last executing test programs: 5.248279057s ago: executing program 2 (id=23541): perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43e1bd74, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open$cgroup(&(0x7f0000000000)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_config_ext={0x8000401, 0x9f04}, 0x64c0, 0x98ca, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2000040}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd63"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb11, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x40000000}, 0x48) 3.946281088s ago: executing program 2 (id=23551): r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1190e95fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f540df0099bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a202304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee610be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3e12933410b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485f6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2e12ad99012a2e01ce79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd729fda6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f13dff7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe50151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa332482e6137e994d3f5259b7f51544cdc6d8cb4becc20dd3a57545b0c2621e4c5f94a23f73ee02c22ee7e27c2cc491a85947baac523c347c9b9ede5d6265997f2ad6e9719aafdb323988e62b7ec84545cd63b7a7"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/189, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x2e}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x2) r2 = socket$kcm(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x5, 0x40000000000071a}, 0x5000, 0x0, 0x0, 0x0, 0x80000000000000, 0x2000a, 0xbabe, 0x0, 0x103}, 0xffffffffffffffff, 0xfffffffffffffff9, 0xffffffffffffffff, 0x9) setsockopt$sock_attach_bpf(r2, 0x29, 0x23, &(0x7f0000000040), 0xcf) sendmsg$kcm(r2, &(0x7f0000001240)={&(0x7f0000000940)=@generic={0xa, "8ab77fa26849ff263ef30c98b353011a5990650042e2dacdc165ececece6be1862e2adacd2737d00ad6f9fa9f3d7145e15dd9fb1a7adc211220963ad5def53b911ba5b9da13641f982757012a7496de0b3a36f5849f260c603dbc317f54b901ee80ea6132ca6e88c776553e1833052ca376304313c5637786a36a4b83857"}, 0x80, 0x0}, 0x0) socket$kcm(0x29, 0x2, 0x0) 3.660889996s ago: executing program 2 (id=23555): bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) mkdirat$cgroup(r0, &(0x7f0000000780)='syz1\x00', 0x1ff) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x108b84, 0x40000004, 0xfffffffd, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x400000000001, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000e95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000000040)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003402e60000000000000b94dcf5c0461c1d67f6f94007134cf6ee08021a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x60044084) 3.478426913s ago: executing program 2 (id=23556): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000810000087b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 3.421882294s ago: executing program 2 (id=23558): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa7, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r1, &(0x7f0000000080)={'some', 0x20, 0x2000000008, 0x20, 0x10000000fffff}, 0x2f) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_pressure(r2, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r3, &(0x7f0000000080)={'some', 0x20, 0x2000000008, 0x20, 0x10000000fffff}, 0x2f) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000017000000bca30000000000002403000040feffff6b0af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000061140800000000001d430000000000007a0a00fe0000001f6114100000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff6194732827a58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f37382000000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a2271d96c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b0200780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca78fa04d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b78825d5ed789711b77d40dc31e0b8fc651b45559da463f00000000000000005bae7859839f856e7a397913eec7977f6231c5f11849b3deabc60c5ccf240d16924eb760a969813be02a229c674045b88915518a17b683268f10358e1c0b20cfc2bd105e5e1db7fed951b8faf126267bb38b8d356f63d3433d3dee643503a8ba4968adf6673f720c474ecf324d989235f1b52aacfe52e4519af87b7e1594728d6d6fff1248e72d5b1b1b692b2b732f0f2ac0714079fd7bf97bf2b5687d1db91daa5210d09ebe66d00ff4f35143be01585e629d408f2d00a0a290db76adc5f57e160b2c188bb1ecc4e7d2948788e4f9c1bcaf91dac53a2f525f7385d5d82728b5217908748f4c22b6d797b5bbeb61411f88ee1554a78306fe"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x5, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48) 2.741516155s ago: executing program 2 (id=23570): r0 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20000, 0x0, 0x0, 0x0, 0x0, 0xda}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0xc920000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x9}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff274, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) syz_clone(0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.308724738s ago: executing program 0 (id=23565): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, 0x0, &(0x7f0000000c00)='GPL\x00'}, 0x94) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x9e4, 0x5, 0x8, 0x20005, 0xfffd, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x120) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {}, {0x280000, 0x4, 0x10009, 0xc}], 0x10, 0xfffffff6}, 0x94) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 2.302291129s ago: executing program 1 (id=23574): perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x513, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x202, 0x0, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) gettid() socket$kcm(0x15, 0x5, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b81, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x9, 0x9, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x21, 0x2, 0xa) setsockopt$sock_attach_bpf(r0, 0x110, 0x2, &(0x7f00000000c0), 0x4) 2.292677999s ago: executing program 3 (id=23566): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 2.112030385s ago: executing program 1 (id=23567): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x7}]}, 0x0, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000001800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xc, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xfe367, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="06000000040000001810000089"], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=""/103, &(0x7f0000000600), &(0x7f0000000500), 0x80, r3, 0x0, 0x7}, 0x38) 2.106667635s ago: executing program 3 (id=23568): bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000003800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3eb4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000ffffff0000000000000000851000000200000085000000070000009500000000000000"], 0x0, 0xfffffdff, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4044}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff000000000004000085100000020000008500000023"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') 1.895200751s ago: executing program 3 (id=23569): socket$kcm(0xa, 0x2, 0x0) socket$kcm(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000840)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x10440, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x2, 0x20000}, 0x102065, 0x0, 0x0, 0x3, 0x7, 0x1, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$inet(r1, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{0x0, 0xe0}], 0x1}, 0x0) 1.822664174s ago: executing program 1 (id=23571): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa7, 0x0, @perf_config_ext={0x0, 0x3}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r1, &(0x7f0000000080)={'some', 0x20, 0x2000000008, 0x20, 0x10000000fffff}, 0x2f) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_pressure(r2, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r3, &(0x7f0000000080)={'some', 0x20, 0x2000000008, 0x20, 0x10000000fffff}, 0x2f) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000017000000bca30000000000002403000040feffff6b0af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000061140800000000001d430000000000007a0a00fe0000001f6114100000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff6194732827a58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f37382000000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a2271d96c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b0200780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca78fa04d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b78825d5ed789711b77d40dc31e0b8fc651b45559da463f00000000000000005bae7859839f856e7a397913eec7977f6231c5f11849b3deabc60c5ccf240d16924eb760a969813be02a229c674045b88915518a17b683268f10358e1c0b20cfc2bd105e5e1db7fed951b8faf126267bb38b8d356f63d3433d3dee643503a8ba4968adf6673f720c474ecf324d989235f1b52aacfe52e4519af87b7e1594728d6d6fff1248e72d5b1b1b692b2b732f0f2ac0714079fd7bf97bf2b5687d1db91daa5210d09ebe66d00ff4f35143be01585e629d408f2d00a0a290db76adc5f57e160b2c188bb1ecc4e7d2948788e4f9c1bcaf91dac53a2f525f7385d5d82728b5217908748f4c22b6d797b5bbeb61411f88ee1554a78306fe"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x5, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48) 1.752163326s ago: executing program 0 (id=23580): bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000003800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3eb4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1809000000ffffff0000000000000000851000000200000085000000070000009500000000000000"], 0x0, 0xfffffdff, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}, 0x4044}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff000000000004000085100000020000008500000023"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00') syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') 1.62558795s ago: executing program 3 (id=23572): r0 = syz_clone(0x21904300, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000001c0)=r0, 0x12) syz_open_procfs$namespace(r0, &(0x7f0000000200)='ns/user\x00') bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000008c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x4}, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, 0x0) 1.481586974s ago: executing program 0 (id=23573): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00'}, 0x48) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f00000003c0)=r0}, 0x20) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000005000000850000002e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x3b) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r5}, &(0x7f0000000440), &(0x7f0000000480)=r6}, 0x20) sendmsg$inet(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x14) 1.325958099s ago: executing program 0 (id=23575): perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43e1bd74, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open$cgroup(&(0x7f0000000000)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_config_ext={0x8000401, 0x9f04}, 0x64c0, 0x98ca, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2000040}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd63"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb11, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x40000000}, 0x48) 1.325123949s ago: executing program 1 (id=23576): perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_config_ext={0x76, 0x1ef5}, 0x4001, 0x400, 0x98, 0x5, 0x2, 0xfffff271, 0xfff6, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = getpid() r1 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x9}, 0x19eb8, 0x4, 0x911, 0x0, 0x2, 0xfffff274, 0xfffc, 0x0, 0x0, 0x0, 0x20}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r0, r1, 0x0, 0x2, &(0x7f0000000240)=':\x00'}, 0x30) 1.172410704s ago: executing program 3 (id=23577): perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x513, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x202, 0x0, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) gettid() socket$kcm(0x15, 0x5, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b81, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x9, 0x9, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x21, 0x2, 0xa) setsockopt$sock_attach_bpf(r0, 0x110, 0x2, &(0x7f00000000c0), 0x4) 374.440129ms ago: executing program 1 (id=23578): r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x20a8, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0/file0\x00', 0x116) r2 = syz_clone(0x20900000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000003c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000005c0)=r2, 0x12) 188.720255ms ago: executing program 0 (id=23579): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 188.466935ms ago: executing program 3 (id=23581): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000bf0200000000000085000000cc000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x201, 0x20, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x440, 0x0, 0x7, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @initr0, @exit, @alu={0x6, 0x0, 0x13ac9d9a938af256, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, 0x0, 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xa19}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2000000}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='syzkaller\x00', 0x1, 0xe4, &(0x7f0000000040)=""/228, 0x41000, 0x3}, 0x94) 11.23548ms ago: executing program 1 (id=23582): perf_event_open(&(0x7f0000001c40)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x3f, 0x4, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="0000186df4b1768c36153d42", @ANYRES32, @ANYBLOB="0a3f000000a3f500950004000000010045"], 0x0}, 0x94) socketpair(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080)) 0s ago: executing program 0 (id=23583): r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) kernel console output (not intermixed with test programs): . [ 1637.571305][T15499] caif0: entered promiscuous mode [ 1637.579599][T15499] caif0: entered allmulticast mode [ 1637.585040][T15499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1638.037152][T15516] netlink: 'syz.0.19124': attribute type 10 has an invalid length. [ 1638.097722][T15516] team0: Port device ..ãc¤± added [ 1638.664053][T15544] netlink: 'syz.2.19139': attribute type 10 has an invalid length. [ 1638.707960][T15544] team0: Port device wlan1 added [ 1638.843460][T15549] netlink: 'syz.2.19141': attribute type 2 has an invalid length. [ 1638.861743][T15549] netlink: 'syz.2.19141': attribute type 8 has an invalid length. [ 1638.883342][T15549] netlink: 132 bytes leftover after parsing attributes in process `syz.2.19141'. [ 1639.311092][T15574] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.19151'. [ 1639.343749][T15574] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 1639.383185][T15577] netlink: 'syz.3.19154': attribute type 2 has an invalid length. [ 1639.393807][T15577] netlink: 'syz.3.19154': attribute type 8 has an invalid length. [ 1639.426275][T15577] netlink: 132 bytes leftover after parsing attributes in process `syz.3.19154'. [ 1639.565514][T15584] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.19165'. [ 1639.588704][T15584] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 1639.607869][T15584] CPU: 1 PID: 15584 Comm: syz.0.19165 Not tainted syzkaller #0 [ 1639.615503][T15584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1639.625681][T15584] Call Trace: [ 1639.628987][T15584] [ 1639.631964][T15584] dump_stack_lvl+0x18c/0x250 [ 1639.636705][T15584] ? show_regs_print_info+0x20/0x20 [ 1639.641920][T15584] ? load_image+0x420/0x420 [ 1639.646605][T15584] sysfs_warn_dup+0x8e/0xa0 [ 1639.651116][T15584] sysfs_do_create_link_sd+0xc0/0x110 [ 1639.656494][T15584] device_add_class_symlinks+0x1cf/0x240 [ 1639.662141][T15584] device_add+0x507/0xc50 [ 1639.666480][T15584] wiphy_register+0x1dad/0x2ae0 [ 1639.671352][T15584] ? cfg80211_event_work+0x40/0x40 [ 1639.676467][T15584] ? minstrel_ht_alloc+0x88a/0x990 [ 1639.681593][T15584] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 1639.687673][T15584] ieee80211_register_hw+0x3464/0x4250 [ 1639.693166][T15584] ? ieee80211_tasklet_handler+0x20/0x20 [ 1639.698804][T15584] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1639.704706][T15584] ? __debug_object_init+0xec/0x450 [ 1639.709920][T15584] ? __asan_memset+0x22/0x40 [ 1639.714953][T15584] ? __hrtimer_init+0x186/0x270 [ 1639.719843][T15584] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 1639.725595][T15584] ? mac80211_hwsim_free+0x220/0x220 [ 1639.730882][T15584] ? rcu_is_watching+0x15/0xb0 [ 1639.735655][T15584] ? kstrndup+0xbd/0x140 [ 1639.739950][T15584] hwsim_new_radio_nl+0xdc9/0x1a90 [ 1639.745074][T15584] ? __nla_validate+0x50/0x50 [ 1639.749853][T15584] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1639.756214][T15584] ? __nla_parse+0x40/0x50 [ 1639.760652][T15584] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 1639.767105][T15584] genl_family_rcv_msg_doit+0x211/0x310 [ 1639.772769][T15584] ? end_current_label_crit_section+0x170/0x170 [ 1639.779035][T15584] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 1639.784978][T15584] ? bpf_lsm_capable+0x9/0x10 [ 1639.789677][T15584] ? security_capable+0x89/0xb0 [ 1639.794543][T15584] genl_rcv_msg+0x619/0x7a0 [ 1639.799063][T15584] ? genl_bind+0x360/0x360 [ 1639.803480][T15584] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1639.809820][T15584] ? ref_tracker_free+0x690/0x840 [ 1639.814864][T15584] netlink_rcv_skb+0x241/0x4d0 [ 1639.819659][T15584] ? genl_bind+0x360/0x360 [ 1639.824102][T15584] ? netlink_ack+0x1180/0x1180 [ 1639.828914][T15584] ? __lock_acquire+0x7d40/0x7d40 [ 1639.833955][T15584] ? down_read+0x1ac/0x2e0 [ 1639.838408][T15584] genl_rcv+0x28/0x40 [ 1639.842487][T15584] netlink_unicast+0x751/0x8d0 [ 1639.847269][T15584] netlink_sendmsg+0x8d0/0xbf0 [ 1639.852052][T15584] ? netlink_getsockopt+0x590/0x590 [ 1639.857284][T15584] ? aa_sock_msg_perm+0x94/0x150 [ 1639.862583][T15584] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1639.867874][T15584] ? security_socket_sendmsg+0x80/0xa0 [ 1639.873332][T15584] ? netlink_getsockopt+0x590/0x590 [ 1639.878532][T15584] ____sys_sendmsg+0x5ba/0x960 [ 1639.883311][T15584] ? __asan_memset+0x22/0x40 [ 1639.887902][T15584] ? __sys_sendmsg_sock+0x30/0x30 [ 1639.892924][T15584] ? __import_iovec+0x5f2/0x850 [ 1639.897782][T15584] ? import_iovec+0x73/0xa0 [ 1639.902286][T15584] ___sys_sendmsg+0x2a6/0x360 [ 1639.907009][T15584] ? __sys_sendmsg+0x2a0/0x2a0 [ 1639.911801][T15584] ? debug_mutex_init+0x38/0x70 [ 1639.916675][T15584] __se_sys_sendmsg+0x1c2/0x2b0 [ 1639.921531][T15584] ? __x64_sys_sendmsg+0x80/0x80 [ 1639.926492][T15584] ? lockdep_hardirqs_on+0x98/0x150 [ 1639.931697][T15584] do_syscall_64+0x55/0xb0 [ 1639.936113][T15584] ? clear_bhb_loop+0x40/0x90 [ 1639.940793][T15584] ? clear_bhb_loop+0x40/0x90 [ 1639.945509][T15584] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1639.951522][T15584] RIP: 0033:0x7eff3d99ce59 [ 1639.955951][T15584] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1639.975923][T15584] RSP: 002b:00007eff3e81a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1639.984356][T15584] RAX: ffffffffffffffda RBX: 00007eff3dc15fa0 RCX: 00007eff3d99ce59 [ 1639.992418][T15584] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 1640.000391][T15584] RBP: 00007eff3da32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1640.008366][T15584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1640.016558][T15584] R13: 00007eff3dc16038 R14: 00007eff3dc15fa0 R15: 00007ffc653f4b68 [ 1640.024821][T15584] [ 1640.509495][T15607] netlink: 'syz.1.19168': attribute type 2 has an invalid length. [ 1640.535024][T15607] netlink: 'syz.1.19168': attribute type 8 has an invalid length. [ 1640.554047][T15607] netlink: 132 bytes leftover after parsing attributes in process `syz.1.19168'. [ 1640.779602][T15619] netlink: 'syz.1.19181': attribute type 2 has an invalid length. [ 1640.796542][T15619] netlink: 'syz.1.19181': attribute type 8 has an invalid length. [ 1640.808868][T15619] netlink: 132 bytes leftover after parsing attributes in process `syz.1.19181'. [ 1640.851102][T15621] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.19174'. [ 1640.863761][T15621] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 1641.355024][T15644] netlink: 132 bytes leftover after parsing attributes in process `syz.3.19186'. [ 1641.581778][T15646] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.19188'. [ 1641.626333][T15646] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 1641.634472][T15646] CPU: 1 PID: 15646 Comm: syz.2.19188 Not tainted syzkaller #0 [ 1641.642115][T15646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1641.652188][T15646] Call Trace: [ 1641.655470][T15646] [ 1641.658400][T15646] dump_stack_lvl+0x18c/0x250 [ 1641.663093][T15646] ? show_regs_print_info+0x20/0x20 [ 1641.668298][T15646] ? load_image+0x420/0x420 [ 1641.672815][T15646] sysfs_warn_dup+0x8e/0xa0 [ 1641.677323][T15646] sysfs_do_create_link_sd+0xc0/0x110 [ 1641.682694][T15646] device_add_class_symlinks+0x1cf/0x240 [ 1641.688353][T15646] device_add+0x507/0xc50 [ 1641.692711][T15646] wiphy_register+0x1dad/0x2ae0 [ 1641.697593][T15646] ? cfg80211_event_work+0x40/0x40 [ 1641.702711][T15646] ? minstrel_ht_alloc+0x88a/0x990 [ 1641.707836][T15646] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 1641.714087][T15646] ieee80211_register_hw+0x3464/0x4250 [ 1641.719576][T15646] ? ieee80211_tasklet_handler+0x20/0x20 [ 1641.725255][T15646] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1641.731340][T15646] ? __debug_object_init+0xec/0x450 [ 1641.736549][T15646] ? __asan_memset+0x22/0x40 [ 1641.741260][T15646] ? __hrtimer_init+0x186/0x270 [ 1641.746117][T15646] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 1641.751866][T15646] ? mac80211_hwsim_free+0x220/0x220 [ 1641.757160][T15646] ? rcu_is_watching+0x15/0xb0 [ 1641.762060][T15646] ? kstrndup+0xbd/0x140 [ 1641.766314][T15646] hwsim_new_radio_nl+0xdc9/0x1a90 [ 1641.771556][T15646] ? __nla_validate+0x50/0x50 [ 1641.776266][T15646] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1641.782609][T15646] ? __nla_parse+0x40/0x50 [ 1641.787129][T15646] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 1641.793465][T15646] genl_family_rcv_msg_doit+0x211/0x310 [ 1641.799035][T15646] ? end_current_label_crit_section+0x170/0x170 [ 1641.805397][T15646] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 1641.811338][T15646] ? bpf_lsm_capable+0x9/0x10 [ 1641.816075][T15646] ? security_capable+0x89/0xb0 [ 1641.820957][T15646] genl_rcv_msg+0x619/0x7a0 [ 1641.825476][T15646] ? genl_bind+0x360/0x360 [ 1641.829895][T15646] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1641.836273][T15646] ? ref_tracker_free+0x690/0x840 [ 1641.841408][T15646] netlink_rcv_skb+0x241/0x4d0 [ 1641.846240][T15646] ? genl_bind+0x360/0x360 [ 1641.850662][T15646] ? netlink_ack+0x1180/0x1180 [ 1641.855437][T15646] ? __lock_acquire+0x7d40/0x7d40 [ 1641.860476][T15646] ? down_read+0x1ac/0x2e0 [ 1641.864899][T15646] genl_rcv+0x28/0x40 [ 1641.868885][T15646] netlink_unicast+0x751/0x8d0 [ 1641.873658][T15646] netlink_sendmsg+0x8d0/0xbf0 [ 1641.878441][T15646] ? netlink_getsockopt+0x590/0x590 [ 1641.883646][T15646] ? aa_sock_msg_perm+0x94/0x150 [ 1641.888683][T15646] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1641.894058][T15646] ? security_socket_sendmsg+0x80/0xa0 [ 1641.899519][T15646] ? netlink_getsockopt+0x590/0x590 [ 1641.904734][T15646] ____sys_sendmsg+0x5ba/0x960 [ 1641.909509][T15646] ? __asan_memset+0x22/0x40 [ 1641.914110][T15646] ? __sys_sendmsg_sock+0x30/0x30 [ 1641.919159][T15646] ? __import_iovec+0x5f2/0x850 [ 1641.924014][T15646] ? import_iovec+0x73/0xa0 [ 1641.928696][T15646] ___sys_sendmsg+0x2a6/0x360 [ 1641.933388][T15646] ? __sys_sendmsg+0x2a0/0x2a0 [ 1641.938204][T15646] __se_sys_sendmsg+0x1c2/0x2b0 [ 1641.943171][T15646] ? __x64_sys_sendmsg+0x80/0x80 [ 1641.948150][T15646] ? lockdep_hardirqs_on+0x98/0x150 [ 1641.953449][T15646] do_syscall_64+0x55/0xb0 [ 1641.957869][T15646] ? clear_bhb_loop+0x40/0x90 [ 1641.962540][T15646] ? clear_bhb_loop+0x40/0x90 [ 1641.967220][T15646] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1641.973123][T15646] RIP: 0033:0x7f8a7c59ce59 [ 1641.977537][T15646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1641.997168][T15646] RSP: 002b:00007f8a7d433028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1642.005594][T15646] RAX: ffffffffffffffda RBX: 00007f8a7c815fa0 RCX: 00007f8a7c59ce59 [ 1642.013580][T15646] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 1642.021568][T15646] RBP: 00007f8a7c632d6f R08: 0000000000000000 R09: 0000000000000000 [ 1642.029552][T15646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1642.037526][T15646] R13: 00007f8a7c816038 R14: 00007f8a7c815fa0 R15: 00007ffeb2734a48 [ 1642.045509][T15646] [ 1642.373956][T15661] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.19196'. [ 1642.413915][T15665] skbuff: bad partial csum: csum=65535/127 headroom=178 headlen=65664 [ 1645.812701][T15682] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.19208'. [ 1645.920083][T15681] validate_nla: 2 callbacks suppressed [ 1645.920139][T15681] netlink: 'syz.3.19202': attribute type 10 has an invalid length. [ 1645.962854][T15681] netlink: 40 bytes leftover after parsing attributes in process `syz.3.19202'. [ 1645.999437][T15681] caif0: entered promiscuous mode [ 1646.021261][T15681] caif0: entered allmulticast mode [ 1646.046407][T15681] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1646.069388][T15686] netlink: 'syz.1.19203': attribute type 10 has an invalid length. [ 1646.104674][T15686] team0: Port device wlan1 added [ 1646.220745][T15698] netlink: 176 bytes leftover after parsing attributes in process `syz.1.19211'. [ 1649.602300][T15713] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.19216'. [ 1649.708611][T15720] netlink: 'syz.2.19220': attribute type 10 has an invalid length. [ 1649.722022][T15718] netlink: 'syz.1.19219': attribute type 10 has an invalid length. [ 1649.735506][T15718] netlink: 40 bytes leftover after parsing attributes in process `syz.1.19219'. [ 1649.782473][T15718] caif0: entered promiscuous mode [ 1649.796036][T15718] caif0: entered allmulticast mode [ 1649.803683][T15718] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1649.837311][T15726] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.19230'. [ 1649.853313][T15725] skbuff: bad partial csum: csum=65535/127 headroom=178 headlen=65664 [ 1650.371966][T15742] netlink: 'syz.1.19229': attribute type 1 has an invalid length. [ 1650.487541][T15744] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.19231'. [ 1650.511408][T15744] netlink: 6320 bytes leftover after parsing attributes in process `syz.0.19231'. [ 1650.739523][ T6624] Bluetooth: hci2: ACL packet too small [ 1650.751657][T15756] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.19235'. [ 1651.507745][T15776] netlink: 'syz.2.19241': attribute type 1 has an invalid length. [ 1651.553022][T15778] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.19242'. [ 1651.570209][T15778] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.19242'. [ 1651.650556][ T6624] Bluetooth: hci1: ACL packet too small [ 1651.672544][T15784] netlink: 'syz.0.19253': attribute type 1 has an invalid length. [ 1651.768222][T15788] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.19245'. [ 1652.021035][T15795] netlink: 'syz.0.19258': attribute type 10 has an invalid length. [ 1652.034475][T15795] netlink: 40 bytes leftover after parsing attributes in process `syz.0.19258'. [ 1652.055703][T15795] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1653.275846][ T6624] Bluetooth: hci3: ACL packet too small [ 1653.321344][T15814] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.19259'. [ 1653.442456][T15822] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.19260'. [ 1653.474842][T15822] netlink: 6320 bytes leftover after parsing attributes in process `syz.3.19260'. [ 1654.787337][T15852] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.19274'. [ 1655.733166][T15857] netlink: 'syz.1.19278': attribute type 1 has an invalid length. [ 1655.741285][T15857] netlink: 194236 bytes leftover after parsing attributes in process `syz.1.19278'. [ 1656.477096][T15872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1657.063570][T15901] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1657.064558][T15907] netlink: 'syz.3.19302': attribute type 1 has an invalid length. [ 1657.089525][T15907] netlink: 194236 bytes leftover after parsing attributes in process `syz.3.19302'. [ 1657.215453][T15913] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.19306'. [ 1657.663442][T15933] netlink: 'syz.3.19316': attribute type 10 has an invalid length. [ 1657.689041][T15933] netlink: 40 bytes leftover after parsing attributes in process `syz.3.19316'. [ 1658.655695][T15933] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1659.884416][T15936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1660.716067][T15944] netlink: 'syz.2.19319': attribute type 1 has an invalid length. [ 1660.729493][T15944] netlink: 194236 bytes leftover after parsing attributes in process `syz.2.19319'. [ 1660.930062][T15948] netlink: 60 bytes leftover after parsing attributes in process `syz.2.19321'. [ 1661.187436][T15956] netlink: 'syz.3.19326': attribute type 10 has an invalid length. [ 1661.209712][T15956] netlink: 40 bytes leftover after parsing attributes in process `syz.3.19326'. [ 1661.259884][T15956] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1661.786691][T15980] netlink: 'syz.0.19336': attribute type 1 has an invalid length. [ 1661.799970][T15980] netlink: 194236 bytes leftover after parsing attributes in process `syz.0.19336'. [ 1662.697978][T15993] netlink: 'syz.1.19342': attribute type 10 has an invalid length. [ 1662.706356][T15993] netlink: 40 bytes leftover after parsing attributes in process `syz.1.19342'. [ 1662.726578][T15993] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1663.227871][T16003] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1663.237044][T16003] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1663.246188][T16003] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1663.255471][T16003] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1663.264638][T16003] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1663.273858][T16003] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1663.283036][T16003] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1663.918922][T16020] netlink: 'syz.1.19356': attribute type 10 has an invalid length. [ 1663.943640][T16020] netlink: 40 bytes leftover after parsing attributes in process `syz.1.19356'. [ 1663.966851][T16020] net_ratelimit: 3322 callbacks suppressed [ 1663.966895][T16020] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1664.595743][T16031] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.19368'. [ 1664.652339][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.661604][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.670808][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.679986][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.689171][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.698368][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.707581][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.716779][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.725908][T16033] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1664.754335][T16036] netlink: 132 bytes leftover after parsing attributes in process `syz.1.19362'. [ 1665.322893][T16051] netlink: 60 bytes leftover after parsing attributes in process `syz.3.19367'. [ 1666.600515][T16081] netlink: 60 bytes leftover after parsing attributes in process `syz.1.19381'. [ 1667.358165][T16091] netlink: 'syz.0.19386': attribute type 10 has an invalid length. [ 1667.373614][T16091] netlink: 40 bytes leftover after parsing attributes in process `syz.0.19386'. [ 1667.581715][T16101] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.19391'. [ 1667.592024][T16096] ref_ctr_offset mismatch. inode: 0x26 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 1668.310400][T16114] netlink: 14 bytes leftover after parsing attributes in process `syz.0.19398'. [ 1668.363768][T16114] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1668.518598][T16114] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 1668.535255][T16114] bond0 (unregistering): Released all slaves [ 1668.760027][T16129] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.19402'. [ 1668.898631][T16131] ref_ctr_offset mismatch. inode: 0x5e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 1668.992543][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.999346][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1671.187068][T16166] netlink: 14 bytes leftover after parsing attributes in process `syz.1.19429'. [ 1671.381750][T16168] ref_ctr_offset mismatch. inode: 0x42 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 1671.401914][T16166] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1671.450638][T16166] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1671.467153][T16166] bond0 (unregistering): Released all slaves [ 1671.890017][T16176] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.19423'. [ 1671.909457][T16176] netlink: 6320 bytes leftover after parsing attributes in process `syz.1.19423'. [ 1671.919015][T16176] netlink: 6 bytes leftover after parsing attributes in process `syz.1.19423'. [ 1672.848235][T16200] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xfe [ 1673.337326][T16206] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.19436'. [ 1673.357361][T16206] netlink: 6320 bytes leftover after parsing attributes in process `syz.3.19436'. [ 1673.370247][T16206] netlink: 6 bytes leftover after parsing attributes in process `syz.3.19436'. [ 1675.119874][T16242] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.19451'. [ 1675.145278][T16242] netlink: 6320 bytes leftover after parsing attributes in process `syz.2.19451'. [ 1675.184011][T16242] netlink: 6 bytes leftover after parsing attributes in process `syz.2.19451'. [ 1677.771653][T16303] netlink: 14 bytes leftover after parsing attributes in process `syz.3.19479'. [ 1678.530283][T16303] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1678.542482][T16303] bond_slave_1: left promiscuous mode [ 1678.564132][T16303] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 1678.605462][T16303] batadv_slave_0: left promiscuous mode [ 1678.706850][T16303] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1678.729632][T16303] batadv0: left promiscuous mode [ 1678.747281][T16303] bond0 (unregistering): Released all slaves [ 1678.998956][T16316] netlink: 'syz.3.19484': attribute type 12 has an invalid length. [ 1679.019579][T16316] netlink: 132 bytes leftover after parsing attributes in process `syz.3.19484'. [ 1679.294688][T16328] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.19492'. [ 1680.002248][T16337] netlink: 14 bytes leftover after parsing attributes in process `syz.2.19495'. [ 1680.159349][T16337] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1680.194920][T16337] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1680.210901][T16337] bond0 (unregistering): Released all slaves [ 1680.573457][T16358] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.19504'. [ 1681.914355][T16372] netlink: 14 bytes leftover after parsing attributes in process `syz.2.19511'. [ 1683.103414][T16386] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.19518'. [ 1683.633073][T16397] netlink: 14 bytes leftover after parsing attributes in process `syz.1.19522'. [ 1684.299261][T16401] netlink: 'syz.1.19533': attribute type 11 has an invalid length. [ 