621884][T20124] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.37081'. [ 2641.185609][T20159] netlink: 'syz.2.37096': attribute type 3 has an invalid length. [ 2641.229726][T20159] netlink: 'syz.2.37096': attribute type 1 has an invalid length. [ 2641.260140][T20159] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.37096'. [ 2641.593464][T20179] syzkaller0: entered promiscuous mode [ 2641.599084][T20179] syzkaller0: entered allmulticast mode [ 2641.942764][T20190] netlink: 'syz.0.37111': attribute type 3 has an invalid length. [ 2641.964802][T20190] netlink: 'syz.0.37111': attribute type 1 has an invalid length. [ 2641.985453][T20190] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.37111'. [ 2642.846456][T20204] syzkaller0: entered promiscuous mode [ 2642.852885][T20204] syzkaller0: entered allmulticast mode [ 2646.638811][T20255] syzkaller0: entered promiscuous mode [ 2646.783704][T20255] syzkaller0: entered allmulticast mode [ 2650.276714][ T5906] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 2650.763954][T20313] syzkaller0: entered promiscuous mode [ 2650.773578][T20313] syzkaller0: entered allmulticast mode [ 2651.882372][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2651.888806][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2653.936564][T20348] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37181'. [ 2654.315789][T20348] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2654.327914][T20348] CPU: 1 PID: 20348 Comm: syz.3.37181 Not tainted syzkaller #0 [ 2654.335514][T20348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2654.345587][T20348] Call Trace: [ 2654.348880][T20348] [ 2654.351822][T20348] dump_stack_lvl+0x18c/0x250 [ 2654.356539][T20348] ? show_regs_print_info+0x20/0x20 [ 2654.361773][T20348] ? load_image+0x420/0x420 [ 2654.366312][T20348] sysfs_warn_dup+0x8e/0xa0 [ 2654.370833][T20348] sysfs_do_create_link_sd+0xc0/0x110 [ 2654.376221][T20348] device_add_class_symlinks+0x1cf/0x240 [ 2654.381887][T20348] device_add+0x507/0xc50 [ 2654.386245][T20348] wiphy_register+0x1dad/0x2ae0 [ 2654.391150][T20348] ? cfg80211_event_work+0x40/0x40 [ 2654.396290][T20348] ? minstrel_ht_alloc+0x88a/0x990 [ 2654.401429][T20348] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2654.407528][T20348] ieee80211_register_hw+0x3464/0x4250 [ 2654.413044][T20348] ? ieee80211_tasklet_handler+0x20/0x20 [ 2654.418699][T20348] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2654.424618][T20348] ? __debug_object_init+0xec/0x450 [ 2654.429845][T20348] ? __asan_memset+0x22/0x40 [ 2654.434460][T20348] ? __hrtimer_init+0x186/0x270 [ 2654.439331][T20348] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2654.445107][T20348] ? mac80211_hwsim_free+0x220/0x220 [ 2654.450406][T20348] ? rcu_is_watching+0x15/0xb0 [ 2654.455193][T20348] ? kstrndup+0xbd/0x140 [ 2654.459467][T20348] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2654.464609][T20348] ? __nla_validate+0x50/0x50 [ 2654.469319][T20348] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2654.475687][T20348] ? __nla_parse+0x40/0x50 [ 2654.480119][T20348] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2654.486483][T20348] genl_family_rcv_msg_doit+0x211/0x310 [ 2654.492056][T20348] ? end_current_label_crit_section+0x170/0x170 [ 2654.498323][T20348] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2654.504245][T20348] ? bpf_lsm_capable+0x9/0x10 [ 2654.508941][T20348] ? security_capable+0x89/0xb0 [ 2654.513825][T20348] genl_rcv_msg+0x619/0x7a0 [ 2654.518355][T20348] ? genl_bind+0x360/0x360 [ 2654.522785][T20348] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2654.529139][T20348] ? perf_trace_lock+0x304/0x3b0 [ 2654.534119][T20348] netlink_rcv_skb+0x241/0x4d0 [ 2654.538902][T20348] ? genl_bind+0x360/0x360 [ 2654.543336][T20348] ? netlink_ack+0x1180/0x1180 [ 2654.548133][T20348] ? __lock_acquire+0x7d40/0x7d40 [ 2654.553189][T20348] ? down_read+0x1ac/0x2e0 [ 2654.557631][T20348] genl_rcv+0x28/0x40 [ 2654.561636][T20348] netlink_unicast+0x751/0x8d0 [ 2654.566435][T20348] netlink_sendmsg+0x8d0/0xbf0 [ 2654.571212][T20348] ? lockdep_hardirqs_on+0x98/0x150 [ 2654.576441][T20348] ? netlink_getsockopt+0x590/0x590 [ 2654.581660][T20348] ? aa_sock_msg_perm+0x94/0x150 [ 2654.586621][T20348] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2654.591931][T20348] ? security_socket_sendmsg+0x80/0xa0 [ 2654.597404][T20348] ? netlink_getsockopt+0x590/0x590 [ 2654.602625][T20348] ____sys_sendmsg+0x5ba/0x960 [ 2654.607428][T20348] ? __asan_memset+0x22/0x40 [ 2654.612035][T20348] ? __sys_sendmsg_sock+0x30/0x30 [ 2654.617072][T20348] ? __import_iovec+0x5f2/0x850 [ 2654.621950][T20348] ? import_iovec+0x73/0xa0 [ 2654.626474][T20348] ___sys_sendmsg+0x2a6/0x360 [ 2654.631175][T20348] ? __sys_sendmsg+0x2a0/0x2a0 [ 2654.636035][T20348] __se_sys_sendmsg+0x1c2/0x2b0 [ 2654.640907][T20348] ? __x64_sys_sendmsg+0x80/0x80 [ 2654.645886][T20348] ? lockdep_hardirqs_on+0x98/0x150 [ 2654.651131][T20348] do_syscall_64+0x55/0xb0 [ 2654.655558][T20348] ? clear_bhb_loop+0x40/0x90 [ 2654.660245][T20348] ? clear_bhb_loop+0x40/0x90 [ 2654.664934][T20348] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2654.670847][T20348] RIP: 0033:0x7f661f19ce59 [ 2654.675277][T20348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2654.694905][T20348] RSP: 002b:00007f66200fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2654.703340][T20348] RAX: ffffffffffffffda RBX: 00007f661f415fa0 RCX: 00007f661f19ce59 [ 2654.711326][T20348] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 2654.719311][T20348] RBP: 00007f661f232d6f R08: 0000000000000000 R09: 0000000000000000 [ 2654.727294][T20348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2654.735274][T20348] R13: 00007f661f416038 R14: 00007f661f415fa0 R15: 00007fff95de83b8 [ 2654.743289][T20348] [ 2657.223518][T20382] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37193'. [ 2657.265768][T20382] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2657.279341][T20382] CPU: 1 PID: 20382 Comm: syz.2.37193 Not tainted syzkaller #0 [ 2657.286950][T20382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2657.297042][T20382] Call Trace: [ 2657.300336][T20382] [ 2657.303276][T20382] dump_stack_lvl+0x18c/0x250 [ 2657.307982][T20382] ? show_regs_print_info+0x20/0x20 [ 2657.313226][T20382] ? load_image+0x420/0x420 [ 2657.317753][T20382] sysfs_warn_dup+0x8e/0xa0 [ 2657.322264][T20382] sysfs_do_create_link_sd+0xc0/0x110 [ 2657.327650][T20382] device_add_class_symlinks+0x1cf/0x240 [ 2657.333300][T20382] device_add+0x507/0xc50 [ 2657.337647][T20382] wiphy_register+0x1dad/0x2ae0 [ 2657.342536][T20382] ? cfg80211_event_work+0x40/0x40 [ 2657.347663][T20382] ? minstrel_ht_alloc+0x88a/0x990 [ 2657.352793][T20382] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2657.358883][T20382] ieee80211_register_hw+0x3464/0x4250 [ 2657.364376][T20382] ? ieee80211_tasklet_handler+0x20/0x20 [ 2657.370021][T20382] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2657.375934][T20382] ? __debug_object_init+0xec/0x450 [ 2657.381178][T20382] ? __asan_memset+0x22/0x40 [ 2657.385789][T20382] ? __hrtimer_init+0x186/0x270 [ 2657.390650][T20382] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2657.396399][T20382] ? mac80211_hwsim_free+0x220/0x220 [ 2657.401694][T20382] ? rcu_is_watching+0x15/0xb0 [ 2657.406474][T20382] ? kstrndup+0xbd/0x140 [ 2657.410736][T20382] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2657.415863][T20382] ? __nla_validate+0x50/0x50 [ 2657.420555][T20382] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2657.426914][T20382] ? __nla_parse+0x40/0x50 [ 2657.431340][T20382] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2657.437702][T20382] genl_family_rcv_msg_doit+0x211/0x310 [ 2657.443259][T20382] ? end_current_label_crit_section+0x170/0x170 [ 2657.449519][T20382] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2657.455438][T20382] ? bpf_lsm_capable+0x9/0x10 [ 2657.460136][T20382] ? security_capable+0x89/0xb0 [ 2657.465017][T20382] genl_rcv_msg+0x619/0x7a0 [ 2657.469543][T20382] ? genl_bind+0x360/0x360 [ 2657.473982][T20382] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2657.480320][T20382] ? perf_trace_lock+0x304/0x3b0 [ 2657.485293][T20382] netlink_rcv_skb+0x241/0x4d0 [ 2657.490065][T20382] ? genl_bind+0x360/0x360 [ 2657.494492][T20382] ? netlink_ack+0x1180/0x1180 [ 2657.499271][T20382] ? __lock_acquire+0x7d40/0x7d40 [ 2657.504317][T20382] ? down_read+0x1ac/0x2e0 [ 2657.510323][T20382] genl_rcv+0x28/0x40 [ 2657.514329][T20382] netlink_unicast+0x751/0x8d0 [ 2657.519124][T20382] netlink_sendmsg+0x8d0/0xbf0 [ 2657.523940][T20382] ? lockdep_hardirqs_on+0x98/0x150 [ 2657.529177][T20382] ? netlink_getsockopt+0x590/0x590 [ 2657.534410][T20382] ? security_socket_sendmsg+0x5a/0xa0 [ 2657.539887][T20382] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2657.545186][T20382] ? security_socket_sendmsg+0x80/0xa0 [ 2657.550651][T20382] ? netlink_getsockopt+0x590/0x590 [ 2657.555863][T20382] ____sys_sendmsg+0x5ba/0x960 [ 2657.560647][T20382] ? __sys_sendmsg_sock+0x30/0x30 [ 2657.565679][T20382] ? __import_iovec+0x5f2/0x850 [ 2657.570545][T20382] ? import_iovec+0x73/0xa0 [ 2657.575055][T20382] ___sys_sendmsg+0x2a6/0x360 [ 2657.579745][T20382] ? __sys_sendmsg+0x2a0/0x2a0 [ 2657.584565][T20382] __se_sys_sendmsg+0x1c2/0x2b0 [ 2657.589430][T20382] ? __x64_sys_sendmsg+0x80/0x80 [ 2657.594393][T20382] ? lockdep_hardirqs_on+0x98/0x150 [ 2657.599610][T20382] do_syscall_64+0x55/0xb0 [ 2657.604035][T20382] ? clear_bhb_loop+0x40/0x90 [ 2657.608708][T20382] ? clear_bhb_loop+0x40/0x90 [ 2657.613397][T20382] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2657.619304][T20382] RIP: 0033:0x7fc06699ce59 [ 2657.623720][T20382] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2657.643331][T20382] RSP: 002b:00007fc0678c1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2657.651755][T20382] RAX: ffffffffffffffda RBX: 00007fc066c15fa0 RCX: 00007fc06699ce59 [ 2657.659731][T20382] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 2657.667706][T20382] RBP: 00007fc066a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 2657.675681][T20382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2657.683657][T20382] R13: 00007fc066c16038 R14: 00007fc066c15fa0 R15: 00007ffe3e2329b8 [ 2657.691650][T20382] [ 2663.333627][T19149] Bluetooth: hci1: ISO packet too small [ 2666.684762][T20478] netlink: 'syz.3.37237': attribute type 22 has an invalid length. [ 2667.015736][T19149] Bluetooth: hci0: ISO packet too small [ 2667.162628][T20505] netlink: 'syz.1.37249': attribute type 22 has an invalid length. [ 2667.985551][T20533] netlink: 'syz.2.37261': attribute type 22 has an invalid length. [ 2671.126685][T20620] netlink: 'syz.0.37299': attribute type 3 has an invalid length. [ 2671.153848][T20620] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.37299'. [ 2680.550943][T20748] netlink: 15119 bytes leftover after parsing attributes in process `syz.1.37350'. [ 2680.718785][T20758] netlink: 'syz.2.37361': attribute type 39 has an invalid length. [ 2685.227701][T20813] netlink: 