last executing test programs: 4.089290196s ago: executing program 2 (id=16805): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000400), &(0x7f0000000440)='%pS \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 3.666725114s ago: executing program 2 (id=16814): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x8, 0x10002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0c00000004000000040000000900000000000000", @ANYRES32=r0, @ANYBLOB], 0x48) perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xe1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x81, r1}, 0x38) 3.058882982s ago: executing program 1 (id=16820): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r1, 0x58, &(0x7f00000000c0)}, 0x10) 2.746884291s ago: executing program 2 (id=16824): perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80002, 0x0, 0x0, 0x0, 0x0, 0x9}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x23, &(0x7f0000000040), 0xcf) 2.66742905s ago: executing program 1 (id=16826): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=@base={0x12, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000000180), &(0x7f0000000100)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000300), &(0x7f0000000040)=""/10}, 0x20) 1.560208926s ago: executing program 2 (id=16848): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001cc0)=""/61, 0x3d}, {&(0x7f0000002d40)=""/4107, 0x100b}, {&(0x7f0000000340)=""/119, 0x77}], 0x3}, 0x0) recvmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0) 1.341045805s ago: executing program 1 (id=16855): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f4, &(0x7f0000000080)) 1.094300124s ago: executing program 2 (id=16861): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 923.377544ms ago: executing program 1 (id=16865): socket$kcm(0x2, 0x1000000000000002, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff05000000", @ANYRES32=0x1], 0x48) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)) 616.652293ms ago: executing program 2 (id=16876): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$unix(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001340)="27067bfcf0b9faa79a8561879c850be2c8462aa6e404492414b9f6113440cbafd234ddc922141c75edaf461acfa3706bc2695fd46415f587f7727e629e4a0c44986bc9d798d6393052e1f2e38430d66d6ca7806db626d9c6f0864ebc1492c32923bf2460a0158149cfb4ebd68b82c046c8a2986fc8eabfcefd085b8926529f125593b323428e50421ff32be2c286b12e73bf27205bb9119e045e2bf46d5e59159b767b43fa957b02c7e1c500e97c357cc10967d3c167a402a6b10de022d5da6cdcc116835ed196e7d5ef44ed0801780d2afac1baff2814dbd2cdfaa2fa064ec5ad5eb09daff41c74e9c94b721a28fbe61a04f71caf630bf41bc74f5ef7cd15570d9b5a9607fbb908979bc6c2dc9386d22d0e6be8bc105abb43077886a3dbbc1bdf210e1eac26e4da0bdd2c037b9d23a0a45899332a15cc70b2cc6bf9909b9292e62017c726915abb719ceed61c502c9628d1547d1a1b9bf0ab09656ab31ed4a8675ad5b8cd26be9fe7dd1992bb5cb1a7d74c09bf6bab63b399278c9fe4dc3ddb84c8ea800db2b8e15361d2704d3a5e279983f020717323ddad628d0f6185ebaac83b487f2b79b62b7e02a88e76f3db3543a5e9ca023a4f6997480b22fa182f92c6063c8bfc38bcdb3a99f9bd517e4fec0fb7854bbd47d474394f28d2ce64de86c0fd5a9e6964465c73dd37db275ab6b21326131527344ef815bdbce764257357548962ce690a891a8b368bf83f131cfefe06f0dca329771dc00894060e59151ed80084b58b7059bd3f93713cf8266f4099a3adb168887583d8891a17b025f700816ec24c7df42688fbb4a72e10c1b482b2fa28c9e51f1682c82f8a2b086931539ca3cd443715c336750c9001f0be019cee9200b9bd174ad258deef4dd3860b83dbb4162cd387205163e0425c4355480044e39c4e960239af54d2c371ba597ff692635b88f7aaa376bea046114038f3575148a8fea6053fa7b2cdbebd21391dfff568058ae083831f1e821f97a5bb5ff8345f750475bc06bae39622200ff091a47fc2dac8da0d8af4676432ea597f925245e81eb5577b034bba9ed2a539817052288f690eaaa33715d9dbbda56399a13460bc5d24350e0d30cb9817adce1a7ff8bf148a4fae3a114d0d04f69c08866640189abb83dea04b2b8a3a356b4246eb1c9e4a415ca585fd5f4c24fc353fab0c1104788b72b088e9414f4a139efb2618c11e0d902fc59f27ae1d8ef167be8f3b5e61088c895591d1073ded9334dcaddae0bdfdb0ade0a1f155b084e16beaf726b0dc75e841419ff7d21dcedad3f7d5e82e205cabc3dff1beab4b42a9dfc1e6f0a7c8e6e075a4929b4e7f230bf93014e05ab12701762464a42784cb5f7919d2e0f44bfe27713544371d46ab220473e296e3c11ee083b72e9e5a1bb6066f5a6e172b2770e24b3cfdeb3757f5739470442a5b8e8d684a2e0ea6824d622d489915b6b4f7125a6b48f90ccf5ee5fdb8be932c683b9d47595cf2e947c9c456682c1d068eaf4560489782af4b9c35d7c401e70c273e723824e824fcbe09c2165dc5f9f8ff42b25f6990f47d121d080b605ab303609b6747f47c3aa27477da4352b1172417c80fe934593dbce7b6b295ffc0d4ad145ee6bd17faae4f109aae2a8b5a4ced74836aae19355624cadfca9c9190e1f7a81e9ec166356728f287c4fdea94ac579a28492690e2f57386dad66eb149f23a8d4b952b188b67c8105b1024fbb831b0cfecb2e0be8e6f37fd05741933002556bca9612afaf856959bfe89076559bce3dbc75e6d7786f1def22ddf27c1c9da65a98e82f8d9f6df74a9d89d07b3cc639c7ca3368c0e4f6eb5584f0c1f4e82b615ab1cfd9c3aefcc192b527e7ca2741e8c60c8b1a2bc1663accddeece46558bec18650890d3a55217716afcf203144943a520f5c2890a0eb6fb65ddb6750de364b218eacc10a0cc80a57eedaae6ffafce8631cf88b7d03896a6d0d8e88116d3110e32b535e986e6b8acaecac4f9d862714c5ae1a6a9cb846dad94bd0196dd246688cbec4c6549e33b571efdbffdc3d9df3fb21aa1071ee1fa9783d9a63f910ad6d76a8b878eb2f09a49115cc3d2c4085509c95d71f81a95c6e06feee4401a893116ecd9c5fc06080c4e782e7df032a27d5323192a26c9af028b369d85cff3a42ea043772214d68449c2935d6bfe8a8ba812d906ff89d6c922ef3cde39737c8acbe4ea3a4adb072f4953a24ae86382163ab60aa436ed17e27ea5fd67482f0850a024e7fa83459ebb4bdc883e55c3fd46fe9e9f633d549384159ce0c236390766eefc8e077a7579f466dbd198a24006595eb4334e8170a041997693deb936d03266523016352e86fedd1343263f6b52e73bfbf288c9bf51b1db627ffc4715085924e5238e73f53c0b405e39b612ddf66cb45aa3e1e2d57491c46d27afb3c5a8f40fd8f63689e8dab9194205380ed151135c4368592edd229ecf15a43abccfe01ee9aaf8353ef1930f86d08b4287a9e4d960795d97cb69517854aa4b21e7870e521d0f4d0f3f8d8d4c2e3b07867c2f1ab92dc124d5d030443dccb7600a38808dbe347ccc2bc87830435a28a03f2df4f68787caa0083623b1faaf19bae3de2875d771f54c2d53e672714c2e8e9dedadcac69e5c9acec20ba4bc9a7eba7aaa625193919786bef0dcc29acea316b13d72ff412ea92ff6c85f7c5559fbdca39d9a6b77a410740d02307d61d44e9e7ba8e078b8f872dd4a320694b1cbaaf2017c94f73f0fa104936c7f117923465f620f5b5e5bfe45eaf6178df3e306b62bf03b10c16b2edd357ff283a1f537334ad296b375777a41988efe6a21615ffa1afdb915a462118f089e42a5b3db3b6de079348522516b448c9edefa7600ad2b8d8ce954de4b622c65a9fd155c9ccf63a80b2fab60dd91df19ee064e6f77d3a204adb60d39e190885cbc649320ee76de0433ed0c98e2c7fdca3e23d31e0723ba17848f487e37ae749476044c3bbe49173828e410caf33aa51e66442d85850c72cc046dd141e976d1d3cce3989ffe7f3dcc266934fdf9a67a9e7648c795e58a0b815024a9fdcb2608e37ac1cf8eb5b90c46c5171fb0962dbeb4bafa2a12fc07d1a5d6aaa14128ede06d608fd0b1d09e43e947c569dbe5ddaf0431f7f0032716041895ab16b24d487c4d557b81826acee84ede30417a101f521bc6f092d53b7bdb02041966e5ebc9aa57ddbd7568fe84a3104a590c0ce06e1417c24da4579f3dab6a278e3cde57369ec300840af5b65ee6e1906adfc192a6160e588f71a710f9f7136bc0c89f70a68815a3d6d10788b9e8ea138f17109624f8e17b898721f0041b18b0f3cd2b728db022f92fb6e294d7bf0caf3e7421deb10c0c5fdf65b4806884492fbfe262e7f277a44df3d169b3c003f93833788a7fbaabb7a3fd37d65ca5ef3804a6f6f32276729666fe790ae01e2a4aaf452b318585d61119ae73ba2ddf63f014ed8cf7229b69dc18a17cab5f1a966f83847577ef8588bf2f6c348d4c5f48ce93ba270d7d8d546df50eca9ac1ca3cc54608aa57d0f6786315b4e7e6dc669b8bdc78abb92e20936f2df76e04a97a0a46aae4922fee5ea6e499d4422724a986a49cef504b1c8162b774416f2d7ae59d1d6982ec98dcad1194da9e77fe0c6c7ae71ca12c4ae06feb8600ec2176ee5434d9ba1f464009b23f07040df8426772c4d6a329338932152d9724114d525d6de4945d46261e86b71a5f01f395b79fc0554be6040ccf840b16a609652bf283f4108f68cb10bff4c71c55ba8c53494d65d4b1bf457d5a1b0807581c372e164d3aaa1315114fd9bb2040b0ba4a0c803eaa35bec9e7c352effa2a4c2565da320345178cd425b87021d7a9d0203636f1a7d1e69acd64d66eeeb15945a2c80c22fc7a2b6f27d8b820b3e82bdaa6bca4b014dd5b8cf9f006658de9d9e324d543ad9fe8ad50a2fc2941e6dce55e59481a5a1c7b2fe0f15c35cb1dcebc17746a8622c57882de7a06cb3618bb95a4bf744486338