last executing test programs: 2.671521475s ago: executing program 1 (id=39339): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x9, 0x5, 0x1000}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000100000085000000a0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 2.52570065s ago: executing program 1 (id=39341): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000280), &(0x7f0000000240)=r0}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 2.071199544s ago: executing program 3 (id=39346): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1b, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.070156884s ago: executing program 1 (id=39354): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000040)='./file/file0/..//file0/file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0xf}, 0x806, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x88}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000740)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 2.069023224s ago: executing program 2 (id=39356): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cc, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r1, 0x400454ce, 0x9) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x337) 1.87405337s ago: executing program 1 (id=39358): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f00000006c0)='@', 0x1}], 0x1, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'r'}], 0x18}, 0x41) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 1.87163605s ago: executing program 2 (id=39359): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000280), &(0x7f0000000240)=r0}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 1.27175492s ago: executing program 2 (id=39351): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380), 0x5}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc4f, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x1a, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, r2, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94) syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) 1.202045702s ago: executing program 3 (id=39352): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4080, 0x40000000, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000400000002000000000000110300000000000000000000c03d00000000020100000002000000000000080200000000005f006d479f38241e625fa2dbcf145aef8710851ff631c2a2c4ea468fca3e8da837d653403658f0c3647ce99ad39cf0fe412983614453c9bd10110d531dd0276a1b929c9eda718708cdcf0d9a50981ac2f4aacca138889e35a22747080618a2a15d69e032f292826ddf"], 0x0, 0x44}, 0x20) r0 = perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0xd, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0x1c144, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x7, 0x9, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000000)={0x5, 0x80, 0x8, 0xeb, 0x6, 0x9, 0x0, 0x6, 0x10220, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_config_ext={0xffffffffffffffbc, 0x2}, 0x90020, 0x5, 0x1, 0x1c, 0x24, 0x408, 0x1, 0x0, 0x2, 0x0, 0x20008}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x1f, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000200000000005875e470300085000000a800000085000000d00000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_bp={&(0x7f00000001c0), 0x3}, 0x0, 0x0, 0x2, 0x5, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c188006ac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0) 1.076216176s ago: executing program 1 (id=39353): r0 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, &(0x7f00000003c0)=[{0x0, 0x0, 0x80000000}, {0x1000000a, 0x4}], 0x10, 0x4}, 0x2) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback, 0x2}, 0x80, 0x0}, 0xe07e872424dfefca) close(0x3) socket$kcm(0xa, 0x5, 0x0) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x1c) 918.421731ms ago: executing program 0 (id=39355): bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18) r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) r1 = socket$kcm(0x2b, 0x1, 0x0) close(r1) r2 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r2, &(0x7f00000007c0)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000080)="92", 0x1}], 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="2400000000000000840000000700000044140823e000000200000002e00000010000100000000000dc00000000000000000000000700000094040000863900000001000cb2ffb69602013567ffcb060f19367d2b99bdc0f59e428bc33a050a3660f2bb77c7045b050a31efe0215e235d56060495ae0144243471ac14142700000006ac1414bb00000001ac1414bb0000ffff0a01010200000009009404010000866000000000000c253d78b48f9458beb62d0102000d3bf9f2dbdddfea00b260f00503db010436b20603c70109e35e3ab5244a640709675e60e1799f870512e123b12c8654130f6a1f80f526064d12061127d9c9821b1bfe4b42fcb33e2e2d2594040000000000001400000000000000000000000200000022a20000000000001400000000000000000000000200000005000000000000001c"], 0x158}, 0x40) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb) close(r1) 654.53578ms ago: executing program 0 (id=39357): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x9, 0x5, 0x202, 0x4, 0x0, 0xffffffffffffffff, 0x100}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1, 0xffffffffffffffff, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 634.38404ms ago: executing program 3 (id=39360): bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005}, 0x48) perf_event_open(&(0x7f0000000480)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0xfffffffffffffff8, 0x3}, 0x0, 0x0, 0x2, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x0, 0x640a9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0x0, 0x51d}, 0x8001, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x300080c5) setsockopt$sock_attach_bpf(r0, 0x1, 0x9, &(0x7f0000000040), 0x4) 560.792653ms ago: executing program 0 (id=39361): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x9e4, 0x5, 0x8, 0x20005, 0xfffd, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0xffc0}], 0x1}, 0x80d1) 418.658727ms ago: executing program 0 (id=39362): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000280), &(0x7f0000000240)=r0}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 418.423997ms ago: executing program 2 (id=39363): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0xa) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2, 0xffffffffffffffff}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r1}, 0x20) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r3}, &(0x7f0000000540), &(0x7f0000000700)=r0}, 0x20) close(r4) 418.313377ms ago: executing program 3 (id=39364): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000600)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000400), 0x12) r2 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0) r3 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r3, 0x0, 0x2, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000180)=0x3, 0x12) 344.654549ms ago: executing program 3 (id=39365): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f00000006c0)='@', 0x1}], 0x1, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'r'}], 0x18}, 0x41) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 173.730175ms ago: executing program 3 (id=39366): perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x93c6}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r2 = socket$kcm(0x1e, 0x5, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r3, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0xffffffffffffffff, 0x1, 0x2000}}, 0x10, 0x0}, 0x4040000) 172.969905ms ago: executing program 0 (id=39374): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) socket$kcm(0xa, 0x2, 0x73) r0 = socket$kcm(0x1e, 0x5, 0x0) sendmsg$kcm(r0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) r2 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x107, 0x13, &(0x7f0000000800)=r1, 0x4) 172.253735ms ago: executing program 2 (id=39367): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x7fffffff}, 0x48) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) close(r2) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) close(r1) 83.447388ms ago: executing program 2 (id=39368): r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 60.105109ms ago: executing program 0 (id=39369): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4080, 0x40000000, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000400000002000000000000110300000000000000000000c03d00000000020100000002000000000000080200000000005f006d479f38241e625fa2dbcf145aef8710851ff631c2a2c4ea468fca3e8da837d653403658f0c3647ce99ad39cf0fe412983614453c9bd10110d531dd0276a1b929c9eda718708cdcf0d9a50981ac2f4aacca138889e35a22747080618a2a15d69e032f292826ddf"], 0x0, 0x44}, 0x20) r0 = perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0xd, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0x1c144, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x7, 0x9, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000000)={0x5, 0x80, 0x8, 0xeb, 0x6, 0x9, 0x0, 0x6, 0x10220, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_config_ext={0xffffffffffffffbc, 0x2}, 0x90020, 0x5, 0x1, 0x1c, 0x24, 0x408, 0x1, 0x0, 0x2, 0x0, 0x20008}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xc}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000dc0)={0x1f, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000200000000005875e470300085000000a800000085000000d00000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_bp={&(0x7f00000001c0), 0x3}, 0x0, 0x0, 0x2, 0x5, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c188006ac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0) 0s ago: executing program 1 (id=39370): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0x0, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380), 0x5}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc4f, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x1a, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, r2, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94) syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) kernel console output (not intermixed with test programs): 501': attribute type 6 has an invalid length. [ 2086.850995][T11692] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.33501'. [ 2089.020486][T11712] netlink: 'syz.0.33519': attribute type 11 has an invalid length. [ 2089.031329][T11712] netlink: 176 bytes leftover after parsing attributes in process `syz.0.33519'. [ 2091.074902][T11745] netlink: 'syz.1.33528': attribute type 11 has an invalid length. [ 2091.106650][T11745] netlink: 176 bytes leftover after parsing attributes in process `syz.1.33528'. [ 2094.738109][ T8153] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 2096.390076][ T8153] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 2097.257533][ T8153] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 2097.683755][T11896] mac80211_hwsim hwsim83 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 2098.358419][T11919] syzkaller0: entered promiscuous mode [ 2098.367865][T11919] syzkaller0: entered allmulticast mode [ 2099.151192][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2099.157966][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2100.107020][T21382] wlan1: Trigger new scan to find an IBSS to join [ 2100.734144][T11927] mac80211_hwsim hwsim75 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 2101.493418][T11976] netlink: 176 bytes leftover after parsing attributes in process `syz.1.33630'. [ 2101.785552][T11979] mac80211_hwsim hwsim81 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 2102.732292][T12013] netlink: 176 bytes leftover after parsing attributes in process `syz.2.33641'. [ 2102.797076][T12014] mac80211_hwsim hwsim73 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 2103.068713][ T42] wlan1: Trigger new scan to find an IBSS to join [ 2103.181937][ T1136] wlan1: Trigger new scan to find an IBSS to join [ 2104.344540][T12048] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.33657'. [ 2105.070567][ T1136] wlan1: Trigger new scan to find an IBSS to join [ 2105.811082][T12086] veth1_macvtap: left promiscuous mode [ 2105.859406][T12087] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.33669'. [ 2105.900768][T12086] veth1_macvtap: entered promiscuous mode [ 2105.921906][T12086] macsec0: entered promiscuous mode [ 2105.931962][T12086] macsec0: entered allmulticast mode [ 2105.947872][T12086] veth1_macvtap: entered allmulticast mode [ 2106.109549][T21382] wlan1: Trigger new scan to find an IBSS to join [ 2107.283159][ T42] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 2107.456909][T12120] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.33684'. [ 2107.543022][T12123] veth1_macvtap: left promiscuous mode [ 2107.578464][T12123] veth1_macvtap: entered promiscuous mode [ 2107.611572][T12123] macsec0: entered promiscuous mode [ 2107.617196][T12123] macsec0: entered allmulticast mode [ 2107.622544][T12123] veth1_macvtap: entered allmulticast mode [ 2108.116979][ T42] wlan1: Trigger new scan to find an IBSS to join [ 2108.125418][ T42] wlan1: Trigger new scan to find an IBSS to join [ 2108.343943][T12143] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.33699'. [ 2109.139320][T21382] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 2109.260232][T12149] veth1_macvtap: left promiscuous mode [ 2109.543639][T12152] veth1_macvtap: entered promiscuous mode [ 2109.557221][T12152] macsec0: entered promiscuous mode [ 2109.562670][T12152] macsec0: entered allmulticast mode [ 2109.574103][T12152] veth1_macvtap: entered allmulticast mode [ 2110.102478][T12179] netlink: 'syz.0.33709': attribute type 10 has an invalid length. [ 2110.126765][T12179] netlink: 212412 bytes leftover after parsing attributes in process `syz.0.33709'. [ 2110.147127][T12179] openvswitch: netlink: Flow key attr not present in new flow. [ 2111.066884][ T1136] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 2112.546943][T12215] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.33733'. [ 2114.810747][T12244] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.33740'. [ 2116.049736][T12282] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0500:0023 with DS=0x32 [ 2116.145786][T12283] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.33756'. [ 2119.760288][T12315] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.33771'. [ 2130.988984][T12404] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.33811'. [ 2131.495100][T12412] syzkaller0: mtu less than device minimum [ 2132.287679][T12443] netlink: 'syz.1.33829': attribute type 29 has an invalid length. [ 2132.297275][T12443] netlink: 'syz.1.33829': attribute type 29 has an invalid length. [ 2134.742310][T12476] syzkaller0: mtu less than device minimum [ 2137.368980][ T42] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2138.275413][T12507] syzkaller0: mtu less than device minimum [ 2139.059259][T12526] netlink: 'syz.2.33865': attribute type 29 has an invalid length. [ 2139.093513][T12526] netlink: 'syz.2.33865': attribute type 29 has an invalid length. [ 2139.122265][T11340] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2139.222899][ T1136] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2140.315396][T12547] syzkaller0: mtu less than device minimum [ 2140.323461][T12549] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.33869'. [ 2141.636398][T12566] netlink: 'syz.3.33878': attribute type 29 has an invalid length. [ 2141.662274][T12566] netlink: 'syz.3.33878': attribute type 29 has an invalid length. [ 2142.216822][T12580] syzkaller0: mtu less than device minimum [ 2142.998123][T12589] syzkaller0: mtu less than device minimum [ 2143.906301][T12600] netlink: 'syz.0.33892': attribute type 29 has an invalid length. [ 2143.917275][T12600] netlink: 'syz.0.33892': attribute type 29 has an invalid length. [ 2145.494803][T12637] netlink: 'syz.0.33909': attribute type 29 has an invalid length. [ 2145.518138][T12637] netlink: 'syz.0.33909': attribute type 29 has an invalid length. [ 2147.324550][T12677] netlink: 'syz.1.33928': attribute type 2 has an invalid length. [ 2147.332683][T12677] netlink: 17267 bytes leftover after parsing attributes in process `syz.1.33928'. [ 2149.346051][T12704] netlink: 'syz.2.33939': attribute type 2 has an invalid length. [ 2149.355595][T12704] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.33939'. [ 2149.608101][T12711] syzkaller0: refused to change device tx_queue_len [ 2150.944751][T12727] netlink: 'syz.3.33952': attribute type 2 has an invalid length. [ 2150.953862][T12727] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.33952'. [ 2152.708129][T12754] netlink: 'syz.0.33964': attribute type 2 has an invalid length. [ 2152.716135][T12754] netlink: 17267 bytes leftover after parsing attributes in process `syz.0.33964'. [ 2154.308306][T12781] netlink: 'syz.2.33978': attribute type 2 has an invalid length. [ 2154.327773][T12781] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.33978'. [ 2156.186295][T12810] netlink: 16358 bytes leftover after parsing attributes in process `syz.0.33990'. [ 2156.352727][T12812] netlink: 65027 bytes leftover after parsing attributes in process `syz.0.34000'. [ 2159.824724][T12842] syzkaller0: refused to change device tx_queue_len [ 2159.922118][T12846] netlink: 65027 bytes leftover after parsing attributes in process `syz.2.34006'. [ 