'syz.1.37380': attribute type 1 has an invalid length. [ 2685.255445][T20813] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.37380'. [ 2686.170424][T20849] netlink: 'syz.2.37397': attribute type 1 has an invalid length. [ 2686.178338][T20849] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.37397'. [ 2689.960129][T20891] netlink: 'syz.3.37411': attribute type 1 has an invalid length. [ 2689.999715][T20891] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.37411'. [ 2691.586735][T20933] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.37433'. [ 2691.606876][T20933] netlink: zone id is out of range [ 2691.616968][T20933] netlink: zone id is out of range [ 2691.627118][T20933] netlink: zone id is out of range [ 2691.647372][T20933] netlink: zone id is out of range [ 2691.668238][T20933] netlink: zone id is out of range [ 2691.689767][T20933] netlink: zone id is out of range [ 2691.700237][T20933] netlink: zone id is out of range [ 2691.724143][T20933] netlink: zone id is out of range [ 2691.736822][T20933] netlink: zone id is out of range [ 2691.770693][T20933] netlink: zone id is out of range [ 2693.080517][T20976] netlink: 'syz.1.37451': attribute type 3 has an invalid length. [ 2693.089855][T20976] netlink: 'syz.1.37451': attribute type 6 has an invalid length. [ 2693.097727][T20976] netlink: 144448 bytes leftover after parsing attributes in process `syz.1.37451'. [ 2693.175706][T20978] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.37452'. [ 2693.961899][T21002] netlink: 'syz.2.37463': attribute type 3 has an invalid length. [ 2693.979662][T21002] netlink: 'syz.2.37463': attribute type 6 has an invalid length. [ 2694.008386][T21002] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.37463'. [ 2695.167055][T21031] netlink: 'syz.0.37476': attribute type 3 has an invalid length. [ 2695.189656][T21031] netlink: 'syz.0.37476': attribute type 6 has an invalid length. [ 2695.215150][T21031] netlink: 144448 bytes leftover after parsing attributes in process `syz.0.37476'. [ 2695.235634][T21032] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.37486'. [ 2699.913393][T21105] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37516'. [ 2699.936323][T21105] net_ratelimit: 80 callbacks suppressed [ 2699.936361][T21105] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2699.980360][T21110] tun0: tun_chr_ioctl cmd 2147767520 [ 2701.235184][T21142] tun0: tun_chr_ioctl cmd 2147767520 [ 2701.311258][T21145] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37527'. [ 2701.321443][T21145] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2702.280609][T21168] tun0: tun_chr_ioctl cmd 2147767520 [ 2702.635848][T21174] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37540'. [ 2702.645790][T21174] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2703.002963][T19149] Bluetooth: hci1: unexpected event 0x31 length: 15 > 6 [ 2703.121982][T21195] netlink: 15794 bytes leftover after parsing attributes in process `syz.0.37549'. [ 2703.143964][T21199] netlink: 'syz.1.37560': attribute type 1 has an invalid length. [ 2703.162330][T21199] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.37560'. [ 2704.838702][T19149] Bluetooth: hci2: unexpected subevent 0x03 length: 150 > 9 [ 2706.639035][T19149] Bluetooth: hci2: unexpected event 0x31 length: 15 > 6 [ 2707.824740][T19149] Bluetooth: hci0: unexpected event 0x31 length: 15 > 6 [ 2707.977754][T21260] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37575'. [ 2708.001652][T21260] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2709.909605][T21278] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.37580'. [ 2710.112833][T19149] Bluetooth: hci3: unexpected subevent 0x03 length: 150 > 9 [ 2710.199144][T19149] Bluetooth: hci3: unexpected event 0x31 length: 15 > 6 [ 2710.218699][T21291] syz.2.37593[21291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2710.226869][T21291] syz.2.37593[21291] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2712.359167][T19149] Bluetooth: hci3: unexpected event 0x31 length: 15 > 6 [ 2713.333904][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.347261][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2715.160840][T21346] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.37608'. [ 2717.498921][T21368] netlink: 'syz.0.37628': attribute type 9 has an invalid length. [ 2717.517100][T21368] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.37628'. [ 2717.965159][ T7261] tipc: Subscription rejected, illegal request [ 2720.612694][T21403] netlink: 'syz.2.37635': attribute type 9 has an invalid length. [ 2720.639798][T21403] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.37635'. [ 2722.302075][T21449] netlink: 'syz.3.37654': attribute type 9 has an invalid length. [ 2722.310236][T21449] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.37654'. [ 2723.708007][T21487] syz.1.37670[21487] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2723.708232][T21487] syz.1.37670[21487] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2726.158684][T21546] syz.2.37695[21546] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2726.175342][T21546] syz.2.37695[21546] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2728.105316][T19149] Bluetooth: hci3: unexpected subevent 0x05 length: 150 > 12 [ 2728.195235][T21581] syz.3.37711[21581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2728.195465][T21581] syz.3.37711[21581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2728.285140][T21586] sctp: [Deprecated]: syz.3.37714 (pid 21586) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2728.285140][T21586] Use struct sctp_sack_info instead [ 2730.199888][T19149] Bluetooth: hci3: command 0x206c tx timeout [ 2731.062786][T21655] sock: sock_timestamping_bind_phc: sock not bind to device [ 2733.433202][T21680] sctp: [Deprecated]: syz.0.37757 (pid 21680) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2733.433202][T21680] Use struct sctp_sack_info instead [ 2733.587393][T21689] sctp: [Deprecated]: syz.1.37770 (pid 21689) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2733.587393][T21689] Use struct sctp_sack_info instead [ 2739.215861][T21734] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.37781'. [ 2740.095021][T21768] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.37795'. [ 2740.821011][T21793] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.37806'. [ 2740.938405][T21799] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.37810'. [ 2749.971333][T21952] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.37887'. [ 2749.985646][T21952] netlink: 6320 bytes leftover after parsing attributes in process `syz.0.37887'. [ 2752.631424][T22029] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.37915'. [ 2752.649921][T22029] netlink: 6320 bytes leftover after parsing attributes in process `syz.1.37915'. [ 2755.100265][T22071] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37930'. [ 2758.305720][T22205] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37994'. [ 2759.674447][T22236] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38009'. [ 2760.646036][T22270] netlink: 152 bytes leftover after parsing attributes in process `syz.0.38022'. [ 2760.682559][T22267] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38020'. [ 2762.417378][T22298] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38035'. [ 2765.432822][T22339] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38055'. [ 2768.936463][T22351] netlink: 152 bytes leftover after parsing attributes in process `syz.3.38059'. [ 2769.192266][T22368] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.38065'. [ 2769.431137][T22380] netlink: 539 bytes leftover after parsing attributes in process `syz.2.38071'. [ 2769.607780][T22387] netlink: 152 bytes leftover after parsing attributes in process `syz.2.38074'. [ 2770.052498][T22395] netlink: 'syz.3.38077': attribute type 1 has an invalid length. [ 2770.068619][T22395] netlink: 'syz.3.38077': attribute type 4 has an invalid length. [ 2770.078592][T22395] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.38077'. [ 2770.255194][T22401] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38080'. [ 2770.409338][T22408] netlink: 539 bytes leftover after parsing attributes in process `syz.0.38084'. [ 2771.463434][T22432] netlink: 539 bytes leftover after parsing attributes in process `syz.3.38096'. [ 2772.557502][T22449] lo: entered promiscuous mode [ 2772.598552][T22450] netlink: 'syz.0.38103': attribute type 9 has an invalid length. [ 2772.637695][T22450] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.38103'. [ 2773.981922][T22462] syzkaller0: entered promiscuous mode [ 2774.001831][T22462] syzkaller0: entered allmulticast mode [ 2774.011577][T22464] netlink: 539 bytes leftover after parsing attributes in process `syz.1.38107'. [ 2774.031359][T22462] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 65487 [ 2774.778206][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2774.784811][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2775.306935][T22489] netlink: 539 bytes leftover after parsing attributes in process `syz.0.38122'. [ 2776.805070][T22547] netlink: 'syz.2.38143': attribute type 1 has an invalid length. [ 2776.817880][T22547] netlink: 'syz.2.38143': attribute type 4 has an invalid length. [ 2776.832501][T22547] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.38143'. [ 2776.858208][T22545] lo: entered promiscuous mode [ 2777.117427][T22558] netlink: 'syz.0.38157': attribute type 1 has an invalid length. [ 2777.159818][T22558] netlink: 'syz.0.38157': attribute type 4 has an invalid length. [ 2777.167739][T22558] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.38157'. [ 2788.091192][T22721] syz.2.38221: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 2788.114209][T22721] CPU: 0 PID: 22721 Comm: syz.2.38221 Not tainted syzkaller #0 [ 2788.121816][T22721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2788.131891][T22721] Call Trace: [ 2788.135193][T22721] [ 2788.138133][T22721] dump_stack_lvl+0x18c/0x250 [ 2788.142837][T22721] ? show_regs_print_info+0x20/0x20 [ 2788.148060][T22721] ? load_image+0x420/0x420 [ 2788.152578][T22721] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2788.159035][T22721] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 2788.165540][T22721] warn_alloc+0x246/0x340 [ 2788.169885][T22721] ? stack_trace_save+0xaa/0x100 [ 2788.174832][T22721] ? zone_watermark_ok_safe+0x230/0x230 [ 2788.180397][T22721] ? kasan_set_track+0x5f/0x70 [ 2788.185162][T22721] ? kasan_set_track+0x4e/0x70 [ 2788.189924][T22721] ? __kasan_kmalloc+0x8f/0xa0 [ 2788.194687][T22721] ? xsk_init_queue+0xad/0x100 [ 2788.199452][T22721] ? xsk_setsockopt+0x4e5/0x760 [ 2788.204302][T22721] ? do_sock_setsockopt+0x175/0x1a0 [ 2788.209503][T22721] ? __x64_sys_setsockopt+0x182/0x200 [ 2788.214886][T22721] __vmalloc_node_range+0x126/0x1330 [ 2788.220207][T22721] ? free_vm_area+0x50/0x50 [ 2788.224727][T22721] vmalloc_user+0x74/0x80 [ 2788.229061][T22721] ? xskq_create+0xbf/0x170 [ 