efe22b8703529d148fa77005c10e2bcf4bb59276e2b3c5a428ba276a3b15ce2b95638f321052219b41a1cc47966f6d70a931f3fbf3623e7563cffe4d878ec9008c81c128a247d55158a1ad30cf95c1676a1f5a6c5c5af659a197f257b1c4cec8b077c50315a81568cdcb02c9b93ec03364fe840c656038f13e982e1a3591e1a68536b06d23cb2577b5349d0712c9157eda6d4fd3e09a203ec067a2b9b2a5aaa979e373cb698a072a97be7c3f1afeab1bbdb2ede35ef46198a790d32da9e58c8dba220161ecbea97368e82c91fc784de4f17fad215218bfb540af391a89f718cf3d8c24e2ff35bdd50b8fdffc5e37974a2dab36576d41540968deb83b8f7d2720e371698910438c37d198ab37a0f16506054343b62d8162059bc003bf842fd49587087c1c327496cfda1a9a9e4b85ad6ed00012d8540e370b0a8a3e106a09b906dbf2ffe8ffa42a55a0db14143f5e3c22d2631aeff12f11a76ba54b95b0af5c8816dce96c310b60f41201a5b46e1fa911164b18b967164439593e0ce24edfb5ec80ce301745f9828bcab1da43f05b67c0efca0b13cf0b37961ca553d7638bc61ad399ce8f9fd9dad2a820fef579dbe4ebb16f6f25d769d678f0f3674274afd50966d8a644b900a4e20e2953450f0eb9372fec73155e8870ae7e738ccc5aff62f040de1e29578018615a030696bea92c69480bcf7f6a015237730d93436c79b4b6b4da8183bd5c2d6a9dc20b38febf44cad7d6eef40c1c820ef47b047583a23e3abfd4e3431c8560ffa3cd0d57f95d2d5e6a92373eb150e16424c0af1b44ec4d5f6cdf16d53406eb22cd81d1e77297614133c2936c9c6130e3b0ecd2585ca2972b05fdeb1d428f44a14edbab0ca3db7ea73ea852cb20f7af89af396ce1ca3c4a3f75a57d290b89b186da2585a351bc4f5f1e73c92379846ee55ac8fe61d1b95cf442b0f3ae5aa45d8f38cad6226d24f330392d062bea96327b6a9a77afba47a49562777285ceecd2a443f2bd208034e23a07eae50ca5f1f1e37b3d4389d6f1b43f6ee05a96e184ff25e21c7b9f966f7e3d5e8fb1ffc478bfd8c9fdbcb93c6852a54dbcd63809712ceaf6ef4dad4118947168a1bee0781ef5d5fa70efb51d8b4dffecd938dbb2b68feaf6210d01eed0872fba6cf6355bdc3ba1afdde8974e112d6bea8f7436746e25edf404bc0d52dc377b0ba3378417890f540185bd60649ab745b39c4ca4af2898017c5b237349c1a99c6f48b4189fa494df61529a2f3c787106b0bac58440b6c68aa449d7b86777ab1a40877dd2374294bc111936f0ad0ac22a511e5bc9c8a4d90fc06fdd3e", 0xec2}], 0x1, 0x0, 0x0, 0x20008040}, 0x1) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2) 616.325983ms ago: executing program 3 (id=16877): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 539.448633ms ago: executing program 1 (id=16878): socket$kcm(0x11, 0x200000000000002, 0x300) socket$kcm(0x11, 0x200000000000002, 0x300) r0 = socket$kcm(0x11, 0x200000000000003, 0x300) sendmsg$kcm(r0, &(0x7f0000000180)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)="43371a14489136e3d3637e2d0800", 0xe}], 0x1}, 0x0) 539.349352ms ago: executing program 4 (id=16879): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90224fc60040f03", 0x17}], 0x1}, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000012002f8c", 0x8}], 0x1}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0xfe33) 478.272612ms ago: executing program 4 (id=16881): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000280)=ANY=[@ANYBLOB='1-2:', @ANYRESOCT, @ANYBLOB='E'], 0x31) 476.215162ms ago: executing program 3 (id=16891): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e65409da6d1b17a4011f521355b39abbea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d643b00a27f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4b7de3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000070414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d9871338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966f02000000a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c701652e8c6eea6d87ef74e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ada1d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92c9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534cfb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a00000000000000000000000000c09b1c485730d67a5774eed2a26f12969726405892f545daed1d002d4693495ef5c3c2c2df1803ef5476bb3d4898792a6424a9457360703bbc35e08377ccffe1788d74fda46a1747fa63c34004add111108a4c85088ede47caa067a82e09ee54c13f155d4c9c381ecb52a877fade77960fdcb9602a1929a97557e4f04bfc5b57278e474148854ad523094f30c2a49107d6d52f21e7f531ee64c222cb0c"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000380)="b9ff03086844268cb89e0ef086dd", 0x0, 0x0, 0x60000000, 0x0, 0xe2, 0x0, &(0x7f0000000040)="a4"}, 0x48) 454.952882ms ago: executing program 0 (id=16882): r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x20000010) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000200"/20, @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000008401"], 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890b, &(0x7f0000000100)) 395.477972ms ago: executing program 4 (id=16883): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000380)=ANY=[@ANYRESOCT=r0, @ANYRESOCT], 0x23) 387.157922ms ago: executing program 3 (id=16884): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001439) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x2000000b) 380.518982ms ago: executing program 0 (id=16885): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x14, &(0x7f0000000040)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc) 269.339312ms ago: executing program 0 (id=16886): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="120000002d0000000800000002"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000280)="9e65d7ff4f6eb367c45ca03bd46e413772db867e60634a6668d8", 0x0}, 0x20) 268.692752ms ago: executing program 4 (id=16897): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x200040c4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000080)={0x0, 0xffffffffffffff0e, 0x0, 0x0, 0xffffffffffffffff, 0x100}, 0x0) 250.785591ms ago: executing program 3 (id=16887): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$kcm(0x29, 0x2, 0x0) close(r1) 173.786861ms ago: executing program 4 (id=16888): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0xb, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000000180), &(0x7f0000000280)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000440)="971403e8", 0x0}, 0x20) 173.022801ms ago: executing program 0 (id=16900): perf_event_open(&(0x7f0000000600)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000400000000000007000000000000000000000001050000018000000000000000010000851000000000000000020000000000000000000100da"], 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={r0, 0x20, &(0x7f0000000440)={&(0x7f0000001340)=""/4092, 0xffc, 0x0, 0x0}}, 0x10) 164.104121ms ago: executing program 3 (id=16889): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x40010022) close(r0) 99.540281ms ago: executing program 0 (id=16890): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000d62b00006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r0, 0x26, 0x0, 0x0, @void, @value}, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="05"], 0x10) 63.969601ms ago: executing program 4 (id=16892): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x14869, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x6, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000faffffff0000000000004000850000002c0000001800000004000000000000000700000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x1400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 49.5444ms ago: executing program 3 (id=16893): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000340)={'vlan0\x00', 0x400}) close(0x3) 39.216511ms ago: executing program 0 (id=16894): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$tipc(r1, &(0x7f0000001000)={0x0, 0x0, 0x0}, 0x0) recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000280)=""/206, 0xce}], 0x1}, 0x10060) 0s ago: executing program 1 (id=16895): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f00000003c0)='`', 0x1}], 0x1}, 0x41) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000000), 0x4) close(0x3) kernel console output (not intermixed with test programs): r parsing attributes in process `syz.2.8073'. [ 446.147851][T20917] netlink: 14560 bytes leftover after parsing attributes in process `syz.1.8099'. [ 446.268915][T20922] can: request_module (can-proto-0) failed. [ 448.087652][T21019] netlink: 'syz.4.8148': attribute type 1 has an invalid length. [ 448.656086][T21045] netlink: 'syz.0.8162': attribute type 1 has an invalid length. [ 448.901499][T21056] netlink: 'syz.0.8168': attribute type 12 has an invalid length. [ 448.941796][T21056] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8168'. [ 451.500945][T21107] syz.4.8190 (21107) used greatest stack depth: 19000 bytes left [ 453.606521][T21189] netlink: 'syz.2.8228': attribute type 29 has an invalid length. [ 453.616070][T21189] netlink: 'syz.2.8228': attribute type 29 has an invalid length. [ 453.626638][T21189] netlink: 'syz.2.8228': attribute type 29 has an invalid length. [ 454.683219][T21225] netlink: 'syz.3.8246': attribute type 10 has an invalid length. [ 454.770719][T21225] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.814060][T21225] bond0: (slave team0): Enslaving as an active interface with an up link [ 454.843590][T21226] netlink: 'syz.3.8246': attribute type 10 has an invalid length. [ 454.890459][T21226] bond0: (slave team0): Releasing backup interface [ 456.953654][T21280] netlink: 'syz.1.8272': attribute type 29 has an invalid length. [ 456.985136][T21280] netlink: 'syz.1.8272': attribute type 29 has an invalid length. [ 457.005339][T21281] netlink: 'syz.1.8272': attribute type 29 has an invalid length. [ 459.098511][T21322] netlink: 'syz.1.8289': attribute type 10 has an invalid length. [ 459.136102][T21322] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.182736][T21323] netlink: 'syz.1.8289': attribute type 10 has an invalid length. [ 460.259649][T21355] netlink: 2530 bytes leftover after parsing attributes in process `syz.4.8314'. [ 461.077525][T21375] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.8311'. [ 461.850176][T21400] netlink: 'syz.4.8324': attribute type 10 has an invalid length. [ 461.911021][T21400] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.946587][T21400] bond0: (slave team0): Enslaving as an active interface with an up link [ 462.007521][T21403] netlink: 'syz.4.8324': attribute type 10 has an invalid length. [ 462.075422][T21403] bond0: (slave team0): Releasing backup interface [ 462.185972][T21407] netlink: 'syz.2.8327': attribute type 3 has an invalid length. [ 462.193768][T21407] netlink: 'syz.2.8327': attribute type 1 has an invalid length. [ 463.051872][T21435] netlink: 'syz.4.8339': attribute type 3 has an invalid length. [ 463.066268][T21435] netlink: 'syz.4.8339': attribute type 1 has an invalid length. [ 464.906708][T21486] netlink: 'syz.2.8372': attribute type 10 has an invalid length. [ 465.093134][T21486] 8021q: adding VLAN 0 to HW filter on device team0 [ 465.178204][T21489] netlink: 'syz.2.8372': attribute type 10 has an invalid length. [ 465.545527][T21505] netlink: 'syz.0.8369': attribute type 3 has an invalid length. [ 465.553328][T21505] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.8369'. [ 466.731089][T21504] syz.3.8370 (21504) used greatest stack depth: 18936 bytes left [ 466.746729][T21537] sock: sock_set_timeout: `syz.1.8385' (pid 21537) tries to set negative timeout [ 467.541646][T21552] netlink: 'syz.1.8403': attribute type 3 has an invalid length. [ 467.558537][T21552] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.8403'. [ 469.947153][T21603] netlink: 'syz.4.8418': attribute type 3 has an invalid length. [ 470.359603][T21616] netlink: 'syz.3.8423': attribute type 3 has an invalid length. [ 470.402487][T21616] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.8423'. [ 471.286329][T21649] netlink: 'syz.3.8438': attribute type 3 has an invalid length. [ 471.312074][T21649] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.8438'. [ 471.342532][T21651] netlink: 'syz.4.8440': attribute type 3 has an invalid length. [ 471.367762][T21651] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.8440'. [ 472.409935][T21678] netlink: 'syz.1.8453': attribute type 3 has an invalid length. [ 472.446257][T21678] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.8453'. [ 474.610264][T21739] netlink: 'syz.2.8480': attribute type 25 has an invalid length. [ 474.654804][T21739] netlink: 2418 bytes leftover after parsing attributes in process `syz.2.8480'. [ 477.081706][T21829] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.8526'. [ 479.487072][T21922] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.8577'. [ 479.847083][T21942] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.8578'. [ 479.874992][T21942] tc_dump_action: action bad kind [ 480.069285][T21952] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.8584'. [ 482.245326][T22051] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.8626'. [ 482.305565][T22051] tc_dump_action: action bad kind [ 482.804781][T22066] netlink: 65055 bytes leftover after parsing attributes in process `syz.3.8636'. [ 483.272408][T22088] netlink: 'syz.3.8644': attribute type 29 has an invalid length. [ 483.305179][T22088] netlink: 'syz.3.8644': attribute type 29 has an invalid length. [ 483.346649][T22091] netlink: 'syz.3.8644': attribute type 29 has an invalid length. [ 484.646727][T22135] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.8667'. [ 485.019429][T22153] netlink: 'syz.2.8677': attribute type 29 has an invalid length. [ 485.056346][T22157] netlink: 'syz.0.8678': attribute type 15 has an invalid length. [ 485.083427][T22157] netlink: 16098 bytes leftover after parsing attributes in process `syz.0.8678'. [ 485.103289][T22153] netlink: 'syz.2.8677': attribute type 29 has an invalid length. [ 485.119908][T22158] netlink: 'syz.2.8677': attribute type 29 has an invalid length. [ 485.931437][T22176] netlink: 65055 bytes leftover after parsing attributes in process `syz.4.8684'. [ 487.096436][T22198] netlink: 'syz.3.8694': attribute type 3 has an invalid length. [ 487.143358][T22198] netlink: 1034 bytes leftover after parsing attributes in process `syz.3.8694'. [ 487.320044][T22206] netlink: 'syz.2.8700': attribute type 21 has an invalid length. [ 487.350863][T22206] netlink: 'syz.2.8700': attribute type 1 has an invalid length. [ 487.869343][T22221] netlink: 197344 bytes leftover after parsing attributes in process `syz.0.8707'. [ 488.718000][T22241] validate_nla: 2 callbacks suppressed [ 488.718019][T22241] netlink: 'syz.3.8716': attribute type 15 has an invalid length. [ 488.754802][T22241] netlink: 16098 bytes leftover after parsing attributes in process `syz.3.8716'. [ 489.187203][T22263] netlink: 'syz.4.8727': attribute type 21 has an invalid length. [ 489.843625][T22291] netlink: 'syz.3.8739': attribute type 3 has an invalid length. [ 489.864880][T22291] netlink: 'syz.3.8739': attribute type 8 has an invalid length. [ 489.894987][T22291] netlink: 197344 bytes leftover after parsing attributes in process `syz.3.8739'. [ 490.057191][T22301] netlink: 'syz.0.8743': attribute type 21 has an invalid length. [ 491.309658][T22335] netlink: 3748 bytes leftover after parsing attributes in process `syz.3.8771'. [ 491.507881][T22346] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.8776'. [ 491.538376][T22346] openvswitch: netlink: Message has 41214 unknown bytes. [ 491.677418][T22354] netlink: 611 bytes leftover after parsing attributes in process `syz.1.8769'. [ 492.686633][T22378] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.8783'. [ 492.758950][T22378] openvswitch: netlink: Message has 41214 unknown bytes. [ 493.205166][T22401] netlink: 3748 bytes leftover after parsing attributes in process `syz.4.8793'. [ 493.279912][T22409] netlink: 611 bytes leftover after parsing attributes in process `syz.2.8797'. [ 493.569010][T22422] netlink: 161700 bytes leftover after parsing attributes in process `syz.2.8803'. [ 493.594259][T22422] openvswitch: netlink: Message has 41214 unknown bytes. [ 494.123509][T22443] netlink: 3748 bytes leftover after parsing attributes in process `syz.1.8810'. [ 494.406731][T22452] netlink: 611 bytes leftover after parsing attributes in process `syz.0.8813'. [ 494.427750][T22454] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.8818'. [ 494.453625][T22454] openvswitch: netlink: Message has 41214 unknown bytes. [ 501.204774][T22729] ref_ctr_offset mismatch. inode: 0x227c offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x7602 [ 501.410285][T22741] netlink: 'syz.4.8949': attribute type 21 has an invalid length. [ 501.451302][T22741] netlink: 'syz.4.8949': attribute type 1 has an invalid length. [ 501.521328][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.527755][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.890727][T22842] netlink: 'syz.1.8996': attribute type 21 has an invalid length. [ 504.915395][T22842] netlink: 'syz.1.8996': attribute type 1 has an invalid length. [ 506.821403][T22894] netlink: 168 bytes leftover after parsing attributes in process `syz.1.9022'. [ 507.089297][T22906] netlink: 168 bytes leftover after parsing attributes in process `syz.0.9038'. [ 508.634525][T22960] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.9064'. [ 509.867909][T22999] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.9069'. [ 510.879972][T23034] netlink: 763 bytes leftover after parsing attributes in process `syz.3.9085'. [ 511.678836][T23064] netlink: 763 bytes leftover after parsing attributes in process `syz.1.9100'. [ 512.749758][T23113] netlink: 763 bytes leftover after parsing attributes in process `syz.0.9117'. [ 512.892418][T23122] netlink: 'syz.0.9126': attribute type 21 has an invalid length. [ 513.174561][T23137] netlink: 'syz.2.9134': attribute type 21 has an invalid length. [ 513.565315][T23160] netlink: 'syz.3.9145': attribute type 33 has an invalid length. [ 513.573188][T23160] netlink: 164 bytes leftover after parsing attributes in process `syz.3.9145'. [ 513.708937][T23165] netlink: 'syz.2.9148': attribute type 21 has an invalid length. [ 513.965759][T23180] netlink: 'syz.2.9156': attribute type 22 has an invalid length. [ 513.984029][T23180] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9156'. [ 515.278405][T23217] netlink: 'syz.3.9172': attribute type 22 has an invalid length. [ 515.314884][T23217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9172'. [ 515.356789][T23221] netlink: 'syz.4.9174': attribute type 33 has an invalid length. [ 515.364661][T23221] netlink: 164 bytes leftover after parsing attributes in process `syz.4.9174'. [ 516.368018][T23249] netlink: 'syz.2.9189': attribute type 33 has an invalid length. [ 516.394658][T23249] netlink: 164 bytes leftover after parsing attributes in process `syz.2.9189'. [ 516.427530][T23252] netlink: 'syz.1.9186': attribute type 21 has an invalid length. [ 517.032228][T23273] netlink: 'syz.2.9197': attribute type 3 has an invalid length. [ 517.060649][T23273] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.9197'. [ 518.163973][T23316] netlink: 'syz.3.9219': attribute type 3 has an invalid length. [ 518.214821][T23316] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.9219'. [ 518.491472][T23329] netlink: 202920 bytes leftover after parsing attributes in process `syz.2.9224'. [ 519.592148][T23371] netlink: 'syz.4.9244': attribute type 3 has an invalid length. [ 519.645462][T23371] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.9244'. [ 520.472547][T23402] netlink: 'syz.0.9259': attribute type 8 has an invalid length. [ 520.491263][T23402] netlink: 399 bytes leftover after parsing attributes in process `syz.0.9259'. [ 520.963277][T23418] netlink: 'syz.2.9267': attribute type 29 has an invalid length. [ 520.993276][T23418] netlink: 'syz.2.9267': attribute type 29 has an invalid length. [ 521.019223][T23421] netlink: 'syz.4.9268': attribute type 3 has an invalid length. [ 521.020862][T23422] netlink: 'syz.2.9267': attribute type 29 has an invalid length. [ 521.145285][T23421] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.9268'. [ 521.580493][T23432] netlink: 202920 bytes leftover after parsing attributes in process `syz.0.9274'. [ 521.833533][T23448] netlink: 'syz.4.9281': attribute type 29 has an invalid length. [ 521.845179][T23448] netlink: 'syz.4.9281': attribute type 29 has an invalid length. [ 521.890769][T23451] netlink: 'syz.4.9281': attribute type 29 has an invalid length. [ 522.672433][T23482] netlink: 202920 bytes leftover after parsing attributes in process `syz.4.9293'. [ 523.812170][T23527] netlink: 'syz.0.9317': attribute type 29 has an invalid length. [ 523.830668][T23527] netlink: 'syz.0.9317': attribute type 29 has an invalid length. [ 523.874624][T23528] netlink: 'syz.0.9317': attribute type 29 has an invalid length. [ 524.274868][T23547] netlink: 'syz.0.9328': attribute type 21 has an invalid length. [ 524.282775][T23547] netlink: 128 bytes leftover after parsing attributes in process `syz.0.9328'. [ 524.322454][T23547] netlink: 'syz.0.9328': attribute type 4 has an invalid length. [ 524.362867][T23547] netlink: 'syz.0.9328': attribute type 3 has an invalid length. [ 524.406860][T23547] netlink: 3 bytes leftover after parsing attributes in process `syz.0.9328'. [ 525.276848][T23584] netlink: 'syz.4.9345': attribute type 21 has an invalid length. [ 525.304909][T23584] netlink: 128 bytes leftover after parsing attributes in process `syz.4.9345'. [ 525.343885][T23584] netlink: 'syz.4.9345': attribute type 4 has an invalid length. [ 525.364865][T23584] netlink: 'syz.4.9345': attribute type 3 has an invalid length. [ 525.387897][T23584] netlink: 3 bytes leftover after parsing attributes in process `syz.4.9345'. [ 526.180001][T23620] netlink: 11562 bytes leftover after parsing attributes in process `syz.0.9364'. [ 527.975628][T23686] netlink: 192 bytes leftover after parsing attributes in process `syz.4.9398'. [ 528.449829][T23709] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.9407'. [ 528.485350][T23706] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.9407'. [ 528.945058][T23721] netlink: 'syz.4.9413': attribute type 33 has an invalid length. [ 529.002084][T23721] netlink: 152 bytes leftover after parsing attributes in process `syz.4.9413'. [ 529.918520][T23758] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.9432'. [ 530.400399][T23770] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.9436'. [ 530.430630][T23768] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.9436'. [ 530.457278][T23771] netlink: 'syz.4.9439': attribute type 46 has an invalid length. [ 530.947221][T23797] netlink: 'syz.0.9450': attribute type 33 has an invalid length. [ 530.995112][T23797] netlink: 152 bytes leftover after parsing attributes in process `syz.0.9450'. [ 531.233567][T23809] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.9453'. [ 531.268296][T23804] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.9453'. [ 532.113327][T23835] netlink: 'syz.1.9467': attribute type 33 has an invalid length. [ 532.121990][T23835] netlink: 152 bytes leftover after parsing attributes in process `syz.1.9467'. [ 532.358311][T23850] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.9470'. [ 532.378400][T23846] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.9470'. [ 532.408973][T23852] netlink: 16098 bytes leftover after parsing attributes in process `syz.0.9485'. [ 533.561685][T23878] netlink: 'syz.2.9484': attribute type 33 has an invalid length. [ 535.591996][T23984] __nla_validate_parse: 3 callbacks suppressed [ 535.592014][T23984] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9541'. [ 536.391488][T24023] netlink: 'syz.3.9559': attribute type 10 has an invalid length. [ 536.419872][T24025] netlink: 202920 bytes leftover