2160.593442][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.601067][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2164.141423][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.150701][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.159919][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.169145][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.178347][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.187562][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.196806][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.205977][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.215173][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2164.224361][T12925] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2165.422759][T12947] netlink: 'syz.3.34055': attribute type 3 has an invalid length. [ 2165.458062][T12947] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.34055'. [ 2166.771253][T12974] netlink: 199824 bytes leftover after parsing attributes in process `syz.3.34064'. [ 2168.534324][T25907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2169.191243][T13016] netlink: 'syz.0.34080': attribute type 22 has an invalid length. [ 2169.976530][T13039] netlink: 168 bytes leftover after parsing attributes in process `syz.0.34096'. [ 2170.238162][T11340] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2170.248978][ T1136] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2175.127968][T13103] netlink: 'syz.0.34116': attribute type 9 has an invalid length. [ 2175.149877][T13103] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.34116'. [ 2175.423918][T13105] netlink: 'syz.0.34116': attribute type 9 has an invalid length. [ 2175.436718][T13105] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.34116'. [ 2175.888754][T13114] netlink: 'syz.1.34120': attribute type 9 has an invalid length. [ 2176.917970][T13144] netlink: 'syz.0.34133': attribute type 9 has an invalid length. [ 2178.546214][T13183] netlink: 'syz.2.34147': attribute type 9 has an invalid length. [ 2179.575756][T13200] netlink: 'syz.1.34157': attribute type 9 has an invalid length. [ 2179.599696][T13200] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.34157'. [ 2179.627699][T13201] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.34160'. [ 2179.773098][T13204] netlink: 'syz.1.34157': attribute type 9 has an invalid length. [ 2179.816586][T13204] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.34157'. [ 2180.262600][T13212] netlink: 60 bytes leftover after parsing attributes in process `syz.2.34164'. [ 2180.272959][T13212] netlink: 60 bytes leftover after parsing attributes in process `syz.2.34164'. [ 2180.562848][T13225] netlink: 'syz.3.34178': attribute type 9 has an invalid length. [ 2180.572224][T13225] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.34178'. [ 2180.976499][T13229] netlink: 'syz.3.34178': attribute type 9 has an invalid length. [ 2180.984432][T13229] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.34178'. [ 2183.585329][T13254] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.34183'. [ 2185.600876][T13279] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.34194'. [ 2185.760472][T13287] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.34197'. [ 2188.748150][T13318] netlink: 'syz.2.34206': attribute type 9 has an invalid length. [ 2188.788603][T13318] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.34206'. [ 2189.089627][T13320] netlink: 'syz.2.34206': attribute type 9 has an invalid length. [ 2189.120200][T13320] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.34206'. [ 2189.923833][T13330] netlink: 'syz.1.34223': attribute type 9 has an invalid length. [ 2189.965868][T13330] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.34223'. [ 2190.835659][T13331] netlink: 'syz.1.34223': attribute type 9 has an invalid length. [ 2190.845539][T13331] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.34223'. [ 2191.711780][T13343] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.34214'. [ 2193.574288][T13384] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.34236'. [ 2195.823811][T13428] netlink: 'syz.0.34263': attribute type 10 has an invalid length. [ 2195.839463][T13428] netlink: 9279 bytes leftover after parsing attributes in process `syz.0.34263'. [ 2199.627193][T25907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2201.531649][T13483] netlink: 'syz.2.34276': attribute type 10 has an invalid length. [ 2201.548211][T13483] netlink: 9279 bytes leftover after parsing attributes in process `syz.2.34276'. [ 2201.558886][T13481] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.34286'. [ 2201.590680][T13481] net_ratelimit: 9977 callbacks suppressed [ 2201.590705][T13481] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2201.896825][T13494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.34283'. [ 2202.250250][T13504] netlink: 208064 bytes leftover after parsing attributes in process `syz.3.34287'. [ 2203.142100][T30606] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2203.271271][T25907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2204.300123][T13564] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.34311'. [ 2204.313301][T13564] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2210.522709][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.3.34318'. [ 2212.380968][T13620] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.34337'. [ 2212.553968][T13623] delete_channel: no stack [ 2212.567343][T13623] delete_channel: no stack [ 2212.742885][ T8153] Bluetooth: hci1: Malformed HCI Event [ 2213.715396][T13651] netlink: 'syz.1.34349': attribute type 11 has an invalid length. [ 2213.733080][T13651] netlink: 126292 bytes leftover after parsing attributes in process `syz.1.34349'. [ 2214.077448][ T8153] Bluetooth: hci0: Malformed HCI Event [ 2214.786593][T13662] delete_channel: no stack [ 2214.791959][T13662] delete_channel: no stack [ 2215.416272][T13670] netlink: 'syz.3.34367': attribute type 11 has an invalid length. [ 2215.443102][T13670] netlink: 126292 bytes leftover after parsing attributes in process `syz.3.34367'. [ 2215.974023][ T8153] Bluetooth: hci3: Malformed HCI Event [ 2216.641519][T13695] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.34378'. [ 2216.739376][T13695] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 2217.754212][T13704] netlink: 'syz.2.34373': attribute type 11 has an invalid length. [ 2217.806209][T13704] netlink: 126292 bytes leftover after parsing attributes in process `syz.2.34373'. [ 2218.930090][T13727] delete_channel: no stack [ 2218.957861][T13727] delete_channel: no stack [ 2220.938426][T13755] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2221.126768][T13768] delete_channel: no stack [ 2221.144086][T13768] delete_channel: no stack [ 2222.033873][T13780] delete_channel: no stack [ 2222.040775][T13780] delete_channel: no stack [ 2222.047831][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2222.054679][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2223.556039][T13801] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.34419'. [ 2223.685454][T13805] delete_channel: no stack [ 2223.707409][T13805] delete_channel: no stack [ 2224.161733][T13820] netlink: 212912 bytes leftover after parsing attributes in process `syz.2.34428'. [ 2224.176048][T13820] openvswitch: netlink: IP tunnel dst address not specified [ 2224.277655][T13827] netlink: 'syz.3.34432': attribute type 22 has an invalid length. [ 2224.372936][T13832] netlink: 'syz.0.34434': attribute type 29 has an invalid length. [ 2224.393652][T13832] netlink: 'syz.0.34434': attribute type 29 has an invalid length. [ 2224.443523][T13832] netlink: 'syz.0.34434': attribute type 29 has an invalid length. [ 2224.455439][T13832] netlink: 'syz.0.34434': attribute type 29 has an invalid length. [ 2224.469133][T13832] netlink: 'syz.0.34434': attribute type 29 has an invalid length. [ 2224.502189][T13832] netlink: 'syz.0.34434': attribute type 29 has an invalid length. [ 2224.691338][T13842] delete_channel: no stack [ 2224.701889][T13842] delete_channel: no stack [ 2225.412316][T13875] delete_channel: no stack [ 2225.440428][T13875] delete_channel: no stack [ 2226.212493][T13901] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.34465'. [ 2226.930080][T13908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2226.995279][T13919] delete_channel: no stack [ 2227.005961][T13919] delete_channel: no stack [ 2227.949225][T13935] netlink: 'syz.3.34475': attribute type 21 has an invalid length. [ 2229.674213][T13975] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.34492'. [ 2229.808926][T13982] netlink: 'syz.1.34494': attribute type 22 has an invalid length. [ 2230.691837][T14004] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.34503'. [ 2230.725775][T14004] netlink: 8454 bytes leftover after parsing attributes in process `syz.1.34503'. [ 2233.890586][T14058] netlink: 'syz.2.34524': attribute type 10 has an invalid length. [ 2235.723812][T14058] macvlan0: entered promiscuous mode [ 2235.729835][T14058] macvlan0: entered allmulticast mode [ 2235.745910][T14058] veth1_vlan: entered allmulticast mode [ 2235.807797][T14058] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 2236.010240][T14062] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.34526'. [ 2236.026688][T14062] netlink: 8454 bytes leftover after parsing attributes in process `syz.3.34526'. [ 2236.098514][T14067] netlink: 168 bytes leftover after parsing attributes in process `syz.2.34529'. [ 2236.215612][T14071] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.34531'. [ 2236.234846][T14071] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.34531'. [ 2236.304293][T14073] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.34532'. [ 2236.385669][T14077] netlink: 44 bytes leftover after parsing attributes in process `syz.2.34534'. [ 2237.108265][T25907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2237.142155][T14101] netlink: 168 bytes leftover after parsing attributes in process `syz.3.34543'. [ 2237.274229][T14103] netlink: 44 bytes leftover after parsing attributes in process `syz.1.34545'. [ 2237.575607][T14110] netlink: 44 bytes leftover after parsing attributes in process `syz.0.34556'. [ 2239.851601][T14164] netlink: 'syz.0.34572': attribute type 30 has an invalid length. [ 2244.102404][T14185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2244.527443][T14202] __nla_validate_parse: 1 callbacks suppressed [ 2244.527468][T14202] netlink: 15743 bytes leftover after parsing attributes in process `syz.0.34590'. [ 2244.938671][T14209] netlink: 'syz.0.34593': attribute type 10 has an invalid length. [ 2244.987155][T14209] netlink: 40 bytes leftover after parsing attributes in process `syz.0.34593'. [ 2247.766657][T14209] caif0: entered promiscuous mode [ 2247.771767][T14209] caif0: entered allmulticast mode [ 2247.784345][T14209] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2247.976218][T14220] netlink: 'syz.0.34598': attribute type 1 has an invalid length. [ 2247.994417][T14220] netlink: 'syz.0.34598': attribute type 4 has an invalid length. [ 2248.012818][T14220] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.34598'. [ 2248.544065][T14252] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.34610'. [ 2252.393960][T14284] netlink: 'syz.2.34625': attribute type 10 has an invalid length. [ 2252.441280][T14284] netlink: 40 bytes leftover after parsing attributes in process `syz.2.34625'. [ 2252.476820][T14284] caif0: entered promiscuous mode [ 2252.489336][T14284] caif0: entered allmulticast mode [ 2252.494842][T14284] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2252.683996][T14292] netlink: 'syz.3.34627': attribute type 1 has an invalid length. [ 2252.692413][T14292] netlink: 'syz.3.34627': attribute type 4 has an invalid length. [ 2252.700916][T14292] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.34627'. [ 2253.134317][T14314] netlink: 'syz.3.34638': attribute type 10 has an invalid length. [ 2253.146064][T14314] netlink: 40 bytes leftover after parsing attributes in process `syz.3.34638'. [ 2253.161565][T14314] caif0: entered promiscuous mode [ 2253.167754][T14314] caif0: entered allmulticast mode [ 2253.173666][T14314] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2253.483559][T14324] netlink: 'syz.1.34641': attribute type 1 has an invalid length. [ 2253.531449][T14324] netlink: 'syz.1.34641': attribute type 4 has an invalid length. [ 2253.559730][T14324] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.34641'. [ 2253.961539][T14337] netlink: 152 bytes leftover after parsing attributes in process `syz.0.34655'. [ 2254.101553][T14339] netlink: 'syz.1.34648': attribute type 10 has an invalid length. [ 2254.128222][T14339] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34648'. [ 2254.153129][T14339] caif0: entered promiscuous mode [ 2254.160560][T14339] caif0: entered allmulticast mode [ 2254.168134][T14339] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2254.899004][T14370] netlink: 'syz.2.34663': attribute type 10 has an invalid length. [ 2254.925040][T14370] netlink: 40 bytes leftover after parsing attributes in process `syz.2.34663'. [ 2254.947244][T14370] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2255.223030][T14384] netlink: 'syz.2.34670': attribute type 4 has an invalid length. [ 2255.725411][T14397] netlink: 'syz.1.34676': attribute type 10 has an invalid length. [ 2255.766932][T14397] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34676'. [ 2255.839941][T14397] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2256.574470][T14405] team0: Device wg1 is of different type [ 2256.819476][T14408] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34687'. [ 2256.851781][T14408] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2256.917031][T14405] syz.3.34688 (14405) used greatest stack depth: 18832 bytes left [ 2257.360650][T14414] netlink: 40 bytes leftover after parsing attributes in process `syz.3.34690'. [ 2257.383048][T14414] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2260.823903][T14453] validate_nla: 3 callbacks suppressed [ 2260.824085][T14453] netlink: 'syz.2.34697': attribute type 10 has an invalid length. [ 2260.840046][T14453] netlink: 40 bytes leftover after parsing attributes in process `syz.2.34697'. [ 2260.863849][T14453] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2268.247214][T25907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2268.257845][T14522] netlink: 'syz.1.34723': attribute type 10 has an invalid length. [ 2268.280620][T14522] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34723'. [ 2268.306040][T14522] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2268.818599][T14545] netlink: 'syz.1.34733': attribute type 4 has an invalid length. [ 2269.135725][T14547] netlink: 'syz.0.34744': attribute type 10 has an invalid length. [ 2269.323617][T14547] team0: Device wg1 is of different type [ 2269.581479][T14556] netlink: 'syz.3.34738': attribute type 10 has an invalid length. [ 2269.599646][T14556] netlink: 40 bytes leftover after parsing attributes in process `syz.3.34738'. [ 2269.631178][T14556] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2269.885503][T14564] netlink: 'syz.1.34751': attribute type 10 has an invalid length. [ 2270.101035][T14564] team0: Device wg1 is of different type [ 2270.412431][T14569] netlink: 'syz.3.34746': attribute type 4 has an invalid length. [ 2270.707972][T14581] netlink: 'syz.3.34752': attribute type 10 has an invalid length. [ 2270.716175][T14581] netlink: 40 bytes leftover after parsing attributes in process `syz.3.34752'. [ 2270.744145][T14581] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2271.121420][T14593] netlink: 'syz.1.34765': attribute type 10 has an invalid length. [ 2271.173784][T14593] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34765'. [ 2271.948914][T14593] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2271.996790][T14596] netlink: 'syz.2.34757': attribute type 10 has an invalid length. [ 2272.055433][T14596] team0: Device wg1 is of different type [ 2272.371978][T14607] netlink: 'syz.1.34769': attribute type 10 has an invalid length. [ 2272.394361][T14607] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34769'. [ 2272.412290][T14607] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 2277.024770][T14664] netlink: 'syz.3.34782': attribute type 10 has an invalid length. [ 2277.093895][T14664] team0: Device wg1 is of different type [ 2279.199122][T14698] netlink: 'syz.2.34794': attribute type 10 has an invalid length. [ 2279.474341][T14698] team0: Device wg1 is of different type [ 2280.230993][T14709] netlink: 121460 bytes leftover after parsing attributes in process `syz.1.34799'. [ 2280.322411][T14709] netlink: 'syz.1.34799': attribute type 1 has an invalid length. [ 2280.357727][T14709] netlink: 16520 bytes leftover after parsing attributes in process `syz.1.34799'. [ 2283.495714][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2283.502390][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2284.298238][T14733] netlink: 'syz.2.34809': attribute type 10 has an invalid length. [ 2284.407398][T14733] team0: Device wg1 is of different type [ 2285.421365][T14749] netlink: 'syz.1.34816': attribute type 2 has an invalid length. [ 2285.444797][T14749] netlink: 'syz.1.34816': attribute type 8 has an invalid length. [ 2285.465864][T14749] netlink: 132 bytes leftover after parsing attributes in process `syz.1.34816'. [ 2286.740189][T14782] netlink: 'syz.3.34830': attribute type 2 