2788.233567][T22721] xskq_create+0xbf/0x170 [ 2788.237906][T22721] xsk_init_queue+0xad/0x100 [ 2788.242500][T22721] xsk_setsockopt+0x4e5/0x760 [ 2788.247181][T22721] ? xsk_poll+0x680/0x680 [ 2788.251510][T22721] ? __fget_files+0x28/0x4b0 [ 2788.256139][T22721] ? __fget_files+0x28/0x4b0 [ 2788.260731][T22721] ? aa_sock_opt_perm+0x74/0x100 [ 2788.265679][T22721] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 2788.271230][T22721] ? security_socket_setsockopt+0x7e/0xa0 [ 2788.276954][T22721] ? xsk_poll+0x680/0x680 [ 2788.281284][T22721] do_sock_setsockopt+0x175/0x1a0 [ 2788.286314][T22721] ? __fdget+0x180/0x210 [ 2788.290565][T22721] __x64_sys_setsockopt+0x182/0x200 [ 2788.295773][T22721] do_syscall_64+0x55/0xb0 [ 2788.300194][T22721] ? clear_bhb_loop+0x40/0x90 [ 2788.304878][T22721] ? clear_bhb_loop+0x40/0x90 [ 2788.309554][T22721] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2788.315458][T22721] RIP: 0033:0x7fc06699ce59 [ 2788.319881][T22721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2788.339496][T22721] RSP: 002b:00007fc0678c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2788.347915][T22721] RAX: ffffffffffffffda RBX: 00007fc066c15fa0 RCX: 00007fc06699ce59 [ 2788.355889][T22721] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 2788.363870][T22721] RBP: 00007fc066a32d6f R08: 0000000000000004 R09: 0000000000000000 [ 2788.371852][T22721] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 2788.379825][T22721] R13: 00007fc066c16038 R14: 00007fc066c15fa0 R15: 00007ffe3e2329b8 [ 2788.387816][T22721] [ 2788.429588][T22721] Mem-Info: [ 2788.433282][T22721] active_anon:18947 inactive_anon:0 isolated_anon:0 [ 2788.433282][T22721] active_file:18604 inactive_file:41073 isolated_file:0 [ 2788.433282][T22721] unevictable:768 dirty:171 writeback:0 [ 2788.433282][T22721] slab_reclaimable:10983 slab_unreclaimable:101806 [ 2788.433282][T22721] mapped:23986 shmem:1361 pagetables:543 [ 2788.433282][T22721] sec_pagetables:0 bounce:0 [ 2788.433282][T22721] kernel_misc_reclaimable:0 [ 2788.433282][T22721] free:1326987 free_pcp:6201 free_cma:0 [ 2788.484492][T22721] Node 0 active_anon:75888kB inactive_anon:0kB active_file:74416kB inactive_file:164088kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95944kB dirty:684kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9980kB pagetables:2172kB sec_pagetables:0kB all_unreclaimable? no [ 2788.523746][T22721] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 2788.554718][T22721] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2788.582942][T22721] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 2788.589370][T22721] Node 0 DMA32 free:1388492kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:75848kB inactive_anon:0kB active_file:74416kB inactive_file:163264kB unevictable:1536kB writepending:684kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:17252kB local_pcp:3316kB free_cma:0kB [ 2788.639668][T22721] lowmem_reserve[]: 0 0 0 0 0 [ 2788.644730][T22721] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 2788.672450][T22721] lowmem_reserve[]: 0 0 0 0 0 [ 2788.678604][T22721] Node 1 Normal free:3903424kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:8896kB local_pcp:0kB free_cma:0kB [ 2788.749627][T22721] lowmem_reserve[]: 0 0 0 0 0 [ 2788.759273][T22721] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2788.785425][T22721] Node 0 DMA32: 707*4kB (UME) 836*8kB (UME) 586*16kB (UME) 1101*32kB (UME) 1646*64kB (UME) 832*128kB (UME) 354*256kB (UM) 161*512kB (UME) 81*1024kB (UME) 51*2048kB (UM) 186*4096kB (UM) = 1388268kB [ 2788.819583][T22721] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2788.845955][T22721] Node 1 Normal: 240*4kB (UME) 52*8kB (UME) 38*16kB (UME) 212*32kB (UME) 72*64kB (UE) 15*128kB (UME) 4*256kB (U) 2*512kB (ME) 1*1024kB (U) 1*2048kB (E) 948*4096kB (M) = 3903424kB [ 2788.865991][T22721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2788.876073][T22721] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2788.886900][T22721] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2788.912376][T22721] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2788.929886][T22721] 61038 total pagecache pages [ 2788.935828][T22721] 0 pages in swap cache [ 2788.940851][T22721] Free swap = 124996kB [ 2788.945045][T22721] Total swap = 124996kB [ 2788.949227][T22721] 2097051 pages RAM [ 2788.954163][T22721] 0 pages HighMem/MovableOnly [ 2788.960050][T22721] 416933 pages reserved [ 2788.964448][T22721] 0 pages cma reserved [ 2794.569174][T22844] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.38272'. [ 2796.772902][T22869] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.38293'. [ 2797.735862][T22895] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.38297'. [ 2798.615033][T22909] syz.1.38304: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 2798.661916][T22909] CPU: 0 PID: 22909 Comm: syz.1.38304 Not tainted syzkaller #0 [ 2798.669563][T22909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2798.679658][T22909] Call Trace: [ 2798.682973][T22909] [ 2798.685973][T22909] dump_stack_lvl+0x18c/0x250 [ 2798.690713][T22909] ? show_regs_print_info+0x20/0x20 [ 2798.695951][T22909] ? load_image+0x420/0x420 [ 2798.700519][T22909] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2798.706976][T22909] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 2798.713538][T22909] warn_alloc+0x246/0x340 [ 2798.717950][T22909] ? stack_trace_save+0xaa/0x100 [ 2798.722941][T22909] ? zone_watermark_ok_safe+0x230/0x230 [ 2798.728555][T22909] ? kasan_set_track+0x5f/0x70 [ 2798.733381][T22909] ? kasan_set_track+0x4e/0x70 [ 2798.738173][T22909] ? __kasan_kmalloc+0x8f/0xa0 [ 2798.742976][T22909] ? xsk_init_queue+0xad/0x100 [ 2798.747823][T22909] ? xsk_setsockopt+0x4e5/0x760 [ 2798.752701][T22909] ? do_sock_setsockopt+0x175/0x1a0 [ 2798.757921][T22909] ? __x64_sys_setsockopt+0x182/0x200 [ 2798.763366][T22909] __vmalloc_node_range+0x126/0x1330 [ 2798.768723][T22909] ? free_vm_area+0x50/0x50 [ 2798.773274][T22909] vmalloc_user+0x74/0x80 [ 2798.777670][T22909] ? xskq_create+0xbf/0x170 [ 2798.782203][T22909] xskq_create+0xbf/0x170 [ 2798.786565][T22909] xsk_init_queue+0xad/0x100 [ 2798.791179][T22909] xsk_setsockopt+0x4e5/0x760 [ 2798.795856][T22909] ? xsk_poll+0x680/0x680 [ 2798.800201][T22909] ? __fget_files+0x28/0x4b0 [ 2798.804811][T22909] ? __fget_files+0x28/0x4b0 [ 2798.809403][T22909] ? aa_sock_opt_perm+0x74/0x100 [ 2798.814352][T22909] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 2798.819921][T22909] ? security_socket_setsockopt+0x7e/0xa0 [ 2798.825643][T22909] ? xsk_poll+0x680/0x680 [ 2798.829989][T22909] do_sock_setsockopt+0x175/0x1a0 [ 2798.835039][T22909] ? __fdget+0x180/0x210 [ 2798.839282][T22909] __x64_sys_setsockopt+0x182/0x200 [ 2798.844481][T22909] do_syscall_64+0x55/0xb0 [ 2798.848916][T22909] ? clear_bhb_loop+0x40/0x90 [ 2798.853589][T22909] ? clear_bhb_loop+0x40/0x90 [ 2798.858271][T22909] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2798.864194][T22909] RIP: 0033:0x7f91b8b9ce59 [ 2798.868613][T22909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2798.888229][T22909] RSP: 002b:00007f91b6df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2798.896672][T22909] RAX: ffffffffffffffda RBX: 00007f91b8e15fa0 RCX: 00007f91b8b9ce59 [ 2798.904647][T22909] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 2798.912642][T22909] RBP: 00007f91b8c32d6f R08: 0000000000000004 R09: 0000000000000000 [ 2798.920648][T22909] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 2798.928633][T22909] R13: 00007f91b8e16038 R14: 00007f91b8e15fa0 R15: 00007fffe522d718 [ 2798.936636][T22909] [ 2798.955988][T22909] Mem-Info: [ 2798.959177][T22909] active_anon:18876 inactive_anon:0 isolated_anon:0 [ 2798.959177][T22909] active_file:18604 inactive_file:41077 isolated_file:0 [ 2798.959177][T22909] unevictable:768 dirty:124 writeback:0 [ 2798.959177][T22909] slab_reclaimable:10968 slab_unreclaimable:99190 [ 2798.959177][T22909] mapped:24012 shmem:1361 pagetables:495 [ 2798.959177][T22909] sec_pagetables:0 bounce:0 [ 2798.959177][T22909] kernel_misc_reclaimable:0 [ 2798.959177][T22909] free:1330499 free_pcp:5132 free_cma:0 [ 2799.005447][T22909] Node 0 active_anon:75504kB inactive_anon:0kB active_file:74416kB inactive_file:164104kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96048kB dirty:496kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9776kB pagetables:1980kB sec_pagetables:0kB all_unreclaimable? no [ 2799.038021][T22909] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 2799.068601][T22909] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2799.096274][T22909] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 2799.102281][T22909] Node 0 DMA32 free:1403212kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:75464kB inactive_anon:0kB active_file:74416kB inactive_file:163280kB unevictable:1536kB writepending:496kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:11128kB local_pcp:624kB free_cma:0kB [ 2799.132842][T22909] lowmem_reserve[]: 0 0 0 0 0 [ 2799.137736][T22909] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 2799.164730][T22909] lowmem_reserve[]: 0 0 0 0 0 [ 2799.172777][T22909] Node 1 Normal free:3903424kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:8896kB local_pcp:8896kB free_cma:0kB [ 2799.202336][T22909] lowmem_reserve[]: 0 0 0 0 0 [ 2799.207163][T22909] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2799.220120][T22909] Node 0 DMA32: 2763*4kB (UME) 1482*8kB (UME) 997*16kB (UME) 756*32kB (UME) 1723*64kB (UME) 831*128kB (UME) 351*256kB (UM) 162*512kB (UME) 82*1024kB (UME) 51*2048kB (UM) 186*4096kB (UM) = 1402764kB [ 2799.240112][T22909] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2799.251890][T22909] Node 1 Normal: 240*4kB (UME) 52*8kB (UME) 38*16kB (UME) 212*32kB (UME) 72*64kB (UE) 15*128kB (UME) 4*256kB (U) 2*512kB (ME) 1*1024kB (U) 1*2048kB (E) 948*4096kB (M) = 3903424kB [ 2799.271932][T22909] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2799.283187][T22909] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2799.292579][T22909] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2799.302240][T22909] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2799.311663][T22909] 61042 total pagecache pages [ 2799.316378][T22909] 0 pages in swap cache [ 2799.320775][T22909] Free swap = 124996kB [ 2799.324990][T22909] Total swap = 124996kB [ 2799.330302][T22909] 2097051 pages RAM [ 2799.334164][T22909] 0 pages HighMem/MovableOnly [ 2799.338892][T22909] 416933 pages reserved [ 2799.343154][T22909] 0 pages cma reserved [ 2800.303552][T22932] netlink: 'syz.3.38324': attribute type 4 has an invalid length. [ 2800.331964][T22932] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38324'. [ 2800.698815][T19149] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 2800.902321][T22950] netlink: 'syz.1.38326': attribute type 4 has an invalid length. [ 2800.917670][T22950] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38326'. [ 2802.253058][T22979] netlink: 'syz.2.38337': attribute type 4 has an invalid length. [ 