after parsing attributes in process `syz.4.9560'. [ 536.434840][T24023] netlink: 'syz.3.9559': attribute type 19 has an invalid length. [ 536.442794][T24023] netlink: 156 bytes leftover after parsing attributes in process `syz.3.9559'. [ 537.217701][T24067] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.9578'. [ 537.605124][T24085] netlink: 'syz.4.9588': attribute type 29 has an invalid length. [ 537.613394][T24085] netlink: 'syz.4.9588': attribute type 29 has an invalid length. [ 537.623911][T24085] netlink: 'syz.4.9588': attribute type 29 has an invalid length. [ 537.638314][T24086] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.9586'. [ 537.669033][T24086] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.9586'. [ 537.692033][T24088] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9589'. [ 537.698412][T24083] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.9586'. [ 538.142605][T24104] netlink: 60 bytes leftover after parsing attributes in process `syz.2.9598'. [ 539.012007][T24147] netlink: 'syz.1.9627': attribute type 21 has an invalid length. [ 539.048102][T24147] netlink: 'syz.1.9627': attribute type 6 has an invalid length. [ 539.062151][T24147] netlink: 132 bytes leftover after parsing attributes in process `syz.1.9627'. [ 539.242588][T24156] netlink: 'syz.0.9620': attribute type 10 has an invalid length. [ 539.269678][T24156] netlink: 'syz.0.9620': attribute type 19 has an invalid length. [ 540.330300][T24209] netlink: 'syz.3.9646': attribute type 29 has an invalid length. [ 541.068231][T24253] __nla_validate_parse: 5 callbacks suppressed [ 541.068248][T24253] netlink: 144 bytes leftover after parsing attributes in process `syz.4.9667'. [ 541.395027][T24268] validate_nla: 5 callbacks suppressed [ 541.395047][T24268] netlink: 'syz.2.9677': attribute type 1 has an invalid length. [ 542.733533][T24338] netlink: 'syz.4.9710': attribute type 1 has an invalid length. [ 543.339718][T24366] netlink: 'syz.0.9725': attribute type 1 has an invalid length. [ 544.853070][T24425] netlink: 'syz.2.9752': attribute type 21 has an invalid length. [ 544.861090][T24425] netlink: 176 bytes leftover after parsing attributes in process `syz.2.9752'. [ 546.387134][T24506] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.9790'. [ 546.784604][T24529] netlink: 134780 bytes leftover after parsing attributes in process `syz.0.9804'. [ 546.827178][T24529] netlink: 1034 bytes leftover after parsing attributes in process `syz.0.9804'. [ 546.903298][T24537] netlink: 'syz.3.9808': attribute type 7 has an invalid length. [ 547.803343][T24576] netlink: 'syz.0.9827': attribute type 9 has an invalid length. [ 547.829968][T24576] netlink: 399 bytes leftover after parsing attributes in process `syz.0.9827'. [ 549.153792][T24607] netlink: 134780 bytes leftover after parsing attributes in process `syz.3.9840'. [ 549.194943][T24607] netlink: 1034 bytes leftover after parsing attributes in process `syz.3.9840'. [ 549.524314][T24624] netlink: 'syz.4.9849': attribute type 9 has an invalid length. [ 549.543406][T24624] netlink: 399 bytes leftover after parsing attributes in process `syz.4.9849'. [ 549.556339][T24629] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.9851'. [ 549.875903][T24642] netlink: 'syz.0.9868': attribute type 29 has an invalid length. [ 549.889225][T24642] netlink: 'syz.0.9868': attribute type 29 has an invalid length. [ 549.909773][T24642] netlink: 'syz.0.9868': attribute type 29 has an invalid length. [ 549.942587][T24646] netlink: 134780 bytes leftover after parsing attributes in process `syz.1.9859'. [ 549.970200][T24646] netlink: 1034 bytes leftover after parsing attributes in process `syz.1.9859'. [ 551.213679][T24700] netlink: 'syz.2.9885': attribute type 29 has an invalid length. [ 551.235015][T24700] netlink: 'syz.2.9885': attribute type 29 has an invalid length. [ 551.247312][T24700] netlink: 'syz.2.9885': attribute type 29 has an invalid length. [ 551.549875][T24715] __nla_validate_parse: 1 callbacks suppressed [ 551.549893][T24715] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.9890'. [ 551.999030][T24737] netlink: 'syz.1.9902': attribute type 29 has an invalid length. [ 552.016015][T24737] netlink: 'syz.1.9902': attribute type 29 has an invalid length. [ 552.047348][T24740] netlink: 'syz.1.9902': attribute type 29 has an invalid length. [ 553.080551][T24779] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9924'. [ 554.349120][T24827] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9944'. [ 554.379060][T24827] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9944'. [ 554.407449][T24826] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9944'. [ 554.916776][T24858] netlink: 'syz.3.9961': attribute type 29 has an invalid length. [ 554.931441][T24858] netlink: 'syz.3.9961': attribute type 29 has an invalid length. [ 554.942973][T24858] netlink: 'syz.3.9961': attribute type 29 has an invalid length. [ 555.470708][T24889] netlink: 'syz.0.9975': attribute type 29 has an invalid length. [ 555.491722][T24889] netlink: 'syz.0.9975': attribute type 29 has an invalid length. [ 555.509409][T24889] netlink: 'syz.0.9975': attribute type 29 has an invalid length. [ 556.033080][T24918] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9984'. [ 556.064963][T24918] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9984'. [ 556.103498][T24912] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9984'. [ 556.783208][T24957] netlink: 60 bytes leftover after parsing attributes in process `syz.1.10005'. [ 556.827374][T24957] netlink: 60 bytes leftover after parsing attributes in process `syz.1.10005'. [ 556.841853][T24951] netlink: 60 bytes leftover after parsing attributes in process `syz.1.10005'. [ 557.462073][T24992] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10020'. [ 557.487317][T24992] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10020'. [ 557.510058][T24987] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10020'. [ 557.523190][T24994] netlink: 'syz.1.10023': attribute type 29 has an invalid length. [ 557.523901][T24996] netlink: 'syz.3.10024': attribute type 2 has an invalid length. [ 557.532124][T24994] netlink: 'syz.1.10023': attribute type 29 has an invalid length. [ 557.547427][T24996] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.10024'. [ 557.619090][T24994] netlink: 'syz.1.10023': attribute type 29 has an invalid length. [ 558.191552][T25028] netlink: 'syz.3.10041': attribute type 29 has an invalid length. [ 558.200220][T25028] netlink: 'syz.3.10041': attribute type 29 has an invalid length. [ 558.218660][T25028] netlink: 'syz.3.10041': attribute type 29 has an invalid length. [ 558.540022][T25041] netlink: 'syz.1.10046': attribute type 3 has an invalid length. [ 558.581155][T25041] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.10046'. [ 558.945253][T25060] netlink: 'syz.2.10055': attribute type 2 has an invalid length. [ 558.979915][T25060] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.10055'. [ 559.295416][T25080] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.10065'. [ 559.465993][T25090] netlink: 'syz.1.10071': attribute type 2 has an invalid length. [ 562.165553][T25216] __nla_validate_parse: 7 callbacks suppressed [ 562.165570][T25216] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.10130'. [ 562.620803][T25245] validate_nla: 12 callbacks suppressed [ 562.620823][T25245] netlink: 'syz.1.10141': attribute type 6 has an invalid length. [ 562.888944][T25256] netlink: 'syz.2.10150': attribute type 3 has an invalid length. [ 562.907410][T25256] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.10150'. [ 562.931111][T25259] netlink: 'syz.0.10149': attribute type 29 has an invalid length. [ 