has an invalid length. [ 2286.751248][T14782] netlink: 'syz.3.34830': attribute type 8 has an invalid length. [ 2286.766048][T14782] netlink: 132 bytes leftover after parsing attributes in process `syz.3.34830'. [ 2287.993889][T14810] netlink: 'syz.0.34841': attribute type 2 has an invalid length. [ 2288.034091][T14810] netlink: 'syz.0.34841': attribute type 8 has an invalid length. [ 2288.056932][T14810] netlink: 132 bytes leftover after parsing attributes in process `syz.0.34841'. [ 2289.804500][T14851] netlink: 176 bytes leftover after parsing attributes in process `syz.2.34856'. [ 2290.023228][T14861] netlink: 'syz.0.34860': attribute type 1 has an invalid length. [ 2294.314225][T14910] netlink: 176 bytes leftover after parsing attributes in process `syz.3.34878'. [ 2295.434105][T14930] netlink: 'syz.0.34888': attribute type 21 has an invalid length. [ 2295.454814][T14930] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.34888'. [ 2296.103272][T14961] netlink: 'syz.3.34902': attribute type 33 has an invalid length. [ 2296.147052][T14961] netlink: 164 bytes leftover after parsing attributes in process `syz.3.34902'. [ 2298.413311][T15019] netlink: 'syz.3.34928': attribute type 21 has an invalid length. [ 2298.422075][T15019] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.34928'. [ 2298.604294][T15024] netlink: 'syz.2.34930': attribute type 33 has an invalid length. [ 2298.628489][T15024] netlink: 164 bytes leftover after parsing attributes in process `syz.2.34930'. [ 2299.117769][T15035] netlink: 'syz.0.34934': attribute type 3 has an invalid length. [ 2299.311519][T15041] netlink: 'syz.2.34938': attribute type 21 has an invalid length. [ 2299.323783][T15041] netlink: 14548 bytes leftover after parsing attributes in process `syz.2.34938'. [ 2299.366726][T11340] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2301.289199][T15067] netlink: 'syz.1.34942': attribute type 33 has an invalid length. [ 2301.300397][T15067] netlink: 164 bytes leftover after parsing attributes in process `syz.1.34942'. [ 2305.773257][T15203] netlink: 'syz.0.35003': attribute type 3 has an invalid length. [ 2305.800288][T15203] netlink: 'syz.0.35003': attribute type 5 has an invalid length. [ 2312.078442][T15235] netlink: 'syz.2.35017': attribute type 3 has an invalid length. [ 2312.101002][T15235] netlink: 'syz.2.35017': attribute type 5 has an invalid length. [ 2316.545361][T15270] netlink: 'syz.1.35032': attribute type 3 has an invalid length. [ 2316.580813][T15270] netlink: 'syz.1.35032': attribute type 5 has an invalid length. [ 2325.601898][T15358] netlink: 'syz.2.35072': attribute type 21 has an invalid length. [ 2325.621969][T15358] netlink: 152 bytes leftover after parsing attributes in process `syz.2.35072'. [ 2325.906276][T15368] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.35075'. [ 2326.073516][T15376] pim6reg1: entered promiscuous mode [ 2326.088739][T15376] pim6reg1: entered allmulticast mode [ 2326.611517][T15385] netlink: 'syz.0.35083': attribute type 1 has an invalid length. [ 2326.630259][T15385] netlink: 15743 bytes leftover after parsing attributes in process `syz.0.35083'. [ 2326.680727][T15387] netlink: 'syz.2.35082': attribute type 1 has an invalid length. [ 2326.702772][T15387] netlink: 'syz.2.35082': attribute type 2 has an invalid length. [ 2326.720038][T15387] netlink: 'syz.2.35082': attribute type 2 has an invalid length. [ 2326.735278][T15387] netlink: 'syz.2.35082': attribute type 3 has an invalid length. [ 2326.754268][T15387] netlink: 'syz.2.35082': attribute type 4 has an invalid length. [ 2326.768272][T15387] netlink: 'syz.2.35082': attribute type 5 has an invalid length. [ 2326.786867][T15387] netlink: 'syz.2.35082': attribute type 6 has an invalid length. [ 2326.802915][T15387] netlink: 'syz.2.35082': attribute type 7 has an invalid length. [ 2326.824860][T15387] netlink: 126304 bytes leftover after parsing attributes in process `syz.2.35082'. [ 2326.899534][T15391] netlink: 176 bytes leftover after parsing attributes in process `syz.3.35084'. [ 2327.325664][T15408] netlink: 152 bytes leftover after parsing attributes in process `syz.0.35093'. [ 2327.540530][T15411] pim6reg1: entered promiscuous mode [ 2327.556305][T15411] pim6reg1: entered allmulticast mode [ 2327.879777][T15417] netlink: 126304 bytes leftover after parsing attributes in process `syz.1.35097'. [ 2328.104540][T15427] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.35102'. [ 2328.184634][T15429] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.35104'. [ 2329.138075][T15448] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.35112'. [ 2330.277248][T15496] pim6reg1: entered promiscuous mode [ 2330.282613][T15496] pim6reg1: entered allmulticast mode [ 2330.493716][ T1136] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2330.771149][T15512] validate_nla: 20 callbacks suppressed [ 2330.771171][T15512] netlink: 'syz.2.35151': attribute type 2 has an invalid length. [ 2330.795289][T15512] netlink: 'syz.2.35151': attribute type 1 has an invalid length. [ 2330.811928][T15512] netlink: 'syz.2.35151': attribute type 8 has an invalid length. [ 2330.825266][T15512] __nla_validate_parse: 1 callbacks suppressed [ 2330.825284][T15512] netlink: 44 bytes leftover after parsing attributes in process `syz.2.35151'. [ 2330.918043][T15518] netlink: 'syz.3.35146': attribute type 11 has an invalid length. [ 2330.927491][T15518] netlink: 'syz.3.35146': attribute type 2 has an invalid length. [ 2330.935370][T15518] netlink: 198100 bytes leftover after parsing attributes in process `syz.3.35146'. [ 2331.070584][T15522] netlink: 'syz.1.35157': attribute type 1 has an invalid length. [ 2331.091454][T15522] netlink: 16126 bytes leftover after parsing attributes in process `syz.1.35157'. [ 2331.719913][T15553] netlink: 'syz.1.35161': attribute type 11 has an invalid length. [ 2331.773452][T15553] netlink: 'syz.1.35161': attribute type 2 has an invalid length. [ 2331.817247][T15553] netlink: 198100 bytes leftover after parsing attributes in process `syz.1.35161'. [ 2333.278264][T15599] bond0: left allmulticast mode [ 2333.283221][T15599] bond_slave_0: left allmulticast mode [ 2333.310406][T15599] bond_slave_1: left allmulticast mode [ 2333.316295][T15599] bridge0: port 3(bond0) entered disabled state [ 2333.352161][T15599] bridge_slave_1: left allmulticast mode [ 2333.371189][T15599] bridge0: port 2(bridge_slave_1) entered disabled state [ 2333.414705][T15599] bridge_slave_0: left allmulticast mode [ 2333.421311][T15599] bridge_slave_0: left promiscuous mode [ 2333.436994][T15599] bridge0: port 1(bridge_slave_0) entered disabled state [ 2334.637672][T15631] netlink: 'syz.3.35194': attribute type 10 has an invalid length. [ 2334.645683][T15631] netlink: 55 bytes leftover after parsing attributes in process `syz.3.35194'. [ 2338.251683][ T8153] Bluetooth: hci1: Malformed LE Event: 0x1d [ 2338.855636][T15688] netlink: 'syz.0.35221': attribute type 3 has an invalid length. [ 2338.880535][T15688] netlink: 132 bytes leftover after parsing attributes in process `syz.0.35221'. [ 2340.390680][T15711] netlink: 'syz.0.35232': attribute type 10 has an invalid length. [ 2340.426314][T15711] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.35232'. [ 2340.438198][T15711] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 2344.935314][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2344.942763][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2346.113251][T15794] netlink: 'syz.3.35269': attribute type 3 has an invalid length. [ 2346.131973][T15794] netlink: 132 bytes leftover after parsing attributes in process `syz.3.35269'. [ 2346.786858][T15802] netlink: 'syz.0.35279': attribute type 10 has an invalid length. [ 2346.796084][T15802] veth0_vlan: left allmulticast mode [ 2346.834832][T15802] veth0_vlan: left promiscuous mode [ 2346.848648][T15802] veth0_vlan: entered promiscuous mode [ 2346.874146][T15802] team0: Device veth0_vlan failed to register rx_handler [ 2347.372494][T15802] syz.0.35279 (15802) used greatest stack depth: 18408 bytes left [ 2347.407131][T15808] syzkaller0: entered promiscuous mode [ 2347.412697][T15808] syzkaller0: entered allmulticast mode [ 2349.821581][T15833] netlink: 'syz.1.35283': attribute type 3 has an invalid length. [ 2349.830251][T15833] netlink: 132 bytes leftover after parsing attributes in process `syz.1.35283'. [ 2349.978346][T15838] netlink: 'syz.2.35287': attribute type 10 has an invalid length. [ 2349.988692][T15838] veth0_vlan: left promiscuous mode [ 2350.015036][T15838] veth0_vlan: entered promiscuous mode [ 2350.063463][T15838] team0: Device veth0_vlan failed to register rx_handler [ 2350.929143][T15855] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.35293'. [ 2351.414963][T15872] syzkaller0: entered promiscuous mode [ 2351.421540][T15872] syzkaller0: entered allmulticast mode [ 2351.504118][T15879] netlink: 'syz.2.35306': attribute type 3 has an invalid length. [ 2351.536797][T15879] netlink: 132 bytes leftover after parsing attributes in process `syz.2.35306'. [ 2354.308759][T15910] netlink: 'syz.3.35319': attribute type 3 has an invalid length. [ 2354.326765][T15910] netlink: 132 bytes leftover after parsing attributes in process `syz.3.35319'. [ 2355.090851][T15932] veth1_macvtap: left promiscuous mode [ 2355.561984][T15940] netlink: 'syz.1.35333': attribute type 3 has an invalid length. [ 2355.578010][T15940] netlink: 132 bytes leftover after parsing attributes in process `syz.1.35333'. [ 2356.527570][T15959] netlink: 'syz.1.35344': attribute type 3 has an invalid length. [ 2356.535981][T15959] netlink: 132 bytes leftover after parsing attributes in process `syz.1.35344'. [ 2356.742080][T15967] veth1_macvtap: left allmulticast mode [ 2356.771898][T15967] veth1_macvtap: left promiscuous mode [ 2356.799421][T15967] macsec0: left promiscuous mode [ 2356.824044][T15967] macsec0: left allmulticast mode [ 2358.445132][T15987] netlink: 'syz.0.35354': attribute type 3 has an invalid length. [ 2358.464590][T15987] netlink: 132 bytes leftover after parsing attributes in process `syz.0.35354'. [ 2359.906085][T16015] netlink: 'syz.0.35368': attribute type 3 has an invalid length. [ 2359.946731][T16015] netlink: 132 bytes leftover after parsing attributes in process `syz.0.35368'. [ 2360.262074][T16021] netlink: 'syz.3.35378': attribute type 3 has an invalid length. [ 2360.353547][T16021] netlink: 132 bytes leftover after parsing attributes in process `syz.3.35378'. [ 2361.520961][T11340] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2363.414923][T16075] netlink: 144 bytes leftover after parsing attributes in process `syz.1.35396'. [ 2363.586177][T16082] netlink: 'syz.2.35397': attribute type 3 has an invalid length. [ 2363.606448][T16082] netlink: 'syz.2.35397': attribute type 1 has an invalid length. [ 2363.646482][T16082] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.35397'. [ 2364.286968][T16104] netlink: 'syz.1.35406': attribute type 3 has an invalid length. [ 2364.323990][T16104] netlink: 132 bytes leftover after parsing attributes in process `syz.1.35406'. [ 2365.155143][T16117] netlink: 144 bytes leftover after parsing attributes in process `syz.3.35411'. [ 2366.381389][T16155] netlink: 144 bytes leftover after parsing attributes in process `syz.0.35428'. [ 2367.773936][T16193] netlink: 144 bytes leftover after parsing attributes in process `syz.2.35440'. [ 2368.835327][T16206] netlink: 'syz.3.35447': attribute type 14 has an invalid length. [ 2368.847159][T16206] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.35447'. [ 2369.130617][T16219] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.35454'. [ 2369.463371][T16232] netlink: 'syz.0.35460': attribute type 14 has an invalid length. [ 2369.484961][T16232] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.35460'. [ 2369.951256][T16250] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.35467'. [ 2370.254188][T16256] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.35480'. [ 2370.276015][T16259] netlink: 'syz.2.35471': attribute type 14 has an invalid length. [ 2370.307855][T16259] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.35471'. [ 2371.359259][T16293] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.35489'. [ 2371.428274][T16293] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 2371.886842][T25907] tipc: Subscription rejected, illegal request [ 2373.089021][T32041] tipc: Subscription rejected, illegal request [ 2375.080143][T25907] tipc: Subscription rejected, illegal request [ 2375.320840][T32041] tipc: Subscription rejected, illegal request [ 2376.842939][T16405] syz.1.35540: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 2376.901603][T16405] CPU: 1 PID: 16405 Comm: syz.1.35540 Not tainted syzkaller #0 [ 2376.909251][T16405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2376.919367][T16405] Call Trace: [ 2376.922699][T16405] [ 2376.925683][T16405] dump_stack_lvl+0x18c/0x250 [ 2376.930436][T16405] ? show_regs_print_info+0x20/0x20 [ 2376.935690][T16405] ? load_image+0x420/0x420 [ 2376.940262][T16405] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2376.946773][T16405] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 2376.953336][T16405] warn_alloc+0x246/0x340 [ 2376.957737][T16405] ? stack_trace_save+0xaa/0x100 [ 2376.962740][T16405] ? zone_watermark_ok_safe+0x230/0x230 [ 2376.968359][T16405] ? kasan_set_track+0x5f/0x70 [ 2376.973176][T16405] ? kasan_set_track+0x4e/0x70 [ 2376.977989][T16405] ? __kasan_kmalloc+0x8f/0xa0 [ 2376.982809][T16405] ? xsk_init_queue+0xad/0x100 [ 2376.987637][T16405] ? xsk_setsockopt+0x4e5/0x760 [ 2376.992543][T16405] ? do_sock_setsockopt+0x175/0x1a0 [ 2376.997795][T16405] ? __x64_sys_setsockopt+0x182/0x200 [ 2377.003222][T16405] __vmalloc_node_range+0x126/0x1330 [ 2377.008599][T16405] ? free_vm_area+0x50/0x50 [ 2377.013271][T16405] vmalloc_user+0x74/0x80 [ 2377.017670][T16405] ? xskq_create+0xbf/0x170 [ 2377.022234][T16405] xskq_create+0xbf/0x170 [ 2377.026620][T16405] xsk_init_queue+0xad/0x100 [ 2377.031265][T16405] xsk_setsockopt+0x4e5/0x760 [ 2377.036008][T16405] ? xsk_poll+0x680/0x680 [ 2377.040394][T16405] ? __fget_files+0x28/0x4b0 [ 2377.045079][T16405] ? __fget_files+0x28/0x4b0 [ 2377.049735][T16405] ? aa_sock_opt_perm+0x74/0x100 [ 2377.054745][T16405] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 2377.060370][T16405] ? security_socket_setsockopt+0x7e/0xa0 [ 2377.066165][T16405] ? xsk_poll+0x680/0x680 [ 2377.070578][T16405] do_sock_setsockopt+0x175/0x1a0 [ 2377.075688][T16405] ? __fdget+0x180/0x210 [ 2377.080010][T16405] __x64_sys_setsockopt+0x182/0x200 [ 2377.085302][T16405] do_syscall_64+0x55/0xb0 [ 2377.089794][T16405] ? clear_bhb_loop+0x40/0x90 [ 2377.094545][T16405] ? clear_bhb_loop+0x40/0x90 [ 2377.099348][T16405] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2377.105330][T16405] RIP: 0033:0x7f9873f9ce59 [ 2377.109814][T16405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2377.129498][T16405] RSP: 002b:00007f9874db0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2377.137991][T16405] RAX: ffffffffffffffda RBX: 00007f9874215fa0 RCX: 00007f9873f9ce59 [ 2377.146035][T16405] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 2377.154072][T16405] RBP: 00007f9874032d6f R08: 0000000000000004 R09: 0000000000000000 [ 2377.162112][T16405] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 2377.170154][T16405] R13: 00007f9874216038 R14: 00007f9874215fa0 R15: 00007fff407c11b8 [ 2377.178232][T16405] [ 2377.275396][T16405] Mem-Info: [ 2377.304316][T16405] active_anon:18645 inactive_anon:0 isolated_anon:0 [ 2377.304316][T16405] active_file:18628 inactive_file:40860 isolated_file:0 [ 2377.304316][T16405] unevictable:768 dirty:244 writeback:0 [ 2377.304316][T16405] slab_reclaimable:10928 slab_unreclaimable:97067 [ 2377.304316][T16405] mapped:23939 shmem:1696 pagetables:559 [ 2377.304316][T16405] sec_pagetables:0 bounce:0 [ 2377.304316][T16405] kernel_misc_reclaimable:0 [ 2377.304316][T16405] free:1329465 free_pcp:6270 free_cma:0 [ 2377.422564][T16405] Node 0 active_anon:75080kB inactive_anon:0kB active_file:74512kB inactive_file:163240kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95756kB dirty:976kB writeback:0kB shmem:5848kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10508kB pagetables:2236kB sec_pagetables:0kB all_unreclaimable? no [ 2377.485186][T16405] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 2377.572382][T16405] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2377.618785][T16405] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 2377.624681][T16405] Node 0 DMA32 free:1408820kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:75840kB inactive_anon:0kB active_file:74512kB inactive_file:162416kB unevictable:1536kB writepending:976kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:4340kB local_pcp:2040kB free_cma:0kB [ 2377.655485][T16405] lowmem_reserve[]: 0 0 0 0 0 [ 2377.686670][T16405] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 2377.755043][T16405] lowmem_reserve[]: 0 0 0 0 0 [ 2377.772278][T16405] Node 1 Normal free:3891660kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22036kB local_pcp:8820kB free_cma:0kB [ 2377.833953][T16405] lowmem_reserve[]: 0 0 0 0 0 [ 2377.849887][T16405] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2377.870650][T16405] Node 0 DMA32: 1339*4kB (UME) 1441*8kB (UME) 1558*16kB (UME) 597*32kB (UME) 763*64kB (UME) 389*128kB (UME) 