2802.271278][T22979] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38337'. [ 2803.355051][T23019] syz.2.38355[23019] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2803.355375][T23019] syz.2.38355[23019] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2804.444054][T23045] netlink: 'syz.1.38368': attribute type 2 has an invalid length. [ 2804.517553][T23045] netlink: 'syz.1.38368': attribute type 1 has an invalid length. [ 2804.562851][T23045] netlink: 198036 bytes leftover after parsing attributes in process `syz.1.38368'. [ 2805.876151][T23056] netlink: 'syz.3.38373': attribute type 33 has an invalid length. [ 2805.901597][T23056] netlink: 40 bytes leftover after parsing attributes in process `syz.3.38373'. [ 2806.114955][T23072] netlink: 'syz.2.38379': attribute type 2 has an invalid length. [ 2806.161459][T23072] netlink: 'syz.2.38379': attribute type 1 has an invalid length. [ 2806.169347][T23072] netlink: 198036 bytes leftover after parsing attributes in process `syz.2.38379'. [ 2818.024762][T23242] __sock_release: fasync list not empty! [ 2820.260617][T23279] __sock_release: fasync list not empty! [ 2821.322477][T23307] __sock_release: fasync list not empty! [ 2821.716986][T23318] netlink: 830 bytes leftover after parsing attributes in process `syz.1.38493'. [ 2821.925597][T23326] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.38489'. [ 2823.638403][T23371] netlink: 'syz.0.38508': attribute type 7 has an invalid length. [ 2825.373896][T23394] netlink: 'syz.0.38519': attribute type 1 has an invalid length. [ 2825.381962][T23394] netlink: 'syz.0.38519': attribute type 4 has an invalid length. [ 2825.390629][T23394] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.38519'. [ 2825.852826][T23408] syzkaller0: entered promiscuous mode [ 2825.858439][T23408] syzkaller0: entered allmulticast mode [ 2827.932149][T23430] netlink: 'syz.1.38534': attribute type 1 has an invalid length. [ 2827.958237][T23430] netlink: 'syz.1.38534': attribute type 4 has an invalid length. [ 2827.976895][T23430] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.38534'. [ 2828.050995][T23432] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.38536'. [ 2828.271150][T23440] netlink: 'syz.1.38539': attribute type 7 has an invalid length. [ 2829.997559][T23471] netlink: 'syz.3.38553': attribute type 7 has an invalid length. [ 2830.372704][T23480] syzkaller0: entered promiscuous mode [ 2830.378243][T23480] syzkaller0: entered allmulticast mode [ 2831.931370][T23492] syzkaller0: entered promiscuous mode [ 2831.937322][T23492] syzkaller0: entered allmulticast mode [ 2834.286109][T23496] -: renamed from syzkaller0 [ 2834.298185][T23502] netlink: 'syz.2.38563': attribute type 7 has an invalid length. [ 2834.423023][T23516] netlink: 'syz.3.38578': attribute type 2 has an invalid length. [ 2834.450775][T23516] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38578'. [ 2836.217722][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2836.224287][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2836.621942][T23548] netlink: 'syz.0.38583': attribute type 4 has an invalid length. [ 2836.630195][T23548] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38583'. [ 2838.537951][T23576] netlink: 'syz.1.38596': attribute type 2 has an invalid length. [ 2838.548073][T23576] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38596'. [ 2838.714922][T23583] netlink: 'syz.3.38598': attribute type 4 has an invalid length. [ 2838.742062][T23583] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38598'. [ 2840.569066][T23616] netlink: 'syz.2.38612': attribute type 4 has an invalid length. [ 2840.580016][T23616] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38612'. [ 2843.139995][T23653] netlink: 'syz.1.38625': attribute type 4 has an invalid length. [ 2843.169736][T23653] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38625'. [ 2844.578121][T23681] netlink: 'syz.2.38641': attribute type 4 has an invalid length. [ 2844.586402][T23681] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38641'. [ 2845.263413][T23688] netlink: 'syz.3.38651': attribute type 4 has an invalid length. [ 2845.270523][T23683] syzkaller0: entered promiscuous mode [ 2845.287216][T23688] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38651'. [ 2845.294881][T23683] syzkaller0: entered allmulticast mode [ 2848.601844][T23720] sctp: [Deprecated]: syz.0.38659 (pid 23720) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2848.601844][T23720] Use struct sctp_sack_info instead [ 2849.216904][T23732] netlink: 'syz.3.38665': attribute type 4 has an invalid length. [ 2849.228336][T23732] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38665'. [ 2855.174097][T23806] netlink: 'syz.2.38689': attribute type 2 has an invalid length. [ 2855.209751][T23806] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38689'. [ 2856.027729][T23820] netlink: 'syz.0.38702': attribute type 4 has an invalid length. [ 2856.047378][T23820] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38702'. [ 2858.830068][T23845] netlink: 'syz.2.38706': attribute type 4 has an invalid length. [ 2858.845960][T23845] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38706'. [ 2858.989168][T23852] netlink: 'syz.0.38711': attribute type 2 has an invalid length. [ 2859.001563][T23852] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38711'. [ 2860.038453][T23871] netlink: 48 bytes leftover after parsing attributes in process `syz.2.38717'. [ 2860.388148][T23880] netlink: 'syz.2.38721': attribute type 4 has an invalid length. [ 2860.396511][T23880] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38721'. [ 2860.755441][T23891] netlink: 'syz.1.38734': attribute type 4 has an invalid length. [ 2860.772682][T23891] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38734'. [ 2861.885029][T23915] syzkaller0: entered promiscuous mode [ 2861.890678][T23915] syzkaller0: entered allmulticast mode [ 2861.900293][T23915] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 65487 [ 2862.724521][T19149] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 2864.613824][T23949] netlink: 'syz.3.38755': attribute type 4 has an invalid length. [ 2864.641774][T23949] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38755'. [ 2866.687881][T19149] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 2866.953466][T23978] netlink: 'syz.1.38766': attribute type 4 has an invalid length. [ 2866.969892][T23978] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38766'. [ 2867.335159][T19149] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 2867.343457][T19149] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 2867.354001][T19149] CPU: 0 PID: 19149 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 2867.361660][T19149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2867.371734][T19149] Workqueue: hci0 hci_rx_work [ 2867.376574][T19149] Call Trace: [ 2867.379871][T19149] [ 2867.382818][T19149] dump_stack_lvl+0x18c/0x250 [ 2867.387526][T19149] ? show_regs_print_info+0x20/0x20 [ 2867.392755][T19149] ? load_image+0x420/0x420 [ 2867.397294][T19149] sysfs_create_dir_ns+0x26e/0x2a0 [ 2867.402433][T19149] ? sysfs_warn_dup+0xa0/0xa0 [ 2867.407136][T19149] ? do_raw_spin_unlock+0x121/0x230 [ 2867.412372][T19149] kobject_add_internal+0x61c/0xcc0 [ 2867.417651][T19149] kobject_add+0x164/0x240 [ 2867.422105][T19149] ? __rwlock_init+0x150/0x150 [ 2867.426905][T19149] ? kobject_init+0x1e0/0x1e0 [ 2867.431616][T19149] ? _raw_spin_unlock+0x28/0x40 [ 2867.436502][T19149] ? get_device_parent+0x366/0x390 [ 2867.441660][T19149] device_add+0x408/0xc50 [ 2867.446029][T19149] hci_conn_add_sysfs+0xd5/0x1e0 [ 2867.451168][T19149] le_conn_complete_evt+0xf5d/0x1540 [ 2867.456498][T19149] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 2867.462782][T19149] ? bt_info+0x180/0x180 [ 2867.467051][T19149] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 2867.472720][T19149] ? skb_pull_data+0xfb/0x200 [ 2867.477476][T19149] hci_le_conn_complete_evt+0x187/0x440 [ 2867.483063][T19149] ? hci_remote_host_features_evt+0x150/0x150 [ 2867.489170][T19149] hci_event_packet+0x7ba/0x1270 [ 2867.494150][T19149] ? bis_list+0x290/0x290 [ 2867.498494][T19149] ? lockdep_hardirqs_on+0x98/0x150 [ 2867.503705][T19149] ? hci_send_to_monitor+0xd7/0x4f0 [ 2867.508910][T19149] hci_rx_work+0x43a/0xd60 [ 2867.513348][T19149] ? process_scheduled_works+0x96f/0x15d0 [ 2867.519116][T19149] process_scheduled_works+0xa5d/0x15d0 [ 2867.524688][T19149] ? worker_attach_to_pool+0x380/0x380 [ 2867.530154][T19149] ? assign_work+0x3d2/0x5d0 [ 2867.534753][T19149] worker_thread+0xa55/0xfc0 [ 2867.539342][T19149] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2867.545244][T19149] ? _raw_spin_unlock+0x40/0x40 [ 2867.550099][T19149] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 2867.556017][T19149] kthread+0x2fa/0x390 [ 2867.560092][T19149] ? pr_cont_work+0x560/0x560 [ 2867.564774][T19149] ? kthread_blkcg+0xd0/0xd0 [ 2867.569362][T19149] ret_from_fork+0x48/0x80 [ 2867.573813][T19149] ? kthread_blkcg+0xd0/0xd0 [ 2867.578404][T19149] ret_from_fork_asm+0x11/0x20 [ 2867.583207][T19149] [ 2867.587195][T19149] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 2867.601214][T19149] Bluetooth: hci0: failed to register connection device [ 2868.096684][T24012] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38781'. [ 2868.123620][T24012] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2868.208498][ T5906] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 2868.313171][T19149] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 2869.319215][T24048] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.38798'. [ 2870.359580][T19149] Bluetooth: hci2: command 0x206c tx timeout [ 2870.893353][T24078] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.38811'. [ 2873.561724][T24136] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2873.625125][T24139] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38837'. [ 2873.665371][T24139] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2873.694913][T24139] CPU: 1 PID: 24139 Comm: syz.3.38837 Not tainted syzkaller #0 [ 2873.702533][T24139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2873.712623][T24139] Call Trace: [ 2873.715930][T24139] [ 2873.718879][T24139] dump_stack_lvl+0x18c/0x250 [ 2873.723600][T24139] ? show_regs_print_info+0x20/0x20 [ 2873.728838][T24139] ? load_image+0x420/0x420 [ 2873.733392][T24139] sysfs_warn_dup+0x8e/0xa0 [ 2873.737933][T24139] sysfs_do_create_link_sd+0xc0/0x110 [ 2873.743352][T24139] device_add_class_symlinks+0x1cf/0x240 [ 2873.749041][T24139] device_add+0x507/0xc50 [ 2873.753422][T24139] wiphy_register+0x1dad/0x2ae0 [ 2873.758348][T24139] ? cfg80211_event_work+0x40/0x40 [ 2873.763500][T24139] ? minstrel_ht_alloc+0x88a/0x990 [ 2873.768647][T24139] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2873.774743][T24139] ieee80211_register_hw+0x3464/0x4250 [ 2873.780282][T24139] ? ieee80211_tasklet_handler+0x20/0x20 [ 2873.785956][T24139] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2873.791907][T24139] ? __debug_object_init+0xec/0x450 [ 2873.797146][T24139] ? __asan_memset+0x22/0x40 [ 2873.801746][T24139] ? __hrtimer_init+0x186/0x270 [ 2873.806612][T24139] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2873.812360][T24139] ? mac80211_hwsim_free+0x220/0x220 [ 2873.817652][T24139] ? rcu_is_watching+0x15/0xb0 [ 2873.822428][T24139] ? kstrndup+0xbd/0x140 [ 2873.826684][T24139] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2873.831808][T24139] ? __nla_validate+0x50/0x50 [ 2873.836523][T24139] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2873.842896][T24139] ? __nla_parse+0x40/0x50 [ 2873.847331][T24139] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2873.853673][T24139] genl_family_rcv_msg_doit+0x211/0x310 [ 2873.859225][T24139] ? end_current_label_crit_section+0x170/0x170 [ 2873.865482][T24139] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2873.871393][T24139] ? bpf_lsm_capable+0x9/0x10 [ 2873.876087][T24139] ? security_capable+0x89/0xb0 [ 2873.880953][T24139] genl_rcv_msg+0x619/0x7a0 [ 2873.885471][T24139] ? genl_bind+0x360/0x360 [ 2873.889895][T24139] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2873.896241][T24139] ? ref_tracker_free+0x690/0x840 [ 2873.901301][T24139] netlink_rcv_skb+0x241/0x4d0 [ 2873.906099][T24139] ? genl_bind+0x360/0x360 [ 2873.910534][T24139] ? netlink_ack+0x1180/0x1180 [ 2873.915312][T24139] ? __lock_acquire+0x7d40/0x7d40 [ 2873.920346][T24139] ? down_read+0x1ac/0x2e0 [ 2873.924771][T24139] genl_rcv+0x28/0x40 [ 2873.928755][T24139] netlink_unicast+0x751/0x8d0 [ 2873.933533][T24139] netlink_sendmsg+0x8d0/0xbf0 [ 2873.938310][T24139] ? netlink_getsockopt+0x590/0x590 [ 2873.943517][T24139] ? aa_sock_msg_perm+0x94/0x150 [ 2873.948463][T24139] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2873.953758][T24139] ? security_socket_sendmsg+0x80/0xa0 [ 2873.959220][T24139] ? netlink_getsockopt+0x590/0x590 [ 2873.964429][T24139] ____sys_sendmsg+0x5ba/0x960 [ 2873.969207][T24139] ? __asan_memset+0x22/0x40 [ 2873.973805][T24139] ? __sys_sendmsg_sock+0x30/0x30 [ 2873.978831][T24139] ? __import_iovec+0x5f2/0x850 [ 2873.983693][T24139] ? import_iovec+0x73/0xa0 [ 2873.988197][T24139] ___sys_sendmsg+0x2a6/0x360 [ 2873.992888][T24139] ? __sys_sendmsg+0x2a0/0x2a0 [ 2873.997675][T24139] ? trace_call_bpf+0xc3/0x6c0 [ 2874.002467][T24139] __se_sys_sendmsg+0x1c2/0x2b0 [ 2874.007325][T24139] ? __x64_sys_sendmsg+0x80/0x80 [ 2874.012281][T24139] ? lockdep_hardirqs_on+0x98/0x150 [ 2874.017491][T24139] do_syscall_64+0x55/0xb0 [ 2874.021911][T24139] ? clear_bhb_loop+0x40/0x90 [ 2874.026592][T24139] ? clear_bhb_loop+0x40/0x90 [ 2874.031267][T24139] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2874.037166][T24139] RIP: 0033:0x7f661f19ce59 [ 2874.041580][T24139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2874.061191][T24139] RSP: 002b:00007f66200fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2874.069609][T24139] RAX: ffffffffffffffda RBX: 00007f661f415fa0 RCX: 00007f661f19ce59 [ 2874.077579][T24139] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 2874.085550][T24139] RBP: 00007f661f232d6f R08: 0000000000000000 R09: 0000000000000000 [ 2874.093517][T24139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2874.101486][T24139] R13: 00007f661f416038 R14: 00007f661f415fa0 R15: 00007fff95de83b8 [ 2874.109472][T24139] [ 2874.898839][T24170] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.38850'. [ 2878.776582][T24225] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38873'. [ 2880.212431][T24256] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38884'. [ 2880.614485][T24262] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.38886'. [ 2880.917291][T24267] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2881.495846][T19798] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 2881.821823][T24289] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.38900'. [ 2882.546391][T24308] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.38904'. [ 2882.565015][T24308] netlink: zone id is out of range [ 2882.573541][T24308] netlink: zone id is out of range [ 2882.584416][T24308] netlink: zone id is out of range [ 2882.593623][T24308] netlink: zone id is out of range [ 2882.608313][T24308] netlink: zone id is out of range [ 2882.615510][T24308] netlink: zone id is out of range [ 2882.625647][T24308] netlink: zone id is out of range [ 2882.638440][T24308] netlink: zone id is out of range [ 2882.650106][T24308] netlink: zone id is out of range [ 2882.924962][T24312] syzkaller0: entered promiscuous mode [ 2882.931004][T24312] syzkaller0: entered allmulticast mode [ 2883.442492][T24329] __sock_release: fasync list not empty! [ 2883.568813][T24335] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.38915'. [ 2884.611250][T24360] __sock_release: fasync list not empty! [ 2885.175492][T24388] syzkaller0: entered promiscuous mode [ 2885.181470][T24388] syzkaller0: entered allmulticast mode [ 2885.318678][T24393] __sock_release: fasync list not empty! [ 2885.889487][T10816] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 2886.232399][T24423] net_ratelimit: 108 callbacks suppressed [ 2886.232435][T24423] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2886.557047][T24434] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.38957'. [ 2886.642493][T24440] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.38966'. [ 2886.875586][T24451] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2887.144265][T24462] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.38969'. [ 2887.186753][T24464] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.38971'. [ 2887.292280][T24468] netlink: 'syz.3.38972': attribute type 6 has an invalid length. [ 2887.317713][T24468] netlink: 212824 bytes leftover after parsing attributes in process `syz.3.38972'. [ 2887.417384][T24478] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2887.927844][T24509] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2891.367322][T24541] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2891.424336][T24506] netlink: 'syz.0.38989': attribute type 8 has an invalid length. [ 2891.432507][T24506] netlink: 'syz.0.38989': attribute type 9 has an invalid length. [ 2891.441107][T24506] netlink: 'syz.0.38989': attribute type 10 has an invalid length. [ 2891.449167][T24506] netlink: 'syz.0.38989': attribute type 11 has an invalid length. [ 2891.457540][T24506] netlink: 16 bytes leftover after parsing attributes in process `syz.0.38989'. [ 2891.490771][T24526] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.38999'. [ 2892.123582][T24553] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.39008'. [ 2892.139100][T24553] netlink: zone id is out of range [ 2892.145522][T24553] netlink: zone id is out of range [ 2892.164461][T24553] netlink: zone id is out of range [ 2892.183259][T24553] netlink: zone id is out of range [ 2892.188802][T24553] netlink: zone id is out of range [ 2892.217294][T24553] netlink: zone id is out of range [ 2892.224075][T24553] netlink: zone id is out of range [ 2892.237557][T24553] netlink: zone id is out of range [ 2892.244227][T24553] netlink: zone id is out of range [ 2892.250658][T24559] netlink: 'syz.1.39010': attribute type 6 has an invalid length. [ 2892.258662][T24559] netlink: 212824 bytes leftover after parsing attributes in process `syz.1.39010'. [ 2892.557924][T19149] Bluetooth: hci0: unexpected subevent 0x06 length: 150 > 10 [ 2892.896556][T24578] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.39021'. [ 2893.072384][T24588] netlink: 'syz.0.39024': attribute type 6 has an invalid length. [ 2893.099519][T24588] netlink: 212824 bytes leftover after parsing attributes in process `syz.0.39024'. [ 2893.230549][T24590] syzkaller0: entered promiscuous mode [ 2893.242708][T24590] syzkaller0: entered allmulticast mode [ 2894.605212][T19149] Bluetooth: hci0: command 0x206c tx timeout [ 2896.457001][T24646] @ÿ: renamed from bond_slave_0 (while UP) [ 2897.645393][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2897.656031][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2899.877951][T24726] @ÿ: renamed from bond_slave_0 (while UP) [ 2904.253316][T24733] syzkaller0: entered promiscuous mode [ 2904.258820][T24733] syzkaller0: entered allmulticast mode [ 2906.422889][T24771] @ÿ: renamed from bond_slave_0 (while UP) [ 2907.146243][T24806] syzkaller0: entered promiscuous mode [ 2907.156948][T24806] syzkaller0: entered allmulticast mode [ 2910.088239][T24827] syzkaller0: entered promiscuous mode [ 2916.140965][T24963] netlink: 2220 bytes leftover after parsing attributes in process `syz.0.39183'. [ 2916.965831][T25001] netlink: 'syz.2.39206': attribute type 3 has an invalid length. [ 2916.974475][T25001] netlink: 132 bytes leftover after parsing attributes in process `syz.2.39206'. [ 2917.200550][T19149] Bluetooth: hci0: unexpected event 0x08 length: 151 > 4 [ 2923.193566][T25094] syzkaller0: entered promiscuous mode [ 2923.229709][T25094] syzkaller0: entered allmulticast mode [ 2923.363186][T19149] Bluetooth: hci0: unexpected event 0x07 length: 15 < 255 [ 2925.197992][T25104] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.39250'. [ 2925.362068][T25111] netlink: 'syz.0.39259': attribute type 3 has an invalid length. [ 2925.376785][T25111] netlink: 132 bytes leftover after parsing attributes in process `syz.0.39259'. [ 2925.418525][T25114] netlink: 'syz.1.39253': attribute type 10 has an invalid length. [ 2925.427870][T25114] netlink: 40 bytes leftover after parsing attributes in process `syz.1.39253'. [ 2925.444162][T25114] veth0_vlan: left promiscuous mode [ 2925.456625][T25114] veth0_vlan: entered promiscuous mode [ 2925.484013][T25114] batman_adv: batadv0: Adding interface: veth0_vlan [ 2925.492332][T25114] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2925.528580][T25114] batman_adv: batadv0: Interface activated: veth0_vlan [ 2926.335339][T25124] netlink: 'syz.2.39258': attribute type 10 has an invalid length. [ 2928.812933][T25145] netlink: 'syz.3.39265': attribute type 3 has an invalid length. [ 2928.840828][T25145] netlink: 132 bytes leftover after parsing attributes in process `syz.3.39265'. [ 2931.446210][T19149] Bluetooth: hci2: unexpected event 0x07 length: 15 < 255 [ 2932.881652][T25181] netlink: 'syz.1.39279': attribute type 3 has an invalid length. [ 2932.898748][T25181] netlink: 132 bytes leftover after parsing attributes in process `syz.1.39279'. [ 2934.451270][T25177] netlink: 'syz.3.39278': attribute type 10 has an invalid length. [ 2934.466824][T25177] hsr0: left allmulticast mode [ 2934.471791][T25177] hsr_slave_0: left allmulticast mode [ 2934.477185][T25177] hsr_slave_1: left allmulticast mode [ 2934.482990][T25177] bridge0: port 3(hsr0) entered disabled state [ 2934.496095][T25177] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 2934.521183][T25177] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 2934.543330][T25177] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 2934.558097][T25177] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 