1684.316232][T16401] netlink: 126292 bytes leftover after parsing attributes in process `syz.1.19533'. [ 1684.440342][T16410] netlink: 'syz.1.19529': attribute type 12 has an invalid length. [ 1684.456479][T16410] netlink: 132 bytes leftover after parsing attributes in process `syz.1.19529'. [ 1684.592902][T16414] syzkaller0: entered promiscuous mode [ 1684.598731][T16414] syzkaller0: entered allmulticast mode [ 1687.493621][T16422] netlink: 'syz.3.19535': attribute type 21 has an invalid length. [ 1687.518730][T16422] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.19535'. [ 1688.917497][T16462] syzkaller0: entered promiscuous mode [ 1688.923406][T16462] syzkaller0: entered allmulticast mode [ 1691.249818][T16470] netlink: 'syz.0.19554': attribute type 21 has an invalid length. [ 1691.270961][T16470] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.19554'. [ 1691.399126][T16474] syzkaller0: refused to change device tx_queue_len [ 1691.433754][T16478] netlink: 'syz.2.19557': attribute type 12 has an invalid length. [ 1691.443242][T16478] netlink: 132 bytes leftover after parsing attributes in process `syz.2.19557'. [ 1692.400065][T16504] netlink: 'syz.0.19570': attribute type 12 has an invalid length. [ 1692.412534][T16504] netlink: 132 bytes leftover after parsing attributes in process `syz.0.19570'. [ 1692.626853][T16518] netlink: 'syz.0.19584': attribute type 12 has an invalid length. [ 1692.641097][T16518] netlink: 132 bytes leftover after parsing attributes in process `syz.0.19584'. [ 1694.096672][T16550] netlink: 'syz.1.19589': attribute type 12 has an invalid length. [ 1694.115236][T16550] netlink: 132 bytes leftover after parsing attributes in process `syz.1.19589'. [ 1694.318025][T16559] syzkaller0: refused to change device tx_queue_len [ 1696.238643][T16590] syzkaller0: refused to change device tx_queue_len [ 1696.753111][T16613] netlink: 'syz.2.19615': attribute type 19 has an invalid length. [ 1696.761371][T16613] netlink: 40 bytes leftover after parsing attributes in process `syz.2.19615'. [ 1697.551600][T16630] netlink: 16358 bytes leftover after parsing attributes in process `syz.2.19622'. [ 1699.498338][T16666] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.19636'. [ 1700.077715][T16684] netlink: 'syz.0.19642': attribute type 19 has an invalid length. [ 1700.095861][T16684] netlink: 40 bytes leftover after parsing attributes in process `syz.0.19642'. [ 1701.483948][T16694] netlink: 16358 bytes leftover after parsing attributes in process `syz.0.19646'. [ 1703.471109][ T6624] Bluetooth: hci3: ISO packet too small [ 1705.301279][T16749] netlink: 'syz.2.19668': attribute type 14 has an invalid length. [ 1705.328724][T16749] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.19668'. [ 1705.921539][T16757] netlink: 16358 bytes leftover after parsing attributes in process `syz.3.19670'. [ 1708.265686][T16783] netlink: 'syz.3.19680': attribute type 14 has an invalid length. [ 1708.286446][T16783] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.19680'. [ 1709.254899][ T6624] Bluetooth: hci1: ISO packet too small [ 1710.184139][ T6624] Bluetooth: hci0: ISO packet too small [ 1713.875484][T16884] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1720.140251][T16987] netlink: 'syz.1.19765': attribute type 9 has an invalid length. [ 1720.178628][T16987] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.19765'. [ 1723.152192][T17048] netlink: 'syz.0.19788': attribute type 9 has an invalid length. [ 1723.256341][T17048] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.19788'. [ 1725.719214][T17074] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.19800'. [ 1725.838540][T17078] netlink: 60243 bytes leftover after parsing attributes in process `syz.1.19802'. [ 1725.848491][T17078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19802'. [ 1726.122531][T17090] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.19815'. [ 1727.183458][T17115] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.19821'. [ 1727.923827][T17147] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.19834'. [ 1728.103626][ T6624] Bluetooth: hci3: Malformed Event: 0x2f [ 1728.573980][T17178] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.19848'. [ 1729.264973][T17211] netlink: 60243 bytes leftover after parsing attributes in process `syz.0.19862'. [ 1729.283397][T17211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.19862'. [ 1730.434581][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.442135][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1731.539096][T17235] netlink: 'syz.3.19874': attribute type 5 has an invalid length. [ 1731.583175][T17237] netlink: 60243 bytes leftover after parsing attributes in process `syz.2.19876'. [ 1731.593356][T17237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19876'. [ 1733.923383][T17263] syzkaller0: entered promiscuous mode [ 1733.931389][T17263] syzkaller0: entered allmulticast mode [ 1740.760867][T17297] netlink: 'syz.0.19900': attribute type 5 has an invalid length. [ 1742.236433][T17332] netlink: 'syz.1.19916': attribute type 5 has an invalid length. [ 1743.673169][T17361] syzkaller0: entered promiscuous mode [ 1743.696659][T17361] syzkaller0: entered allmulticast mode [ 1745.694869][T17366] netlink: 'syz.2.19931': attribute type 5 has an invalid length. [ 1749.175798][T17414] netlink: 44 bytes leftover after parsing attributes in process `syz.3.19954'. [ 1753.947612][T17468] netlink: 44 bytes leftover after parsing attributes in process `syz.0.19976'. [ 1755.751212][T17501] netlink: 44 bytes leftover after parsing attributes in process `syz.2.19992'. [ 1756.468790][T17533] netlink: 44 bytes leftover after parsing attributes in process `syz.1.20006'. [ 1756.484543][T17533] bridge_slave_0: entered allmulticast mode [ 1757.072387][T17546] C: renamed from team_slave_0 [ 1757.094935][T17546] netlink: 'syz.1.20010': attribute type 3 has an invalid length. [ 1757.129221][T17546] netlink: 'syz.1.20010': attribute type 1 has an invalid length. [ 1757.148386][T17546] netlink: 116 bytes leftover after parsing attributes in process `syz.1.20010'. [ 1757.181622][T17546] net_ratelimit: 6650 callbacks suppressed [ 1757.181637][T17546] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1757.807494][T17579] netlink: 196 bytes leftover after parsing attributes in process `syz.1.20025'. [ 1761.401580][T17667] netlink: 196 bytes leftover after parsing attributes in process `syz.0.20072'. [ 1761.944734][T17687] netlink: 'syz.0.20070': attribute type 3 has an invalid length. [ 1761.976178][T17687] netlink: 'syz.0.20070': attribute type 1 has an invalid length. [ 1761.984060][T17687] netlink: 116 bytes leftover after parsing attributes in process `syz.0.20070'. [ 1762.006897][T17687] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1762.474621][T17706] netlink: 196 bytes leftover after parsing attributes in process `syz.2.20079'. [ 1762.676646][ T6624] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 1763.082013][T17729] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.20089'. [ 1763.615967][ T6624] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 1764.601635][T17717] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 1764.747320][ T6624] Bluetooth: hci0: command 0x0406 tx timeout [ 1765.447399][T17782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1765.626622][ T6624] Bluetooth: hci2: command 0x0406 tx timeout [ 1766.666191][ T6624] Bluetooth: hci3: command 0x0406 tx timeout [ 1768.506310][T17812] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.20121'. [ 1768.667968][T17820] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.20124'. [ 1768.739820][T17816] netlink: 196 bytes leftover after parsing attributes in process `syz.3.20123'. [ 1769.175865][T17839] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.20135'. [ 1769.326581][T17845] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.20138'. [ 1769.528574][T17850] netlink: 196 bytes leftover after parsing attributes in process `syz.1.20141'. [ 1770.108429][T17870] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.20146'. [ 1772.408320][T17902] syzkaller0: entered promiscuous mode [ 1772.433270][T17902] syzkaller0: entered allmulticast mode [ 1785.620006][T18072] netlink: 'syz.0.20237': attribute type 1 has an invalid length. [ 1785.628163][T18072] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.20237'. [ 1786.977500][ T6624] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 1788.117599][ T6624] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 1788.987590][T17717] Bluetooth: hci0: Opcode 0x2046 failed: -110 [ 1788.990179][ T6624] Bluetooth: hci0: command 0x206c tx timeout [ 1789.365008][ T6624] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 1791.067825][ T6624] Bluetooth: hci0: command 0x206c tx timeout [ 1791.875527][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.882695][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1791.978879][T18172] netlink: 'syz.1.20280': attribute type 1 has an invalid length. [ 1791.987412][T18172] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.20280'. [ 1794.553557][T18229] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.20302'. [ 1795.092350][T18229] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 1795.105022][T18229] CPU: 0 PID: 18229 Comm: syz.3.20302 Not tainted syzkaller #0 [ 1795.113159][T18229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1795.123291][T18229] Call Trace: [ 1795.126573][T18229] [ 1795.129504][T18229] dump_stack_lvl+0x18c/0x250 [ 1795.134339][T18229] ? show_regs_print_info+0x20/0x20 [ 1795.139578][T18229] ? load_image+0x420/0x420 [ 1795.144090][T18229] sysfs_warn_dup+0x8e/0xa0 [ 1795.148604][T18229] sysfs_do_create_link_sd+0xc0/0x110 [ 1795.153979][T18229] device_add_class_symlinks+0x1cf/0x240 [ 1795.159624][T18229] device_add+0x507/0xc50 [ 1795.163994][T18229] wiphy_register+0x1dad/0x2ae0 [ 1795.168976][T18229] ? cfg80211_event_work+0x40/0x40 [ 1795.174137][T18229] ? minstrel_ht_alloc+0x88a/0x990 [ 1795.179270][T18229] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 1795.185446][T18229] ieee80211_register_hw+0x3464/0x4250 [ 1795.190932][T18229] ? ieee80211_tasklet_handler+0x20/0x20 [ 1795.196572][T18229] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1795.202478][T18229] ? __debug_object_init+0xec/0x450 [ 1795.207695][T18229] ? __asan_memset+0x22/0x40 [ 1795.212286][T18229] ? __hrtimer_init+0x186/0x270 [ 1795.217139][T18229] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 1795.222863][T18229] ? lock_chain_count+0x20/0x20 [ 1795.227731][T18229] ? mac80211_hwsim_free+0x220/0x220 [ 1795.233023][T18229] ? memcpy_orig+0xe7/0x120 [ 1795.237537][T18229] hwsim_new_radio_nl+0xdc9/0x1a90 [ 1795.242656][T18229] ? __nla_validate+0x50/0x50 [ 1795.247339][T18229] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1795.253850][T18229] ? __nla_parse+0x40/0x50 [ 1795.258359][T18229] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 1795.264702][T18229] genl_family_rcv_msg_doit+0x211/0x310 [ 1795.270295][T18229] ? end_current_label_crit_section+0x170/0x170 [ 1795.276659][T18229] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 1795.282562][T18229] ? bpf_lsm_capable+0x9/0x10 [ 1795.287246][T18229] ? security_capable+0x89/0xb0 [ 1795.292111][T18229] genl_rcv_msg+0x619/0x7a0 [ 1795.296625][T18229] ? genl_bind+0x360/0x360 [ 1795.301039][T18229] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1795.307383][T18229] ? perf_trace_lock+0x304/0x3b0 [ 1795.312343][T18229] netlink_rcv_skb+0x241/0x4d0 [ 1795.317135][T18229] ? genl_bind+0x360/0x360 [ 1795.321556][T18229] ? netlink_ack+0x1180/0x1180 [ 1795.326330][T18229] ? __lock_acquire+0x7d40/0x7d40 [ 1795.331376][T18229] ? down_read+0x1ac/0x2e0 [ 1795.335802][T18229] genl_rcv+0x28/0x40 [ 1795.339783][T18229] netlink_unicast+0x751/0x8d0 [ 1795.344638][T18229] netlink_sendmsg+0x8d0/0xbf0 [ 1795.349401][T18229] ? lockdep_hardirqs_on+0x98/0x150 [ 1795.354617][T18229] ? netlink_getsockopt+0x590/0x590 [ 1795.359822][T18229] ? security_socket_sendmsg+0x37/0xa0 [ 1795.365314][T18229] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1795.370599][T18229] ? security_socket_sendmsg+0x80/0xa0 [ 1795.376057][T18229] ? netlink_getsockopt+0x590/0x590 [ 1795.381272][T18229] ____sys_sendmsg+0x5ba/0x960 [ 1795.386050][T18229] ? lockdep_hardirqs_on+0x98/0x150 [ 1795.391325][T18229] ? __sys_sendmsg_sock+0x30/0x30 [ 1795.396425][T18229] ? ___sys_sendmsg+0x28b/0x360 [ 1795.401284][T18229] ___sys_sendmsg+0x2a6/0x360 [ 1795.405980][T18229] ? __sys_sendmsg+0x2a0/0x2a0 [ 1795.410785][T18229] __se_sys_sendmsg+0x1c2/0x2b0 [ 1795.415649][T18229] ? __x64_sys_sendmsg+0x80/0x80 [ 1795.420602][T18229] ? lockdep_hardirqs_on+0x98/0x150 [ 1795.425891][T18229] do_syscall_64+0x55/0xb0 [ 1795.430676][T18229] ? clear_bhb_loop+0x40/0x90 [ 1795.435348][T18229] ? clear_bhb_loop+0x40/0x90 [ 1795.440021][T18229] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1795.445921][T18229] RIP: 0033:0x7f9c87d9ce59 [ 1795.450859][T18229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1795.470557][T18229] RSP: 002b:00007f9c88d09028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1795.478982][T18229] RAX: ffffffffffffffda RBX: 00007f9c88015fa0 RCX: 00007f9c87d9ce59 [ 1795.486953][T18229] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 1795.494926][T18229] RBP: 00007f9c87e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1795.503069][T18229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1795.511042][T18229] R13: 00007f9c88016038 R14: 00007f9c88015fa0 R15: 00007ffe6815d498 [ 1795.519053][T18229] [ 1796.960458][T18285] netlink: 'syz.2.20336': attribute type 11 has an invalid length. [ 1796.994890][T18285] netlink: 168 bytes leftover after parsing attributes in process `syz.2.20336'. [ 1797.394292][T18288] wlan0: mtu greater than device maximum [ 1798.156280][T18312] netlink: 'syz.0.20340': attribute type 11 has an invalid length. [ 1798.170851][T18312] netlink: 168 bytes leftover after parsing attributes in process `syz.0.20340'. [ 1801.558746][T18389] netlink: 'syz.0.20385': attribute type 39 has an invalid length. [ 1805.470505][T18445] netlink: 'syz.3.20400': attribute type 39 has an invalid length. [ 1805.535992][T18453] netlink: 'syz.2.20406': attribute type 10 has an invalid length. [ 1805.827008][T18466] netlink: 'syz.3.20413': attribute type 11 has an invalid length. [ 1805.844221][T18466] netlink: 168 bytes leftover after parsing attributes in process `syz.3.20413'. [ 1809.497988][T18487] syz.0.20421: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 1809.536588][T18487] CPU: 1 PID: 18487 Comm: syz.0.20421 Not tainted syzkaller #0 [ 1809.544211][T18487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1809.554310][T18487] Call Trace: [ 1809.557613][T18487] [ 1809.560567][T18487] dump_stack_lvl+0x18c/0x250 [ 1809.565273][T18487] ? show_regs_print_info+0x20/0x20 [ 1809.570505][T18487] ? load_image+0x420/0x420 [ 1809.575039][T18487] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1809.581524][T18487] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 1809.588062][T18487] warn_alloc+0x246/0x340 [ 1809.592434][T18487] ? stack_trace_save+0xaa/0x100 [ 1809.597413][T18487] ? zone_watermark_ok_safe+0x230/0x230 [ 1809.603018][T18487] ? kasan_set_track+0x5f/0x70 [ 1809.607805][T18487] ? kasan_set_track+0x4e/0x70 [ 1809.612571][T18487] ? __kasan_kmalloc+0x8f/0xa0 [ 1809.617337][T18487] ? xsk_init_queue+0xad/0x100 [ 1809.622183][T18487] ? xsk_setsockopt+0x4e5/0x760 [ 1809.627198][T18487] ? do_sock_setsockopt+0x175/0x1a0 [ 1809.632402][T18487] ? __x64_sys_setsockopt+0x182/0x200 [ 1809.637775][T18487] __vmalloc_node_range+0x126/0x1330 [ 1809.643089][T18487] ? free_vm_area+0x50/0x50 [ 1809.647638][T18487] vmalloc_user+0x74/0x80 [ 1809.651971][T18487] ? xskq_create+0xbf/0x170 [ 1809.656469][T18487] xskq_create+0xbf/0x170 [ 1809.660797][T18487] xsk_init_queue+0xad/0x100 [ 1809.665388][T18487] xsk_setsockopt+0x4e5/0x760 [ 1809.670071][T18487] ? xsk_poll+0x680/0x680 [ 1809.674983][T18487] ? __fget_files+0x28/0x4b0 [ 1809.679630][T18487] ? __fget_files+0x28/0x4b0 [ 1809.684224][T18487] ? aa_sock_opt_perm+0x74/0x100 [ 1809.689166][T18487] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1809.694714][T18487] ? security_socket_setsockopt+0x7e/0xa0 [ 1809.700432][T18487] ? xsk_poll+0x680/0x680 [ 1809.704760][T18487] do_sock_setsockopt+0x175/0x1a0 [ 1809.709785][T18487] ? __fdget+0x180/0x210 [ 1809.714032][T18487] __x64_sys_setsockopt+0x182/0x200 [ 1809.719244][T18487] do_syscall_64+0x55/0xb0 [ 1809.723667][T18487] ? clear_bhb_loop+0x40/0x90 [ 1809.728338][T18487] ? clear_bhb_loop+0x40/0x90 [ 1809.733017][T18487] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1809.738939][T18487] RIP: 0033:0x7eff3d99ce59 [ 1809.743351][T18487] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1809.762985][T18487] RSP: 002b:00007eff3e81a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1809.771416][T18487] RAX: ffffffffffffffda RBX: 00007eff3dc15fa0 RCX: 00007eff3d99ce59 [ 1809.779397][T18487] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 1809.787369][T18487] RBP: 00007eff3da32d6f R08: 0000000000000004 R09: 0000000000000000 [ 1809.795341][T18487] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 1809.803315][T18487] R13: 00007eff3dc16038 R14: 00007eff3dc15fa0 R15: 00007ffc653f4b68 [ 1809.811302][T18487] [ 1809.853161][T18487] Mem-Info: [ 1809.870611][T18487] active_anon:12855 inactive_anon:0 isolated_anon:0 [ 1809.870611][T18487] active_file:18543 inactive_file:40636 isolated_file:0 [ 1809.870611][T18487] unevictable:768 dirty:142 writeback:0 [ 1809.870611][T18487] slab_reclaimable:10735 slab_unreclaimable:103435 [ 1809.870611][T18487] mapped:24038 shmem:1361 pagetables:567 [ 1809.870611][T18487] sec_pagetables:0 bounce:0 [ 1809.870611][T18487] kernel_misc_reclaimable:0 [ 1809.870611][T18487] free:1320908 free_pcp:10517 free_cma:0 [ 1809.925748][T18487] Node 0 active_anon:51420kB inactive_anon:0kB active_file:74172kB