218*256kB (UME) 99*512kB (UME) 68*1024kB (UME) 12*2048kB (UM) 256*4096kB (UM) = 1408820kB [ 2377.890679][T16405] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 2377.903949][T16405] Node 1 Normal: 77*4kB (UME) 61*8kB (UME) 33*16kB (UME) 61*32kB (UME) 20*64kB (UME) 8*128kB (UME) 2*256kB (ME) 1*512kB (E) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3891660kB [ 2377.924989][T16405] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2377.935271][T16405] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2377.945099][T16405] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2377.955152][T16405] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2377.966273][T16405] 60859 total pagecache pages [ 2377.971337][T16405] 0 pages in swap cache [ 2377.975654][T16405] Free swap = 124996kB [ 2377.980577][T16405] Total swap = 124996kB [ 2377.984779][T16405] 2097051 pages RAM [ 2377.989079][T16405] 0 pages HighMem/MovableOnly [ 2377.993897][T16405] 416933 pages reserved [ 2378.014459][T16405] 0 pages cma reserved [ 2378.616703][T16431] syz.1.35551[16431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2378.616960][T16431] syz.1.35551[16431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2380.225387][ T8153] Bluetooth: hci0: ISO packet too small [ 2382.677791][T16530] syz.3.35597[16530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2382.678068][T16530] syz.3.35597[16530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2383.455348][T16538] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.35602'. [ 2383.713044][ T8153] Bluetooth: hci2: ISO packet too small [ 2385.382042][ T8153] Bluetooth: hci3: ISO packet too small [ 2385.540627][T16584] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.35618'. [ 2393.267737][T32041] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2393.435360][T16710] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.35674'. [ 2402.211962][T16804] netlink: 'syz.0.35722': attribute type 2 has an invalid length. [ 2402.220241][T16804] netlink: 'syz.0.35722': attribute type 1 has an invalid length. [ 2402.234332][T16804] netlink: 'syz.0.35722': attribute type 8 has an invalid length. [ 2402.242865][T16804] netlink: 88 bytes leftover after parsing attributes in process `syz.0.35722'. [ 2402.337992][ T8153] Bluetooth: hci0: unexpected subevent 0x05 length: 150 > 12 [ 2403.583466][T16841] netlink: 'syz.1.35731': attribute type 33 has an invalid length. [ 2403.623594][T16841] netlink: 152 bytes leftover after parsing attributes in process `syz.1.35731'. [ 2403.656785][T16841] `: renamed from syz_tun (while UP) [ 2404.172952][T16848] netlink: 'syz.1.35734': attribute type 2 has an invalid length. [ 2404.191654][T16848] netlink: 'syz.1.35734': attribute type 1 has an invalid length. [ 2404.211932][T16848] netlink: 'syz.1.35734': attribute type 8 has an invalid length. [ 2404.231402][T16848] netlink: 88 bytes leftover after parsing attributes in process `syz.1.35734'. [ 2404.356684][ T8153] Bluetooth: hci0: command 0x0406 tx timeout [ 2405.165051][T16874] netlink: 'syz.2.35745': attribute type 2 has an invalid length. [ 2405.177271][T16874] netlink: 'syz.2.35745': attribute type 1 has an invalid length. [ 2405.185404][T16874] netlink: 'syz.2.35745': attribute type 8 has an invalid length. [ 2405.193555][T16874] netlink: 88 bytes leftover after parsing attributes in process `syz.2.35745'. [ 2405.203431][T16876] netlink: 152 bytes leftover after parsing attributes in process `syz.0.35746'. [ 2405.218223][T16876] `: renamed from syz_tun (while UP) [ 2406.351176][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2406.358685][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2406.636712][T16900] netlink: 156 bytes leftover after parsing attributes in process `syz.0.35755'. [ 2406.958832][T16910] netlink: 88 bytes leftover after parsing attributes in process `syz.3.35759'. [ 2407.144650][T16913] netlink: 152 bytes leftover after parsing attributes in process `syz.3.35760'. [ 2407.178278][T16913] `: renamed from syz_tun (while UP) [ 2408.803435][T16934] validate_nla: 5 callbacks suppressed [ 2408.803455][T16934] netlink: 'syz.1.35772': attribute type 2 has an invalid length. [ 2408.844773][T16934] netlink: 'syz.1.35772': attribute type 1 has an invalid length. [ 2408.876608][T16934] netlink: 'syz.1.35772': attribute type 8 has an invalid length. [ 2408.907446][T16934] netlink: 88 bytes leftover after parsing attributes in process `syz.1.35772'. [ 2408.946024][T16937] netlink: 156 bytes leftover after parsing attributes in process `syz.3.35770'. [ 2411.211703][T16966] sctp: [Deprecated]: syz.2.35782 (pid 16966) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2411.211703][T16966] Use struct sctp_sack_info instead [ 2411.745217][T16970] netlink: 156 bytes leftover after parsing attributes in process `syz.2.35786'. [ 2412.437377][T16992] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.35796'. [ 2413.243058][T17022] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.35810'. [ 2415.942219][ T8153] Bluetooth: hci1: unexpected subevent 0x03 length: 150 > 9 [ 2416.570477][T17123] sctp: [Deprecated]: syz.1.35859 (pid 17123) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2416.570477][T17123] Use struct sctp_sack_info instead [ 2416.613428][T17124] netlink: 'syz.0.35866': attribute type 22 has an invalid length. [ 2419.106633][T17178] netlink: 'syz.3.35883': attribute type 22 has an invalid length. [ 2419.924516][T17204] netlink: 'syz.2.35896': attribute type 22 has an invalid length. [ 2422.183836][T17237] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.35912'. [ 2423.572188][T17273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2424.292344][T21388] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2426.773886][T17339] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.35952'. [ 2428.557889][T17366] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.35964'. [ 2429.560470][T17393] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.35975'. [ 2430.339645][T17421] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.35986'. [ 2430.520059][T17426] netlink: 152 bytes leftover after parsing attributes in process `syz.2.35988'. [ 2433.538114][T17491] sock: sock_timestamping_bind_phc: sock not bind to device [ 2435.966206][T17536] sock: sock_timestamping_bind_phc: sock not bind to device [ 2440.409025][T17666] netlink: 'syz.2.36087': attribute type 21 has an invalid length. [ 2440.436670][T17666] netlink: 'syz.2.36087': attribute type 13 has an invalid length. [ 2440.455000][T17666] netlink: 6188 bytes leftover after parsing attributes in process `syz.2.36087'. [ 2441.149024][T17691] netlink: 'syz.1.36099': attribute type 21 has an invalid length. [ 2441.157176][T17691] netlink: 'syz.1.36099': attribute type 13 has an invalid length. [ 2441.165235][T17691] netlink: 6188 bytes leftover after parsing attributes in process `syz.1.36099'. [ 2448.552963][T17811] netlink: 'syz.1.36150': attribute type 10 has an invalid length. [ 2448.599308][T17811] veth0_macvtap: left promiscuous mode [ 2448.924574][T17820] syzkaller0: entered promiscuous mode [ 2448.930452][T17820] syzkaller0: entered allmulticast mode [ 2448.944653][T17820] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 2450.298352][ T8153] Bluetooth: hci2: Malformed LE Event: 0x02 [ 2455.411915][ T8153] Bluetooth: hci3: Malformed LE Event: 0x02 [ 2455.421941][ T1136] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2467.791066][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2467.797604][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2470.702952][T18136] netlink: 'syz.0.36288': attribute type 21 has an invalid length. [ 2474.320890][ T8153] Bluetooth: hci1: Dropping invalid advertising data [ 2474.333667][ T8153] Bluetooth: hci1: Malformed LE Event: 0x02 [ 2477.199378][T18257] netlink: 'syz.3.36346': attribute type 2 has an invalid length. [ 2477.219968][T18257] netlink: 1045 bytes leftover after parsing attributes in process `syz.3.36346'. [ 2478.076736][T18285] netlink: 'syz.1.36360': attribute type 2 has an invalid length. [ 2478.116490][T18285] netlink: 1045 bytes leftover after parsing attributes in process `syz.1.36360'. [ 2482.209657][T18361] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.36390'. [ 2486.653562][T21388] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2488.785421][T18445] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.36430'. [ 2488.866809][T18445] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2494.478915][T18502] netlink: 'syz.2.36445': attribute type 3 has an invalid length. [ 2494.491357][T18502] netlink: 'syz.2.36445': attribute type 6 has an invalid length. [ 2494.499834][T18502] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.36445'. [ 2494.653747][T18511] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.36450'. [ 2494.772380][ T8153] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2495.360130][T18535] netlink: 15119 bytes leftover after parsing attributes in process `syz.0.36460'. [ 2495.548432][T18518] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 2496.380453][T18563] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.36471'. [ 2498.928905][T18611] wlan0: mtu greater than device maximum [ 2500.062082][T18627] C: renamed from team_slave_0 (while UP) [ 2500.083120][T18627] netlink: 'syz.1.36501': attribute type 3 has an invalid length. [ 2500.101480][T18627] netlink: 'syz.1.36501': attribute type 1 has an invalid length. [ 2500.121924][T18627] netlink: 116 bytes leftover after parsing attributes in process `syz.1.36501'. [ 2500.156711][T18627] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 2500.253585][T18633] wlan0: mtu greater than device maximum [ 2500.431198][T18640] wlan0: mtu greater than device maximum [ 2501.641386][T18663] lo: entered promiscuous mode [ 2503.761015][T18693] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.36526'. [ 2503.783724][T18691] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.36525'. [ 2503.809029][T18691] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2504.515654][T18710] netlink: 'syz.2.36542': attribute type 3 has an invalid length. [ 2504.539863][T18710] netlink: 'syz.2.36542': attribute type 1 has an invalid length. [ 2504.554840][T18710] netlink: 116 bytes leftover after parsing attributes in process `syz.2.36542'. [ 2504.567631][T18710] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 2505.462607][T18724] netlink: 'syz.1.36536': attribute type 9 has an invalid length. [ 2505.623971][T18724] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.36536'. [ 2506.401106][T18735] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.36541'. [ 2506.425541][T18735] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2506.600228][T18742] netlink: 'syz.0.36545': attribute type 13 has an invalid length. [ 2506.619698][T18742] netlink: 172 bytes leftover after parsing attributes in process `syz.0.36545'. [ 2506.685108][T18742] erspan0: refused to change device tx_queue_len [ 2507.521711][T18758] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.36552'. [ 2509.908022][T18829] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.36585'. [ 2510.165015][T18835] netlink: 'syz.1.36586': attribute type 13 has an invalid length. [ 2510.174679][T18835] netlink: 172 bytes leftover after parsing attributes in process `syz.1.36586'. [ 2510.205338][T18835] erspan0: refused to change device tx_queue_len [ 2512.271498][T18862] syz.0.36609[18862] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2512.271753][T18862] syz.0.36609[18862] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2514.962007][T18909] netlink: 60243 bytes leftover after parsing attributes in process `syz.3.36623'. [ 2514.983665][T18909] netlink: 4 bytes leftover after parsing attributes in process `syz.3.36623'. [ 2515.132680][T18912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2515.757449][T18940] netlink: 60243 bytes leftover after parsing attributes in process `syz.0.36634'. [ 2515.786539][T18940] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36634'. [ 2515.861828][T18937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2517.686569][T25907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2520.988743][T19006] netlink: 15794 bytes leftover after parsing attributes in process `syz.1.36665'. [ 2529.234667][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2529.241332][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2535.749558][T18518] Bluetooth: hci0: Malformed Event: 0x2f [ 2537.178891][T18518] Bluetooth: hci3: Malformed Event: 0x2f [ 2538.776656][T19257] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.36780'. [ 2543.960167][T19316] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2543.982956][T19316] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2544.047472][T19316] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2544.086371][T19316] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2549.118329][T11340] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2557.312868][T19512] netlink: 'syz.0.36892': attribute type 9 has an invalid length. [ 2557.326140][T19512] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.36892'. [ 2568.105889][T19584] netlink: 'syz.2.36925': attribute type 1 has an invalid length. [ 2568.130624][T19584] netlink: 'syz.2.36925': attribute type 4 has an invalid length. [ 2568.149138][T19584] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.36925'. [ 2569.709058][T19611] syzkaller0: entered promiscuous mode [ 2569.722398][T19611] syzkaller0: entered allmulticast mode [ 2569.899868][T19622] netlink: 539 bytes leftover after parsing attributes in process `syz.1.36940'. [ 2570.204775][T18518] Bluetooth: hci0: unexpected event 0x31 length: 15 > 6 [ 2572.465312][T19653] netlink: 539 bytes leftover after parsing attributes in process `syz.0.36952'. [ 2572.612333][T18518] Bluetooth: hci1: unexpected event 0x31 length: 15 > 6 [ 2574.456927][T19639] netlink: 'syz.3.36947': attribute type 1 has an invalid length. [ 2574.471918][T19639] netlink: 'syz.3.36947': attribute type 4 has an invalid length. [ 2574.479938][T19639] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.36947'. [ 2576.496508][T18518] Bluetooth: hci3: unexpected event 0x31 length: 15 > 6 [ 2576.609120][T19694] netlink: 'syz.2.36965': attribute type 11 has an invalid length. [ 2576.656341][T19694] netlink: 184116 bytes leftover after parsing attributes in process `syz.2.36965'. [ 2576.699569][T19694] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 2581.070358][T21388] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2584.000411][T19789] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37008'. [ 2586.137912][T19824] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37022'. [ 2588.313833][T19855] tun0: tun_chr_ioctl cmd 2147767520 [ 2588.384931][T19857] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37034'. [ 2590.716994][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2590.724658][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2591.821199][T19895] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37048'. [ 2592.780199][T19925] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37064'. [ 2593.617916][T19952] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.37075'. [ 2595.224373][T19994] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.37089'. [ 2595.632385][T20001] netlink: 152 bytes leftover after parsing attributes in process `syz.0.37091'. [ 2595.645952][T20001] tc_dump_action: action bad kind [ 2596.888045][T20026] netlink: 152 bytes leftover after parsing attributes in process `syz.3.37109'. [ 2596.916154][T20026] tc_dump_action: action bad kind [ 2598.255499][T20039] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.37101'. [ 2598.764097][T20060] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.37115'. [ 2599.769454][T20082] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.37123'. [ 2601.639024][T20116] netlink: 'syz.1.37137': attribute type 1 has an invalid length. [ 2601.707764][T20116] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.37137'. [ 2602.484350][T20113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2602.908901][T18518] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 2604.996378][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 2606.005935][T20148] syzkaller0: entered promiscuous mode [ 2606.020282][T20148] syzkaller0: entered allmulticast mode [ 2609.186392][ T51] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2611.236483][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 2612.453464][T20196] syzkaller0: entered promiscuous mode [ 2612.459176][T20196] syzkaller0: entered allmulticast mode [ 2612.732331][T30606] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2613.454813][ T51] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 2615.551021][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 2617.192934][T20266] syzkaller0: entered promiscuous mode [ 2617.199303][T20266] syzkaller0: entered allmulticast mode [ 2622.062716][T20349] syzkaller0: entered promiscuous mode [ 2622.068662][T20349] syzkaller0: entered allmulticast mode [ 2622.079311][T20349] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 65487 [ 2623.667483][T20391] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.37247'. [ 2623.678558][T20391] netlink: 6320 bytes leftover after parsing attributes in process `syz.1.37247'. [ 