562.958526][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.964884][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.975363][T25259] netlink: 'syz.0.10149': attribute type 29 has an invalid length. [ 563.025220][T25260] netlink: 'syz.0.10149': attribute type 29 has an invalid length. [ 563.047485][T25262] netlink: 'syz.1.10162': attribute type 3 has an invalid length. [ 563.081248][T25262] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.10162'. [ 564.548565][T25336] netlink: 763 bytes leftover after parsing attributes in process `syz.0.10195'. [ 564.639838][T25340] netlink: 10 bytes leftover after parsing attributes in process `syz.2.10186'. [ 565.358860][T25373] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.10203'. [ 566.061824][T25413] netlink: 'syz.4.10225': attribute type 10 has an invalid length. [ 566.080540][T25413] netlink: 'syz.4.10225': attribute type 10 has an invalid length. [ 566.097108][T25413] netlink: 'syz.4.10225': attribute type 10 has an invalid length. [ 566.378669][T25429] netlink: 763 bytes leftover after parsing attributes in process `syz.1.10231'. [ 566.431502][T25433] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.10233'. [ 567.010616][T25467] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.10249'. [ 567.329390][T25482] netlink: 'syz.2.10258': attribute type 29 has an invalid length. [ 568.038128][T25511] validate_nla: 2 callbacks suppressed [ 568.038147][T25511] netlink: 'syz.2.10280': attribute type 10 has an invalid length. [ 568.077672][T25511] netlink: 'syz.2.10280': attribute type 10 has an invalid length. [ 568.086588][T25515] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.10269'. [ 568.096194][T25516] netlink: 'syz.2.10280': attribute type 10 has an invalid length. [ 568.208134][T25518] syz.4.10270[25518] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 568.553199][T25535] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 568.604879][T25535] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 568.885046][T25546] netlink: 'syz.3.10286': attribute type 29 has an invalid length. [ 568.926960][T25546] netlink: 'syz.3.10286': attribute type 29 has an invalid length. [ 568.941253][T25547] netlink: 'syz.3.10286': attribute type 29 has an invalid length. [ 569.113333][T25552] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.10288'. [ 569.525710][T25561] netlink: 'syz.1.10293': attribute type 11 has an invalid length. [ 569.566726][T25561] netlink: 140 bytes leftover after parsing attributes in process `syz.1.10293'. [ 569.577754][T25563] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.10294'. [ 569.616833][T25565] netlink: 65023 bytes leftover after parsing attributes in process `syz.4.10296'. [ 569.948291][T25580] syz.1.10304[25580] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 570.079184][T25588] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.10306'. [ 570.207436][T25597] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.10310'. [ 570.219946][T25598] netlink: 'syz.1.10312': attribute type 3 has an invalid length. [ 570.763095][T25624] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.10324'. [ 571.146988][T25646] netlink: 65023 bytes leftover after parsing attributes in process `syz.2.10344'. [ 571.176968][T25649] netlink: 'syz.4.10337': attribute type 11 has an invalid length. [ 571.205487][T25649] netlink: 140 bytes leftover after parsing attributes in process `syz.4.10337'. [ 571.650952][T25671] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 571.731998][T25671] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 571.925614][T25683] netlink: 'syz.2.10353': attribute type 11 has an invalid length. [ 575.805568][T25803] __nla_validate_parse: 2 callbacks suppressed [ 575.805588][T25803] netlink: 1042 bytes leftover after parsing attributes in process `syz.0.10413'. [ 576.398808][T25834] netlink: 1042 bytes leftover after parsing attributes in process `syz.2.10429'. [ 577.441391][T25882] netlink: 'syz.3.10450': attribute type 29 has an invalid length. [ 577.490242][T25882] netlink: 'syz.3.10450': attribute type 29 has an invalid length. [ 577.535087][T25887] netlink: 'syz.3.10450': attribute type 29 has an invalid length. [ 578.102615][T25912] sock: sock_set_timeout: `syz.2.10465' (pid 25912) tries to set negative timeout [ 578.951520][T25950] netlink: 'syz.1.10485': attribute type 29 has an invalid length. [ 578.970505][T25950] netlink: 'syz.1.10485': attribute type 29 has an invalid length. [ 579.030435][T25950] netlink: 'syz.1.10485': attribute type 29 has an invalid length. [ 579.184642][T25962] netlink: 'syz.0.10499': attribute type 29 has an invalid length. [ 579.193072][T25962] netlink: 'syz.0.10499': attribute type 29 has an invalid length. [ 579.246115][T25967] netlink: 'syz.0.10499': attribute type 29 has an invalid length. [ 579.971702][T26002] sock: sock_set_timeout: `syz.1.10506' (pid 26002) tries to set negative timeout [ 580.816949][T26036] sock: sock_set_timeout: `syz.0.10522' (pid 26036) tries to set negative timeout [ 580.994947][T26043] netlink: 'syz.0.10527': attribute type 3 has an invalid length. [ 581.002830][T26043] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10527'. [ 582.231287][T26101] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.10552'. [ 583.429225][T26155] validate_nla: 3 callbacks suppressed [ 583.429242][T26155] netlink: 'syz.1.10582': attribute type 3 has an invalid length. [ 583.510930][T26155] netlink: 132 bytes leftover after parsing attributes in process `syz.1.10582'. [ 583.774403][T26161] netlink: 'syz.3.10594': attribute type 3 has an invalid length. [ 583.838982][T26161] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10594'. [ 584.509719][T26185] netlink: 'syz.2.10595': attribute type 29 has an invalid length. [ 584.820193][T26185] netlink: 'syz.2.10595': attribute type 29 has an invalid length. [ 584.838949][T26187] netlink: 'syz.2.10595': attribute type 29 has an invalid length. [ 584.989852][T26194] netlink: 'syz.4.10599': attribute type 3 has an invalid length. [ 585.029847][T26194] netlink: 132 bytes leftover after parsing attributes in process `syz.4.10599'. [ 585.447336][T26217] netlink: 'syz.3.10611': attribute type 29 has an invalid length. [ 585.490168][T26217] netlink: 'syz.3.10611': attribute type 29 has an invalid length. [ 585.530469][T26222] netlink: 'syz.3.10611': attribute type 29 has an invalid length. [ 586.524034][T26273] netlink: 'syz.2.10636': attribute type 29 has an invalid length. [ 590.072739][T26385] validate_nla: 5 callbacks suppressed [ 590.072758][T26385] netlink: 'syz.4.10688': attribute type 29 has an invalid length. [ 590.118586][T26385] netlink: 'syz.4.10688': attribute type 29 has an invalid length. [ 590.135320][T26388] netlink: 'syz.4.10688': attribute type 29 has an invalid length. [ 595.123877][T26549] netlink: 'syz.2.10771': attribute type 3 has an invalid length. [ 595.142308][T26549] netlink: 13435 bytes leftover after parsing attributes in process `syz.2.10771'. [ 599.005516][T26613] netlink: 67 bytes leftover after parsing attributes in process `syz.3.10801'. [ 599.015397][T26610] netlink: 22 bytes leftover after parsing attributes in process `syz.1.10800'. [ 599.024550][T26610] openvswitch: netlink: Flow key attr not present in new flow. [ 599.036075][T26613] IPv6: NLM_F_CREATE should be specified when creating new route [ 599.047891][T26613] IPv6: Can't replace route, no match found [ 599.066988][T26615] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.10802'. [ 599.670281][T26643] netlink: 22 bytes leftover after parsing attributes in process `syz.2.10815'. [ 599.734829][T26643] openvswitch: netlink: Flow key attr not present in new flow. [ 599.819702][T26649] netlink: 67 bytes leftover after parsing attributes in process `syz.4.10819'. [ 599.898889][T26649] IPv6: NLM_F_CREATE should be specified when creating