inactive_file:162340kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96152kB dirty:568kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9628kB pagetables:2168kB sec_pagetables:0kB all_unreclaimable? no [ 1809.958700][T18487] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1809.990161][T18487] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1810.020476][T18487] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 1810.029895][T18487] Node 0 DMA32 free:1369888kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:51248kB inactive_anon:0kB active_file:74172kB inactive_file:161520kB unevictable:1536kB writepending:576kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:26608kB local_pcp:12684kB free_cma:0kB [ 1810.061356][T18487] lowmem_reserve[]: 0 0 0 0 0 [ 1810.067911][T18487] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 1810.122568][T18487] lowmem_reserve[]: 0 0 0 0 0 [ 1810.132365][T18487] Node 1 Normal free:3898376kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17160kB local_pcp:6688kB free_cma:0kB [ 1810.166413][T18487] lowmem_reserve[]: 0 0 0 0 0 [ 1810.171207][T18487] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1810.201376][T18487] Node 0 DMA32: 3302*4kB (UME) 2387*8kB (UME) 1893*16kB (UME) 3548*32kB (UME) 1647*64kB (UME) 527*128kB (UME) 188*256kB (UME) 82*512kB (UME) 33*1024kB (UM) 34*2048kB (UM) 202*4096kB (UM) = 1369920kB [ 1810.240058][T18487] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1810.271231][T18487] Node 1 Normal: 218*4kB (UME) 46*8kB (UME) 37*16kB (UME) 41*32kB (UME) 17*64kB (UME) 9*128kB (UME) 3*256kB (UME) 0*512kB 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3898376kB [ 1810.311679][T18487] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1810.331272][T18487] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1810.366276][T18487] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1810.396105][T18487] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1810.405593][T18487] 60542 total pagecache pages [ 1810.410591][T18487] 0 pages in swap cache [ 1810.414816][T18487] Free swap = 124996kB [ 1810.419137][T18487] Total swap = 124996kB [ 1810.423316][T18487] 2097051 pages RAM [ 1810.437695][T18487] 0 pages HighMem/MovableOnly [ 1810.446814][T18487] 416933 pages reserved [ 1810.451017][T18487] 0 pages cma reserved [ 1814.306843][ T6624] Bluetooth: hci1: Malformed LE Event: 0x02 [ 1817.485387][ T6624] Bluetooth: hci1: unexpected subevent 0x05 length: 150 > 12 [ 1817.547011][T18584] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1819.546938][ T6624] Bluetooth: hci1: command 0x0406 tx timeout [ 1821.402974][ T6624] Bluetooth: hci0: Malformed LE Event: 0x02 [ 1821.503710][ T6624] Bluetooth: hci2: unexpected subevent 0x05 length: 150 > 12 [ 1821.522444][T18614] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1822.000445][T18635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1822.081594][ T6624] Bluetooth: hci2: Malformed LE Event: 0x02 [ 1822.174602][T18643] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1822.982679][T18670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1823.546609][ T6624] Bluetooth: hci2: command 0x0406 tx timeout [ 1823.793259][T18684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1825.697308][T18716] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.20528'. [ 1825.723468][T18717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1826.002263][T18731] netlink: 'syz.1.20535': attribute type 10 has an invalid length. [ 1826.011450][T18731] netlink: 40 bytes leftover after parsing attributes in process `syz.1.20535'. [ 1826.024452][T18731] netlink: 'syz.1.20535': attribute type 10 has an invalid length. [ 1826.052658][T18731] netlink: 40 bytes leftover after parsing attributes in process `syz.1.20535'. [ 1826.633114][T18749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1827.532352][T18778] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.20557'. [ 1827.648457][ T6624] Bluetooth: hci2: unexpected subevent 0x05 length: 150 > 12 [ 1827.739166][T18790] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.20564'. [ 1827.749219][T18790] netlink: zone id is out of range [ 1827.754434][T18790] netlink: zone id is out of range [ 1827.762773][T18790] netlink: zone id is out of range [ 1827.770346][T18790] netlink: zone id is out of range [ 1827.779053][T18790] netlink: zone id is out of range [ 1827.784236][T18790] netlink: zone id is out of range [ 1827.826501][T18790] netlink: zone id is out of range [ 1827.831706][T18790] netlink: zone id is out of range [ 1827.886388][T18790] netlink: zone id is out of range [ 1827.891590][T18790] netlink: zone id is out of range [ 1829.281713][T18817] netlink: 'syz.3.20573': attribute type 10 has an invalid length. [ 1829.295940][T18817] netlink: 40 bytes leftover after parsing attributes in process `syz.3.20573'. [ 1829.305667][T18817] netlink: 'syz.3.20573': attribute type 10 has an invalid length. [ 1829.318782][T18817] netlink: 40 bytes leftover after parsing attributes in process `syz.3.20573'. [ 1829.347255][T18816] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.20572'. [ 1829.530833][T18827] sctp: [Deprecated]: syz.2.20581 (pid 18827) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1829.530833][T18827] Use struct sctp_sack_info instead [ 1829.706853][ T6624] Bluetooth: hci2: command 0x0406 tx timeout [ 1830.738196][T18845] netlink: 'syz.2.20588': attribute type 10 has an invalid length. [ 1830.761166][T18845] netlink: 40 bytes leftover after parsing attributes in process `syz.2.20588'. [ 1830.775703][T18845] netlink: 'syz.2.20588': attribute type 10 has an invalid length. [ 1830.785224][T18845] netlink: 40 bytes leftover after parsing attributes in process `syz.2.20588'. [ 1832.187084][T18878] netlink: 'syz.0.20602': attribute type 10 has an invalid length. [ 1832.214811][T18878] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20602'. [ 1832.224425][T18878] netlink: 'syz.0.20602': attribute type 10 has an invalid length. [ 1832.237254][T18878] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20602'. [ 1832.560655][T18885] netlink: 'syz.0.20615': attribute type 10 has an invalid length. [ 1832.568781][T18885] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20615'. [ 1832.578393][T18885] netlink: 'syz.0.20615': attribute type 10 has an invalid length. [ 1832.586678][T18885] netlink: 40 bytes leftover after parsing attributes in process `syz.0.20615'. [ 1836.743208][T18942] netlink: 539 bytes leftover after parsing attributes in process `syz.2.20627'. [ 1837.939817][T18963] netlink: 'syz.1.20636': attribute type 22 has an invalid length. [ 1838.021591][T18969] netlink: 539 bytes leftover after parsing attributes in process `syz.1.20640'. [ 1838.303041][T18978] syzkaller0: entered promiscuous mode [ 1838.316301][T18978] syzkaller0: entered allmulticast mode [ 1838.907686][T19007] netlink: 539 bytes leftover after parsing attributes in process `syz.3.20652'. [ 1839.072574][T19012] sctp: [Deprecated]: syz.3.20655 (pid 19012) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1839.072574][T19012] Use struct sctp_sack_info instead [ 1841.417563][T19046] netlink: 'syz.1.20670': attribute type 21 has an invalid length. [ 1841.425543][T19046] netlink: 'syz.1.20670': attribute type 13 has an invalid length. [ 1841.456175][T19046] netlink: 6188 bytes leftover after parsing attributes in process `syz.1.20670'. [ 1841.589611][T19049] syzkaller0: entered promiscuous mode [ 1841.605468][T19049] syzkaller0: entered allmulticast mode [ 1843.882493][T19075] netlink: 152 bytes leftover after parsing attributes in process `syz.0.20689'. [ 1843.893810][T19075] tc_dump_action: action bad kind [ 1843.961246][T19082] netlink: 'syz.2.20682': attribute type 21 has an invalid length. [ 1843.978181][T19082] netlink: 'syz.2.20682': attribute type 13 has an invalid length. [ 1843.992104][T19082] netlink: 6188 bytes leftover after parsing attributes in process `syz.2.20682'. [ 1844.267084][T19096] tun0: tun_chr_ioctl cmd 2147767520 [ 1844.769910][T19107] netlink: 'syz.3.20698': attribute type 21 has an invalid length. [ 1844.796214][T19107] netlink: 'syz.3.20698': attribute type 13 has an invalid length. [ 1844.816589][T19107] netlink: 6188 bytes leftover after parsing attributes in process `syz.3.20698'. [ 1845.025764][T19111] syzkaller0: entered promiscuous mode [ 1845.032758][T19111] syzkaller0: entered allmulticast mode [ 1848.468786][ T2973] tipc: Subscription rejected, illegal request [ 1848.952145][ T6624] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 1849.525155][T19176] lo: entered promiscuous mode [ 1852.556739][ T6624] Bluetooth: hci1: unexpected subevent 0x03 length: 150 > 9 [ 1853.318852][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.325684][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.457996][T19287] lo: entered promiscuous mode [ 1853.730303][ T6624] Bluetooth: hci3: unexpected subevent 0x03 length: 150 > 9 [ 1854.785706][T19315] netlink: 'syz.3.20785': attribute type 39 has an invalid length. [ 1855.711079][ T6624] Bluetooth: hci2: unexpected subevent 0x03 length: 150 > 9 [ 1858.058561][T19348] netlink: 'syz.3.20801': attribute type 3 has an invalid length. [ 1858.072484][T19348] netlink: 'syz.3.20801': attribute type 6 has an invalid length. [ 1858.081007][T19348] netlink: 144448 bytes leftover after parsing attributes in process `syz.3.20801'. [ 1858.201191][T19352] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.20800'. [ 1858.229102][ T6624] Bluetooth: hci0: unexpected subevent 0x03 length: 150 > 9 [ 1858.551134][ T6624] Bluetooth: hci1: unexpected subevent 0x03 length: 150 > 9 [ 1863.779317][T19440] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.20836'. [ 1863.811171][T19440] netlink: 6320 bytes leftover after parsing attributes in process `syz.1.20836'. [ 1868.143000][T19492] netlink: 'syz.2.20851': attribute type 3 has an invalid length. [ 1868.166296][T19492] netlink: 'syz.2.20851': attribute type 6 has an invalid length. [ 1868.174184][T19492] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.20851'. [ 1868.261252][T19495] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.20852'. [ 1871.439925][T19522] netlink: 'syz.0.20865': attribute type 3 has an invalid length. [ 1871.492472][T19522] netlink: 'syz.0.20865': attribute type 6 has an invalid length. [ 1871.536537][T19522] netlink: 144448 bytes leftover after parsing attributes in process `syz.0.20865'. [ 1871.728162][T19526] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.20866'. [ 1882.129399][T19725] netlink: 'syz.1.20943': attribute type 11 has an invalid length. [ 1882.146146][T19725] netlink: 184116 bytes leftover after parsing attributes in process `syz.1.20943'. [ 1882.183509][T19725] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 1882.206241][T19725] CPU: 0 PID: 19725 Comm: syz.1.20943 Not tainted syzkaller #0 [ 1882.213853][T19725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1882.223935][T19725] Call Trace: [ 1882.227258][T19725] [ 1882.230214][T19725] dump_stack_lvl+0x18c/0x250 [ 1882.234935][T19725] ? show_regs_print_info+0x20/0x20 [ 1882.240163][T19725] ? load_image+0x420/0x420 [ 1882.244709][T19725] sysfs_warn_dup+0x8e/0xa0 [ 1882.249240][T19725] sysfs_do_create_link_sd+0xc0/0x110 [ 1882.254897][T19725] device_add_class_symlinks+0x1cf/0x240 [ 1882.260565][T19725] device_add+0x507/0xc50 [ 1882.265030][T19725] wiphy_register+0x1dad/0x2ae0 [ 1882.269946][T19725] ? cfg80211_event_work+0x40/0x40 [ 1882.275089][T19725] ? minstrel_ht_alloc+0x88a/0x990 [ 1882.280236][T19725] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 1882.286353][T19725] ieee80211_register_hw+0x3464/0x4250 [ 1882.291870][T19725] ? ieee80211_tasklet_handler+0x20/0x20 [ 1882.297536][T19725] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1882.303468][T19725] ? __debug_object_init+0xec/0x450 [ 1882.308698][T19725] ? __asan_memset+0x22/0x40 [ 1882.313325][T19725] ? __hrtimer_init+0x186/0x270 [ 1882.318189][T19725] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 1882.323939][T19725] ? mac80211_hwsim_free+0x220/0x220 [ 1882.329230][T19725] ? rcu_is_watching+0x15/0xb0 [ 1882.334001][T19725] ? kstrndup+0xbd/0x140 [ 1882.338368][T19725] hwsim_new_radio_nl+0xdc9/0x1a90 [ 1882.343485][T19725] ? __nla_validate+0x50/0x50 [ 1882.348170][T19725] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1882.354539][T19725] ? __nla_parse+0x40/0x50 [ 1882.358958][T19725] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 1882.365294][T19725] genl_family_rcv_msg_doit+0x211/0x310 [ 1882.370873][T19725] ? end_current_label_crit_section+0x170/0x170 [ 1882.377122][T19725] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 1882.383027][T19725] ? bpf_lsm_capable+0x9/0x10 [ 1882.387713][T19725] ? security_capable+0x89/0xb0 [ 1882.392582][T19725] genl_rcv_msg+0x619/0x7a0 [ 1882.397094][T19725] ? genl_bind+0x360/0x360 [ 1882.401523][T19725] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1882.407949][T19725] ? ref_tracker_free+0x690/0x840 [ 1882.413093][T19725] netlink_rcv_skb+0x241/0x4d0 [ 1882.417865][T19725] ? genl_bind+0x360/0x360 [ 1882.422285][T19725] ? netlink_ack+0x1180/0x1180 [ 1882.427061][T19725] ? __lock_acquire+0x7d40/0x7d40 [ 1882.432182][T19725] ? down_read+0x1ac/0x2e0 [ 1882.436604][T19725] genl_rcv+0x28/0x40 [ 1882.440587][T19725] netlink_unicast+0x751/0x8d0 [ 1882.445374][T19725] netlink_sendmsg+0x8d0/0xbf0 [ 1882.450156][T19725] ? netlink_getsockopt+0x590/0x590 [ 1882.455355][T19725] ? aa_sock_msg_perm+0x94/0x150 [ 1882.460292][T19725] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1882.465608][T19725] ? security_socket_sendmsg+0x80/0xa0 [ 1882.471425][T19725] ? netlink_getsockopt+0x590/0x590 [ 1882.476624][T19725] ____sys_sendmsg+0x5ba/0x960 [ 1882.481401][T19725] ? __asan_memset+0x22/0x40 [ 1882.485986][T19725] ? __sys_sendmsg_sock+0x30/0x30 [ 1882.491009][T19725] ? __import_iovec+0x5f2/0x850 [ 1882.495861][T19725] ? import_iovec+0x73/0xa0 [ 1882.500366][T19725] ___sys_sendmsg+0x2a6/0x360 [ 1882.505046][T19725] ? __sys_sendmsg+0x2a0/0x2a0 [ 1882.509845][T19725] __se_sys_sendmsg+0x1c2/0x2b0 [ 1882.514705][T19725] ? __x64_sys_sendmsg+0x80/0x80 [ 1882.519655][T19725] ? lockdep_hardirqs_on+0x98/0x150 [ 1882.524951][T19725] do_syscall_64+0x55/0xb0 [ 1882.529366][T19725] ? clear_bhb_loop+0x40/0x90 [ 1882.534040][T19725] ? clear_bhb_loop+0x40/0x90 [ 1882.538715][T19725] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1882.544608][T19725] RIP: 0033:0x7f4bde59ce59 [ 1882.549022][T19725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1882.568630][T19725] RSP: 002b:00007f4bdf541028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1882.577046][T19725] RAX: ffffffffffffffda RBX: 00007f4bde815fa0 RCX: 00007f4bde59ce59 [ 1882.585023][T19725] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1882.592996][T19725] RBP: 00007f4bde632d6f R08: 0000000000000000 R09: 0000000000000000 [ 1882.600993][T19725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1882.608963][T19725] R13: 00007f4bde816038 R14: 00007f4bde815fa0 R15: 00007ffeb46268e8 [ 1882.616948][T19725] [ 1885.048214][T19763] netlink: 'syz.3.20959': attribute type 11 has an invalid length. [ 1885.076338][T19763] netlink: 184116 bytes leftover after parsing attributes in process `syz.3.20959'. [ 1885.099834][T19763] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 1885.126253][T19763] CPU: 1 PID: 19763 Comm: syz.3.20959 Not tainted syzkaller #0 [ 1885.133894][T19763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1885.143971][T19763] Call Trace: [ 1885.147252][T19763] [ 1885.150178][T19763] dump_stack_lvl+0x18c/0x250 [ 1885.154873][T19763] ? show_regs_print_info+0x20/0x20 [ 1885.160084][T19763] ? load_image+0x420/0x420 [ 1885.164601][T19763] sysfs_warn_dup+0x8e/0xa0 [ 1885.169121][T19763] sysfs_do_create_link_sd+0xc0/0x110 [ 1885.174674][T19763] device_add_class_symlinks+0x1cf/0x240 [ 1885.180337][T19763] device_add+0x507/0xc50 [ 1885.184678][T19763] wiphy_register+0x1dad/0x2ae0 [ 1885.189590][T19763] ? cfg80211_event_work+0x40/0x40 [ 1885.194719][T19763] ? minstrel_ht_alloc+0x88a/0x990 [ 1885.199870][T19763] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 1885.206057][T19763] ieee80211_register_hw+0x3464/0x4250 [ 1885.211593][T19763] ? ieee80211_tasklet_handler+0x20/0x20 [ 1885.217244][T19763] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1885.223196][T19763] ? __debug_object_init+0xec/0x450 [ 1885.228438][T19763] ? __asan_memset+0x22/0x40 [ 1885.233064][T19763] ? __hrtimer_init+0x186/0x270 [ 1885.237960][T19763] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 1885.243813][T19763] ? mac80211_hwsim_free+0x220/0x220 [ 1885.249108][T19763] ? rcu_is_watching+0x15/0xb0 [ 1885.253882][T19763] ? kstrndup+0xbd/0x140 [ 1885.258138][T19763] hwsim_new_radio_nl+0xdc9/0x1a90 [ 1885.263261][T19763] ? __nla_validate+0x50/0x50 [ 1885.267947][T19763] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1885.274394][T19763] ? __nla_parse+0x40/0x50 [ 1885.278869][T19763] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 1885.285221][T19763] genl_family_rcv_msg_doit+0x211/0x310 [ 1885.290865][T19763] ? end_current_label_crit_section+0x170/0x170 [ 1885.297128][T19763] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 1885.303126][T19763] ? bpf_lsm_capable+0x9/0x10 [ 1885.307809][T19763] ? security_capable+0x89/0xb0 [ 1885.312671][T19763] genl_rcv_msg+0x619/0x7a0 [ 1885.317182][T19763] ? genl_bind+0x360/0x360 [ 1885.321593][T19763] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1885.327932][T19763] ? ref_tracker_free+0x690/0x840 [ 1885.332962][T19763] netlink_rcv_skb+0x241/0x4d0 [ 1885.337729][T19763] ? genl_bind+0x360/0x360 [ 1885.342176][T19763] ? netlink_ack+0x1180/0x1180 [ 1885.347035][T19763] ? __lock_acquire+0x7d40/0x7d40 [ 1885.352075][T19763] ? down_read+0x1ac/0x2e0 [ 1885.356498][T19763] genl_rcv+0x28/0x40 [ 1885.360492][T19763] netlink_unicast+0x751/0x8d0 [ 1885.365268][T19763] netlink_sendmsg+0x8d0/0xbf0 [ 1885.370131][T19763] ? netlink_getsockopt+0x590/0x590 [ 1885.375331][T19763] ? aa_sock_msg_perm+0x94/0x150 [ 1885.380272][T19763] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1885.385556][T19763] ? security_socket_sendmsg+0x80/0xa0 [ 1885.391047][T19763] ? netlink_getsockopt+0x590/0x590 [ 1885.396277][T19763] ____sys_sendmsg+0x5ba/0x960 [ 1885.401088][T19763] ? __asan_memset+0x22/0x40 [ 1885.405702][T19763] ? __sys_sendmsg_sock+0x30/0x30 [ 1885.410732][T19763] ? __import_iovec+0x5f2/0x850 [ 1885.415593][T19763] ? import_iovec+0x73/0xa0 [ 1885.420098][T19763] ___sys_sendmsg+0x2a6/0x360 [ 1885.424790][T19763] ? __sys_sendmsg+0x2a0/0x2a0 [ 1885.429599][T19763] __se_sys_sendmsg+0x1c2/0x2b0 [ 1885.434556][T19763] ? __x64_sys_sendmsg+0x80/0x80 [ 1885.439512][T19763] ? lockdep_hardirqs_on+0x98/0x150 [ 1885.444724][T19763] do_syscall_64+0x55/0xb0 [ 1885.449144][T19763] ? clear_bhb_loop+0x40/0x90 [ 1885.453818][T19763] ? clear_bhb_loop+0x40/0x90 [ 1885.458513][T19763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1885.464413][T19763] RIP: 0033:0x7f9c87d9ce59 [ 1885.468871][T19763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1885.488656][T19763] RSP: 002b:00007f9c88d09028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1885.497074][T19763] RAX: ffffffffffffffda RBX: 00007f9c88015fa0 RCX: 00007f9c87d9ce59 [ 1885.505046][T19763] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1885.513017][T19763] RBP: 00007f9c87e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1885.520996][T19763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1885.528963][T19763] R13: 00007f9c88016038 R14: 00007f9c88015fa0 R15: 00007ffe6815d498 [ 1885.536958][T19763] [ 1887.306234][T19811] netlink: 'syz.0.20977': attribute type 11 has an invalid length. [ 1887.325484][T19811] netlink: 184116 bytes leftover after parsing attributes in process `syz.0.20977'. [ 1887.417930][T19811] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 1887.429500][T19811] CPU: 0 PID: 19811 Comm: syz.0.20977 Not tainted syzkaller #0 [ 1887.437109][T19811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 1887.447274][T19811] Call Trace: [ 1887.450563][T19811] [ 1887.453503][T19811] dump_stack_lvl+0x18c/0x250 [ 1887.458207][T19811] ? show_regs_print_info+0x20/0x20 [ 1887.463416][T19811] ? load_image+0x420/0x420 [ 1887.467930][T19811] sysfs_warn_dup+0x8e/0xa0 [ 1887.472636][T19811] sysfs_do_create_link_sd+0xc0/0x110 [ 1887.478048][T19811] device_add_class_symlinks+0x1cf/0x240 [ 1887.483711][T19811] device_add+0x507/0xc50 [ 1887.488076][T19811] wiphy_register+0x1dad/0x2ae0 [ 1887.492962][T19811] ? cfg80211_event_work+0x40/0x40 [ 1887.498340][T19811] ? minstrel_ht_alloc+0x88a/0x990 [ 1887.503459][T19811] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 1887.509544][T19811] ieee80211_register_hw+0x3464/0x4250 [ 1887.515029][T19811] ? ieee80211_tasklet_handler+0x20/0x20 [ 1887.520660][T19811] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1887.526654][T19811] ? __debug_object_init+0xec/0x450 [ 1887.531972][T19811] ? __asan_memset+0x22/0x40 [ 1887.536574][T19811] ? __hrtimer_init+0x186/0x270 [ 1887.541431][T19811] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 1887.547174][T19811] ? mac80211_hwsim_free+0x220/0x220 [ 1887.552547][T19811] ? rcu_is_watching+0x15/0xb0 [ 1887.557311][T19811] ? kstrndup+0xbd/0x140 [ 1887.561563][T19811] hwsim_new_radio_nl+0xdc9/0x1a90 [ 1887.566685][T19811] ? __nla_validate+0x50/0x50 [ 1887.571374][T19811] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1887.577721][T19811] ? __nla_parse+0x40/0x50 [ 1887.582226][T19811] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 1887.588573][T19811] genl_family_rcv_msg_doit+0x211/0x310 [ 1887.594129][T19811] ? end_current_label_crit_section+0x170/0x170 [ 1887.600385][T19811] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 1887.606300][T19811] ? bpf_lsm_capable+0x9/0x10 [ 1887.611090][T19811] ? security_capable+0x89/0xb0 [ 1887.615957][T19811] genl_rcv_msg+0x619/0x7a0 [ 1887.620473][T19811] ? genl_bind+0x360/0x360 [ 1887.624889][T19811] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 1887.631243][T19811] netlink_rcv_skb+0x241/0x4d0 [ 1887.636014][T19811] ? genl_bind+0x360/0x360 [ 1887.640445][T19811] ? netlink_ack+0x1180/0x1180 [ 1887.645228][T19811] ? __lock_acquire+0x7d40/0x7d40 [ 1887.650273][T19811] ? down_read+0x1ac/0x2e0 [ 1887.654700][T19811] genl_rcv+0x28/0x40 [ 1887.658695][T19811] netlink_unicast+0x751/0x8d0 [ 1887.663562][T19811] netlink_sendmsg+0x8d0/0xbf0 [ 1887.668339][T19811] ? netlink_getsockopt+0x590/0x590 [ 1887.673563][T19811] ? aa_sock_msg_perm+0x94/0x150 [ 1887.678515][T19811] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1887.683811][T19811] ? security_socket_sendmsg+0x80/0xa0 [ 1887.689271][T19811] ? netlink_getsockopt+0x590/0x590 [ 1887.694474][T19811] ____sys_sendmsg+0x5ba/0x960 [ 1887.699246][T19811] ? __asan_memset+0x22/0x40 [ 1887.703837][T19811] ? __sys_sendmsg_sock+0x30/0x30 [ 1887.708861][T19811] ? __import_iovec+0x5f2/0x850 [ 1887.713717][T19811] ? import_iovec+0x73/0xa0 [ 1887.718221][T19811] ___sys_sendmsg+0x2a6/0x360 [ 1887.722914][T19811] ? __sys_sendmsg+0x2a0/0x2a0 [ 1887.727751][T19811] __se_sys_sendmsg+0x1c2/0x2b0 [ 1887.732608][T19811] ? __x64_sys_sendmsg+0x80/0x80 [ 1887.737735][T19811] ? lockdep_hardirqs_on+0x98/0x150 [ 1887.742949][T19811] do_syscall_64+0x55/0xb0 [ 1887.747365][T19811] ? clear_bhb_loop+0x40/0x90 [ 1887.752038][T19811] ? clear_bhb_loop+0x40/0x90 [ 1887.756711][T19811] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1887.762609][T19811] RIP: 0033:0x7eff3d99ce59 [ 1887.767026][T19811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1887.786721][T19811] RSP: 002b:00007eff3e81a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1887.795139][T19811] RAX: ffffffffffffffda RBX: 00007eff3dc15fa0 RCX: 00007eff3d99ce59 [ 1887.803146][T19811] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1887.811217][T19811] RBP: 00007eff3da32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1887.819202][T19811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1887.827257][T19811] R13: 00007eff3dc16038 R14: 00007eff3dc15fa0 R15: 00007ffc653f4b68 [ 1887.835253][T19811] [ 1888.643335][T19844] netlink: 'syz.2.20991': attribute type 9 has an invalid length. [ 1888.657893][T19844] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.20991'. [ 1888.982171][T19853] netlink: 'syz.0.21004': attribute type 9 has an invalid length. [ 1888.998345][T19853] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.21004'. [ 1896.580570][T19967] syz.0.21043[19967] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1896.580796][T19967] syz.0.21043[19967] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1903.180255][T20080] syz.1.21082[20080] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1903.211581][T20080] syz.1.21082[20080] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1908.759019][ T6624] Bluetooth: hci2: Dropping invalid advertising data [ 1908.777657][ T6624] Bluetooth: hci2: Malformed LE Event: 0x02 [ 1909.750448][ T6624] Bluetooth: hci0: Dropping invalid advertising data [ 1909.757711][ T6624] Bluetooth: hci0: Malformed LE Event: 0x02 [ 1913.575165][ T6624] Bluetooth: hci3: Dropping invalid advertising data [ 1913.583367][ T6624] Bluetooth: hci3: Malformed LE Event: 0x02 [ 1914.429326][T20226] syzkaller0: entered promiscuous mode [ 1914.435218][T20226] syzkaller0: entered allmulticast mode [ 1914.543423][ T6624] Bluetooth: hci1: Dropping invalid advertising data [ 1914.550476][ T6624] Bluetooth: hci1: Malformed LE Event: 0x02 [ 1914.689712][T20237] net_ratelimit: 80 callbacks suppressed [ 1914.689759][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.705146][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.714830][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.724553][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.734204][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.744395][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.754007][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.763647][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.773402][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.783338][T20237] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1914.810267][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.817098][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1915.675486][T20247] sctp: [Deprecated]: syz.2.21149 (pid 20247) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1915.675486][T20247] Use struct sctp_sack_info instead [ 1916.505209][ T6624] Bluetooth: hci1: Dropping invalid advertising data [ 1916.513660][ T6624] Bluetooth: hci1: Malformed LE Event: 0x02 [ 1919.188924][T20312] netlink: 15794 bytes leftover after parsing attributes in process `syz.2.21178'. [ 1919.640804][T20332] syzkaller0: entered promiscuous mode [ 1919.667262][T20332] syzkaller0: entered allmulticast mode [ 1922.832392][T20380] syzkaller0: entered promiscuous mode [ 1922.840702][T20380] syzkaller0: entered allmulticast mode [ 1931.478630][T20453] netlink: 'syz.2.21235': attribute type 1 has an invalid length. [ 1931.496088][T20453] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.21235'. [ 1931.883296][T20459] sctp: [Deprecated]: syz.1.21238 (pid 20459) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1931.883296][T20459] Use struct sctp_sack_info instead [ 1931.996141][T20464] net_ratelimit: 3319 callbacks suppressed [ 1931.996187][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.011831][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.021496][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.031264][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.041008][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.050645][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.060379][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.070040][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.079722][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.089320][T20464] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1932.727230][T20478] syzkaller0: entered promiscuous mode [ 1932.741889][T20478] syzkaller0: entered allmulticast mode [ 1933.305357][T20491] sctp: [Deprecated]: syz.3.21250 (pid 20491) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1933.305357][T20491] Use struct sctp_sack_info instead [ 1937.064687][T20524] syzkaller0: entered promiscuous mode [ 1937.106556][T20524] syzkaller0: entered allmulticast mode [ 1943.012085][T20554] syz.3.21276[20554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1943.012294][T20554] syz.3.21276[20554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1943.109405][T20556] netlink: 'syz.3.21278': attribute type 10 has an invalid length. [ 1943.167154][T20556] veth0_macvtap: left promiscuous mode [ 1944.132375][T20584] syz.1.21289[20584] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1944.132599][T20584] syz.1.21289[20584] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1944.618676][T20593] netlink: 'syz.2.21292': attribute type 10 has an invalid length. [ 1944.656907][T20593] veth0_macvtap: left promiscuous mode [ 1945.773116][T20610] syz.2.21300[20610] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1945.773421][T20610] syz.2.21300[20610] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1946.997967][T20625] net_ratelimit: 3319 callbacks suppressed [ 1946.998084][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.028550][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.040287][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.050951][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.061302][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.073161][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.084611][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.095406][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.106148][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.116275][T20625] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 1947.955651][T20635] syz.0.21310[20635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1947.955881][T20635] syz.0.21310[20635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1949.956721][T20685] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.21330'. [ 1950.579375][T20709] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.21344'. [ 1950.919570][T20717] netlink: 60 bytes leftover after parsing attributes in process `syz.1.21348'. [ 1951.101279][T20721] netlink: 'syz.0.21350': attribute type 21 has an invalid length. [ 1952.009921][T20742] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.21358'. [ 1952.035447][T20744] netlink: 60 bytes leftover after parsing attributes in process `syz.2.21360'. [ 1954.623116][T20771] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.21372'. [ 1955.052638][T20778] netlink: 'syz.3.21375': attribute type 21 has an invalid length. [ 1955.237363][ T6624] Bluetooth: hci3: unexpected event 0x31 length: 15 > 6 [ 1955.315758][T20790] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.21381'. [ 1956.270721][T20815] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.21393'. [ 1957.910892][T20852] netlink: 'syz.2.21411': attribute type 2 has an invalid length. [ 1957.918882][T20852] netlink: 'syz.2.21411': attribute type 1 has an invalid length. [ 1957.927053][T20852] netlink: 'syz.2.21411': attribute type 8 has an invalid length. [ 1957.934890][T20852] netlink: 88 bytes leftover after parsing attributes in process `syz.2.21411'. [ 1958.178826][T20860] netlink: 'syz.2.21414': attribute type 2 has an invalid length. [ 1958.212227][T20860] netlink: 1045 bytes leftover after parsing attributes in process `syz.2.21414'. [ 1966.318158][ T6624] Bluetooth: hci2: unexpected event 0x31 length: 15 > 6 [ 1970.354020][T21008] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.21475'. [ 1970.711814][T21018] netlink: 'syz.0.21479': attribute type 2 has an invalid length. [ 1970.730540][T21018] netlink: 'syz.0.21479': attribute type 1 has an invalid length. [ 1970.758055][T21018] netlink: 'syz.0.21479': attribute type 8 has an invalid length. [ 1970.805925][T21018] netlink: 88 bytes leftover after parsing attributes in process `syz.0.21479'. [ 1976.191457][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.206301][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1976.861502][T21142] netlink: 'syz.1.21532': attribute type 3 has an invalid length. [ 1976.870067][T21142] netlink: 'syz.1.21532': attribute type 1 has an invalid length. [ 1976.882501][T21142] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.21532'. [ 1979.545493][T21167] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.21541'. [ 1979.584945][T21167] net_ratelimit: 13306 callbacks suppressed [ 1979.584990][T21167] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 1980.105079][T21186] netlink: 'syz.3.21551': attribute type 21 has an invalid length. [ 1980.122238][T21186] netlink: 'syz.3.21551': attribute type 19 has an invalid length. [ 1980.134228][T21186] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.21551'. [ 1982.346451][T21238] netlink: 'syz.0.21574': attribute type 3 has an invalid length. [ 1982.355085][T21238] netlink: 'syz.0.21574': attribute type 1 has an invalid length. [ 1982.372268][T21238] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.21574'. [ 1984.375706][T21264] netlink: 'syz.3.21586': attribute type 3 has an invalid length. [ 1984.384256][T21264] netlink: 'syz.3.21586': attribute type 1 has an invalid length. [ 1984.424194][T21264] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.21586'. [ 1987.828622][T21290] netlink: 'syz.0.21597': attribute type 21 has an invalid length. [ 1987.836995][T21290] netlink: 'syz.0.21597': attribute type 19 has an invalid length. [ 1987.851152][T21290] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.21597'. [ 1989.589894][T21321] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.21611'. [ 1989.599903][T21321] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 1991.527152][T21333] netlink: 'syz.2.21615': attribute type 21 has an invalid length. [ 1991.535408][T21333] netlink: 'syz.2.21615': attribute type 19 has an invalid length. [ 1991.550651][T21333] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.21615'. [ 1993.704467][T21341] netlink: 'syz.2.21618': attribute type 1 has an invalid length. [ 1993.712417][T21341] netlink: 'syz.2.21618': attribute type 4 has an invalid length. [ 1993.720961][T21341] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.21618'. [ 1996.819485][T21390] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.21640'. [ 1996.843055][T21390] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 1997.852888][T21402] syzkaller0: entered promiscuous mode [ 1997.859859][T21402] syzkaller0: entered allmulticast mode [ 1998.595725][T21443] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.21665'. [ 1999.858265][T21492] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.21686'. [ 1999.872704][T21492] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2000.797570][T21521] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.21701'. [ 2000.816273][T21521] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2002.263216][T21551] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.21717'. [ 2002.273015][T21551] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2003.206595][T21565] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.21722'. [ 2003.358472][T21572] netlink: 'syz.0.21725': attribute type 1 has an invalid length. [ 2003.380378][T21572] netlink: 'syz.0.21725': attribute type 4 has an invalid length. [ 2003.400044][T21572] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.21725'. [ 2004.832819][T21591] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.21734'. [ 2005.135573][T21607] netlink: 'syz.2.21738': attribute type 1 has an invalid length. [ 2005.145254][T21607] netlink: 'syz.2.21738': attribute type 4 has an invalid length. [ 2005.173222][T21607] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.21738'. [ 2008.666095][T21668] netlink: 