2934.720634][T25196] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.39286'. [ 2935.051520][T19149] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 2937.246224][T25206] netlink: 'syz.1.39290': attribute type 3 has an invalid length. [ 2937.299564][T25206] netlink: 132 bytes leftover after parsing attributes in process `syz.1.39290'. [ 2937.402970][T25217] netlink: 'syz.2.39295': attribute type 10 has an invalid length. [ 2937.458511][T25217] team0: Device vxcan1 is of different type [ 2939.559461][T25224] Bluetooth: hci3: command 0x206c tx timeout [ 2939.559559][T19149] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 2940.176696][T25238] netlink: 'syz.3.39304': attribute type 21 has an invalid length. [ 2940.184974][T25238] netlink: 'syz.3.39304': attribute type 10 has an invalid length. [ 2940.193610][T25238] netlink: 'syz.3.39304': attribute type 12 has an invalid length. [ 2940.202279][T25238] netlink: 'syz.3.39304': attribute type 13 has an invalid length. [ 2940.210671][T25238] netlink: 'syz.3.39304': attribute type 14 has an invalid length. [ 2940.218908][T25238] netlink: 'syz.3.39304': attribute type 15 has an invalid length. [ 2940.227559][T25238] netlink: 'syz.3.39304': attribute type 16 has an invalid length. [ 2940.236237][T25238] netlink: 'syz.3.39304': attribute type 19 has an invalid length. [ 2940.244662][T25238] netlink: 'syz.3.39304': attribute type 21 has an invalid length. [ 2940.253313][T25238] netlink: 'syz.3.39304': attribute type 22 has an invalid length. [ 2940.261947][T25238] netlink: 12226 bytes leftover after parsing attributes in process `syz.3.39304'. [ 2941.342262][T25250] netlink: 132 bytes leftover after parsing attributes in process `syz.0.39310'. [ 2941.647051][T25262] netlink: 12226 bytes leftover after parsing attributes in process `syz.2.39314'. [ 2941.976349][T25277] netlink: 132 bytes leftover after parsing attributes in process `syz.2.39323'. [ 2946.119840][T25224] Bluetooth: hci2: command 0x206c tx timeout [ 2946.121544][T19149] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 2948.571918][T25379] syzkaller0: left promiscuous mode [ 2948.577541][T25379] syzkaller0: left allmulticast mode [ 2949.160341][T25397] validate_nla: 12 callbacks suppressed [ 2949.160360][T25397] netlink: 'syz.3.39373': attribute type 10 has an invalid length. [ 2951.397124][T25461] netlink: 'syz.3.39404': attribute type 10 has an invalid length. [ 2951.458355][T25461] team0: Device vxcan1 is of different type [ 2951.809675][T25478] netlink: 'syz.1.39414': attribute type 29 has an invalid length. [ 2951.828721][T25478] netlink: 'syz.1.39414': attribute type 29 has an invalid length. [ 2951.847480][T25478] netlink: 'syz.1.39414': attribute type 29 has an invalid length. [ 2951.921111][T25478] netlink: 'syz.1.39414': attribute type 29 has an invalid length. [ 2951.945125][T25478] netlink: 'syz.1.39414': attribute type 29 has an invalid length. [ 2952.215844][T25492] netlink: 'syz.0.39420': attribute type 10 has an invalid length. [ 2952.280822][T25492] team0: Device vxcan1 is of different type [ 2952.569602][T25501] netlink: 'syz.3.39425': attribute type 1 has an invalid length. [ 2952.610437][T25501] netlink: 'syz.3.39425': attribute type 4 has an invalid length. [ 2952.618328][T25501] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.39425'. [ 2953.094598][T25517] team0: Device vxcan1 is of different type [ 2954.506157][T25549] validate_nla: 6 callbacks suppressed [ 2954.506204][T25549] netlink: 'syz.0.39456': attribute type 29 has an invalid length. [ 2954.527794][T25549] netlink: 'syz.0.39456': attribute type 29 has an invalid length. [ 2954.550132][T25549] netlink: 'syz.0.39456': attribute type 29 has an invalid length. [ 2954.571372][T25549] netlink: 'syz.0.39456': attribute type 29 has an invalid length. [ 2954.622805][T25549] netlink: 'syz.0.39456': attribute type 29 has an invalid length. [ 2955.378262][T25581] netlink: 'syz.2.39461': attribute type 29 has an invalid length. [ 2955.401563][T25581] netlink: 'syz.2.39461': attribute type 29 has an invalid length. [ 2955.424470][T25581] netlink: 'syz.2.39461': attribute type 29 has an invalid length. [ 2955.443888][T25581] netlink: 'syz.2.39461': attribute type 29 has an invalid length. [ 2955.466273][T25581] netlink: 'syz.2.39461': attribute type 29 has an invalid length. [ 2955.588027][T25586] team0: Device vxcan1 is of different type [ 2956.567305][T25614] team0: Device vxcan1 is of different type [ 2957.914966][T25646] team0: Device vxcan1 is of different type [ 2959.084306][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 2959.090780][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 2960.378670][T25688] validate_nla: 13 callbacks suppressed [ 2960.378709][T25688] netlink: 'syz.0.39510': attribute type 29 has an invalid length. [ 2960.419701][T25688] netlink: 'syz.0.39510': attribute type 29 has an invalid length. [ 2960.438915][T25690] netlink: 'syz.0.39510': attribute type 29 has an invalid length. [ 2960.462359][T25688] netlink: 'syz.0.39510': attribute type 29 has an invalid length. [ 2960.477533][T25688] netlink: 'syz.0.39510': attribute type 29 has an invalid length. [ 2963.281385][T25732] syzkaller0: entered promiscuous mode [ 2963.293889][T25732] syzkaller0: entered allmulticast mode [ 2964.196187][T19149] Bluetooth: hci2: hcon ffff888043102000 sent 1 < count 16384 [ 2967.569592][T25802] netlink: 'syz.1.39558': attribute type 29 has an invalid length. [ 2967.582926][T25802] netlink: 'syz.1.39558': attribute type 29 has an invalid length. [ 2967.596974][T25802] netlink: 'syz.1.39558': attribute type 29 has an invalid length. [ 2967.612675][T25802] netlink: 'syz.1.39558': attribute type 29 has an invalid length. [ 2967.627037][T25802] netlink: 'syz.1.39558': attribute type 29 has an invalid length. [ 2979.161233][T25961] netlink: 'syz.2.39625': attribute type 2 has an invalid length. [ 2979.175461][T25961] netlink: 'syz.2.39625': attribute type 9 has an invalid length. [ 2979.189716][T25961] netlink: 'syz.2.39625': attribute type 10 has an invalid length. [ 2979.213401][T25961] netlink: 'syz.2.39625': attribute type 11 has an invalid length. [ 2979.240318][T25961] netlink: 16 bytes leftover after parsing attributes in process `syz.2.39625'. [ 2980.824916][T25997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.39636'. [ 2980.840591][T25997] netlink: 152 bytes leftover after parsing attributes in process `syz.1.39636'. [ 2980.873751][T25996] netlink: 'syz.2.39635': attribute type 10 has an invalid length. [ 2983.525305][T26047] syzkaller0: entered promiscuous mode [ 2983.599944][T26047] syzkaller0: entered allmulticast mode [ 2984.286953][T26068] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.39660'. [ 2990.668100][T26093] netlink: 'syz.0.39671': attribute type 21 has an invalid length. [ 2990.679575][T26093] netlink: 'syz.0.39671': attribute type 12 has an invalid length. [ 2990.688758][T26093] netlink: 'syz.0.39671': attribute type 13 has an invalid length. [ 2990.699511][T26093] netlink: 'syz.0.39671': attribute type 14 has an invalid length. [ 2990.707468][T26093] netlink: 'syz.0.39671': attribute type 15 has an invalid length. [ 2990.715999][T26093] netlink: 'syz.0.39671': attribute type 16 has an invalid length. [ 2990.724706][T26093] netlink: 'syz.0.39671': attribute type 19 has an invalid length. [ 2990.735718][T26093] netlink: 'syz.0.39671': attribute type 21 has an invalid length. [ 2990.746865][T26093] netlink: 'syz.0.39671': attribute type 22 has an invalid length. [ 2990.756151][T26093] netlink: 'syz.0.39671': attribute type 4 has an invalid length. [ 2990.764837][T26093] netlink: 9622 bytes leftover after parsing attributes in process `syz.0.39671'. [ 2990.845317][T26099] netlink: 128 bytes leftover after parsing attributes in process `syz.3.39673'. [ 2990.891434][T26099] net_ratelimit: 222 callbacks suppressed [ 2990.891507][T26099] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2991.436102][T26117] syzkaller0: entered promiscuous mode [ 2991.459570][T26117] syzkaller0: entered allmulticast mode [ 2991.499595][T26126] netlink: 9622 bytes leftover after parsing attributes in process `syz.3.39685'. [ 2991.613287][T26128] netlink: 128 bytes leftover after parsing attributes in process `syz.2.39686'. [ 2991.674368][T26128] A link change request failed with some changes committed already. Interface 26±ÿÿÿÿa–ïD may have been left with an inconsistent configuration, please check. [ 2993.947119][T26145] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.39693'. [ 2994.396090][T26155] syzkaller0: entered promiscuous mode [ 2994.406303][T26155] syzkaller0: entered allmulticast mode [ 2994.419631][T26161] netlink: 9622 bytes leftover after parsing attributes in process `syz.2.39697'. [ 2994.553826][T26164] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.39709'. [ 2996.501956][T26166] netlink: 128 bytes leftover after parsing attributes in process `syz.0.39698'. [ 2996.513441][T26166] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2999.878383][T26202] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.39714'. [ 3000.273513][T26212] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.39717'. [ 3000.287925][T26209] syzkaller0: entered promiscuous mode [ 3000.293723][T26209] syzkaller0: entered allmulticast mode [ 3000.662449][T19149] Bluetooth: hci2: unexpected event 0x01 length: 151 > 1 [ 3000.733721][T26222] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.39722'. [ 3003.285301][T26224] ªªªªªª: renamed from vlan0 [ 3003.597225][T26248] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.39732'. [ 3007.017022][T26255] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.39734'. [ 3007.225734][T26265] ªªªªªª: renamed from vlan0 (while UP) [ 3007.416909][T26277] netlink: 60 bytes leftover after parsing attributes in process `syz.1.39742'. [ 3007.530476][T26283] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.39746'. [ 3010.868538][T26297] ªªªªªª: renamed from vlan0 [ 3010.948235][T26298] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.39750'. [ 3011.157506][T26312] netlink: 60 bytes leftover after parsing attributes in process `syz.0.39755'. [ 3015.746095][T26344] ªªªªªª: renamed from vlan0 [ 3020.204324][T26406] syzkaller0: entered promiscuous mode [ 3020.217681][T26406] syzkaller0: entered allmulticast mode [ 3020.462097][T26413] syzkaller0: entered promiscuous mode [ 3020.467632][T26413] syzkaller0: entered allmulticast mode [ 3020.522014][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 3020.528532][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 3027.414330][T26548] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.39870'. [ 3034.793740][T26621] syzkaller0: entered promiscuous mode [ 3034.800725][T26621] syzkaller0: entered allmulticast mode [ 3039.585444][T26697] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.39927'. [ 3039.589293][T26699] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.39928'. [ 3042.426433][T26788] syzkaller0: entered promiscuous mode [ 