new route [ 599.950370][T26649] IPv6: Can't replace route, no match found [ 600.897088][T26684] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.10835'. [ 601.978505][T26717] netlink: 67 bytes leftover after parsing attributes in process `syz.2.10850'. [ 602.000163][T26717] IPv6: NLM_F_CREATE should be specified when creating new route [ 602.033367][T26717] IPv6: Can't replace route, no match found [ 602.959826][T26754] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.10871'. [ 603.200322][T26766] netlink: 16410 bytes leftover after parsing attributes in process `syz.4.10887'. [ 603.348193][T26775] netlink: 'syz.3.10880': attribute type 7 has an invalid length. [ 604.068486][T26804] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.10894'. [ 615.576691][T27156] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.11063'. [ 615.813895][T27166] netlink: 10 bytes leftover after parsing attributes in process `syz.4.11070'. [ 616.871312][T27210] netlink: 'syz.4.11091': attribute type 3 has an invalid length. [ 616.913950][T27210] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.11091'. [ 617.282315][T27227] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.11099'. [ 617.765479][T27236] netlink: 'syz.4.11103': attribute type 25 has an invalid length. [ 617.826215][T27236] netlink: 2418 bytes leftover after parsing attributes in process `syz.4.11103'. [ 618.129606][T27250] netlink: 'syz.0.11111': attribute type 3 has an invalid length. [ 618.151894][T27250] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.11111'. [ 618.323545][T27256] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.11115'. [ 619.007932][T27283] netlink: 'syz.1.11126': attribute type 3 has an invalid length. [ 619.042845][T27283] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.11126'. [ 619.487318][T27308] netlink: 'syz.1.11140': attribute type 25 has an invalid length. [ 619.509286][T27308] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.11140'. [ 619.943467][T27328] netlink: 17861 bytes leftover after parsing attributes in process `syz.4.11150'. [ 620.416360][T27340] netlink: 'syz.0.11154': attribute type 25 has an invalid length. [ 620.951529][T27364] __nla_validate_parse: 1 callbacks suppressed [ 620.951549][T27364] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.11166'. [ 621.663813][T27399] netlink: 'syz.4.11186': attribute type 5 has an invalid length. [ 622.375408][T27434] netlink: 'syz.3.11200': attribute type 5 has an invalid length. [ 624.397809][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.404193][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.929637][T27551] netlink: 'syz.3.11251': attribute type 3 has an invalid length. [ 624.954992][T27551] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.11251'. [ 625.570694][T27563] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11259'. [ 627.965370][T27605] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11290'. [ 628.001081][T27610] netlink: 'syz.0.11289': attribute type 13 has an invalid length. [ 628.018484][T27610] netlink: 152 bytes leftover after parsing attributes in process `syz.0.11289'. [ 628.048682][T27610] erspan0: refused to change device tx_queue_len [ 628.071525][T27610] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 628.421610][T27629] netlink: 'syz.0.11291': attribute type 21 has an invalid length. [ 628.445800][T27629] netlink: 16166 bytes leftover after parsing attributes in process `syz.0.11291'. [ 629.077554][T27661] netlink: 'syz.4.11303': attribute type 13 has an invalid length. [ 629.125146][T27661] netlink: 152 bytes leftover after parsing attributes in process `syz.4.11303'. [ 629.155864][T27661] erspan0: refused to change device tx_queue_len [ 629.175649][T27661] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 629.224483][T27665] netlink: 132 bytes leftover after parsing attributes in process `syz.3.11304'. [ 629.513965][T27678] netlink: 'syz.4.11307': attribute type 21 has an invalid length. [ 629.590946][T27678] netlink: 16166 bytes leftover after parsing attributes in process `syz.4.11307'. [ 630.500078][T27701] netlink: 132 bytes leftover after parsing attributes in process `syz.0.11323'. [ 630.578968][T27706] netlink: 'syz.2.11325': attribute type 21 has an invalid length. [ 630.604748][T27706] netlink: 16166 bytes leftover after parsing attributes in process `syz.2.11325'. [ 631.273288][T27735] netlink: 131088 bytes leftover after parsing attributes in process `syz.4.11338'. [ 631.313313][T27735] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 631.357553][T27735] CPU: 1 PID: 27735 Comm: syz.4.11338 Not tainted 6.1.127-syzkaller #0 [ 631.365882][T27735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 631.375999][T27735] Call Trace: [ 631.379309][T27735] [ 631.382270][T27735] dump_stack_lvl+0x1e3/0x2cb [ 631.387018][T27735] ? nf_tcp_handle_invalid+0x642/0x642 [ 631.392519][T27735] ? panic+0x764/0x764 [ 631.396657][T27735] sysfs_warn_dup+0x8a/0xa0 [ 631.401197][T27735] sysfs_do_create_link_sd+0xbe/0x100 [ 631.406614][T27735] device_add+0x7d4/0xfd0 [ 631.411003][T27735] wiphy_register+0x1e44/0x2cc0 [ 631.415918][T27735] ? cfg80211_event_work+0x40/0x40 [ 631.421056][T27735] ? minstrel_ht_alloc+0x7cf/0x940 [ 631.426230][T27735] ? ieee80211_init_rate_ctrl_alg+0x592/0x610 [ 631.432351][T27735] ieee80211_register_hw+0x31bd/0x3f10 [ 631.437866][T27735] ? ieee80211_register_hw+0x1181/0x3f10 [ 631.443530][T27735] ? ieee80211_register_hw+0x1081/0x3f10 [ 631.449209][T27735] ? ieee80211_tasklet_handler+0x20/0x20 [ 631.454902][T27735] ? __debug_object_init+0xe9/0x450 [ 631.460152][T27735] ? memset+0x1f/0x40 [ 631.464172][T27735] ? __hrtimer_init+0x181/0x260 [ 631.469059][T27735] mac80211_hwsim_new_radio+0x22d9/0x4060 [ 631.474850][T27735] hwsim_new_radio_nl+0xc54/0x1190 [ 631.480026][T27735] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 631.486594][T27735] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 631.492971][T27735] genl_rcv_msg+0xc1a/0xf70 [ 631.497531][T27735] ? genl_bind+0x400/0x400 [ 631.502024][T27735] ? read_lock_is_recursive+0x10/0x10 [ 631.507461][T27735] ? ref_tracker_free+0x638/0x7d0 [ 631.512523][T27735] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 631.519075][T27735] ? refcount_inc+0x80/0x80 [ 631.523604][T27735] ? __kasan_kmalloc_large+0x92/0xd0 [ 631.528934][T27735] netlink_rcv_skb+0x1cd/0x410 [ 631.533737][T27735] ? genl_bind+0x400/0x400 [ 631.538189][T27735] ? netlink_ack+0x1290/0x1290 [ 631.543038][T27735] genl_rcv+0x24/0x40 [ 631.547056][T27735] netlink_unicast+0x7d8/0x970 [ 631.551881][T27735] ? netlink_detachskb+0x90/0x90 [ 631.556853][T27735] ? find_vmap_area+0xf3/0x100 [ 631.561650][T27735] ? __phys_addr_symbol+0x2b/0x70 [ 631.566711][T27735] ? __check_object_size+0x4dd/0xa30 [ 631.572034][T27735] ? bpf_lsm_netlink_send+0x5/0x10 [ 631.577190][T27735] netlink_sendmsg+0xa26/0xd60 [ 631.582016][T27735] ? netlink_getsockopt+0x580/0x580 [ 631.587267][T27735] ? aa_sock_msg_perm+0x91/0x150 [ 631.592246][T27735] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 631.597574][T27735] ? security_socket_sendmsg+0x7d/0xa0 [ 631.603078][T27735] ? netlink_getsockopt+0x580/0x580 [ 631.608331][T27735] ____sys_sendmsg+0x5a5/0x8f0 [ 631.613175][T27735] ? __sys_sendmsg_sock+0x30/0x30 [ 631.618277][T27735] __sys_sendmsg+0x2a9/0x390 [ 631.622922][T27735] ? ____sys_sendmsg+0x8f0/0x8f0 [ 631.627973][T27735] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 631.634031][T27735] ? syscall_enter_from_user_mode+0x2e/0x230 [ 631.640059][T27735] ? lockdep_hardirqs_on+0x94/0x130 [ 631.645305][T27735] ? syscall_enter_from_user_mode+0x2e/0x230 [ 631.651341][T27735] do_syscall_64+0x3b/0xb0 [ 631.655798][T27735] ? clear_bhb_loop+0x45/0xa0 [ 631.660517][T27735] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 