2626.746523][T20408] sctp: [Deprecated]: syz.3.37255 (pid 20408) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2626.746523][T20408] Use struct sctp_sack_info instead [ 2627.823236][T20426] netlink: 'syz.2.37263': attribute type 21 has an invalid length. [ 2627.836018][T20426] netlink: 'syz.2.37263': attribute type 19 has an invalid length. [ 2627.848302][T20426] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.37263'. [ 2630.261220][T20468] netlink: 'syz.1.37281': attribute type 39 has an invalid length. [ 2630.362817][T20467] netlink: 'syz.0.37280': attribute type 1 has an invalid length. [ 2630.377711][T20467] netlink: 'syz.0.37280': attribute type 4 has an invalid length. [ 2630.386814][T20467] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.37280'. [ 2631.195505][T20487] netlink: 'syz.1.37288': attribute type 21 has an invalid length. [ 2631.223834][T20487] netlink: 'syz.1.37288': attribute type 19 has an invalid length. [ 2631.248352][T20487] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.37288'. [ 2633.016647][T20509] netlink: 'syz.0.37297': attribute type 39 has an invalid length. [ 2633.276196][T20515] netlink: 'syz.2.37298': attribute type 1 has an invalid length. [ 2633.284432][T20515] netlink: 'syz.2.37298': attribute type 4 has an invalid length. [ 2633.293104][T20515] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.37298'. [ 2633.437760][T20518] netlink: 'syz.1.37310': attribute type 1 has an invalid length. [ 2633.445789][T20518] netlink: 'syz.1.37310': attribute type 4 has an invalid length. [ 2633.455155][T20518] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.37310'. [ 2636.053996][T20564] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37321'. [ 2636.067726][T20563] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2636.184224][T20564] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2636.541701][T20558] syz.2.37318 (20558) used greatest stack depth: 17960 bytes left [ 2637.437544][T20597] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2637.463779][T20600] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.37335'. [ 2637.473606][T20600] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2638.899629][T20625] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2638.962174][T20631] sctp: [Deprecated]: syz.0.37350 (pid 20631) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2638.962174][T20631] Use struct sctp_sack_info instead [ 2638.974859][T20629] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37349'. [ 2638.996312][T20629] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2640.389028][T20660] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2640.408733][T20667] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37364'. [ 2640.419428][T20667] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2643.652143][T32041] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2644.498207][T20738] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37398'. [ 2644.575808][T20738] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2644.621215][T20737] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2651.200693][T20823] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.37434'. [ 2651.214811][T20823] netlink: zone id is out of range [ 2651.220322][T20823] netlink: zone id is out of range [ 2651.241073][T20823] netlink: zone id is out of range [ 2651.251159][T20823] netlink: zone id is out of range [ 2651.266486][T20823] netlink: zone id is out of range [ 2651.272783][T20823] netlink: zone id is out of range [ 2651.281250][T20823] netlink: zone id is out of range [ 2651.288393][T20823] netlink: zone id is out of range [ 2651.293768][T20823] netlink: zone id is out of range [ 2651.299848][T20823] netlink: zone id is out of range [ 2652.157558][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2652.168065][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2653.362654][T20860] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.37451'. [ 2654.274588][T20873] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.37464'. [ 2657.383007][T20931] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.37478'. [ 2657.549483][T20934] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37479'. [ 2657.569079][T20933] net_ratelimit: 260 callbacks suppressed [ 2657.569120][T20933] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2657.625878][T20934] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2659.485554][T20965] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37490'. [ 2659.536468][T20965] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2659.549381][T20963] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2659.708688][T20967] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.37491'. [ 2660.959528][T20987] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.37497'. [ 2661.177232][T20991] netlink: 'syz.0.37500': attribute type 1 has an invalid length. [ 2661.185179][T20991] netlink: 'syz.0.37500': attribute type 4 has an invalid length. [ 2661.196447][T20991] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.37500'. [ 2661.353344][T20998] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.37505'. [ 2662.835633][T21019] netlink: 'syz.3.37513': attribute type 1 has an invalid length. [ 2662.845201][T21019] netlink: 'syz.3.37513': attribute type 4 has an invalid length. [ 2662.860407][T21019] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.37513'. [ 2663.428530][T21031] __sock_release: fasync list not empty! [ 2664.214551][T21050] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37531'. [ 2664.314462][T21049] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2664.495280][T21050] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2664.759102][T21054] netlink: 'syz.2.37524': attribute type 1 has an invalid length. [ 2664.770302][T21054] netlink: 'syz.2.37524': attribute type 4 has an invalid length. [ 2664.785463][T21054] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.37524'. [ 2666.141156][T21077] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37536'. [ 2666.154772][T21075] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2666.226904][T21077] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2667.417732][T21093] syzkaller0: entered promiscuous mode [ 2667.423288][T21093] syzkaller0: entered allmulticast mode [ 2667.943355][T21107] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.37546'. [ 2669.570829][T21130] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2669.805555][T21127] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.37556'. [ 2669.838134][T21135] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.37559'. [ 2669.896615][T21127] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2670.305246][T21145] netlink: 'syz.1.37563': attribute type 3 has an invalid length. [ 2670.344622][T21145] netlink: 132 bytes leftover after parsing attributes in process `syz.1.37563'. [ 2671.829146][T21163] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2671.879558][T21169] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.37572'. [ 2671.897607][T21169] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2672.725232][T21190] netlink: 'syz.2.37583': attribute type 3 has an invalid length. [ 2672.736372][T21190] netlink: 132 bytes leftover after parsing attributes in process `syz.2.37583'. [ 2673.007158][T21197] syzkaller0: entered promiscuous mode [ 2673.022188][T21197] syzkaller0: entered allmulticast mode [ 2673.140689][T21199] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.37585'. [ 2673.205538][T21199] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 2673.896704][T21198] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 2675.383026][T21221] netlink: 'syz.0.37595': attribute type 3 has an invalid length. [ 2675.416460][T21221] netlink: 132 bytes leftover after parsing attributes in process `syz.0.37595'. [ 2677.213489][ T51] Bluetooth: hci1: hcon ffff8880904f6000 sent 0 < count 16384 [ 2677.322879][T32041] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2677.592755][T21266] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.37618'. [ 2679.889979][T21307] netlink: 'syz.1.37634': attribute type 1 has an invalid length. [ 2679.913314][T21307] netlink: 'syz.1.37634': attribute type 4 has an invalid length. [ 2679.921900][T21307] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.37634'. [ 2680.000787][T21305] netlink: 'syz.3.37631': attribute type 3 has an invalid length. [ 2680.012513][T21305] netlink: 132 bytes leftover after parsing attributes in process `syz.3.37631'. [ 2680.794173][ T51] Bluetooth: hci3: hcon ffff888030dae000 sent 1 < count 16384 [ 2683.294234][T21367] netlink: 'syz.1.37660': attribute type 3 has an invalid length. [ 2683.327884][T21367] netlink: 132 bytes leftover after parsing attributes in process `syz.1.37660'. [ 2683.882008][T21381] netlink: 'syz.3.37665': attribute type 4 has an invalid length. [ 2683.898036][T21381] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.37665'. [ 2686.095240][T21417] netlink: 'syz.1.37679': attribute type 4 has an invalid length. [ 2686.136564][T21417] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.37679'. [ 2687.725932][T21451] netlink: 'syz.0.37690': attribute type 4 has an invalid length. [ 2687.763380][T21451] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.37690'. [ 2694.444863][T21627] netlink: 'syz.3.37767': attribute type 6 has an invalid length. [ 2694.464866][T21627] netlink: 212824 bytes leftover after parsing attributes in process `syz.3.37767'. [ 2696.683477][T21666] netlink: 'syz.2.37783': attribute type 6 has an invalid length. [ 2696.696326][T21666] netlink: 212824 bytes leftover after parsing attributes in process `syz.2.37783'. [ 2698.206027][T21696] netlink: 'syz.1.37796': attribute type 6 has an invalid length. [ 2698.229897][T21696] netlink: 212824 bytes leftover after parsing attributes in process `syz.1.37796'. [ 2708.420211][T21838] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.37854'. [ 2713.558028][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.564437][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2715.569944][T21948] syzkaller0: entered promiscuous mode [ 2715.575644][T21948] syzkaller0: entered allmulticast mode [ 2718.762137][T21966] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2724.541179][T22015] syzkaller0: entered promiscuous mode [ 2724.559963][T22015] syzkaller0: entered allmulticast mode [ 2726.430169][T22041] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2730.135230][T22079] syzkaller0: entered promiscuous mode [ 2730.150290][T22079] syzkaller0: entered allmulticast mode [ 2730.266384][T22085] syzkaller0: entered promiscuous mode [ 2730.271977][T22085] syzkaller0: entered allmulticast mode [ 2736.217113][T22128] __sock_release: fasync list not empty! [ 2736.865481][T22152] netlink: 'syz.3.37981': attribute type 29 has an invalid length. [ 2736.891861][T22152] netlink: 'syz.3.37981': attribute type 29 has an invalid length. [ 2736.909227][T22154] netlink: 'syz.3.37981': attribute type 29 has an invalid length. [ 2736.940417][T22152] netlink: 'syz.3.37981': attribute type 29 has an invalid length. [ 2736.963285][T22152] netlink: 'syz.3.37981': attribute type 29 has an invalid length. [ 2737.808653][T22165] syzkaller0: entered promiscuous mode [ 2737.868583][T22165] syzkaller0: entered allmulticast mode [ 2739.418312][T22187] __sock_release: fasync list not empty! [ 2741.313351][T22205] netlink: 'syz.2.38001': attribute type 29 has an invalid length. [ 2741.335810][T22205] netlink: 'syz.2.38001': attribute type 29 has an invalid length. [ 2741.352091][T22209] netlink: 'syz.2.38001': attribute type 29 has an invalid length. [ 2741.387450][T22205] netlink: 'syz.2.38001': attribute type 29 has an invalid length. [ 2741.425699][T22205] netlink: 'syz.2.38001': attribute type 29 has an invalid length. [ 2741.515119][T22214] __sock_release: fasync list not empty! [ 2742.805946][T22233] syzkaller0: entered promiscuous mode [ 2742.814612][T22233] syzkaller0: entered allmulticast mode [ 2743.110786][T22249] netlink: 'syz.1.38016': attribute type 29 has an invalid length. [ 2745.564591][T22249] netlink: 'syz.1.38016': attribute type 29 has an invalid length. [ 2746.090512][T22290] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.38032'. [ 2747.866659][T18518] Bluetooth: hci3: command 0x0406 tx timeout [ 2747.876536][ T51] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 2750.712577][T22375] netlink: 'syz.0.38075': attribute type 29 has an invalid length. [ 2750.737164][T22375] netlink: 'syz.0.38075': attribute type 29 has an invalid length. [ 2750.807724][T22375] netlink: 'syz.0.38075': attribute type 29 has an invalid length. [ 2750.828356][T22375] netlink: 'syz.0.38075': attribute type 29 has an invalid length. [ 2750.845348][T22375] netlink: 'syz.0.38075': attribute type 29 has an invalid length. [ 2751.253725][T22394] netlink: 'syz.0.38078': attribute type 10 has an invalid length. [ 2751.400872][T22394] team0: Port device virt_wifi0 added [ 2752.475773][T22402] netlink: 'syz.3.38082': attribute type 10 has an invalid length. [ 2752.487402][T22402] netlink: 40 bytes leftover after parsing attributes in process `syz.3.38082'. [ 2752.504547][T22402] veth0_vlan: left promiscuous mode [ 2752.524547][T22402] veth0_vlan: entered promiscuous mode [ 2752.560960][T22402] batman_adv: batadv0: Adding interface: veth0_vlan [ 2752.573814][T22402] batman_adv: batadv0: Interface activated: veth0_vlan [ 2753.093892][T22414] netlink: 'syz.3.38086': attribute type 29 has an invalid length. [ 2753.151522][T22414] netlink: 'syz.3.38086': attribute type 29 has an invalid length. [ 2753.209305][T22417] netlink: 'syz.3.38086': attribute type 29 has an invalid length. [ 2755.175733][T22437] netlink: 40 bytes leftover after parsing attributes in process `syz.2.38095'. [ 2755.186974][T22437] veth0_vlan: left promiscuous mode [ 2755.200642][T22437] veth0_vlan: entered promiscuous mode [ 2755.239628][T22437] batman_adv: batadv0: Adding interface: veth0_vlan [ 2755.247330][T22437] batman_adv: batadv0: Interface activated: veth0_vlan [ 2757.429283][T22469] validate_nla: 3 callbacks suppressed [ 2757.429325][T22469] netlink: 'syz.1.38109': attribute type 10 has an invalid length. [ 2757.449018][T22469] netlink: 40 bytes leftover after parsing attributes in process `syz.1.38109'. [ 2757.461112][T22469] veth0_vlan: left promiscuous mode [ 2757.478489][T22469] veth0_vlan: entered promiscuous mode [ 2757.531979][T22469] batman_adv: batadv0: Adding interface: veth0_vlan [ 2757.545064][T22469] batman_adv: batadv0: Interface activated: veth0_vlan [ 2757.935191][T22480] netlink: 'syz.3.38112': attribute type 29 has an invalid length. [ 2757.968915][T22480] netlink: 'syz.3.38112': attribute type 29 has an invalid length. [ 2757.979840][T22481] netlink: 'syz.3.38112': attribute type 29 has an invalid length. [ 2758.017067][T22480] netlink: 'syz.3.38112': attribute type 29 has an invalid length. [ 2758.036908][T22480] netlink: 'syz.3.38112': attribute type 29 has an invalid length. [ 2759.763268][T22502] netlink: 'syz.0.38122': attribute type 10 has an invalid length. [ 2759.788724][T22502] netlink: 40 bytes leftover after parsing attributes in process `syz.0.38122'. [ 2759.806985][T22502] veth0_vlan: left promiscuous mode [ 2759.821223][T22502] veth0_vlan: entered promiscuous mode [ 2759.844185][T22502] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2760.147647][T22512] netlink: 'syz.1.38127': attribute type 29 has an invalid length. [ 2760.182730][T22512] netlink: 'syz.1.38127': attribute type 29 has an invalid length. [ 2760.207932][T22513] netlink: 'syz.1.38127': attribute type 29 has an invalid length. [ 2761.974050][T22527] netlink: 40 bytes leftover after parsing attributes in process `syz.0.38135'. [ 2761.992010][T22527] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2762.031947][T22531] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38137'. [ 2762.053769][T22531] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2762.083593][T22531] CPU: 0 PID: 22531 Comm: syz.1.38137 Not tainted syzkaller #0 [ 2762.091248][T22531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2762.101362][T22531] Call Trace: [ 2762.104696][T22531] [ 2762.107702][T22531] dump_stack_lvl+0x18c/0x250 [ 2762.112469][T22531] ? show_regs_print_info+0x20/0x20 [ 2762.117736][T22531] ? load_image+0x420/0x420 [ 2762.122326][T22531] sysfs_warn_dup+0x8e/0xa0 [ 2762.126897][T22531] sysfs_do_create_link_sd+0xc0/0x110 [ 2762.132346][T22531] device_add_class_symlinks+0x1cf/0x240 [ 2762.138054][T22531] device_add+0x507/0xc50 [ 2762.142482][T22531] wiphy_register+0x1dad/0x2ae0 [ 2762.147476][T22531] ? cfg80211_event_work+0x40/0x40 [ 2762.152657][T22531] ? minstrel_ht_alloc+0x88a/0x990 [ 2762.157844][T22531] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2762.163994][T22531] ieee80211_register_hw+0x3464/0x4250 [ 2762.169553][T22531] ? ieee80211_tasklet_handler+0x20/0x20 [ 2762.175252][T22531] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2762.181226][T22531] ? __debug_object_init+0xec/0x450 [ 2762.186515][T22531] ? __asan_memset+0x22/0x40 [ 2762.191181][T22531] ? __hrtimer_init+0x186/0x270 [ 2762.196113][T22531] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2762.201941][T22531] ? mac80211_hwsim_free+0x220/0x220 [ 2762.207291][T22531] ? rcu_is_watching+0x15/0xb0 [ 