3042.439474][T26788] syzkaller0: entered allmulticast mode [ 3043.379539][T19149] Bluetooth: hci2: unexpected event 0x32 length: 15 > 9 [ 3046.729534][T19149] Bluetooth: hci3: unexpected event 0x32 length: 15 > 9 [ 3049.244341][T26936] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.40032'. [ 3049.427822][T26945] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.40036'. [ 3049.468488][T26945] netlink: zone id is out of range [ 3049.480017][T26945] netlink: zone id is out of range [ 3049.509408][T26945] netlink: zone id is out of range [ 3049.514608][T26945] netlink: zone id is out of range [ 3049.551045][T26945] netlink: zone id is out of range [ 3049.556742][T26945] netlink: zone id is out of range [ 3049.567464][T26945] netlink: zone id is out of range [ 3049.579867][T26945] netlink: zone id is out of range [ 3049.585060][T26945] netlink: zone id is out of range [ 3049.595976][T26945] netlink: zone id is out of range [ 3049.977333][T26959] netlink: 134736 bytes leftover after parsing attributes in process `syz.1.40042'. [ 3052.177256][T27013] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.40068'. [ 3053.107023][T27039] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.40079'. [ 3053.986292][T27067] netlink: 134736 bytes leftover after parsing attributes in process `syz.2.40092'. [ 3054.188103][T27076] netlink: 134736 bytes leftover after parsing attributes in process `syz.0.40104'. [ 3054.312798][T19149] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 3054.920748][T27100] validate_nla: 29 callbacks suppressed [ 3054.920787][T27100] netlink: 'syz.0.40107': attribute type 4 has an invalid length. [ 3054.943538][T27100] netlink: 152 bytes leftover after parsing attributes in process `syz.0.40107'. [ 3055.106035][T27100] .`: renamed from bond0 (while UP) [ 3055.153590][T27100] bridge0: port 3(.`) entered disabled state [ 3056.058032][T27124] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.40125'. [ 3056.359710][T19149] Bluetooth: hci2: command 0x206c tx timeout [ 3060.474924][T19149] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 3062.529672][T19149] Bluetooth: hci1: command 0x206c tx timeout [ 3062.653060][T27255] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.40179'. [ 3064.149654][T19149] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 3064.157213][T19149] Bluetooth: hci0: Invalid handle: 0x5393 > 0x0eff [ 3064.960993][T25224] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 3066.954366][T27305] netlink: 'syz.1.40203': attribute type 4 has an invalid length. [ 3066.970523][T27305] netlink: 152 bytes leftover after parsing attributes in process `syz.1.40203'. [ 3066.996530][T27305] .`: renamed from bond0 (while UP) [ 3067.146147][T27321] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.40208'. [ 3067.156005][T27323] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.40209'. [ 3067.275166][T25224] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 3067.773729][T27343] netlink: 'syz.2.40219': attribute type 4 has an invalid length. [ 3067.797199][T27343] netlink: 152 bytes leftover after parsing attributes in process `syz.2.40219'. [ 3067.915683][T27343] .`: renamed from bond0 (while UP) [ 3068.643504][T25224] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 3070.805981][T27355] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.40223'. [ 3070.829393][T27363] netlink: 'syz.3.40228': attribute type 4 has an invalid length. [ 3070.837273][T27363] netlink: 152 bytes leftover after parsing attributes in process `syz.3.40228'. [ 3070.874864][T27363] .`: renamed from bond0 (while UP) [ 3070.975111][T27367] netlink: 'syz.2.40230': attribute type 1 has an invalid length. [ 3070.989640][T27367] netlink: 'syz.2.40230': attribute type 3 has an invalid length. [ 3071.008031][T27367] netlink: 132 bytes leftover after parsing attributes in process `syz.2.40230'. [ 3071.089796][T25224] Bluetooth: hci1: command 0x206c tx timeout [ 3073.399791][ T5906] Bluetooth: hci3: command 0x206c tx timeout [ 3074.771952][T25224] Bluetooth: hci2: command 0x206c tx timeout [ 3075.684701][T27460] netlink: 'syz.1.40272': attribute type 10 has an invalid length. [ 3075.743057][T27460] .`: (slave netdevsim0): Enslaving as an active interface with an up link [ 3075.753161][T27462] netlink: 'syz.3.40271': attribute type 4 has an invalid length. [ 3075.769613][T27462] netlink: 152 bytes leftover after parsing attributes in process `syz.3.40271'. [ 3076.610223][T27486] netlink: 'syz.2.40283': attribute type 10 has an invalid length. [ 3076.690371][T27486] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 3076.712509][T27486] .`: (slave netdevsim0): Enslaving as an active interface with an up link [ 3077.787288][T27525] netlink: 'syz.0.40298': attribute type 10 has an invalid length. [ 3077.866278][T27525] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 3077.897607][T27525] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 3077.953828][T27525] .`: (slave netdevsim0): Enslaving as an active interface with an up link [ 3079.251136][T27549] netlink: 'syz.1.40311': attribute type 4 has an invalid length. [ 3079.259200][T27549] netlink: 152 bytes leftover after parsing attributes in process `syz.1.40311'. [ 3079.942492][T27576] netlink: 'syz.0.40323': attribute type 4 has an invalid length. [ 3079.974911][T27576] netlink: 152 bytes leftover after parsing attributes in process `syz.0.40323'. [ 3081.962022][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 3081.968475][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 3082.096480][T27628] netlink: 'syz.3.40345': attribute type 10 has an invalid length. [ 3082.177063][T27628] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 3082.190960][T27628] .`: (slave netdevsim0): Enslaving as an active interface with an up link [ 3082.357597][T27632] netlink: 'syz.3.40347': attribute type 4 has an invalid length. [ 3082.371785][T27632] netlink: 152 bytes leftover after parsing attributes in process `syz.3.40347'. [ 3083.367085][T27664] netlink: 'syz.1.40359': attribute type 4 has an invalid length. [ 3083.391316][T27664] netlink: 152 bytes leftover after parsing attributes in process `syz.1.40359'. [ 3083.564701][T27674] netlink: 'syz.1.40373': attribute type 4 has an invalid length. [ 3083.580426][T27674] netlink: 152 bytes leftover after parsing attributes in process `syz.1.40373'. [ 3083.625415][T27677] netlink: 209632 bytes leftover after parsing attributes in process `syz.3.40366'. [ 3084.094932][T27688] netlink: 'syz.2.40369': attribute type 10 has an invalid length. [ 3084.500189][T27700] syzkaller0: entered promiscuous mode [ 3084.509573][T27700] syzkaller0: entered allmulticast mode [ 3087.334287][T27735] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.40391'. [ 3087.536476][T27739] netlink: 209632 bytes leftover after parsing attributes in process `syz.2.40393'. [ 3087.987900][T27749] net_ratelimit: 260 callbacks suppressed [ 3087.987921][T27749] sock: sock_set_timeout: `syz.1.40397' (pid 27749) tries to set negative timeout [ 3088.104775][T27753] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.40399'. [ 3088.137520][T27753] netlink: 4612 bytes leftover after parsing attributes in process `syz.0.40399'. [ 3088.149648][T27753] netlink: 9 bytes leftover after parsing attributes in process `syz.0.40399'. [ 3088.232322][T27759] syzkaller0: entered promiscuous mode [ 3088.237868][T27759] syzkaller0: entered allmulticast mode [ 3088.467756][T27766] netlink: 209632 bytes leftover after parsing attributes in process `syz.0.40405'. [ 3090.806693][T27822] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.40428'. [ 3090.825734][T27822] netlink: del zone limit has 8 unknown bytes [ 3091.537173][T27840] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.40441'. [ 3091.551842][T27840] netlink: 4612 bytes leftover after parsing attributes in process `syz.3.40441'. [ 3091.563021][T27840] netlink: 9 bytes leftover after parsing attributes in process `syz.3.40441'. [ 3092.908479][T27863] veth0_vlan: entered allmulticast mode [ 3092.944548][T27863] veth0_vlan: left promiscuous mode [ 3092.952348][T27860] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.40442'. [ 3092.956113][T27863] veth0_vlan: entered promiscuous mode [ 3093.022351][T27860] netlink: del zone limit has 8 unknown bytes [ 3093.198606][T27868] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.40445'. [ 3093.228451][T27868] netlink: 4612 bytes leftover after parsing attributes in process `syz.1.40445'. [ 3093.244591][T27868] netlink: 9 bytes leftover after parsing attributes in process `syz.1.40445'. [ 3094.536216][T27889] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.40455'. [ 3094.597204][T27889] netlink: del zone limit has 8 unknown bytes [ 3095.410986][T27894] veth0_vlan: entered allmulticast mode [ 3095.445039][T27894] veth0_vlan: left promiscuous mode [ 3095.454558][T27894] veth0_vlan: entered promiscuous mode [ 3095.607385][T27902] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.40459'. [ 3095.629708][T27902] netlink: 4612 bytes leftover after parsing attributes in process `syz.2.40459'. [ 3095.639395][T27902] netlink: 9 bytes leftover after parsing attributes in process `syz.2.40459'. [ 3095.777255][T27904] ================================================================== [ 3095.785459][T27904] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900 [ 3095.793397][T27904] Write of size 32 at addr ffff888030ce3490 by task syz.0.40460/27904 [ 3095.801578][T27904] [ 3095.804002][T27904] CPU: 1 PID: 27904 Comm: syz.0.40460 Not tainted syzkaller #0 [ 3095.811636][T27904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3095.821741][T27904] Call Trace: [ 3095.825040][T27904] [ 3095.827990][T27904] dump_stack_lvl+0x18c/0x250 [ 3095.832701][T27904] ? __lock_acquire+0x7d40/0x7d40 [ 3095.837759][T27904] ? show_regs_print_info+0x20/0x20 [ 3095.843003][T27904] ? load_image+0x420/0x420 [ 3095.847541][T27904] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 3095.853046][T27904] ? __virt_addr_valid+0x18c/0x540 [ 3095.858200][T27904] ? __virt_addr_valid+0x469/0x540 [ 3095.863343][T27904] print_report+0xa8/0x210 [ 3095.867784][T27904] ? __bpf_get_stackid+0x6bf/0x900 [ 3095.872929][T27904] kasan_report+0x117/0x150 [ 3095.877461][T27904] ? __bpf_get_stackid+0x6bf/0x900 [ 3095.882612][T27904] kasan_check_range+0x241/0x290 [ 3095.887584][T27904] ? __bpf_get_stackid+0x6bf/0x900 [ 3095.892731][T27904] __asan_memcpy+0x40/0x70 [ 3095.897186][T27904] __bpf_get_stackid+0x6bf/0x900 [ 3095.902173][T27904] bpf_get_stackid_pe+0x2f0/0x410 [ 3095.907249][T27904] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 3095.912738][T27904] bpf_overflow_handler+0x1fc/0x510 [ 3095.917982][T27904] ? bpf_overflow_handler+0xde/0x510 [ 3095.923315][T27904] ? tp_perf_event_destroy+0x20/0x20 [ 3095.928638][T27904] ? __lock_acquire+0x1273/0x7d40 [ 3095.933706][T27904] ? __perf_event_account_interrupt+0x187/0x280 [ 3095.939984][T27904] __perf_event_overflow+0x447/0x630 [ 3095.945303][T27904] perf_swevent_overflow+0x268/0x340 [ 