'syz.3.21766': attribute type 1 has an invalid length. [ 2008.674196][T21668] netlink: 'syz.3.21766': attribute type 4 has an invalid length. [ 2008.702850][T21668] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.21766'. [ 2015.089256][T21811] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.21829'. [ 2015.102609][T21811] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.21829'. [ 2016.230027][T21854] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.21850'. [ 2016.247180][T21854] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.21850'. [ 2016.981482][T21881] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.21861'. [ 2017.040359][T21884] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.21861'. [ 2017.486155][T21896] syzkaller0: entered promiscuous mode [ 2017.491867][T21896] syzkaller0: entered allmulticast mode [ 2026.934440][T21975] netlink: 15119 bytes leftover after parsing attributes in process `syz.0.21912'. [ 2027.448680][ T6624] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 2028.274427][ T6624] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 2028.493512][T22054] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.21940'. [ 2028.842822][ T6624] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 2029.189646][T22087] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.21954'. [ 2029.359834][T22093] netlink: 'syz.3.21956': attribute type 29 has an invalid length. [ 2029.372960][T22093] netlink: 'syz.3.21956': attribute type 29 has an invalid length. [ 2029.393490][T22093] netlink: 'syz.3.21956': attribute type 29 has an invalid length. [ 2029.430504][T22093] netlink: 'syz.3.21956': attribute type 29 has an invalid length. [ 2029.447877][T22093] netlink: 'syz.3.21956': attribute type 29 has an invalid length. [ 2029.466150][T17717] Bluetooth: hci0: command 0x206c tx timeout [ 2029.511227][T22096] syzkaller0: entered promiscuous mode [ 2029.523098][T22096] syzkaller0: entered allmulticast mode [ 2030.347941][T22116] Bluetooth: hci2: command 0x0406 tx timeout [ 2030.354097][ T6624] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 2030.906283][ T6624] Bluetooth: hci3: command 0x0406 tx timeout [ 2030.913802][T17717] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 2032.437894][ T6624] Bluetooth: hci2: command 0x0406 tx timeout [ 2032.989323][ T6624] Bluetooth: hci3: command 0x0406 tx timeout [ 2034.346256][T17717] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 2034.391946][T17717] Bluetooth: hci0: command 0x206c tx timeout [ 2036.178968][T22193] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.22002'. [ 2037.632199][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 2037.641898][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 2037.789635][T22193] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2037.797906][T22193] CPU: 1 PID: 22193 Comm: syz.3.22002 Not tainted syzkaller #0 [ 2037.805500][T22193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2037.815943][T22193] Call Trace: [ 2037.819343][T22193] [ 2037.822303][T22193] dump_stack_lvl+0x18c/0x250 [ 2037.827032][T22193] ? show_regs_print_info+0x20/0x20 [ 2037.832347][T22193] ? load_image+0x420/0x420 [ 2037.836897][T22193] sysfs_warn_dup+0x8e/0xa0 [ 2037.841445][T22193] sysfs_do_create_link_sd+0xc0/0x110 [ 2037.846863][T22193] device_add_class_symlinks+0x1cf/0x240 [ 2037.852529][T22193] device_add+0x507/0xc50 [ 2037.856970][T22193] wiphy_register+0x1dad/0x2ae0 [ 2037.861865][T22193] ? cfg80211_event_work+0x40/0x40 [ 2037.866987][T22193] ? minstrel_ht_alloc+0x88a/0x990 [ 2037.872296][T22193] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2037.878372][T22193] ieee80211_register_hw+0x3464/0x4250 [ 2037.883848][T22193] ? ieee80211_tasklet_handler+0x20/0x20 [ 2037.889661][T22193] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2037.895625][T22193] ? __debug_object_init+0xec/0x450 [ 2037.900843][T22193] ? __asan_memset+0x22/0x40 [ 2037.905454][T22193] ? __hrtimer_init+0x186/0x270 [ 2037.910318][T22193] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2037.916070][T22193] ? mac80211_hwsim_free+0x220/0x220 [ 2037.921374][T22193] ? rcu_is_watching+0x15/0xb0 [ 2037.926153][T22193] ? kstrndup+0xbd/0x140 [ 2037.930434][T22193] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2037.935567][T22193] ? __nla_validate+0x50/0x50 [ 2037.940269][T22193] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2037.946746][T22193] ? __nla_parse+0x40/0x50 [ 2037.951189][T22193] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2037.957637][T22193] genl_family_rcv_msg_doit+0x211/0x310 [ 2037.963325][T22193] ? end_current_label_crit_section+0x170/0x170 [ 2037.969607][T22193] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2037.975613][T22193] ? bpf_lsm_capable+0x9/0x10 [ 2037.980308][T22193] ? security_capable+0x89/0xb0 [ 2037.985185][T22193] genl_rcv_msg+0x619/0x7a0 [ 2037.989691][T22193] ? genl_bind+0x360/0x360 [ 2037.994115][T22193] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2038.000461][T22193] ? ref_tracker_free+0x690/0x840 [ 2038.005509][T22193] netlink_rcv_skb+0x241/0x4d0 [ 2038.010293][T22193] ? genl_bind+0x360/0x360 [ 2038.014747][T22193] ? netlink_ack+0x1180/0x1180 [ 2038.019543][T22193] ? __lock_acquire+0x7d40/0x7d40 [ 2038.024602][T22193] ? down_read+0x1ac/0x2e0 [ 2038.029022][T22193] genl_rcv+0x28/0x40 [ 2038.033008][T22193] netlink_unicast+0x751/0x8d0 [ 2038.037769][T22193] netlink_sendmsg+0x8d0/0xbf0 [ 2038.042537][T22193] ? netlink_getsockopt+0x590/0x590 [ 2038.047756][T22193] ? aa_sock_msg_perm+0x94/0x150 [ 2038.052747][T22193] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2038.058165][T22193] ? security_socket_sendmsg+0x80/0xa0 [ 2038.063669][T22193] ? netlink_getsockopt+0x590/0x590 [ 2038.068922][T22193] ____sys_sendmsg+0x5ba/0x960 [ 2038.073770][T22193] ? __asan_memset+0x22/0x40 [ 2038.078414][T22193] ? __sys_sendmsg_sock+0x30/0x30 [ 2038.083478][T22193] ? __import_iovec+0x5f2/0x850 [ 2038.088378][T22193] ? import_iovec+0x73/0xa0 [ 2038.092920][T22193] ___sys_sendmsg+0x2a6/0x360 [ 2038.097650][T22193] ? __sys_sendmsg+0x2a0/0x2a0 [ 2038.102488][T22193] ? debug_mutex_init+0x38/0x70 [ 2038.107706][T22193] __se_sys_sendmsg+0x1c2/0x2b0 [ 2038.112600][T22193] ? __x64_sys_sendmsg+0x80/0x80 [ 2038.117596][T22193] ? lockdep_hardirqs_on+0x98/0x150 [ 2038.122841][T22193] do_syscall_64+0x55/0xb0 [ 2038.127372][T22193] ? clear_bhb_loop+0x40/0x90 [ 2038.132230][T22193] ? clear_bhb_loop+0x40/0x90 [ 2038.136920][T22193] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2038.142926][T22193] RIP: 0033:0x7f9c87d9ce59 [ 2038.147427][T22193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2038.167126][T22193] RSP: 002b:00007f9c88d09028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2038.175540][T22193] RAX: ffffffffffffffda RBX: 00007f9c88015fa0 RCX: 00007f9c87d9ce59 [ 2038.183534][T22193] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 2038.191597][T22193] RBP: 00007f9c87e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 2038.199590][T22193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2038.207558][T22193] R13: 00007f9c88016038 R14: 00007f9c88015fa0 R15: 00007ffe6815d498 [ 2038.215631][T22193] [ 2038.258109][T22203] syzkaller0: entered promiscuous mode [ 2038.296051][T22203] syzkaller0: entered allmulticast mode [ 2038.459887][T22214] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.22016'. [ 2038.486530][T22214] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 2038.496081][T22214] CPU: 1 PID: 22214 Comm: syz.1.22016 Not tainted syzkaller #0 [ 2038.503682][T22214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2038.513775][T22214] Call Trace: [ 2038.517084][T22214] [ 2038.520031][T22214] dump_stack_lvl+0x18c/0x250 [ 2038.524753][T22214] ? show_regs_print_info+0x20/0x20 [ 2038.530076][T22214] ? load_image+0x420/0x420 [ 2038.534626][T22214] sysfs_warn_dup+0x8e/0xa0 [ 2038.539246][T22214] sysfs_do_create_link_sd+0xc0/0x110 [ 2038.544832][T22214] device_add_class_symlinks+0x1cf/0x240 [ 2038.550597][T22214] device_add+0x507/0xc50 [ 2038.554977][T22214] wiphy_register+0x1dad/0x2ae0 [ 2038.559885][T22214] ? cfg80211_event_work+0x40/0x40 [ 2038.565016][T22214] ? minstrel_ht_alloc+0x88a/0x990 [ 2038.570146][T22214] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 2038.576224][T22214] ieee80211_register_hw+0x3464/0x4250 [ 2038.581708][T22214] ? ieee80211_tasklet_handler+0x20/0x20 [ 2038.587344][T22214] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2038.593245][T22214] ? __debug_object_init+0xec/0x450 [ 2038.598455][T22214] ? __asan_memset+0x22/0x40 [ 2038.603046][T22214] ? __hrtimer_init+0x186/0x270 [ 2038.607905][T22214] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 2038.613693][T22214] ? mac80211_hwsim_free+0x220/0x220 [ 2038.618982][T22214] ? rcu_is_watching+0x15/0xb0 [ 2038.623754][T22214] ? kstrndup+0xbd/0x140 [ 2038.628007][T22214] hwsim_new_radio_nl+0xdc9/0x1a90 [ 2038.633304][T22214] ? __nla_validate+0x50/0x50 [ 2038.638016][T22214] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2038.644360][T22214] ? __nla_parse+0x40/0x50 [ 2038.648777][T22214] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 2038.655112][T22214] genl_family_rcv_msg_doit+0x211/0x310 [ 2038.660752][T22214] ? end_current_label_crit_section+0x170/0x170 [ 2038.667022][T22214] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 2038.672949][T22214] ? bpf_lsm_capable+0x9/0x10 [ 2038.677634][T22214] ? security_capable+0x89/0xb0 [ 2038.682495][T22214] genl_rcv_msg+0x619/0x7a0 [ 2038.687010][T22214] ? genl_bind+0x360/0x360 [ 2038.691426][T22214] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 2038.697792][T22214] ? ref_tracker_free+0x690/0x840 [ 2038.702829][T22214] netlink_rcv_skb+0x241/0x4d0 [ 2038.707684][T22214] ? genl_bind+0x360/0x360 [ 2038.712105][T22214] ? netlink_ack+0x1180/0x1180 [ 2038.716882][T22214] ? __lock_acquire+0x7d40/0x7d40 [ 2038.722003][T22214] ? down_read+0x1ac/0x2e0 [ 2038.726428][T22214] genl_rcv+0x28/0x40 [ 2038.730410][T22214] netlink_unicast+0x751/0x8d0 [ 2038.735188][T22214] netlink_sendmsg+0x8d0/0xbf0 [ 2038.739971][T22214] ? netlink_getsockopt+0x590/0x590 [ 2038.745259][T22214] ? aa_sock_msg_perm+0x94/0x150 [ 2038.750380][T22214] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2038.755693][T22214] ? security_socket_sendmsg+0x80/0xa0 [ 2038.761326][T22214] ? netlink_getsockopt+0x590/0x590 [ 2038.766557][T22214] ____sys_sendmsg+0x5ba/0x960 [ 2038.771447][T22214] ? __asan_memset+0x22/0x40 [ 2038.776045][T22214] ? __sys_sendmsg_sock+0x30/0x30 [ 2038.781070][T22214] ? __import_iovec+0x5f2/0x850 [ 2038.785922][T22214] ? import_iovec+0x73/0xa0 [ 2038.790438][T22214] ___sys_sendmsg+0x2a6/0x360 [ 2038.795152][T22214] ? __sys_sendmsg+0x2a0/0x2a0 [ 2038.799945][T22214] ? debug_mutex_init+0x38/0x70 [ 2038.804823][T22214] __se_sys_sendmsg+0x1c2/0x2b0 [ 2038.809678][T22214] ? __x64_sys_sendmsg+0x80/0x80 [ 2038.814627][T22214] ? lockdep_hardirqs_on+0x98/0x150 [ 2038.819854][T22214] do_syscall_64+0x55/0xb0 [ 2038.824273][T22214] ? clear_bhb_loop+0x40/0x90 [ 2038.828957][T22214] ? clear_bhb_loop+0x40/0x90 [ 2038.833632][T22214] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2038.839530][T22214] RIP: 0033:0x7f4bde59ce59 [ 2038.844062][T22214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2038.863674][T22214] RSP: 002b:00007f4bdf541028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2038.872101][T22214] RAX: ffffffffffffffda RBX: 00007f4bde815fa0 RCX: 00007f4bde59ce59 [ 2038.880068][T22214] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 2038.888123][T22214] RBP: 00007f4bde632d6f R08: 0000000000000000 R09: 0000000000000000 [ 2038.896177][T22214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2038.904168][T22214] R13: 00007f4bde816038 R14: 00007f4bde815fa0 R15: 00007ffeb46268e8 [ 2038.912679][T22214] [ 2040.070345][T22246] netlink: 'syz.3.22022': attribute type 10 has an invalid length. [ 2043.879298][T22288] netlink: 'syz.2.22038': attribute type 10 has an invalid length. [ 2043.900092][T22288] team0: Device vxcan1 is of different type [ 2046.949367][T22322] netlink: 'syz.1.22054': attribute type 4 has an invalid length. [ 2046.962578][T22322] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.22054'. [ 2051.238001][T22351] netlink: 'syz.3.22065': attribute type 4 has an invalid length. [ 2051.265309][T22351] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.22065'. [ 2051.304894][T22356] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.22069'. [ 2052.976739][T22383] netlink: 'syz.0.22081': attribute type 4 has an invalid length. [ 2052.987848][T22383] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.22081'. [ 2059.121922][T22424] netlink: 'syz.2.22095': attribute type 4 has an invalid length. [ 2059.130676][T22424] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.22095'. [ 2060.030222][T22435] netlink: 'syz.0.22109': attribute type 10 has an invalid length. [ 2061.803147][T22481] netlink: 'syz.2.22121': attribute type 4 has an invalid length. [ 2061.829167][T22481] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.22121'. [ 2063.192284][T22505] netlink: 'syz.2.22133': attribute type 4 has an invalid length. [ 2063.272527][T22505] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.22133'. [ 2066.127560][T22589] netlink: 'syz.2.22169': attribute type 4 has an invalid length. [ 2066.135546][T22589] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.22169'. [ 2066.583453][T22598] netlink: 'syz.2.22180': attribute type 4 has an invalid length. [ 2066.592070][T22598] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.22180'. [ 2066.845123][T22605] netlink: 830 bytes leftover after parsing attributes in process `syz.2.22176'. [ 2067.417543][T22617] syz.2.22182: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 2067.473045][T22617] CPU: 1 PID: 22617 Comm: syz.2.22182 Not tainted syzkaller #0 [ 2067.480679][T22617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2067.490854][T22617] Call Trace: [ 2067.494237][T22617] [ 2067.497225][T22617] dump_stack_lvl+0x18c/0x250 [ 2067.501942][T22617] ? show_regs_print_info+0x20/0x20 [ 2067.507249][T22617] ? load_image+0x420/0x420 [ 2067.511811][T22617] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2067.518439][T22617] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 2067.524972][T22617] warn_alloc+0x246/0x340 [ 2067.529382][T22617] ? stack_trace_save+0xaa/0x100 [ 2067.534353][T22617] ? zone_watermark_ok_safe+0x230/0x230 [ 2067.539943][T22617] ? kasan_set_track+0x5f/0x70 [ 2067.544748][T22617] ? kasan_set_track+0x4e/0x70 [ 2067.549533][T22617] ? __kasan_kmalloc+0x8f/0xa0 [ 2067.554326][T22617] ? xsk_init_queue+0xad/0x100 [ 2067.559394][T22617] ? xsk_setsockopt+0x4e5/0x760 [ 2067.564295][T22617] ? do_sock_setsockopt+0x175/0x1a0 [ 2067.569523][T22617] ? __x64_sys_setsockopt+0x182/0x200 [ 2067.574955][T22617] __vmalloc_node_range+0x126/0x1330 [ 2067.580321][T22617] ? free_vm_area+0x50/0x50 [ 2067.584970][T22617] vmalloc_user+0x74/0x80 [ 2067.589534][T22617] ? xskq_create+0xbf/0x170 [ 2067.594065][T22617] xskq_create+0xbf/0x170 [ 2067.598435][T22617] xsk_init_queue+0xad/0x100 [ 2067.603083][T22617] xsk_setsockopt+0x4e5/0x760 [ 2067.607797][T22617] ? xsk_poll+0x680/0x680 [ 2067.612254][T22617] ? __fget_files+0x28/0x4b0 [ 2067.616906][T22617] ? __fget_files+0x28/0x4b0 [ 2067.621621][T22617] ? aa_sock_opt_perm+0x74/0x100 [ 2067.626607][T22617] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 2067.632208][T22617] ? security_socket_setsockopt+0x7e/0xa0 [ 2067.638075][T22617] ? xsk_poll+0x680/0x680 [ 2067.642455][T22617] do_sock_setsockopt+0x175/0x1a0 [ 2067.647528][T22617] ? __fdget+0x180/0x210 [ 2067.651795][T22617] __x64_sys_setsockopt+0x182/0x200 [ 2067.657038][T22617] do_syscall_64+0x55/0xb0 [ 2067.661515][T22617] ? clear_bhb_loop+0x40/0x90 [ 2067.666315][T22617] ? clear_bhb_loop+0x40/0x90 [ 2067.671024][T22617] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2067.677090][T22617] RIP: 0033:0x7f8a7c59ce59 [ 2067.681537][T22617] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2067.701440][T22617] RSP: 002b:00007f8a7d433028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 2067.709955][T22617] RAX: ffffffffffffffda RBX: 00007f8a7c815fa0 RCX: 00007f8a7c59ce59 [ 2067.717958][T22617] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 2067.725983][T22617] RBP: 00007f8a7c632d6f R08: 0000000000000004 R09: 0000000000000000 [ 2067.733984][T22617] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 2067.741992][T22617] R13: 00007f8a7c816038 R14: 00007f8a7c815fa0 R15: 00007ffeb2734a48 [ 2067.750048][T22617] [ 2067.877975][T22619] netlink: 'syz.3.22181': attribute type 4 has an invalid length. [ 2067.906006][T22619] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.22181'. [ 2068.025296][T22617] Mem-Info: [ 2068.029006][T22617] active_anon:12909 inactive_anon:0 isolated_anon:0 [ 2068.029006][T22617] active_file:18543 inactive_file:40736 isolated_file:0 [ 2068.029006][T22617] unevictable:768 dirty:197 writeback:0 [ 2068.029006][T22617] slab_reclaimable:10768 slab_unreclaimable:100672 [ 2068.029006][T22617] mapped:24043 shmem:1361 pagetables:549 [ 2068.029006][T22617] sec_pagetables:0 bounce:0 [ 2068.029006][T22617] kernel_misc_reclaimable:0 [ 2068.029006][T22617] free:1326512 free_pcp:8559 free_cma:0 [ 2068.082837][T22617] Node 0 active_anon:51512kB inactive_anon:0kB active_file:74172kB inactive_file:162740kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96176kB dirty:800kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9784kB pagetables:2052kB sec_pagetables:0kB all_unreclaimable? no [ 2068.147872][T22617] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 2068.188313][T22621] netlink: 'syz.3.22192': attribute type 4 has an invalid length. [ 2068.201137][T22621] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.22192'. [ 2068.232257][T22617] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2068.266079][T22617] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 2068.272134][T22617] Node 0 DMA32 