2762.212123][T22531] ? kstrndup+0xbd/0x140 [ 2762.216461][T22531] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2762.221650][T22531] ? __nla_validate+0x50/0x50 [ 2762.226417][T22531] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2762.232873][T22531] ? __nla_parse+0x40/0x50 [ 2762.237368][T22531] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2762.243772][T22531] genl_family_rcv_msg_doit+0x211/0x310 [ 2762.249389][T22531] ? end_current_label_crit_section+0x170/0x170 [ 2762.255699][T22531] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2762.261665][T22531] ? bpf_lsm_capable+0x9/0x10 [ 2762.266409][T22531] ? security_capable+0x89/0xb0 [ 2762.271344][T22531] genl_rcv_msg+0x619/0x7a0 [ 2762.275929][T22531] ? genl_bind+0x360/0x360 [ 2762.280418][T22531] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2762.286819][T22531] ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0 [ 2762.293476][T22531] ? ref_tracker_free+0x690/0x840 [ 2762.298576][T22531] netlink_rcv_skb+0x241/0x4d0 [ 2762.303407][T22531] ? genl_bind+0x360/0x360 [ 2762.307906][T22531] ? netlink_ack+0x1180/0x1180 [ 2762.312757][T22531] ? __lock_acquire+0x7d40/0x7d40 [ 2762.317851][T22531] ? down_read+0x1ac/0x2e0 [ 2762.322350][T22531] genl_rcv+0x28/0x40 [ 2762.326387][T22531] netlink_unicast+0x751/0x8d0 [ 2762.331220][T22531] netlink_sendmsg+0x8d0/0xbf0 [ 2762.336056][T22531] ? netlink_getsockopt+0x590/0x590 [ 2762.341320][T22531] ? aa_sock_msg_perm+0x94/0x150 [ 2762.346322][T22531] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2762.351682][T22531] ? security_socket_sendmsg+0x80/0xa0 [ 2762.357231][T22531] ? netlink_getsockopt+0x590/0x590 [ 2762.362503][T22531] ____sys_sendmsg+0x5ba/0x960 [ 2762.367346][T22531] ? __asan_memset+0x22/0x40 [ 2762.372010][T22531] ? __sys_sendmsg_sock+0x30/0x30 [ 2762.377101][T22531] ? __import_iovec+0x5f2/0x850 [ 2762.382014][T22531] ? import_iovec+0x73/0xa0 [ 2762.386575][T22531] ___sys_sendmsg+0x2a6/0x360 [ 2762.391322][T22531] ? __sys_sendmsg+0x2a0/0x2a0 [ 2762.396212][T22531] __se_sys_sendmsg+0x1c2/0x2b0 [ 2762.401135][T22531] ? __x64_sys_sendmsg+0x80/0x80 [ 2762.406162][T22531] ? lockdep_hardirqs_on+0x98/0x150 [ 2762.411433][T22531] do_syscall_64+0x55/0xb0 [ 2762.415923][T22531] ? clear_bhb_loop+0x40/0x90 [ 2762.420656][T22531] ? clear_bhb_loop+0x40/0x90 [ 2762.425395][T22531] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2762.431361][T22531] RIP: 0033:0x7f9873f9ce59 [ 2762.435874][T22531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2762.455536][T22531] RSP: 002b:00007f9874db0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2762.464049][T22531] RAX: ffffffffffffffda RBX: 00007f9874215fa0 RCX: 00007f9873f9ce59 [ 2762.472079][T22531] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 2762.480108][T22531] RBP: 00007f9874032d6f R08: 0000000000000000 R09: 0000000000000000 [ 2762.488137][T22531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2762.496160][T22531] R13: 00007f9874216038 R14: 00007f9874215fa0 R15: 00007fff407c11b8 [ 2762.504203][T22531] [ 2765.398773][T22562] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.38149'. [ 2765.781236][T22564] netlink: 132 bytes leftover after parsing attributes in process `syz.1.38150'. [ 2766.299272][T22580] validate_nla: 3 callbacks suppressed [ 2766.299293][T22580] netlink: 'syz.0.38157': attribute type 21 has an invalid length. [ 2766.320744][T22580] netlink: 'syz.0.38157': attribute type 16 has an invalid length. [ 2766.329195][T22580] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.38157'. [ 2766.474695][T22589] netlink: 132 bytes leftover after parsing attributes in process `syz.0.38161'. [ 2767.379540][T22618] netlink: 'syz.3.38171': attribute type 21 has an invalid length. [ 2767.394996][T22618] netlink: 'syz.3.38171': attribute type 16 has an invalid length. [ 2767.403534][T22618] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.38171'. [ 2767.527836][T22622] netlink: 132 bytes leftover after parsing attributes in process `syz.2.38174'. [ 2768.593902][T22644] netlink: 'syz.1.38184': attribute type 21 has an invalid length. [ 2768.606430][T22644] netlink: 'syz.1.38184': attribute type 16 has an invalid length. [ 2768.622221][T22644] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.38184'. [ 2768.786425][T22650] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38186'. [ 2768.808201][T22650] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2768.831683][T22650] CPU: 1 PID: 22650 Comm: syz.0.38186 Not tainted syzkaller #0 [ 2768.839326][T22650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2768.849437][T22650] Call Trace: [ 2768.852788][T22650] [ 2768.855781][T22650] dump_stack_lvl+0x18c/0x250 [ 2768.860539][T22650] ? show_regs_print_info+0x20/0x20 [ 2768.865803][T22650] ? load_image+0x420/0x420 [ 2768.870392][T22650] sysfs_warn_dup+0x8e/0xa0 [ 2768.874936][T22650] sysfs_do_create_link_sd+0xc0/0x110 [ 2768.880335][T22650] device_add_class_symlinks+0x1cf/0x240 [ 2768.886030][T22650] device_add+0x507/0xc50 [ 2768.890434][T22650] wiphy_register+0x1dad/0x2ae0 [ 2768.895371][T22650] ? cfg80211_event_work+0x40/0x40 [ 2768.900549][T22650] ? minstrel_ht_alloc+0x88a/0x990 [ 2768.905733][T22650] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2768.911878][T22650] ieee80211_register_hw+0x3464/0x4250 [ 2768.917433][T22650] ? ieee80211_tasklet_handler+0x20/0x20 [ 2768.923165][T22650] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2768.929135][T22650] ? __debug_object_init+0xec/0x450 [ 2768.934404][T22650] ? __asan_memset+0x22/0x40 [ 2768.939058][T22650] ? __hrtimer_init+0x186/0x270 [ 2768.943978][T22650] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2768.949778][T22650] ? mac80211_hwsim_free+0x220/0x220 [ 2768.955105][T22650] ? rcu_is_watching+0x15/0xb0 [ 2768.959905][T22650] ? kstrndup+0xbd/0x140 [ 2768.964200][T22650] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2768.969382][T22650] ? __nla_validate+0x50/0x50 [ 2768.974113][T22650] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2768.980496][T22650] ? __nla_parse+0x40/0x50 [ 2768.984946][T22650] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2768.991320][T22650] genl_family_rcv_msg_doit+0x211/0x310 [ 2768.996905][T22650] ? end_current_label_crit_section+0x170/0x170 [ 2769.003183][T22650] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2769.009378][T22650] ? bpf_lsm_capable+0x9/0x10 [ 2769.014092][T22650] ? security_capable+0x89/0xb0 [ 2769.018986][T22650] genl_rcv_msg+0x619/0x7a0 [ 2769.023527][T22650] ? genl_bind+0x360/0x360 [ 2769.027969][T22650] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2769.034341][T22650] netlink_rcv_skb+0x241/0x4d0 [ 2769.039132][T22650] ? genl_bind+0x360/0x360 [ 2769.043577][T22650] ? netlink_ack+0x1180/0x1180 [ 2769.048378][T22650] ? __lock_acquire+0x7d40/0x7d40 [ 2769.053444][T22650] ? down_read+0x1ac/0x2e0 [ 2769.057904][T22650] genl_rcv+0x28/0x40 [ 2769.061918][T22650] netlink_unicast+0x751/0x8d0 [ 2769.066734][T22650] netlink_sendmsg+0x8d0/0xbf0 [ 2769.071558][T22650] ? netlink_getsockopt+0x590/0x590 [ 2769.076830][T22650] ? aa_sock_msg_perm+0x94/0x150 [ 2769.081819][T22650] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2769.087154][T22650] ? security_socket_sendmsg+0x80/0xa0 [ 2769.092668][T22650] ? netlink_getsockopt+0x590/0x590 [ 2769.097908][T22650] ____sys_sendmsg+0x5ba/0x960 [ 2769.102713][T22650] ? __asan_memset+0x22/0x40 [ 2769.107340][T22650] ? __sys_sendmsg_sock+0x30/0x30 [ 2769.112394][T22650] ? __import_iovec+0x5f2/0x850 [ 2769.117291][T22650] ? import_iovec+0x73/0xa0 [ 2769.121829][T22650] ___sys_sendmsg+0x2a6/0x360 [ 2769.126545][T22650] ? __sys_sendmsg+0x2a0/0x2a0 [ 2769.131389][T22650] __se_sys_sendmsg+0x1c2/0x2b0 [ 2769.136279][T22650] ? __x64_sys_sendmsg+0x80/0x80 [ 2769.141264][T22650] ? lockdep_hardirqs_on+0x98/0x150 [ 2769.146508][T22650] do_syscall_64+0x55/0xb0 [ 2769.150952][T22650] ? clear_bhb_loop+0x40/0x90 [ 2769.155656][T22650] ? clear_bhb_loop+0x40/0x90 [ 2769.160366][T22650] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2769.166302][T22650] RIP: 0033:0x7f910799ce59 [ 2769.170744][T22650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2769.190384][T22650] RSP: 002b:00007f9108846028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2769.198834][T22650] RAX: ffffffffffffffda RBX: 00007f9107c15fa0 RCX: 00007f910799ce59 [ 2769.206838][T22650] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 2769.214858][T22650] RBP: 00007f9107a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 2769.222860][T22650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2769.230852][T22650] R13: 00007f9107c16038 R14: 00007f9107c15fa0 R15: 00007fff9bcd6f68 [ 2769.238873][T22650] [ 2769.468577][T22657] netlink: 132 bytes leftover after parsing attributes in process `syz.3.38187'. [ 2770.496076][T22680] netlink: 'syz.2.38195': attribute type 21 has an invalid length. [ 2770.523263][T22680] netlink: 'syz.2.38195': attribute type 16 has an invalid length. [ 2770.543410][T22680] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.38195'. [ 2773.839131][T22755] netlink: 'syz.3.38231': attribute type 21 has an invalid length. [ 2773.850943][T22755] netlink: 'syz.3.38231': attribute type 10 has an invalid length. [ 2773.860303][T22755] netlink: 'syz.3.38231': attribute type 12 has an invalid length. [ 2773.870138][T22755] netlink: 'syz.3.38231': attribute type 13 has an invalid length. [ 2773.881486][T22755] netlink: 'syz.3.38231': attribute type 14 has an invalid length. [ 2773.891980][T22755] netlink: 'syz.3.38231': attribute type 15 has an invalid length. [ 2773.902360][T22755] netlink: 'syz.3.38231': attribute type 16 has an invalid length. [ 2773.913239][T22755] netlink: 'syz.3.38231': attribute type 19 has an invalid length. [ 2773.923011][T22755] netlink: 'syz.3.38231': attribute type 21 has an invalid length. [ 2773.934969][T22755] netlink: 'syz.3.38231': attribute type 22 has an invalid length. [ 2773.945372][T22755] netlink: 12226 bytes leftover after parsing attributes in process `syz.3.38231'. [ 2774.991717][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2774.998217][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2775.915895][ T51] Bluetooth: Frame is too long (len 149, expected len 4) [ 2777.853694][ T51] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 2781.512927][ T51] Bluetooth: Frame is too long (len 149, expected len 4) [ 2781.886906][T22863] @ÿ: renamed from bond_slave_0 (while UP) [ 2782.178370][T22867] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.38280'. [ 2787.135441][T22958] @ÿ: renamed from bond_slave_0 (while UP) [ 2789.467781][T23007] validate_nla: 1 callbacks suppressed [ 2789.467800][T23007] netlink: 'syz.1.38344': attribute type 10 has an invalid length. [ 2789.898476][T23019] syzkaller0: entered promiscuous mode [ 2789.904248][T23019] syzkaller0: entered allmulticast mode [ 2790.755897][T23023] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2795.557402][T23057] netlink: 'syz.1.38361': attribute type 29 has an invalid length. [ 2795.565149][T23059] netlink: 'syz.3.38360': attribute type 10 has an invalid length. [ 2795.601513][T23057] netlink: 'syz.1.38361': attribute type 29 has an invalid length. [ 2795.621959][T23062] netlink: 'syz.1.38361': attribute type 29 has an invalid length. [ 2795.661123][T23057] netlink: 'syz.1.38361': attribute type 29 has an invalid length. [ 2795.688795][T23057] netlink: 'syz.1.38361': attribute type 29 has an invalid length. [ 2795.747843][T23057] netlink: 'syz.1.38361': attribute type 29 has an invalid length. [ 2799.475545][T23094] netlink: 'syz.3.38377': attribute type 29 has an invalid length. [ 2799.485886][T23096] netlink: 'syz.0.38375': attribute type 10 has an invalid length. [ 2799.522469][T23094] netlink: 'syz.3.38377': attribute type 29 has an invalid length. [ 2801.044154][T23125] netlink: 830 bytes leftover after parsing attributes in process `syz.1.38388'. [ 2801.109594][T23127] validate_nla: 4 callbacks suppressed [ 2801.109615][T23127] netlink: 'syz.2.38390': attribute type 10 has an invalid length. [ 2801.285294][T23135] netlink: 'syz.0.38391': attribute type 29 has an invalid length. [ 2801.297518][T23135] netlink: 'syz.0.38391': attribute type 29 has an invalid length. [ 2801.321674][T23135] netlink: 'syz.0.38391': attribute type 29 has an invalid length. [ 2801.356800][T23135] netlink: 'syz.0.38391': attribute type 29 has an invalid length. [ 2801.386080][T23135] netlink: 'syz.0.38391': attribute type 29 has an invalid length. [ 2801.439162][T23135] netlink: 'syz.0.38391': attribute type 29 has an invalid length. [ 2802.141876][T23137] netlink: 'syz.2.38403': attribute type 10 has an invalid length. [ 2803.779735][T23156] syz.2.38402[23156] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2803.780114][T23156] syz.2.38402[23156] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2806.348671][T23188] syz.0.38414[23188] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2806.364564][T23188] syz.0.38414[23188] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2806.721467][T23202] netlink: 48 bytes leftover after parsing attributes in process `syz.2.38429'. [ 2806.790471][T23202] bridge0: port 1(bridge_slave_0) entered disabled state [ 2807.156258][T23211] netlink: 'syz.2.38424': attribute type 2 has an invalid length. [ 2807.189686][T23211] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38424'. [ 2809.648123][T23219] syz.3.38427[23219] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2809.648494][T23219] syz.3.38427[23219] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2809.759918][ T51] Bluetooth: hci2: unexpected subevent 0x06 length: 150 > 10 [ 2809.779141][ T51] Bluetooth: min 0 < 6 [ 2811.792571][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 2812.047478][T23260] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.38443'. [ 2813.213141][ T51] Bluetooth: hci1: unexpected subevent 0x06 length: 150 > 10 [ 2813.357992][T23294] netlink: 48 bytes leftover after parsing attributes in process `syz.1.38458'. [ 2813.389449][T23294] bridge0: port 1(bridge_slave_0) entered disabled state [ 2814.152859][ T51] Bluetooth: hci0: unexpected subevent 0x06 length: 150 > 10 [ 2815.226674][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 2815.796810][T23342] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38477'. [ 2816.187923][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 2816.962862][T23327] netlink: 48 bytes leftover after parsing attributes in process `syz.0.38469'. [ 2817.811085][T23362] netlink: 'syz.0.38493': attribute type 2 has an invalid length. [ 2817.823212][T23362] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38493'. [ 2818.257570][T23377] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38490'. [ 2818.935359][T23393] netlink: 'syz.3.38500': attribute type 2 has an invalid length. [ 2818.963301][T23393] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38500'. [ 2819.250525][ T51] Bluetooth: hci2: unexpected event 0x08 length: 151 > 4 [ 2821.264535][T23429] netlink: 'syz.1.38513': attribute type 2 has an invalid length. [ 2821.305763][T23429] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38513'. [ 2821.887504][T23448] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.38521'. [ 2821.897236][T23448] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2822.913785][T23459] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.38533'. [ 2822.958389][T23459] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2823.313212][T23469] netlink: 'syz.3.38527': attribute type 2 has an invalid length. [ 2823.346525][T23469] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38527'. [ 2823.956091][T23487] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.38537'. [ 2823.986766][T23487] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2826.021821][T23505] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.38545'. [ 2828.876939][ T51] Bluetooth: hci3: unexpected event 0x07 length: 15 < 255 [ 2829.138353][T23553] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.38564'. [ 2829.648906][T23566] netlink: 'syz.0.38569': attribute type 4 has an invalid length. [ 2829.657142][T23566] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38569'. [ 2829.965693][ T51] Bluetooth: hci2: unexpected event 0x07 length: 15 < 255 [ 2830.484561][T23592] netlink: 'syz.3.38582': attribute type 4 has an invalid length. [ 2830.496254][T23592] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38582'. [ 2831.318840][ T51] Bluetooth: hci1: unexpected event 0x07 length: 15 < 255 [ 2832.453121][T23623] netlink: 'syz.2.38594': attribute type 4 has an invalid length. [ 2832.483791][T23623] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38594'. [ 2832.618867][T23633] netlink: 2220 bytes leftover after parsing attributes in process `syz.2.38598'. [ 2832.685829][T23637] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.38599'. [ 2836.431857][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2836.444009][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2839.333177][T23739] netlink: 2220 bytes leftover after parsing attributes in process `syz.1.38635'. [ 2840.950246][T23761] netlink: 2220 bytes leftover after parsing attributes in process `syz.3.38647'. [ 2841.202020][T23770] netlink: 'syz.1.38657': attribute type 4 has an invalid length. [ 2841.213082][T23770] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38657'. [ 2841.694120][T23784] netlink: 