3095.950623][T27904] ? perf_event_switch_output+0x790/0x790 [ 3095.956381][T27904] ? rcu_is_watching+0x15/0xb0 [ 3095.961180][T27904] perf_swevent_event+0x45c/0x570 [ 3095.966243][T27904] ? perf_tp_event+0x1520/0x1520 [ 3095.971221][T27904] ___perf_sw_event+0x4a7/0x730 [ 3095.976101][T27904] ? ___perf_sw_event+0x199/0x730 [ 3095.981152][T27904] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 3095.987621][T27904] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 3095.993630][T27904] ? lock_chain_count+0x20/0x20 [ 3095.998520][T27904] __perf_sw_event+0x139/0x270 [ 3096.003314][T27904] do_user_addr_fault+0x123e/0x12c0 [ 3096.008544][T27904] ? rcu_is_watching+0x15/0xb0 [ 3096.013338][T27904] exc_page_fault+0x64/0x100 [ 3096.017957][T27904] ? clear_bhb_loop+0x40/0x90 [ 3096.022660][T27904] asm_exc_page_fault+0x26/0x30 [ 3096.026650][T27919] netlink: 63747 bytes leftover after parsing attributes in process `syz.2.40467'. [ 3096.027536][T27904] RIP: 0033:0x7ffc58fa3a21 [ 3096.027558][T27904] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 3096.027575][T27904] RSP: 002b:00007f6d7f61bff0 EFLAGS: 00010203 [ 3096.066999][T27904] RAX: 002c3f4327bf3f42 RBX: 00007ffc58f9f0b0 RCX: 0000000000000018 [ 3096.075005][T27904] RDX: 000000002d2d359b RSI: 00007f6d7f61c0b0 RDI: 7fffffffffffffff [ 3096.083007][T27904] RBP: 00007f6d7f61c030 R08: 0000000000000c17 R09: 0000000000745a9a [ 3096.091000][T27904] R10: 00000633c00a3b4f R11: 000000000009402e R12: 0000000000000010 [ 3096.098997][T27904] R13: 00007f6d7ea16038 R14: 00007ffc58f9f080 R15: 000000000009402e [ 3096.107046][T27904] [ 3096.110070][T27904] [ 3096.112416][T27904] Allocated by task 27904: [ 3096.116906][T27904] kasan_set_track+0x4e/0x70 [ 3096.121514][T27904] __kasan_kmalloc+0x8f/0xa0 [ 3096.126114][T27904] __kmalloc_node+0xb4/0x230 [ 3096.130718][T27904] bpf_map_area_alloc+0x5e/0x110 [ 3096.135674][T27904] prealloc_elems_and_freelist+0x86/0x1c0 [ 3096.141407][T27904] stack_map_alloc+0x33a/0x4c0 [ 3096.146181][T27904] map_create+0x877/0x12f0 [ 3096.150608][T27904] __sys_bpf+0x651/0x890 [ 3096.154850][T27904] __x64_sys_bpf+0x7c/0x90 [ 3096.159266][T27904] do_syscall_64+0x55/0xb0 [ 3096.163688][T27904] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3096.169594][T27904] [ 3096.171918][T27904] Last potentially related work creation: [ 3096.177636][T27904] kasan_save_stack+0x3e/0x60 [ 3096.182320][T27904] __kasan_record_aux_stack+0xaf/0xc0 [ 3096.187706][T27904] call_rcu+0x153/0x950 [ 3096.191870][T27904] nf_unregister_net_hooks+0xcb/0x130 [ 3096.197351][T27904] nf_defrag_ipv4_disable+0x95/0xe0 [ 3096.202633][T27904] nf_ct_netns_put+0x2da/0x520 [ 3096.207452][T27904] nf_conncount_destroy+0x41/0x150 [ 3096.212627][T27904] ovs_ct_exit+0x9c/0x200 [ 3096.217040][T27904] ovs_exit_net+0xed/0x7a0 [ 3096.221458][T27904] setup_net+0x7e7/0xa30 [ 3096.225705][T27904] copy_net_ns+0x36d/0x5e0 [ 3096.230129][T27904] create_new_namespaces+0x3d3/0x6f0 [ 3096.235426][T27904] copy_namespaces+0x430/0x4a0 [ 3096.240206][T27904] copy_process+0x1724/0x3dc0 [ 3096.244884][T27904] kernel_clone+0x24b/0x8a0 [ 3096.249389][T27904] __x64_sys_clone+0x1b7/0x230 [ 3096.254156][T27904] do_syscall_64+0x55/0xb0 [ 3096.258582][T27904] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3096.264485][T27904] [ 3096.266804][T27904] Second to last potentially related work creation: [ 3096.273460][T27904] kasan_save_stack+0x3e/0x60 [ 3096.278141][T27904] __kasan_record_aux_stack+0xaf/0xc0 [ 3096.283524][T27904] call_rcu+0x153/0x950 [ 3096.287703][T27904] __nf_register_net_hook+0x788/0x910 [ 3096.293115][T27904] nf_register_net_hook+0xb2/0x190 [ 3096.298240][T27904] nf_register_net_hooks+0x44/0x1b0 [ 3096.303449][T27904] nf_ct_netns_do_get+0x213/0x5c0 [ 3096.308484][T27904] nf_ct_netns_inet_get+0x3b/0x150 [ 3096.313607][T27904] nf_conncount_init+0x127/0x380 [ 3096.318552][T27904] ovs_ct_init+0x316/0x490 [ 3096.322986][T27904] ovs_init_net+0x1e6/0x250 [ 3096.327495][T27904] ops_init+0x397/0x640 [ 3096.331677][T27904] setup_net+0x3b6/0xa30 [ 3096.335936][T27904] copy_net_ns+0x36d/0x5e0 [ 3096.340363][T27904] create_new_namespaces+0x3d3/0x6f0 [ 3096.345662][T27904] copy_namespaces+0x430/0x4a0 [ 3096.350433][T27904] copy_process+0x1724/0x3dc0 [ 3096.355114][T27904] kernel_clone+0x24b/0x8a0 [ 3096.359630][T27904] __x64_sys_clone+0x1b7/0x230 [ 3096.364397][T27904] do_syscall_64+0x55/0xb0 [ 3096.368824][T27904] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3096.374726][T27904] [ 3096.377047][T27904] The buggy address belongs to the object at ffff888030ce3480 [ 3096.377047][T27904] which belongs to the cache kmalloc-cg-64 of size 64 [ 3096.391280][T27904] The buggy address is located 16 bytes inside of [ 3096.391280][T27904] allocated 40-byte region [ffff888030ce3480, ffff888030ce34a8) [ 3096.405315][T27904] [ 3096.407644][T27904] The buggy address belongs to the physical page: [ 3096.414070][T27904] page:ffffea0000c338c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888030ce3f80 pfn:0x30ce3 [ 3096.425535][T27904] memcg:ffff88802b9fe001 [ 3096.429769][T27904] anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 3096.437751][T27904] page_type: 0xffffffff() [ 3096.442084][T27904] raw: 00fff00000000800 ffff888017c4da00 ffffea0001a43500 dead000000000005 [ 3096.450677][T27904] raw: ffff888030ce3f80 000000008020001b 00000001ffffffff ffff88802b9fe001 [ 3096.459256][T27904] page dumped because: kasan: bad access detected [ 3096.465680][T27904] page_owner tracks the page as allocated [ 3096.471388][T27904] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 13239745935, free_ts 13239247040 [ 3096.488939][T27904] post_alloc_hook+0x1c1/0x200 [ 3096.493724][T27904] get_page_from_freelist+0x1951/0x19e0 [ 3096.499269][T27904] __alloc_pages+0x1f0/0x460 [ 3096.503858][T27904] alloc_slab_page+0x4f/0x160 [ 3096.508535][T27904] new_slab+0x87/0x2d0 [ 3096.512617][T27904] ___slab_alloc+0xc5d/0x12f0 [ 3096.517301][T27904] __kmem_cache_alloc_node+0x19e/0x250 [ 3096.522768][T27904] __kmalloc_node+0xa4/0x230 [ 3096.527368][T27904] alloc_bulk+0x454/0x6d0 [ 3096.531717][T27904] bpf_mem_alloc_init+0x6c6/0x880 [ 3096.536751][T27904] bpf_global_ma_init+0x1a/0x40 [ 3096.541682][T27904] do_one_initcall+0x242/0x790 [ 3096.546457][T27904] do_initcall_level+0x137/0x1f0 [ 3096.551419][T27904] do_initcalls+0x69/0xd0 [ 3096.555761][T27904] kernel_init_freeable+0x3ed/0x580 [ 3096.560969][T27904] kernel_init+0x1d/0x1c0 [ 3096.565298][T27904] page last free stack trace: [ 3096.569965][T27904] free_unref_page_prepare+0x7b2/0x8c0 [ 3096.575437][T27904] free_unref_page_list+0xbe/0x860 [ 3096.580593][T27904] release_pages+0x1f7a/0x2200 [ 3096.585359][T27904] tlb_flush_mmu+0x379/0x510 [ 3096.589962][T27904] tlb_finish_mmu+0xf9/0x220 [ 3096.594561][T27904] exit_mmap+0x428/0xb90 [ 3096.598819][T27904] __mmput+0x118/0x3c0 [ 3096.602891][T27904] free_bprm+0x171/0x3e0 [ 3096.607143][T27904] kernel_execve+0x3c2/0x9c0 [ 3096.611736][T27904] call_usermodehelper_exec_async+0x20b/0x350 [ 3096.617802][T27904] ret_from_fork+0x48/0x80 [ 3096.622222][T27904] ret_from_fork_asm+0x11/0x20 [ 3096.626995][T27904] [ 3096.629317][T27904] Memory state around the buggy address: [ 3096.634941][T27904] ffff888030ce3380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3096.643008][T27904] ffff888030ce3400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3096.651073][T27904] >ffff888030ce3480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 3096.659135][T27904] ^ [ 3096.664507][T27904] ffff888030ce3500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3096.672568][T27904] ffff888030ce3580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3096.680634][T27904] ================================================================== [ 3096.688707][T27904] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 3096.695898][T27904] CPU: 1 PID: 27904 Comm: syz.0.40460 Not tainted syzkaller #0 [ 3096.703443][T27904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 3096.713502][T27904] Call Trace: [ 3096.716783][T27904] [ 3096.719717][T27904] dump_stack_lvl+0x18c/0x250 [ 3096.724408][T27904] ? show_regs_print_info+0x20/0x20 [ 3096.729613][T27904] ? load_image+0x420/0x420 [ 3096.734125][T27904] panic+0x2dc/0x730 [ 3096.738035][T27904] ? __lock_acquire+0x7d40/0x7d40 [ 3096.743067][T27904] ? bpf_jit_dump+0xd0/0xd0 [ 3096.747590][T27904] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 3096.753494][T27904] ? _raw_spin_unlock+0x40/0x40 [ 3096.758354][T27904] ? __bpf_get_stackid+0x6bf/0x900 [ 3096.763474][T27904] check_panic_on_warn+0x84/0xa0 [ 3096.768419][T27904] ? __bpf_get_stackid+0x6bf/0x900 [ 3096.773539][T27904] end_report+0x6f/0x130 [ 3096.777793][T27904] kasan_report+0x128/0x150 [ 3096.782308][T27904] ? __bpf_get_stackid+0x6bf/0x900 [ 3096.787437][T27904] kasan_check_range+0x241/0x290 [ 3096.792387][T27904] ? __bpf_get_stackid+0x6bf/0x900 [ 3096.797507][T27904] __asan_memcpy+0x40/0x70 [ 3096.801936][T27904] __bpf_get_stackid+0x6bf/0x900 [ 3096.806887][T27904] bpf_get_stackid_pe+0x2f0/0x410 [ 3096.811927][T27904] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 3096.817392][T27904] bpf_overflow_handler+0x1fc/0x510 [ 3096.822601][T27904] ? bpf_overflow_handler+0xde/0x510 [ 3096.827897][T27904] ? tp_perf_event_destroy+0x20/0x20 [ 3096.833194][T27904] ? __lock_acquire+0x1273/0x7d40 [ 3096.838229][T27904] ? __perf_event_account_interrupt+0x187/0x280 [ 3096.844494][T27904] __perf_event_overflow+0x447/0x630 [ 3096.849808][T27904] perf_swevent_overflow+0x268/0x340 [ 3096.855122][T27904] ? perf_event_switch_output+0x790/0x790 [ 3096.860859][T27904] ? rcu_is_watching+0x15/0xb0 [ 3096.865643][T27904] perf_swevent_event+0x45c/0x570 [ 3096.870678][T27904] ? perf_tp_event+0x1520/0x1520 [ 3096.875631][T27904] ___perf_sw_event+0x4a7/0x730 [ 3096.880494][T27904] ? ___perf_sw_event+0x199/0x730 [ 3096.885524][T27904] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 3096.891961][T27904] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 3096.897951][T27904] ? lock_chain_count+0x20/0x20 [ 3096.902808][T27904] __perf_sw_event+0x139/0x270 [ 3096.907599][T27904] do_user_addr_fault+0x123e/0x12c0 [ 3096.912830][T27904] ? rcu_is_watching+0x15/0xb0 [ 3096.917612][T27904] exc_page_fault+0x64/0x100 [ 3096.922214][T27904] ? clear_bhb_loop+0x40/0x90 [ 3096.926892][T27904] asm_exc_page_fault+0x26/0x30 [ 3096.931756][T27904] RIP: 0033:0x7ffc58fa3a21 [ 3096.936177][T27904] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 3096.955797][T27904] RSP: 002b:00007f6d7f61bff0 EFLAGS: 00010203 [ 3096.961873][T27904] RAX: 002c3f4327bf3f42 RBX: 00007ffc58f9f0b0 RCX: 0000000000000018 [ 3096.969849][T27904] RDX: 000000002d2d359b RSI: 00007f6d7f61c0b0 RDI: 7fffffffffffffff [ 3096.977825][T27904] RBP: 00007f6d7f61c030 R08: 0000000000000c17 R09: 0000000000745a9a [ 3096.985809][T27904] R10: 00000633c00a3b4f R11: 000000000009402e R12: 0000000000000010 [ 3096.993786][T27904] R13: 00007f6d7ea16038 R14: 00007ffc58f9f080 R15: 000000000009402e [ 3097.001775][T27904] [ 3097.005041][T27904] Kernel Offset: disabled [ 3097.009352][T27904] Rebooting in 86400 seconds..