free:1390676kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:51472kB inactive_anon:0kB active_file:74172kB inactive_file:161920kB unevictable:1536kB writepending:800kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:22396kB local_pcp:15832kB free_cma:0kB [ 2068.304236][T22617] lowmem_reserve[]: 0 0 0 0 0 [ 2068.309212][T22617] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2068.336494][T22617] lowmem_reserve[]: 0 0 0 0 0 [ 2068.341809][T22617] Node 1 Normal free:3898376kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17160kB local_pcp:6688kB free_cma:0kB [ 2068.388091][T22617] lowmem_reserve[]: 0 0 0 0 0 [ 2068.392890][T22617] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2068.421177][T22617] Node 0 DMA32: 2009*4kB (UME) 1262*8kB (UME) 872*16kB (UME) 670*32kB (UME) 1485*64kB (UME) 725*128kB (UME) 289*256kB (UME) 131*512kB (UME) 58*1024kB (UM) 43*2048kB (UM) 210*4096kB (UM) = 1390036kB [ 2068.443114][T22617] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 2068.462351][T22617] Node 1 Normal: 218*4kB (UME) 46*8kB (UME) 37*16kB (UME) 41*32kB (UME) 17*64kB (UME) 9*128kB (UME) 3*256kB (UME) 0*512kB 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3898376kB [ 2068.480824][T22617] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2068.490917][T22617] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2068.500662][T22617] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2068.511185][T22617] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 2068.520900][T22617] 60640 total pagecache pages [ 2068.525606][T22617] 0 pages in swap cache [ 2068.530301][T22617] Free swap = 124996kB [ 2068.534480][T22617] Total swap = 124996kB [ 2068.539287][T22617] 2097051 pages RAM [ 2068.543127][T22617] 0 pages HighMem/MovableOnly [ 2068.548278][T22617] 416933 pages reserved [ 2068.552563][T22617] 0 pages cma reserved [ 2068.855846][T22647] netlink: 'syz.0.22195': attribute type 4 has an invalid length. [ 2068.871267][T22647] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.22195'. [ 2069.110304][T22652] netlink: 830 bytes leftover after parsing attributes in process `syz.3.22207'. [ 2069.708100][T22657] syzkaller0: entered promiscuous mode [ 2069.726020][T22657] syzkaller0: entered allmulticast mode [ 2070.292255][T22674] syz.1.22209[22674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2070.292587][T22674] syz.1.22209[22674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2073.084582][T22703] netlink: 'syz.0.22222': attribute type 4 has an invalid length. [ 2073.118000][T22703] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.22222'. [ 2073.173600][T22707] syz.2.22226[22707] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2073.173919][T22707] syz.2.22226[22707] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2074.043753][T22731] netlink: 'syz.3.22235': attribute type 2 has an invalid length. [ 2074.104090][T22731] netlink: 'syz.3.22235': attribute type 1 has an invalid length. [ 2074.129676][T22731] netlink: 198036 bytes leftover after parsing attributes in process `syz.3.22235'. [ 2074.450835][T22739] netlink: 'syz.3.22240': attribute type 4 has an invalid length. [ 2074.486452][T22739] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.22240'. [ 2075.881903][T22755] netlink: 'syz.2.22247': attribute type 1 has an invalid length. [ 2075.893676][T22755] netlink: 'syz.2.22247': attribute type 4 has an invalid length. [ 2075.904455][T22755] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.22247'. [ 2076.338811][T22769] netlink: 'syz.2.22253': attribute type 4 has an invalid length. [ 2076.361646][T22769] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.22253'. [ 2081.204047][T17717] Bluetooth: hci2: unexpected event 0x08 length: 151 > 4 [ 2084.453183][T17717] Bluetooth: hci0: unexpected event 0x07 length: 15 < 255 [ 2089.801761][T22904] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.22309'. [ 2095.305148][T22978] netlink: 'syz.2.22337': attribute type 3 has an invalid length. [ 2095.315414][T22978] netlink: 132 bytes leftover after parsing attributes in process `syz.2.22337'. [ 2096.813326][T23031] netlink: 'syz.2.22360': attribute type 1 has an invalid length. [ 2096.893753][T23035] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22361'. [ 2097.363651][T17717] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 2098.523048][T23092] netlink: 'syz.3.22387': attribute type 1 has an invalid length. [ 2099.071143][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 2099.080139][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 2099.134772][T23104] netlink: 12 bytes leftover after parsing attributes in process `syz.3.22391'. [ 2099.156142][T23104] netlink: 152 bytes leftover after parsing attributes in process `syz.3.22391'. [ 2099.367779][T23108] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.22393'. [ 2099.598563][T23114] netlink: 'syz.1.22398': attribute type 1 has an invalid length. [ 2099.875013][T23129] netlink: 'syz.1.22403': attribute type 10 has an invalid length. [ 2099.966392][T23131] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22404'. [ 2099.975586][T23131] netlink: 152 bytes leftover after parsing attributes in process `syz.0.22404'. [ 2100.113605][T17717] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 2100.274104][T23149] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.22411'. [ 2100.387164][T23152] netlink: 'syz.2.22414': attribute type 6 has an invalid length. [ 2100.409864][T23152] netlink: 212824 bytes leftover after parsing attributes in process `syz.2.22414'. [ 2100.502095][T23158] netlink: 12 bytes leftover after parsing attributes in process `syz.2.22417'. [ 2100.511771][T23158] netlink: 152 bytes leftover after parsing attributes in process `syz.2.22417'. [ 2100.895553][T17717] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 2101.052447][T23175] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.22424'. [ 2101.371672][T23192] netlink: 'syz.2.22431': attribute type 10 has an invalid length. [ 2101.382053][T23192] bridge0: port 2(bridge_slave_1) entered disabled state [ 2101.389542][T23192] bridge0: port 1(bridge_slave_0) entered disabled state [ 2101.389878][T23184] netlink: 'syz.3.22428': attribute type 3 has an invalid length. [ 2101.410919][T23184] netlink: 132 bytes leftover after parsing attributes in process `syz.3.22428'. [ 2102.238588][T23222] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.22446'. [ 2102.415058][T23228] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.22447'. [ 2103.125341][T23249] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.22458'. [ 2103.744586][T23253] netlink: 'syz.1.22461': attribute type 21 has an invalid length. [ 2103.757035][T23253] netlink: 'syz.1.22461': attribute type 10 has an invalid length. [ 2103.765475][T23253] netlink: 'syz.1.22461': attribute type 12 has an invalid length. [ 2103.774557][T23253] netlink: 'syz.1.22461': attribute type 13 has an invalid length. [ 2103.784625][T23253] netlink: 'syz.1.22461': attribute type 14 has an invalid length. [ 2103.793970][T23253] netlink: 'syz.1.22461': attribute type 15 has an invalid length. [ 2103.802688][T23253] netlink: 'syz.1.22461': attribute type 16 has an invalid length. [ 2103.814611][T23253] netlink: 12226 bytes leftover after parsing attributes in process `syz.1.22461'. [ 2104.835904][T23275] netlink: 132 bytes leftover after parsing attributes in process `syz.1.22467'. [ 2106.573185][T23303] @ÿ: renamed from bond_slave_0 [ 2106.992272][T23317] syzkaller0: entered promiscuous mode [ 2107.000448][T23317] syzkaller0: entered allmulticast mode [ 2107.030847][T23321] validate_nla: 4 callbacks suppressed [ 2107.030868][T23321] netlink: 'syz.3.22488': attribute type 33 has an invalid length. [ 2107.055814][T23321] netlink: 40 bytes leftover after parsing attributes in process `syz.3.22488'. [ 2107.149305][T23324] netlink: 'syz.0.22489': attribute type 3 has an invalid length. [ 2107.167899][T23324] netlink: 132 bytes leftover after parsing attributes in process `syz.0.22489'. [ 2110.827614][T23351] netlink: 'syz.2.22501': attribute type 33 has an invalid length. [ 2110.837260][T23351] netlink: 40 bytes leftover after parsing attributes in process `syz.2.22501'. [ 2111.012470][T23361] netlink: 'syz.2.22505': attribute type 3 has an invalid length. [ 2111.020859][T23361] netlink: 132 bytes leftover after parsing attributes in process `syz.2.22505'. [ 2114.607036][T23386] netlink: 'syz.1.22515': attribute type 33 has an invalid length. [ 2114.626322][T23386] netlink: 40 bytes leftover after parsing attributes in process `syz.1.22515'. [ 2114.741119][T23392] netlink: 'syz.0.22518': attribute type 3 has an invalid length. [ 2114.750870][T23392] netlink: 132 bytes leftover after parsing attributes in process `syz.0.22518'. [ 2121.203078][T23515] syzkaller0: entered promiscuous mode [ 2121.208922][T23515] syzkaller0: entered allmulticast mode [ 2123.072491][T23542] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2123.240715][T17717] Bluetooth: hci1: unexpected event 0x31 length: 15 > 6 [ 2126.189844][T23587] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.22615'. [ 2126.807221][T23605] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 2126.988487][T23611] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.22627'. [ 2127.023661][T23611] netlink: zone id is out of range [ 2127.033933][T23611] netlink: zone id is out of range [ 2127.045475][T23611] netlink: zone id is out of range [ 2127.055772][T23611] netlink: zone id is out of range [ 2127.071406][T23611] netlink: zone id is out of range [ 2127.079809][T23611] netlink: zone id is out of range [ 2127.086473][T23611] netlink: zone id is out of range [ 2127.092305][T23611] netlink: zone id is out of range [ 2127.227287][T23620] syzkaller0: entered promiscuous mode [ 2127.243982][T23620] syzkaller0: entered allmulticast mode [ 2130.778438][T23657] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.22638'. [ 2130.921215][T23664] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.22639'. [ 2130.939453][T23664] net_ratelimit: 106 callbacks suppressed [ 2130.939505][T23664] netlink: zone id is out of range [ 2130.953962][T23664] netlink: zone id is out of range [ 2130.962865][T23664] netlink: zone id is out of range [ 2130.971493][T23664] netlink: zone id is out of range [ 2130.984884][T23664] netlink: zone id is out of range [ 2131.010976][T23664] netlink: zone id is out of range [ 2131.020523][T23664] netlink: zone id is out of range [ 2131.031114][T23664] netlink: zone id is out of range [ 2131.040807][T23664] netlink: zone id is out of range [ 2131.053180][T23664] netlink: zone id is out of range [ 2131.403906][T23685] syzkaller0: entered promiscuous mode [ 2131.411799][T23685] syzkaller0: entered allmulticast mode [ 2131.423346][T23686] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.22654'. [ 2132.353095][T23701] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.22658'. [ 2134.338917][T23740] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.22672'. [ 2134.874637][T23756] syzkaller0: entered promiscuous mode [ 2134.903501][T23756] syzkaller0: entered allmulticast mode [ 2134.982635][T23763] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.22686'. [ 2135.189747][T23768] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.22696'. [ 2136.853673][T23796] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.22699'. [ 2136.866955][T23796] net_ratelimit: 560 callbacks suppressed [ 2136.866975][T23796] netlink: zone id is out of range [ 2136.892958][T23796] netlink: zone id is out of range [ 2136.912497][T23796] netlink: zone id is out of range [ 2136.920674][T23796] netlink: zone id is out of range [ 2136.953118][T23796] netlink: zone id is out of range [ 2136.973000][T23796] netlink: zone id is out of range [ 2136.983893][T23796] netlink: zone id is out of range [ 2136.991821][T23796] netlink: zone id is out of range [ 2137.002498][T23796] netlink: zone id is out of range [ 2137.016378][T23796] netlink: zone id is out of range [ 2138.785205][T23804] netlink: 44 bytes leftover after parsing attributes in process `syz.2.22710'. [ 2138.867779][T23806] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.22714'. [ 2139.041478][T23813] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.22718'. [ 2142.063837][T23906] netlink: 'syz.2.22750': attribute type 7 has an invalid length. [ 2143.346638][T17717] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 2143.859793][T23965] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.22785'. [ 2147.196217][T17717] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 2148.783764][T24025] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.22801'. [ 2149.127467][T24039] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.22816'. [ 2155.339615][T24147] syzkaller0: entered promiscuous mode [ 2155.359019][T24147] syzkaller0: entered allmulticast mode [ 2155.637935][T24156] netlink: 'syz.1.22852': attribute type 7 has an invalid length. [ 2157.646702][T24186] netlink: 'syz.0.22865': attribute type 7 has an invalid length. [ 2157.824447][T17717] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2160.516207][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.522665][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 2161.531197][T24262] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.22896'. [ 2166.722929][T24319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2167.252172][T24334] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.22936'. [ 2168.225090][T24363] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.22941'. [ 2172.020023][T24448] syzkaller0: entered promiscuous mode [ 2172.025801][T24448] syzkaller0: entered allmulticast mode [ 2172.034084][T24448] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 65487 [ 2174.055520][T24502] -: renamed from syzkaller0 [ 2175.705472][T24532] netlink: 'syz.2.23009': attribute type 10 has an invalid length. [ 2175.733644][T24532] netlink: 40 bytes leftover after parsing attributes in process `syz.2.23009'. [ 2175.750646][T24532] batman_adv: batadv0: Adding interface: veth0_vlan [ 2175.757969][T24532] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2175.796121][T24532] batman_adv: batadv0: Interface activated: veth0_vlan [ 2176.516743][T24553] syzkaller0: entered promiscuous mode [ 2176.543203][T24553] syzkaller0: entered allmulticast mode [ 2178.756495][T24591] syzkaller0: entered promiscuous mode [ 2178.776788][T24591] syzkaller0: entered allmulticast mode [ 2181.522939][T24636] netlink: 'syz.1.23042': attribute type 10 has an invalid length. [ 2181.551354][T24636] netlink: 40 bytes leftover after parsing attributes in process `syz.1.23042'. [ 2181.590830][T24636] veth0_vlan: left promiscuous mode [ 2181.603856][T24636] veth0_vlan: entered promiscuous mode [ 2181.647228][T24636] batman_adv: batadv0: Adding interface: veth0_vlan [ 2181.666415][T24636] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2181.726145][T24636] batman_adv: batadv0: Interface activated: veth0_vlan [ 2182.117961][T24644] syzkaller0: entered promiscuous mode [ 2182.123674][T24644] syzkaller0: entered allmulticast mode [ 2183.056787][T24652] -: renamed from syzkaller0 [ 2184.866309][T24685] netlink: 'syz.0.23054': attribute type 10 has an invalid length. [ 2184.889696][T24685] netlink: 40 bytes leftover after parsing attributes in process `syz.0.23054'. [ 2184.913543][T24685] veth0_vlan: left promiscuous mode [ 2184.938934][T24685] veth0_vlan: entered promiscuous mode [ 2184.964665][T24685] batman_adv: batadv0: Adding interface: veth0_vlan [ 2184.986237][T24685] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2185.055367][T24685] batman_adv: batadv0: Interface activated: veth0_vlan [ 2187.685559][T24724] -: renamed from syzkaller0 [ 2188.447367][T24733] netlink: 'syz.3.23070': attribute type 10 has an invalid length. [ 2188.506075][T24733] netlink: 40 bytes leftover after parsing attributes in process `syz.3.23070'. [ 2188.554397][T24733] veth0_vlan: left promiscuous mode [ 2188.606164][T24733] veth0_vlan: entered promiscuous mode [ 2188.662246][T24733] batman_adv: batadv0: Adding interface: veth0_vlan [ 2188.691325][T24733] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2188.795451][T24733] batman_adv: batadv0: Interface activated: veth0_vlan [ 2189.940814][T24769] netlink: 'syz.1.23092': attribute type 10 has an invalid length. [ 2189.974732][T24769] netlink: 40 bytes leftover after parsing attributes in process `syz.1.23092'. [ 2193.045823][T24806] netlink: 'syz.0.23103': attribute type 10 has an invalid length. [ 2193.067060][T24806] netlink: 40 bytes leftover after parsing attributes in process `syz.0.23103'. [ 2196.405819][T24869] netlink: 'syz.1.23135': attribute type 10 has an invalid length. [ 2196.414030][T24869] netlink: 40 bytes leftover after parsing attributes in process `syz.1.23135'. [ 2199.907663][T24919] netlink: 'syz.1.23155': attribute type 3 has an invalid length. [ 2199.915793][T24919] netlink: 'syz.1.23155': attribute type 6 has an invalid length. [ 2199.924542][T24919] netlink: 144448 bytes leftover after parsing attributes in process `syz.1.23155'. [ 2200.393403][T24931] sctp: [Deprecated]: syz.2.23160 (pid 24931) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2200.393403][T24931] Use struct sctp_sack_info instead [ 2201.438321][T24950] netlink: 2220 bytes leftover after parsing attributes in process `syz.3.23170'. [ 2202.383475][T24967] netlink: 'syz.2.23176': attribute type 2 has an invalid length. [ 2202.393030][T24967] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.23176'. [ 2202.455530][T24970] netlink: 'syz.3.23178': attribute type 3 has an invalid length. [ 2202.464409][T24970] netlink: 'syz.3.23178': attribute type 6 has an invalid length. [ 2202.473084][T24970] netlink: 144448 bytes leftover after parsing attributes in process `syz.3.23178'. [ 2202.543460][T24973] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.23182'. [ 2202.572271][T24975] netlink: 'syz.0.23189': attribute type 2 has an invalid length. [ 