'syz.1.38664': attribute type 4 has an invalid length. [ 2841.714430][T23784] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38664'. [ 2843.433713][T23809] netlink: 'syz.0.38666': attribute type 4 has an invalid length. [ 2843.468281][T23809] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38666'. [ 2844.902177][T23836] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.38677'. [ 2845.060956][T23840] netlink: 'syz.0.38679': attribute type 4 has an invalid length. [ 2845.077076][T23840] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38679'. [ 2848.310487][T23868] syzkaller0: entered promiscuous mode [ 2848.316044][T23868] syzkaller0: entered allmulticast mode [ 2848.323971][T23868] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 65487 [ 2848.411435][T23870] netlink: 'syz.0.38693': attribute type 4 has an invalid length. [ 2848.421508][T23870] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38693'. [ 2848.450232][T23872] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.38694'. [ 2850.966634][T23900] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.38706'. [ 2851.208941][T23911] netlink: 'syz.2.38720': attribute type 2 has an invalid length. [ 2851.222925][T23911] netlink: 'syz.2.38720': attribute type 1 has an invalid length. [ 2851.233172][T23911] netlink: 198036 bytes leftover after parsing attributes in process `syz.2.38720'. [ 2851.364684][T23915] netlink: 'syz.2.38711': attribute type 4 has an invalid length. [ 2851.376330][T23915] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38711'. [ 2854.264052][T23932] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.38717'. [ 2854.425161][T23938] netlink: 'syz.1.38722': attribute type 2 has an invalid length. [ 2854.440008][T23938] netlink: 'syz.1.38722': attribute type 1 has an invalid length. [ 2854.449014][T23938] netlink: 198036 bytes leftover after parsing attributes in process `syz.1.38722'. [ 2854.465230][T23940] netlink: 'syz.3.38725': attribute type 4 has an invalid length. [ 2854.480300][T23940] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.38725'. [ 2855.123063][T23951] netlink: 'syz.2.38736': attribute type 4 has an invalid length. [ 2855.141056][T23951] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.38736'. [ 2855.334798][T23957] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.38731'. [ 2855.860053][T23969] netlink: 'syz.1.38746': attribute type 4 has an invalid length. [ 2855.880564][T23969] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38746'. [ 2855.923364][T23971] netlink: 'syz.3.38735': attribute type 2 has an invalid length. [ 2855.931920][T23971] netlink: 'syz.3.38735': attribute type 1 has an invalid length. [ 2855.940501][T23971] netlink: 198036 bytes leftover after parsing attributes in process `syz.3.38735'. [ 2858.903510][T23984] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.38744'. [ 2859.078794][T23999] sctp: [Deprecated]: syz.1.38750 (pid 23999) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2859.078794][T23999] Use struct sctp_sack_info instead [ 2859.102683][T23998] netlink: 'syz.0.38751': attribute type 4 has an invalid length. [ 2859.111220][T23998] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.38751'. [ 2859.253665][T24004] netlink: 'syz.0.38752': attribute type 2 has an invalid length. [ 2859.263113][T24004] netlink: 'syz.0.38752': attribute type 1 has an invalid length. [ 2859.279149][T24004] netlink: 198036 bytes leftover after parsing attributes in process `syz.0.38752'. [ 2859.400481][T24005] team0: Device vxcan1 is of different type [ 2861.647808][T24037] syz.3.38769: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 2861.678549][T24037] CPU: 0 PID: 24037 Comm: syz.3.38769 Not tainted syzkaller #0 [ 2861.686213][T24037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2861.696435][T24037] Call Trace: [ 2861.699773][T24037] [ 2861.702809][T24037] dump_stack_lvl+0x18c/0x250 [ 2861.707559][T24037] ? show_regs_print_info+0x20/0x20 [ 2861.712867][T24037] ? load_image+0x420/0x420 [ 2861.717469][T24037] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2861.723956][T24037] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 2861.730519][T24037] warn_alloc+0x246/0x340 [ 2861.734952][T24037] ? stack_trace_save+0xaa/0x100 [ 2861.739959][T24037] ? zone_watermark_ok_safe+0x230/0x230 [ 2861.745589][T24037] ? kasan_set_track+0x5f/0x70 [ 2861.750465][T24037] ? kasan_set_track+0x4e/0x70 [ 2861.755295][T24037] ? __kasan_kmalloc+0x8f/0xa0 [ 2861.760123][T24037] ? xsk_init_queue+0xad/0x100 [ 2861.764969][T24037] ? xsk_setsockopt+0x4e5/0x760 [ 2861.769875][T24037] ? do_sock_setsockopt+0x175/0x1a0 [ 2861.775140][T24037] ? __x64_sys_setsockopt+0x182/0x200 [ 2861.780599][T24037] __vmalloc_node_range+0x126/0x1330 [ 2861.785983][T24037] ? free_vm_area+0x50/0x50 [ 2861.790573][T24037] vmalloc_user+0x74/0x80 [ 2861.795001][T24037] ? xskq_create+0xbf/0x170 [ 2861.799559][T24037] xskq_create+0xbf/0x170 [ 2861.803956][T24037] xsk_init_queue+0xad/0x100 [ 2861.808634][T24037] xsk_setsockopt+0x4e5/0x760 [ 2861.813373][T24037] ? xsk_poll+0x680/0x680 [ 2861.817761][T24037] ? __fget_files+0x28/0x4b0 [ 2861.822440][T24037] ? __fget_files+0x28/0x4b0 [ 2861.827104][T24037] ? aa_sock_opt_perm+0x74/0x100 [ 2861.832191][T24037] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 2861.837828][T24037] ? security_socket_setsockopt+0x7e/0xa0 [ 2861.843613][T24037] ? xsk_poll+0x680/0x680 [ 2861.847994][T24037] do_sock_setsockopt+0x175/0x1a0 [ 2861.853100][T24037] ? __fdget+0x180/0x210 [ 2861.857533][T24037] __x64_sys_setsockopt+0x182/0x200 [ 2861.862810][T24037] do_syscall_64+0x55/0xb0 [ 2861.867310][T24037] ? clear_bhb_loop+0x40/0x90 [ 2861.872042][T24037] ? clear_bhb_loop+0x40/0x90 [ 2861.876788][T24037] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2861.882778][T24037] RIP: 0033:0x7ff8f359ce59 [ 2861.887251][T24037] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2861.906917][T24037] RSP: 002b:00007ff8f44d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2861.915428][T24037] RAX: ffffffffffffffda RBX: 00007ff8f3815fa0 RCX: 00007ff8f359ce59 [ 2861.923486][T24037] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 2861.931539][T24037] RBP: 00007ff8f3632d6f R08: 0000000000000004 R09: 0000000000000000 [ 2861.939569][T24037] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 2861.947604][T24037] R13: 00007ff8f3816038 R14: 00007ff8f3815fa0 R15: 00007ffc3d82e2d8 [ 2861.955676][T24037] [ 2861.988319][T24037] Mem-Info: [ 2862.091448][T24037] active_anon:23977 inactive_anon:0 isolated_anon:0 [ 2862.091448][T24037] active_file:18628 inactive_file:41047 isolated_file:0 [ 2862.091448][T24037] unevictable:768 dirty:205 writeback:0 [ 2862.091448][T24037] slab_reclaimable:10840 slab_unreclaimable:100047 [ 2862.091448][T24037] mapped:24007 shmem:1361 pagetables:547 [ 2862.091448][T24037] sec_pagetables:0 bounce:0 [ 2862.091448][T24037] kernel_misc_reclaimable:0 [ 2862.091448][T24037] free:1315041 free_pcp:11486 free_cma:0 [ 2862.236527][T24037] Node 0 active_anon:96036kB inactive_anon:0kB active_file:74512kB inactive_file:163988kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96060kB dirty:860kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9972kB pagetables:2320kB sec_pagetables:0kB all_unreclaimable? no [ 2862.295013][T24037] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 2862.353157][T24037] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2862.389172][T24037] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 2862.395435][T24037] Node 0 DMA32 free:1353140kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:95996kB inactive_anon:0kB active_file:74512kB inactive_file:163164kB unevictable:1536kB writepending:860kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:25124kB local_pcp:17472kB free_cma:0kB [ 2862.436424][T24037] lowmem_reserve[]: 0 0 0 0 0 [ 2862.452811][T24037] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2862.650464][T24037] lowmem_reserve[]: 0 0 0 0 0 [ 2862.673223][T24037] Node 1 Normal free:3891660kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22036kB local_pcp:13216kB free_cma:0kB [ 2862.773647][T24037] lowmem_reserve[]: 0 0 0 0 0 [ 2862.792257][T24037] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2862.869517][T24037] Node 0 DMA32: 131*4kB (UM) 765*8kB (UME) 592*16kB (UME) 814*32kB (UME) 1768*64kB (UME) 758*128kB (UME) 370*256kB (UME) 163*512kB (UME) 95*1024kB (UME) 17*2048kB (UM) 193*4096kB (UM) = 1353140kB [ 2862.935326][T24037] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 2862.969922][T24037] Node 1 Normal: 77*4kB (UME) 61*8kB (UME) 33*16kB (UME) 61*32kB (UME) 20*64kB (UME) 8*128kB (UME) 2*256kB (ME) 1*512kB (E) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3891660kB [ 2862.996416][T24037] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2863.006068][T24037] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2863.038049][T24037] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2863.047870][T24037] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2863.067742][T24037] 61087 total pagecache pages [ 2863.072801][T24037] 0 pages in swap cache [ 2863.083109][T24037] Free swap = 124996kB [ 2863.097919][T24037] Total swap = 124996kB [ 2863.102185][T24037] 2097051 pages RAM [ 2863.124611][T24037] 0 pages HighMem/MovableOnly [ 2863.134855][T24037] 416933 pages reserved [ 2863.148362][T24037] 0 pages cma reserved [ 2864.547272][T24079] validate_nla: 1 callbacks suppressed [ 2864.547338][T24079] netlink: 'syz.1.38783': attribute type 10 has an invalid length. [ 2865.134018][T24079] team0: Device vxcan1 is of different type [ 2865.370841][T24086] netlink: 'syz.0.38793': attribute type 33 has an invalid length. [ 2865.381640][T24086] netlink: 40 bytes leftover after parsing attributes in process `syz.0.38793'. [ 2867.489474][T24112] netlink: 'syz.0.38797': attribute type 10 has an invalid length. [ 2867.639812][T24112] team0: Device vxcan1 is of different type [ 2869.875028][T24154] netlink: 'syz.3.38813': attribute type 10 has an invalid length. [ 2870.210431][T24154] team0: Device vxcan1 is of different type [ 2872.293883][T24176] syzkaller0: entered promiscuous mode [ 2875.081551][T24204] netlink: 'syz.1.38835': attribute type 10 has an invalid length. [ 2875.117402][T24204] team0: Device vxcan1 is of different type [ 2876.748280][T24220] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.38841'. [ 2877.230550][T24235] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.38848'. [ 2877.253176][T24235] netlink: zone id is out of range [ 2877.268610][T24235] netlink: zone id is out of range [ 2877.282801][T24235] netlink: zone id is out of range [ 2877.292076][T24235] netlink: zone id is out of range [ 2877.302080][T24235] netlink: zone id is out of range [ 2877.310294][T24235] netlink: zone id is out of range [ 2877.321845][T24235] netlink: zone id is out of range [ 2877.381374][T24235] netlink: zone id is out of range [ 2877.410116][T24235] netlink: zone id is out of range [ 2877.424539][T24235] netlink: zone id is out of range [ 2877.457783][T24239] netlink: 'syz.0.38850': attribute type 10 has an invalid length. [ 2877.471978][T24239] team0: Device vxcan1 is of different type [ 2879.168316][T24251] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.38856'. [ 2879.397563][T24259] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.38860'. [ 2879.950927][T24271] netlink: 'syz.0.38865': attribute type 10 has an invalid length. [ 2880.112143][T24271] team0: Device vxcan1 is of different type [ 2881.960025][T24287] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.38869'. [ 2882.182612][T24294] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.38873'. [ 2882.334996][T24297] netlink: 'syz.3.38877': attribute type 10 has an invalid length. [ 2882.369075][T24297] team0: Device vxcan1 is of different type [ 2882.559530][ T51] Bluetooth: hci0: unknown advertising packet type: 0x80 [ 2882.622070][ T51] Bluetooth: hci2: unexpected event 0x05 length: 151 > 4 [ 2882.825604][T24314] netlink: 'syz.3.38892': attribute type 10 has an invalid length. [ 2882.951997][T24314] team0: Device vxcan1 is of different type [ 2884.788067][T24330] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.38887'. [ 2884.817557][T24330] net_ratelimit: 332 callbacks suppressed [ 2884.817634][T24330] netlink: zone id is out of range [ 2884.845773][T24330] netlink: zone id is out of range [ 2884.865948][T24330] netlink: zone id is out of range [ 2884.874681][T24330] netlink: zone id is out of range [ 2884.891047][T24330] netlink: zone id is out of range [ 2884.915767][T24330] netlink: zone id is out of range [ 2884.929221][T24330] netlink: zone id is out of range [ 2884.943367][T24330] netlink: zone id is out of range [ 2884.954194][T24330] netlink: zone id is out of range [ 2884.976405][T24330] netlink: zone id is out of range [ 2885.192747][T24345] netlink: 'syz.3.38896': attribute type 10 has an invalid length. [ 2885.221476][T24345] team0: Device vxcan1 is of different type [ 2885.965660][T24363] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.38906'. [ 2886.224663][ T51] Bluetooth: hci0: unexpected event 0x05 length: 151 > 4 [ 2886.747227][ T51] Bluetooth: hci3: unknown advertising packet type: 0x80 [ 2889.027692][T12540] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 2889.728242][ T51] Bluetooth: hci3: unexpected event 0x05 length: 151 > 4 [ 2889.745302][T24398] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.38920'. [ 2890.189774][T12540] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 2891.627136][T12540] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 2891.793772][T24418] netlink: 'syz.2.38930': attribute type 10 has an invalid length. [ 2891.823296][T24418] bridge0: port 2(bridge_slave_1) entered disabled state [ 2891.865835][T24418] bridge_slave_1: left allmulticast mode [ 2891.872903][T24418] bridge0: port 2(bridge_slave_1) entered disabled state [ 2891.920161][T24418] bridge_slave_1: entered allmulticast mode [ 2891.938694][T24418] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 2891.984187][T24420] netlink: 'syz.3.38931': attribute type 10 has an invalid length. [ 2892.010294][T24420] team0: Device vxcan1 is of different type [ 2893.704122][ T51] Bluetooth: hci1: unexpected event 0x05 length: 151 > 4 [ 2895.069774][T24453] netlink: 212912 bytes leftover after parsing attributes in process `syz.1.38944'. [ 2895.109726][T24457] netlink: 'syz.3.38947': attribute type 1 has an invalid length. [ 2895.114840][T24453] net_ratelimit: 332 callbacks suppressed [ 2895.114885][T24453] openvswitch: netlink: Key type 4112 is out of range max 32 [ 2895.139059][T24457] netlink: 63743 bytes leftover after parsing attributes in process `syz.3.38947'. [ 2897.322286][T24481] netlink: 212912 bytes leftover after parsing attributes in process `syz.2.38957'. [ 2897.342602][T24481] openvswitch: netlink: Key type 4112 is out of range max 32 [ 2897.614252][ T51] Bluetooth: hci0: unexpected event 0x05 length: 151 > 4 [ 2897.788192][T24497] netlink: 'syz.2.38964': attribute type 10 has an invalid length. [ 2897.847288][T24497] team0: Device vxcan1 is of different type [ 2897.871244][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2897.882399][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2899.711444][T24519] netlink: 212912 bytes leftover after parsing attributes in process `syz.0.38971'. [ 2899.788073][T24519] openvswitch: netlink: Key type 4112 is out of range max 32 [ 2900.331889][ T51] Bluetooth: hci1: unexpected event 0x05 length: 151 > 4 [ 2900.423337][ T51] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 2901.695593][ T51] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 2902.446845][ T51] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 2902.506416][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 2903.706716][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 2904.506529][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 2905.955802][T24631] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.39024'. [ 2909.506677][T24659] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.39027'. [ 2914.100394][ T51] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 2916.012105][T24724] veth0_vlan: left promiscuous mode [ 2916.036655][T24724] vlan0: entered allmulticast mode [ 2916.056226][T24724] veth0_vlan: entered allmulticast mode [ 2916.250279][ T51] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2916.259031][ T51] Bluetooth: hci3: Invalid handle: 0x5393 > 0x0eff [ 2919.300529][T24753] Bluetooth: hci3: unexpected event 0x3c length: 151 > 7 [ 2919.308769][T24764] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.39068'. [ 2919.502540][T24753] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 2919.510191][T24753] Bluetooth: hci2: Invalid handle: 0x5393 > 0x0eff [ 2919.521542][T24768] vlan0: entered allmulticast mode [ 2919.528245][T24768] veth0_vlan: entered allmulticast mode [ 2919.696855][T24771] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 2919.704790][T24771] Bluetooth: hci0: Invalid handle: 0x5393 > 0x0eff [ 2919.902114][T24771] Bluetooth: hci3: unexpected event 0x32 length: 15 > 9 [ 2920.006484][T24786] netlink: 152 bytes leftover after parsing attributes in process `syz.2.39075'. [ 2920.062960][T24790] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.39078'. [ 2920.186881][T24771] Bluetooth: hci0: command 0x0406 tx timeout [ 2920.297227][T18518] Bluetooth: hci0: unexpected event 0x3c length: 151 > 7 [ 2922.949598][T24804] vlan0: entered allmulticast mode [ 2922.964787][T24804] veth0_vlan: entered allmulticast mode [ 2923.224094][T18518] Bluetooth: hci1: unexpected event 0x32 length: 15 > 9 [ 2923.243070][T24821] netlink: 152 bytes leftover after parsing attributes in process `syz.3.39091'. [ 2923.493545][T18518] Bluetooth: hci1: unexpected event 0x3c length: 151 > 7 [ 2923.915847][T18518] Bluetooth: hci0: unexpected event 0x32 length: 15 > 9 [ 2930.174540][T24915] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.39130'. [ 2930.320518][T24917] syzkaller0: entered promiscuous mode [ 2930.326874][T24917] syzkaller0: entered allmulticast mode [ 2934.867912][T24964] netlink: 134736 bytes leftover after parsing attributes in process `syz.1.39149'. [ 2936.247919][T25002] netlink: 134736 bytes leftover after parsing attributes in process `syz.2.39162'. [ 2936.331820][T25000] syzkaller0: entered promiscuous mode [ 2936.349020][T25000] syzkaller0: entered allmulticast mode [ 2939.453670][T25041] netlink: 134736 bytes leftover after parsing attributes in process `syz.3.39175'. [ 2940.236056][T25051] syzkaller0: entered promiscuous mode [ 2940.262605][T25051] syzkaller0: entered allmulticast mode [ 2943.286908][T25079] batman_adv: The newly added mac address (00:20:10:00:00:00) already exists on: veth0_vlan [ 2943.302229][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2943.316561][T25079] batman_adv: The newly added mac address (00:20:10:00:00:00) already exists on: veth0_vlan [ 2943.333162][T25079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2943.391671][T25082] netlink: 134736 bytes leftover after parsing attributes in process `syz.0.39188'. [ 2944.478356][T25099] syzkaller0: entered promiscuous mode [ 2944.484311][T25099] syzkaller0: entered allmulticast mode [ 2944.494199][T18518] Bluetooth: hci2: unexpected event 0x01 length: 151 > 1 [ 2945.057207][T25114] netlink: 134736 bytes leftover after parsing attributes in process `syz.0.39204'. [ 2948.460172][T25143] netlink: 184 bytes leftover after parsing attributes in process `syz.2.39215'. [ 2951.630474][T18518] Bluetooth: hci0: unexpected event 0x01 length: 151 > 1 [ 2951.827875][T25159] batman_adv: The newly added mac address (00:20:10:00:00:00) already exists on: veth0_vlan [ 2951.846357][T25159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2951.857324][T25159] batman_adv: The newly added mac address (00:20:10:00:00:00) already exists on: veth0_vlan [ 2951.876276][T25159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2952.195209][T25186] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.39233'. [ 2952.235335][T25186] netlink: del zone limit has 8 unknown bytes [ 2953.894501][T25202] batman_adv: The newly added mac address (00:20:10:00:00:00) already exists on: veth0_vlan [ 2953.972860][T25202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2954.053521][T25202] batman_adv: The newly added mac address (00:20:10:00:00:00) already exists on: veth0_vlan [ 2954.103605][T25202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2954.523183][T25208] netlink: 'syz.0.39240': attribute type 10 has an invalid length. [ 2954.595372][T25208] team0: Device veth1_vlan failed to register rx_handler [ 2955.015646][T25215] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.39243'. [ 2955.047552][T25215] netlink: del zone limit has 8 unknown bytes [ 2957.870338][T25239] syzkaller0: entered promiscuous mode [ 2957.886561][T25239] syzkaller0: entered allmulticast mode [ 2959.310133][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 2959.330597][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 2960.254994][T25249] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.39261'. [ 2960.499434][T25258] netlink: 'syz.0.39263': attribute type 10 has an invalid length. [ 2960.585670][T25258] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 2960.613721][T25258] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 2963.945439][T25269] ªªªªªª: renamed from vlan0 [ 2964.232149][T25299] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.39283'. [ 2968.100133][T25332] ªªªªªª: renamed from vlan0 [ 2968.394140][T25343] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.39297'. [ 2973.727948][T25369] syzkaller0: entered promiscuous mode [ 2973.733508][T25369] syzkaller0: entered allmulticast mode [ 2973.814781][T25373] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.39315'. [ 2975.429348][T25415] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.39335'. [ 2977.392392][T25460] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.39352'. [ 2978.530293][T25486] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.39369'. [ 2978.693038][T25488] ================================================================== [ 2978.701254][T25488] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900 [ 2978.709187][T25488] Write of size 32 at addr ffff88807d273990 by task syz.2.39368/25488 [ 2978.717387][T25488] [ 2978.719820][T25488] CPU: 1 PID: 25488 Comm: syz.2.39368 Not tainted syzkaller #0 [ 2978.727447][T25488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2978.737546][T25488] Call Trace: [ 2978.740871][T25488] [ 2978.743838][T25488] dump_stack_lvl+0x18c/0x250 [ 2978.748626][T25488] ? __lock_acquire+0x7d40/0x7d40 [ 2978.753711][T25488] ? show_regs_print_info+0x20/0x20 [ 2978.758966][T25488] ? load_image+0x420/0x420 [ 2978.763511][T25488] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 2978.769040][T25488] ? __virt_addr_valid+0x18c/0x540 [ 2978.774252][T25488] ? __virt_addr_valid+0x469/0x540 [ 2978.779415][T25488] print_report+0xa8/0x210 [ 2978.783891][T25488] ? __bpf_get_stackid+0x6bf/0x900 [ 2978.789050][T25488] kasan_report+0x117/0x150 [ 2978.793606][T25488] ? __bpf_get_stackid+0x6bf/0x900 [ 2978.798819][T25488] kasan_check_range+0x241/0x290 [ 2978.803822][T25488] ? __bpf_get_stackid+0x6bf/0x900 [ 2978.808999][T25488] __asan_memcpy+0x40/0x70 [ 2978.813465][T25488] __bpf_get_stackid+0x6bf/0x900 [ 2978.818476][T25488] bpf_get_stackid_pe+0x2f0/0x410 [ 2978.823563][T25488] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 2978.829133][T25488] bpf_overflow_handler+0x1fc/0x510 [ 2978.834426][T25488] ? bpf_overflow_handler+0xde/0x510 [ 2978.839778][T25488] ? tp_perf_event_destroy+0x20/0x20 [ 2978.845140][T25488] ? mark_lock+0x94/0x320 [ 2978.849519][T25488] ? __perf_event_account_interrupt+0x187/0x280 [ 2978.855812][T25488] __perf_event_overflow+0x447/0x630 [ 2978.861158][T25488] perf_swevent_overflow+0x268/0x340 [ 2978.866496][T25488] ? perf_event_switch_output+0x790/0x790 [ 2978.872275][T25488] ? rcu_is_watching+0x15/0xb0 [ 2978.877097][T25488] perf_swevent_event+0x45c/0x570 [ 2978.882174][T25488] ? perf_tp_event+0x1520/0x1520 [ 2978.887156][T25488] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2978.893106][T25488] ? _raw_spin_unlock+0x40/0x40 [ 2978.898049][T25488] ___perf_sw_event+0x4a7/0x730 [ 2978.902947][T25488] ? ___perf_sw_event+0x199/0x730 [ 2978.908033][T25488] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 2978.914495][T25488] ? task_mm_cid_work+0x31d/0x770 [ 2978.919610][T25488] ? perf_trace_preemptirq_template+0xac/0x330 [ 2978.925876][T25488] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 2978.931899][T25488] ? _raw_spin_unlock_irq+0x23/0x50 [ 2978.937155][T25488] ? lock_chain_count+0x20/0x20 [ 2978.942048][T25488] __perf_sw_event+0x139/0x270 [ 2978.946860][T25488] do_user_addr_fault+0x123e/0x12c0 [ 2978.952119][T25488] ? rcu_is_watching+0x15/0xb0 [ 2978.956935][T25488] exc_page_fault+0x64/0x100 [ 2978.961572][T25488] ? clear_bhb_loop+0x40/0x90 [ 2978.966300][T25488] asm_exc_page_fault+0x26/0x30 [ 2978.971297][T25488] RIP: 0033:0x7fff343e4a21 [ 2978.975756][T25488] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 2978.995410][T25488] RSP: 002b:00007fab544adff0 EFLAGS: 00010206 [ 2979.001534][T25488] RAX: 0025a864dcbb95f8 RBX: 00007fff343e00b0 RCX: 0000000000000018 [ 2979.009547][T25488] RDX: 00000000268f6b8e RSI: 00007fab544ae0b0 RDI: 7fffffffffffffff [ 2979.017594][T25488] RBP: 00007fab544ae030 R08: 0000000000000ba2 R09: 0000000000745d1e [ 2979.025621][T25488] R10: 000005f7a651a7f1 R11: 000000000008ee0c R12: 0000000000000010 [ 2979.033674][T25488] R13: 00007fab53816038 R14: 00007fff343e0080 R15: 000000000008ee0c [ 2979.041706][T25488] [ 2979.044760][T25488] [ 2979.047120][T25488] Allocated by task 25488: [ 2979.051656][T25488] kasan_set_track+0x4e/0x70 [ 2979.056297][T25488] __kasan_kmalloc+0x8f/0xa0 [ 2979.060944][T25488] __kmalloc_node+0xb4/0x230 [ 2979.065588][T25488] bpf_map_area_alloc+0x5e/0x110 [ 2979.070583][T25488] prealloc_elems_and_freelist+0x86/0x1c0 [ 2979.076367][T25488] stack_map_alloc+0x33a/0x4c0 [ 2979.081190][T25488] map_create+0x877/0x12f0 [ 2979.085653][T25488] __sys_bpf+0x651/0x890 [ 2979.089946][T25488] __x64_sys_bpf+0x7c/0x90 [ 2979.094412][T25488] do_syscall_64+0x55/0xb0 [ 2979.098876][T25488] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2979.104821][T25488] [ 2979.107180][T25488] Last potentially related work creation: [ 2979.112936][T25488] kasan_save_stack+0x3e/0x60 [ 2979.117661][T25488] __kasan_record_aux_stack+0xaf/0xc0 [ 2979.123100][T25488] kvfree_call_rcu+0xee/0x790 [ 2979.127828][T25488] sock_map_remove_links+0x4c6/0x5a0 [ 2979.133269][T25488] sock_map_close+0x18f/0x3c0 [ 2979.138024][T25488] unix_release+0x82/0xc0 [ 2979.142430][T25488] sock_close+0xbd/0x230 [ 2979.146723][T25488] __fput+0x234/0x970 [ 2979.150751][T25488] task_work_run+0x1d4/0x260 [ 2979.155406][T25488] exit_to_user_mode_loop+0xe6/0x110 [ 2979.160753][T25488] exit_to_user_mode_prepare+0xee/0x180 [ 2979.166380][T25488] syscall_exit_to_user_mode+0x1a/0x50 [ 2979.171900][T25488] do_syscall_64+0x61/0xb0 [ 2979.176357][T25488] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2979.182307][T25488] [ 2979.184697][T25488] Second to last potentially related work creation: [ 2979.191393][T25488] kasan_save_stack+0x3e/0x60 [ 2979.196117][T25488] __kasan_record_aux_stack+0xaf/0xc0 [ 2979.201538][T25488] call_rcu+0x153/0x950 [ 2979.205755][T25488] nf_unregister_net_hooks+0xcb/0x130 [ 2979.211314][T25488] setup_net+0x7e7/0xa30 [ 2979.215630][T25488] copy_net_ns+0x36d/0x5e0 [ 2979.220087][T25488] create_new_namespaces+0x3d3/0x6f0 [ 2979.225416][T25488] copy_namespaces+0x430/0x4a0 [ 2979.230227][T25488] copy_process+0x1724/0x3dc0 [ 2979.234955][T25488] kernel_clone+0x24b/0x8a0 [ 2979.239500][T25488] __x64_sys_clone+0x1b7/0x230 [ 2979.244313][T25488] do_syscall_64+0x55/0xb0 [ 2979.248790][T25488] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2979.254730][T25488] [ 2979.257085][T25488] The buggy address belongs to the object at ffff88807d273980 [ 2979.257085][T25488] which belongs to the cache kmalloc-cg-64 of size 64 [ 2979.271353][T25488] The buggy address is located 16 bytes inside of [ 2979.271353][T25488] allocated 40-byte region [ffff88807d273980, ffff88807d2739a8) [ 2979.285443][T25488] [ 2979.287807][T25488] The buggy address belongs to the physical page: [ 2979.294273][T25488] page:ffffea0001f49cc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d273 [ 2979.304461][T25488] memcg:ffff888078918401 [ 2979.308743][T25488] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 2979.316326][T25488] page_type: 0xffffffff() [ 2979.320703][T25488] raw: 00fff00000000800 ffff888017c4da00 ffffea00019009c0 dead000000000002 [ 2979.329331][T25488] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff888078918401 [ 2979.337943][T25488] page dumped because: kasan: bad access detected [ 2979.344400][T25488] page_owner tracks the page as allocated [ 2979.350151][T25488] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5780, tgid 5780 (syz-executor), ts 1309949900296, free_ts 1309949454796 [ 2979.368778][T25488] post_alloc_hook+0x1c1/0x200 [ 2979.373584][T25488] get_page_from_freelist+0x1951/0x19e0 [ 2979.379186][T25488] __alloc_pages+0x1f0/0x460 [ 2979.383802][T25488] alloc_slab_page+0x5d/0x160 [ 2979.388519][T25488] new_slab+0x87/0x2d0 [ 2979.392617][T25488] ___slab_alloc+0xc5d/0x12f0 [ 2979.397329][T25488] __kmem_cache_alloc_node+0x19e/0x250 [ 2979.402821][T25488] kmalloc_trace+0x2a/0xe0 [ 2979.407268][T25488] alloc_fdtable+0xca/0x2c0 [ 2979.411800][T25488] dup_fd+0x786/0xa50 [ 2979.415806][T25488] copy_files+0xc3/0x120 [ 2979.420065][T25488] copy_process+0x15ab/0x3dc0 [ 2979.424764][T25488] kernel_clone+0x24b/0x8a0 [ 2979.429295][T25488] __x64_sys_clone+0x1b7/0x230 [ 2979.434084][T25488] do_syscall_64+0x55/0xb0 [ 2979.438527][T25488] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2979.444452][T25488] page last free stack trace: [ 2979.449139][T25488] free_unref_page_prepare+0x7b2/0x8c0 [ 2979.454627][T25488] free_unref_page+0x32/0x2e0 [ 2979.459338][T25488] vfree+0x1a6/0x320 [ 2979.463261][T25488] do_ip6t_get_ctl+0xf21/0x1210 [ 2979.468293][T25488] nf_getsockopt+0x262/0x280 [ 2979.472905][T25488] ipv6_getsockopt+0x226/0x2e0 [ 2979.477740][T25488] do_sock_getsockopt+0x379/0x450 [ 2979.482790][T25488] __x64_sys_getsockopt+0x1d6/0x280 [ 2979.488012][T25488] do_syscall_64+0x55/0xb0 [ 2979.492451][T25488] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2979.498376][T25488] [ 2979.500725][T25488] Memory state around the buggy address: [ 2979.506381][T25488] ffff88807d273880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2979.514473][T25488] ffff88807d273900: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 2979.522553][T25488] >ffff88807d273980: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 2979.530631][T25488] ^ [ 2979.536030][T25488] ffff88807d273a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2979.544114][T25488] ffff88807d273a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2979.552191][T25488] ================================================================== [ 2979.560284][T25488] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 2979.567493][T25488] CPU: 1 PID: 25488 Comm: syz.2.39368 Not tainted syzkaller #0 [ 2979.575063][T25488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2979.585137][T25488] Call Trace: [ 2979.588442][T25488] [ 2979.591399][T25488] dump_stack_lvl+0x18c/0x250 [ 2979.596111][T25488] ? show_regs_print_info+0x20/0x20 [ 2979.601352][T25488] ? load_image+0x420/0x420 [ 2979.605898][T25488] panic+0x2dc/0x730 [ 2979.609846][T25488] ? __lock_acquire+0x7d40/0x7d40 [ 2979.614910][T25488] ? bpf_jit_dump+0xd0/0xd0 [ 2979.619457][T25488] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2979.625446][T25488] ? _raw_spin_unlock+0x40/0x40 [ 2979.630329][T25488] ? __bpf_get_stackid+0x6bf/0x900 [ 2979.635468][T25488] check_panic_on_warn+0x84/0xa0 [ 2979.640436][T25488] ? __bpf_get_stackid+0x6bf/0x900 [ 2979.645574][T25488] end_report+0x6f/0x130 [ 2979.649842][T25488] kasan_report+0x128/0x150 [ 2979.654369][T25488] ? __bpf_get_stackid+0x6bf/0x900 [ 2979.659504][T25488] kasan_check_range+0x241/0x290 [ 2979.664488][T25488] ? __bpf_get_stackid+0x6bf/0x900 [ 2979.669624][T25488] __asan_memcpy+0x40/0x70 [ 2979.674079][T25488] __bpf_get_stackid+0x6bf/0x900 [ 2979.679041][T25488] bpf_get_stackid_pe+0x2f0/0x410 [ 2979.684113][T25488] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 2979.689595][T25488] bpf_overflow_handler+0x1fc/0x510 [ 2979.694822][T25488] ? bpf_overflow_handler+0xde/0x510 [ 2979.700138][T25488] ? tp_perf_event_destroy+0x20/0x20 [ 2979.705453][T25488] ? mark_lock+0x94/0x320 [ 2979.709811][T25488] ? __perf_event_account_interrupt+0x187/0x280 [ 2979.716082][T25488] __perf_event_overflow+0x447/0x630 [ 2979.721398][T25488] perf_swevent_overflow+0x268/0x340 [ 2979.726712][T25488] ? perf_event_switch_output+0x790/0x790 [ 2979.732465][T25488] ? rcu_is_watching+0x15/0xb0 [ 2979.737262][T25488] perf_swevent_event+0x45c/0x570 [ 2979.742306][T25488] ? perf_tp_event+0x1520/0x1520 [ 2979.747269][T25488] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2979.753200][T25488] ? _raw_spin_unlock+0x40/0x40 [ 2979.758083][T25488] ___perf_sw_event+0x4a7/0x730 [ 2979.762961][T25488] ? ___perf_sw_event+0x199/0x730 [ 2979.768008][T25488] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 2979.774449][T25488] ? task_mm_cid_work+0x31d/0x770 [ 2979.779515][T25488] ? perf_trace_preemptirq_template+0xac/0x330 [ 2979.785705][T25488] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 2979.791713][T25488] ? _raw_spin_unlock_irq+0x23/0x50 [ 2979.796941][T25488] ? lock_chain_count+0x20/0x20 [ 2979.801821][T25488] __perf_sw_event+0x139/0x270 [ 2979.806628][T25488] do_user_addr_fault+0x123e/0x12c0 [ 2979.811862][T25488] ? rcu_is_watching+0x15/0xb0 [ 2979.816674][T25488] exc_page_fault+0x64/0x100 [ 2979.821294][T25488] ? clear_bhb_loop+0x40/0x90 [ 2979.825996][T25488] asm_exc_page_fault+0x26/0x30 [ 2979.830876][T25488] RIP: 0033:0x7fff343e4a21 [ 2979.835310][T25488] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 2979.854940][T25488] RSP: 002b:00007fab544adff0 EFLAGS: 00010206 [ 2979.861051][T25488] RAX: 0025a864dcbb95f8 RBX: 00007fff343e00b0 RCX: 0000000000000018 [ 2979.869048][T25488] RDX: 00000000268f6b8e RSI: 00007fab544ae0b0 RDI: 7fffffffffffffff [ 2979.877052][T25488] RBP: 00007fab544ae030 R08: 0000000000000ba2 R09: 0000000000745d1e [ 2979.885040][T25488] R10: 000005f7a651a7f1 R11: 000000000008ee0c R12: 0000000000000010 [ 2979.893032][T25488] R13: 00007fab53816038 R14: 00007fff343e0080 R15: 000000000008ee0c [ 2979.901043][T25488] [ 2979.904676][T25488] Kernel Offset: disabled [ 2979.909013][T25488] Rebooting in 86400 seconds..