2202.602801][T24975] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.23189'. [ 2202.669637][T24980] netlink: 2220 bytes leftover after parsing attributes in process `syz.2.23192'. [ 2203.216695][T24988] netlink: 2220 bytes leftover after parsing attributes in process `syz.0.23196'. [ 2204.114736][T25005] netlink: 'syz.3.23195': attribute type 2 has an invalid length. [ 2204.136292][T25005] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.23195'. [ 2204.274206][T25013] netlink: 2220 bytes leftover after parsing attributes in process `syz.1.23198'. [ 2204.363115][ T6624] Bluetooth: hci1: unexpected subevent 0x06 length: 150 > 10 [ 2205.631211][T25037] netlink: 'syz.1.23210': attribute type 2 has an invalid length. [ 2205.671372][T25037] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.23210'. [ 2205.825039][ T6624] Bluetooth: hci0: unexpected subevent 0x06 length: 150 > 10 [ 2205.832572][ T6624] Bluetooth: min 0 < 6 [ 2206.426067][ T6624] Bluetooth: hci1: command 0x0406 tx timeout [ 2206.562651][T25068] netlink: 'syz.0.23224': attribute type 2 has an invalid length. [ 2206.583082][T25068] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.23224'. [ 2207.211962][T25074] netlink: 'syz.0.23235': attribute type 2 has an invalid length. [ 2207.232299][T25074] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.23235'. [ 2207.866132][ T6624] Bluetooth: hci0: command 0x206c tx timeout [ 2211.606187][ T6624] Bluetooth: hci2: unexpected subevent 0x06 length: 150 > 10 [ 2213.626463][ T6624] Bluetooth: hci2: command 0x0406 tx timeout [ 2215.569996][T25203] __sock_release: fasync list not empty! [ 2218.583095][T25248] __sock_release: fasync list not empty! [ 2220.075027][T25245] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.23311'. [ 2220.085007][T25259] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.23309'. [ 2220.487162][T25271] __sock_release: fasync list not empty! [ 2221.951739][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 2221.976394][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 2224.122660][T25294] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.23323'. [ 2224.133008][T25300] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.23326'. [ 2224.948146][T25342] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.23343'. [ 2224.988674][T25344] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.23344'. [ 2225.694918][T25367] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.23354'. [ 2227.660244][T25420] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.23382'. [ 2229.032071][T25469] __sock_release: fasync list not empty! [ 2230.054075][T25496] netlink: 'syz.2.23410': attribute type 1 has an invalid length. [ 2230.078025][T25496] netlink: 'syz.2.23410': attribute type 4 has an invalid length. [ 2230.103287][T25496] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.23410'. [ 2231.257196][ T6624] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 2232.228399][T25551] netlink: 'syz.0.23430': attribute type 1 has an invalid length. [ 2232.251922][T25551] netlink: 'syz.0.23430': attribute type 4 has an invalid length. [ 2232.271131][T25551] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.23430'. [ 2232.315653][ T6624] Bluetooth: Frame is too long (len 149, expected len 4) [ 2232.772856][T25564] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.23437'. [ 2232.785252][T25564] net_ratelimit: 332 callbacks suppressed [ 2232.785268][T25564] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2232.975405][T25566] syzkaller0: entered promiscuous mode [ 2233.004731][T25566] syzkaller0: entered allmulticast mode [ 2235.999785][T25604] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.23451'. [ 2236.009561][T25604] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2236.501577][T25616] netlink: 63747 bytes leftover after parsing attributes in process `syz.3.23455'. [ 2237.242025][T25636] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.23463'. [ 2237.266897][T25636] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 2237.352639][T25643] netlink: 63747 bytes leftover after parsing attributes in process `syz.2.23466'. [ 2238.013291][T25664] netlink: 63747 bytes leftover after parsing attributes in process `syz.1.23477'. [ 2245.383605][T25803] netlink: 'syz.1.23531': attribute type 6 has an invalid length. [ 2245.397203][T25803] netlink: 'syz.1.23531': attribute type 1 has an invalid length. [ 2245.408348][T25803] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.23531'. [ 2247.410141][T25827] netlink: 'syz.3.23542': attribute type 10 has an invalid length. [ 2248.020007][T25854] netlink: 'syz.2.23555': attribute type 4 has an invalid length. [ 2248.035370][T25854] netlink: 152 bytes leftover after parsing attributes in process `syz.2.23555'. [ 2249.538441][T25881] netlink: 'syz.0.23565': attribute type 6 has an invalid length. [ 2249.576090][T25881] netlink: 'syz.0.23565': attribute type 1 has an invalid length. [ 2249.611562][T25881] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.23565'. [ 2251.928405][T25923] ================================================================== [ 2251.936542][T25923] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900 [ 2251.944378][T25923] Write of size 32 at addr ffff88806c2feb90 by task syz.0.23583/25923 [ 2251.953053][T25923] [ 2251.955372][T25923] CPU: 0 PID: 25923 Comm: syz.0.23583 Not tainted syzkaller #0 [ 2251.963037][T25923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2251.973093][T25923] Call Trace: [ 2251.976371][T25923] [ 2251.979301][T25923] dump_stack_lvl+0x18c/0x250 [ 2251.984000][T25923] ? __lock_acquire+0x7d40/0x7d40 [ 2251.989127][T25923] ? show_regs_print_info+0x20/0x20 [ 2251.994461][T25923] ? load_image+0x420/0x420 [ 2251.998980][T25923] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 2252.004501][T25923] ? __virt_addr_valid+0x18c/0x540 [ 2252.009648][T25923] ? __virt_addr_valid+0x469/0x540 [ 2252.014780][T25923] print_report+0xa8/0x210 [ 2252.019204][T25923] ? __bpf_get_stackid+0x6bf/0x900 [ 2252.024317][T25923] kasan_report+0x117/0x150 [ 2252.028823][T25923] ? __bpf_get_stackid+0x6bf/0x900 [ 2252.033937][T25923] kasan_check_range+0x241/0x290 [ 2252.038886][T25923] ? __bpf_get_stackid+0x6bf/0x900 [ 2252.044005][T25923] __asan_memcpy+0x40/0x70 [ 2252.048423][T25923] __bpf_get_stackid+0x6bf/0x900 [ 2252.053370][T25923] bpf_get_stackid_pe+0x2f0/0x410 [ 2252.058496][T25923] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 2252.063954][T25923] bpf_overflow_handler+0x1fc/0x510 [ 2252.069190][T25923] ? bpf_overflow_handler+0xde/0x510 [ 2252.074487][T25923] ? tp_perf_event_destroy+0x20/0x20 [ 2252.079772][T25923] ? mark_lock+0x94/0x320 [ 2252.084104][T25923] ? __perf_event_account_interrupt+0x187/0x280 [ 2252.090435][T25923] __perf_event_overflow+0x447/0x630 [ 2252.095815][T25923] perf_swevent_overflow+0x268/0x340 [ 2252.101102][T25923] ? perf_event_switch_output+0x790/0x790 [ 2252.106832][T25923] ? rcu_is_watching+0x15/0xb0 [ 2252.111597][T25923] perf_swevent_event+0x45c/0x570 [ 2252.116626][T25923] ? perf_tp_event+0x1520/0x1520 [ 2252.121579][T25923] ? trace_event_raw_event_lock+0x250/0x250 [ 2252.127504][T25923] ___perf_sw_event+0x4a7/0x730 [ 2252.132358][T25923] ? ___perf_sw_event+0x199/0x730 [ 2252.137467][T25923] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 2252.143891][T25923] ? cpu_cfs_local_stat_show+0x150/0x150 [ 2252.149578][T25923] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 2252.155553][T25923] ? _raw_spin_unlock_irq+0x23/0x50 [ 2252.160750][T25923] ? lock_chain_count+0x20/0x20 [ 2252.165599][T25923] __perf_sw_event+0x139/0x270 [ 2252.170451][T25923] do_user_addr_fault+0x123e/0x12c0 [ 2252.175659][T25923] ? rcu_is_watching+0x15/0xb0 [ 2252.180424][T25923] exc_page_fault+0x64/0x100 [ 2252.185013][T25923] ? clear_bhb_loop+0x40/0x90 [ 2252.189688][T25923] asm_exc_page_fault+0x26/0x30 [ 2252.194570][T25923] RIP: 0033:0x7ffc653fca21 [ 2252.198985][T25923] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 2252.218591][T25923] RSP: 002b:00007eff3e819ff0 EFLAGS: 00010202 [ 2252.224925][T25923] RAX: 003572464f98aaf0 RBX: 00007ffc653f80b0 RCX: 0000000000000018 [ 2252.233329][T25923] RDX: 0000000035cb5db5 RSI: 00007eff3e81a0b0 RDI: 7fffffffffffffff [ 2252.241305][T25923] RBP: 00007eff3e81a030 R08: 00000000000008cb R09: 0000000000745d1e [ 2252.249381][T25923] R10: 00000485ae84d0fb R11: 000000000006d140 R12: 0000000000000010 [ 2252.257442][T25923] R13: 00007eff3dc16038 R14: 00007ffc653f8080 R15: 000000000006d140 [ 2252.265430][T25923] [ 2252.268444][T25923] [ 2252.270757][T25923] Allocated by task 25923: [ 2252.275180][T25923] kasan_set_track+0x4e/0x70 [ 2252.279769][T25923] __kasan_kmalloc+0x8f/0xa0 [ 2252.284360][T25923] __kmalloc_node+0xb4/0x230 [ 2252.288966][T25923] bpf_map_area_alloc+0x5e/0x110 [ 2252.293933][T25923] prealloc_elems_and_freelist+0x86/0x1c0 [ 2252.299828][T25923] stack_map_alloc+0x33a/0x4c0 [ 2252.304589][T25923] map_create+0x877/0x12f0 [ 2252.309022][T25923] __sys_bpf+0x651/0x890 [ 2252.313258][T25923] __x64_sys_bpf+0x7c/0x90 [ 2252.317680][T25923] do_syscall_64+0x55/0xb0 [ 2252.322092][T25923] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2252.328000][T25923] [ 2252.330321][T25923] Last potentially related work creation: [ 2252.336029][T25923] kasan_save_stack+0x3e/0x60 [ 2252.341147][T25923] __kasan_record_aux_stack+0xaf/0xc0 [ 2252.346518][T25923] call_rcu+0x153/0x950 [ 2252.350682][T25923] __nf_register_net_hook+0x788/0x910 [ 2252.356152][T25923] nf_register_net_hook+0xb2/0x190 [ 2252.361260][T25923] nf_register_net_hooks+0x44/0x1b0 [ 2252.366491][T25923] nf_ct_netns_do_get+0x213/0x5c0 [ 2252.371591][T25923] nf_ct_netns_inet_get+0x3b/0x150 [ 2252.376700][T25923] nf_conncount_init+0x127/0x380 [ 2252.381698][T25923] ovs_ct_init+0x316/0x490 [ 2252.386187][T25923] ovs_init_net+0x1e6/0x250 [ 2252.390691][T25923] ops_init+0x397/0x640 [ 2252.394908][T25923] setup_net+0x3b6/0xa30 [ 2252.399145][T25923] copy_net_ns+0x36d/0x5e0 [ 2252.403561][T25923] create_new_namespaces+0x3d3/0x6f0 [ 2252.408931][T25923] copy_namespaces+0x430/0x4a0 [ 2252.413691][T25923] copy_process+0x1724/0x3dc0 [ 2252.418466][T25923] kernel_clone+0x24b/0x8a0 [ 2252.422964][T25923] __x64_sys_clone+0x1b7/0x230 [ 2252.427721][T25923] do_syscall_64+0x55/0xb0 [ 2252.432126][T25923] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2252.438019][T25923] [ 2252.440333][T25923] Second to last potentially related work creation: [ 2252.446906][T25923] kasan_save_stack+0x3e/0x60 [ 2252.451577][T25923] __kasan_record_aux_stack+0xaf/0xc0 [ 2252.456971][T25923] call_rcu+0x153/0x950 [ 2252.461140][T25923] nf_unregister_net_hooks+0xcb/0x130 [ 2252.466513][T25923] nf_defrag_ipv6_disable+0x95/0xe0 [ 2252.471892][T25923] nf_ct_netns_put+0x375/0x520 [ 2252.476652][T25923] nf_conncount_destroy+0x41/0x150 [ 2252.482197][T25923] ovs_ct_exit+0x9c/0x200 [ 2252.486528][T25923] ovs_exit_net+0xed/0x7a0 [ 2252.490935][T25923] setup_net+0x7e7/0xa30 [ 2252.495169][T25923] copy_net_ns+0x36d/0x5e0 [ 2252.499574][T25923] create_new_namespaces+0x3d3/0x6f0 [ 2252.504849][T25923] copy_namespaces+0x430/0x4a0 [ 2252.509607][T25923] copy_process+0x1724/0x3dc0 [ 2252.514278][T25923] kernel_clone+0x24b/0x8a0 [ 2252.518778][T25923] __x64_sys_clone+0x1b7/0x230 [ 2252.523551][T25923] do_syscall_64+0x55/0xb0 [ 2252.527959][T25923] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2252.533857][T25923] [ 2252.536174][T25923] The buggy address belongs to the object at ffff88806c2feb80 [ 2252.536174][T25923] which belongs to the cache kmalloc-cg-64 of size 64 [ 2252.550307][T25923] The buggy address is located 16 bytes inside of [ 2252.550307][T25923] allocated 40-byte region [ffff88806c2feb80, ffff88806c2feba8) [ 2252.564273][T25923] [ 2252.566588][T25923] The buggy address belongs to the physical page: [ 2252.573011][T25923] page:ffffea0001b0bf80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88806c2fea00 pfn:0x6c2fe [ 2252.584497][T25923] memcg:ffff888031230801 [ 2252.588727][T25923] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 2252.596262][T25923] page_type: 0xffffffff() [ 2252.600584][T25923] raw: 00fff00000000800 ffff888017c4da00 ffffea0001575f00 dead000000000002 [ 2252.609167][T25923] raw: ffff88806c2fea00 000000008020001f 00000001ffffffff ffff888031230801 [ 2252.617828][T25923] page dumped because: kasan: bad access detected [ 2252.624254][T25923] page_owner tracks the page as allocated [ 2252.629977][T25923] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5771, tgid 5771 (syz-executor), ts 617529509782, free_ts 617523783154 [ 2252.648385][T25923] post_alloc_hook+0x1c1/0x200 [ 2252.653156][T25923] get_page_from_freelist+0x1951/0x19e0 [ 2252.658698][T25923] __alloc_pages+0x1f0/0x460 [ 2252.663280][T25923] alloc_slab_page+0x5d/0x160 [ 2252.667961][T25923] new_slab+0x87/0x2d0 [ 2252.672030][T25923] ___slab_alloc+0xc5d/0x12f0 [ 2252.676748][T25923] __kmem_cache_alloc_node+0x19e/0x250 [ 2252.682216][T25923] kmalloc_trace+0x2a/0xe0 [ 2252.686658][T25923] alloc_fdtable+0xca/0x2c0 [ 2252.691167][T25923] dup_fd+0x786/0xa50 [ 2252.695147][T25923] copy_files+0xc3/0x120 [ 2252.699410][T25923] copy_process+0x15ab/0x3dc0 [ 2252.704285][T25923] kernel_clone+0x24b/0x8a0 [ 2252.708798][T25923] __x64_sys_clone+0x1b7/0x230 [ 2252.713652][T25923] do_syscall_64+0x55/0xb0 [ 2252.718065][T25923] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2252.724048][T25923] page last free stack trace: [ 2252.728715][T25923] free_unref_page_prepare+0x7b2/0x8c0 [ 2252.734197][T25923] free_unref_page+0x32/0x2e0 [ 2252.738881][T25923] vfree+0x1a6/0x320 [ 2252.742781][T25923] delayed_vfree_work+0x55/0x80 [ 2252.747639][T25923] process_scheduled_works+0xa5d/0x15d0 [ 2252.753184][T25923] worker_thread+0xa55/0xfc0 [ 2252.757770][T25923] kthread+0x2fa/0x390 [ 2252.761855][T25923] ret_from_fork+0x48/0x80 [ 2252.766374][T25923] ret_from_fork_asm+0x11/0x20 [ 2252.771184][T25923] [ 2252.773500][T25923] Memory state around the buggy address: [ 2252.779121][T25923] ffff88806c2fea80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2252.787266][T25923] ffff88806c2feb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2252.795344][T25923] >ffff88806c2feb80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 2252.803409][T25923] ^ [ 2252.808774][T25923] ffff88806c2fec00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2252.817108][T25923] ffff88806c2fec80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2252.825220][T25923] ================================================================== [ 2252.833293][T25923] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 2252.840522][T25923] CPU: 0 PID: 25923 Comm: syz.0.23583 Not tainted syzkaller #0 [ 2252.848147][T25923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 2252.858193][T25923] Call Trace: [ 2252.861476][T25923] [ 2252.864405][T25923] dump_stack_lvl+0x18c/0x250 [ 2252.869187][T25923] ? show_regs_print_info+0x20/0x20 [ 2252.874381][T25923] ? load_image+0x420/0x420 [ 2252.878888][T25923] panic+0x2dc/0x730 [ 2252.882820][T25923] ? __lock_acquire+0x7d40/0x7d40 [ 2252.887843][T25923] ? bpf_jit_dump+0xd0/0xd0 [ 2252.892373][T25923] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 2252.898281][T25923] ? _raw_spin_unlock+0x40/0x40 [ 2252.903138][T25923] ? __bpf_get_stackid+0x6bf/0x900 [ 2252.908250][T25923] check_panic_on_warn+0x84/0xa0 [ 2252.913188][T25923] ? __bpf_get_stackid+0x6bf/0x900 [ 2252.918296][T25923] end_report+0x6f/0x130 [ 2252.922537][T25923] kasan_report+0x128/0x150 [ 2252.927040][T25923] ? __bpf_get_stackid+0x6bf/0x900 [ 2252.932151][T25923] kasan_check_range+0x241/0x290 [ 2252.937086][T25923] ? __bpf_get_stackid+0x6bf/0x900 [ 2252.942195][T25923] __asan_memcpy+0x40/0x70 [ 2252.946616][T25923] __bpf_get_stackid+0x6bf/0x900 [ 2252.951556][T25923] bpf_get_stackid_pe+0x2f0/0x410 [ 2252.956585][T25923] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 2252.962039][T25923] bpf_overflow_handler+0x1fc/0x510 [ 2252.967275][T25923] ? bpf_overflow_handler+0xde/0x510 [ 2252.972664][T25923] ? tp_perf_event_destroy+0x20/0x20 [ 2252.977952][T25923] ? mark_lock+0x94/0x320 [ 2252.982282][T25923] ? __perf_event_account_interrupt+0x187/0x280 [ 2252.988522][T25923] __perf_event_overflow+0x447/0x630 [ 2252.993807][T25923] perf_swevent_overflow+0x268/0x340 [ 2252.999093][T25923] ? perf_event_switch_output+0x790/0x790 [ 2253.004990][T25923] ? rcu_is_watching+0x15/0xb0 [ 2253.009755][T25923] perf_swevent_event+0x45c/0x570 [ 2253.014779][T25923] ? perf_tp_event+0x1520/0x1520 [ 2253.019716][T25923] ? trace_event_raw_event_lock+0x250/0x250 [ 2253.025626][T25923] ___perf_sw_event+0x4a7/0x730 [ 2253.030478][T25923] ? ___perf_sw_event+0x199/0x730 [ 2253.035594][T25923] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 2253.042006][T25923] ? cpu_cfs_local_stat_show+0x150/0x150 [ 2253.047664][T25923] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 2253.053640][T25923] ? _raw_spin_unlock_irq+0x23/0x50 [ 2253.058842][T25923] ? lock_chain_count+0x20/0x20 [ 2253.063690][T25923] __perf_sw_event+0x139/0x270 [ 2253.068456][T25923] do_user_addr_fault+0x123e/0x12c0 [ 2253.073655][T25923] ? rcu_is_watching+0x15/0xb0 [ 2253.078420][T25923] exc_page_fault+0x64/0x100 [ 2253.083011][T25923] ? clear_bhb_loop+0x40/0x90 [ 2253.087698][T25923] asm_exc_page_fault+0x26/0x30 [ 2253.092636][T25923] RIP: 0033:0x7ffc653fca21 [ 2253.097064][T25923] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 2253.116772][T25923] RSP: 002b:00007eff3e819ff0 EFLAGS: 00010202 [ 2253.122837][T25923] RAX: 003572464f98aaf0 RBX: 00007ffc653f80b0 RCX: 0000000000000018 [ 2253.131322][T25923] RDX: 0000000035cb5db5 RSI: 00007eff3e81a0b0 RDI: 7fffffffffffffff [ 2253.139314][T25923] RBP: 00007eff3e81a030 R08: 00000000000008cb R09: 0000000000745d1e [ 2253.147294][T25923] R10: 00000485ae84d0fb R11: 000000000006d140 R12: 0000000000000010 [ 2253.155268][T25923] R13: 00007eff3dc16038 R14: 00007ffc653f8080 R15: 000000000006d140 [ 2253.163244][T25923] [ 2253.166542][T25923] Kernel Offset: disabled [ 2253.170852][T25923] Rebooting in 86400 seconds..