631.666464][T27735] RIP: 0033:0x7f8050f8cda9 [ 631.670932][T27735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.690593][T27735] RSP: 002b:00007f8051d08038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 631.699066][T27735] RAX: ffffffffffffffda RBX: 00007f80511a5fa0 RCX: 00007f8050f8cda9 [ 631.707077][T27735] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 631.715095][T27735] RBP: 00007f805100e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 631.723109][T27735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.731125][T27735] R13: 0000000000000000 R14: 00007f80511a5fa0 R15: 00007ffdfeca80d8 [ 631.739169][T27735] [ 632.781405][T27770] netlink: 'syz.1.11351': attribute type 13 has an invalid length. [ 632.841427][T27770] netlink: 152 bytes leftover after parsing attributes in process `syz.1.11351'. [ 632.904914][T27770] erspan0: refused to change device tx_queue_len [ 632.921396][T27770] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 632.942539][T27772] netlink: 'syz.0.11354': attribute type 29 has an invalid length. [ 632.975058][T27772] netlink: 'syz.0.11354': attribute type 29 has an invalid length. [ 632.987355][T27772] netlink: 'syz.0.11354': attribute type 29 has an invalid length. [ 633.246454][T27786] netlink: 'syz.1.11356': attribute type 8 has an invalid length. [ 633.285826][T27786] netlink: 'syz.1.11356': attribute type 1 has an invalid length. [ 633.293698][T27786] netlink: 104088 bytes leftover after parsing attributes in process `syz.1.11356'. [ 633.497438][T27794] netlink: 131088 bytes leftover after parsing attributes in process `syz.0.11373'. [ 633.552722][T27794] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 633.598136][T27794] CPU: 0 PID: 27794 Comm: syz.0.11373 Not tainted 6.1.127-syzkaller #0 [ 633.606468][T27794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 633.616555][T27794] Call Trace: [ 633.619853][T27794] [ 633.622800][T27794] dump_stack_lvl+0x1e3/0x2cb [ 633.627521][T27794] ? nf_tcp_handle_invalid+0x642/0x642 [ 633.633025][T27794] ? panic+0x764/0x764 [ 633.637146][T27794] sysfs_warn_dup+0x8a/0xa0 [ 633.641689][T27794] sysfs_do_create_link_sd+0xbe/0x100 [ 633.647103][T27794] device_add+0x7d4/0xfd0 [ 633.651490][T27794] wiphy_register+0x1e44/0x2cc0 [ 633.656399][T27794] ? cfg80211_event_work+0x40/0x40 [ 633.661530][T27794] ? minstrel_ht_alloc+0x7cf/0x940 [ 633.666685][T27794] ? ieee80211_init_rate_ctrl_alg+0x592/0x610 [ 633.672800][T27794] ieee80211_register_hw+0x31bd/0x3f10 [ 633.678326][T27794] ? ieee80211_register_hw+0x1181/0x3f10 [ 633.683988][T27794] ? ieee80211_register_hw+0x1081/0x3f10 [ 633.689659][T27794] ? ieee80211_tasklet_handler+0x20/0x20 [ 633.695338][T27794] ? __debug_object_init+0xe9/0x450 [ 633.700582][T27794] ? memset+0x1f/0x40 [ 633.704597][T27794] ? __hrtimer_init+0x181/0x260 [ 633.709484][T27794] mac80211_hwsim_new_radio+0x22d9/0x4060 [ 633.715287][T27794] hwsim_new_radio_nl+0xc54/0x1190 [ 633.720457][T27794] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 633.727037][T27794] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 633.733413][T27794] genl_rcv_msg+0xc1a/0xf70 [ 633.737946][T27794] ? genl_bind+0x400/0x400 [ 633.742394][T27794] ? read_lock_is_recursive+0x10/0x10 [ 633.747795][T27794] ? ref_tracker_free+0x638/0x7d0 [ 633.752828][T27794] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 633.759356][T27794] ? refcount_inc+0x80/0x80 [ 633.763864][T27794] ? __kasan_kmalloc_large+0x92/0xd0 [ 633.769265][T27794] netlink_rcv_skb+0x1cd/0x410 [ 633.774044][T27794] ? genl_bind+0x400/0x400 [ 633.778470][T27794] ? netlink_ack+0x1290/0x1290 [ 633.783278][T27794] genl_rcv+0x24/0x40 [ 633.787271][T27794] netlink_unicast+0x7d8/0x970 [ 633.792061][T27794] ? netlink_detachskb+0x90/0x90 [ 633.797006][T27794] ? find_vmap_area+0xf3/0x100 [ 633.801784][T27794] ? __phys_addr_symbol+0x2b/0x70 [ 633.806819][T27794] ? __check_object_size+0x4dd/0xa30 [ 633.812113][T27794] ? bpf_lsm_netlink_send+0x5/0x10 [ 633.817246][T27794] netlink_sendmsg+0xa26/0xd60 [ 633.822094][T27794] ? netlink_getsockopt+0x580/0x580 [ 633.827310][T27794] ? aa_sock_msg_perm+0x91/0x150 [ 633.832261][T27794] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 633.837558][T27794] ? security_socket_sendmsg+0x7d/0xa0 [ 633.843022][T27794] ? netlink_getsockopt+0x580/0x580 [ 633.848281][T27794] ____sys_sendmsg+0x5a5/0x8f0 [ 633.853098][T27794] ? __sys_sendmsg_sock+0x30/0x30 [ 633.858170][T27794] __sys_sendmsg+0x2a9/0x390 [ 633.862787][T27794] ? ____sys_sendmsg+0x8f0/0x8f0 [ 633.867785][T27794] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 633.873800][T27794] ? syscall_enter_from_user_mode+0x2e/0x230 [ 633.879820][T27794] ? lockdep_hardirqs_on+0x94/0x130 [ 633.885042][T27794] ? syscall_enter_from_user_mode+0x2e/0x230 [ 633.891041][T27794] do_syscall_64+0x3b/0xb0 [ 633.895471][T27794] ? clear_bhb_loop+0x45/0xa0 [ 633.900161][T27794] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 633.906069][T27794] RIP: 0033:0x7f127598cda9 [ 633.910494][T27794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.930109][T27794] RSP: 002b:00007f1276755038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 633.938534][T27794] RAX: ffffffffffffffda RBX: 00007f1275ba5fa0 RCX: 00007f127598cda9 [ 633.946512][T27794] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 633.954491][T27794] RBP: 00007f1275a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 633.962474][T27794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 633.970455][T27794] R13: 0000000000000000 R14: 00007f1275ba5fa0 R15: 00007ffc723635a8 [ 633.978460][T27794] [ 635.370951][T27845] netlink: 131088 bytes leftover after parsing attributes in process `syz.3.11387'. [ 635.752234][T27851] netlink: 'syz.2.11390': attribute type 29 has an invalid length. [ 636.235428][T27851] netlink: 'syz.2.11390': attribute type 29 has an invalid length. [ 636.261027][T27845] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 636.271633][T27845] CPU: 0 PID: 27845 Comm: syz.3.11387 Not tainted 6.1.127-syzkaller #0 [ 636.279916][T27845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 636.289993][T27845] Call Trace: [ 636.293294][T27845] [ 636.296242][T27845] dump_stack_lvl+0x1e3/0x2cb [ 636.300946][T27845] ? nf_tcp_handle_invalid+0x642/0x642 [ 636.306430][T27845] ? panic+0x764/0x764 [ 636.310538][T27845] sysfs_warn_dup+0x8a/0xa0 [ 636.315066][T27845] sysfs_do_create_link_sd+0xbe/0x100 [ 636.320470][T27845] device_add+0x7d4/0xfd0 [ 636.324841][T27845] wiphy_register+0x1e44/0x2cc0 [ 636.329730][T27845] ? cfg80211_event_work+0x40/0x40 [ 636.334867][T27845] ? minstrel_ht_alloc+0x7cf/0x940 [ 636.340009][T27845] ? ieee80211_init_rate_ctrl_alg+0x592/0x610 [ 636.346114][T27845] ieee80211_register_hw+0x31bd/0x3f10 [ 636.351619][T27845] ? ieee80211_register_hw+0x1181/0x3f10 [ 636.357287][T27845] ? ieee80211_register_hw+0x1081/0x3f10 [ 636.362968][T27845] ? ieee80211_tasklet_handler+0x20/0x20 [ 636.368634][T27845] ? __debug_object_init+0xe9/0x450 [ 636.373871][T27845] ? memset+0x1f/0x40 [ 636.377874][T27845] ? __hrtimer_init+0x181/0x260 [ 636.382729][T27845] mac80211_hwsim_new_radio+0x22d9/0x4060 [ 636.388472][T27845] hwsim_new_radio_nl+0xc54/0x1190 [ 636.393592][T27845] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 636.400109][T27845] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 636.406447][T27845] genl_rcv_msg+0xc1a/0xf70 [ 636.410956][T27845] ? genl_bind+0x400/0x400 [ 636.415385][T27845] ? read_lock_is_recursive+0x10/0x10 [ 636.420778][T27845] ? hwsim_tx_info_frame_received_nl+0x10a0/0x10a0 [ 636.427287][T27845] ? refcount_inc+0x80/0x80 [ 636.431796][T27845] ? __kasan_kmalloc_large+0x92/0xd0 [ 636.437087][T27845] netlink_rcv_skb+0x1cd/0x410 [ 636.441856][T27845] ? genl_bind+0x400/0x400 [ 636.446273][T27845] ? netlink_ack+0x1290/0x1290 [ 636.451043][T27845] ? __rcu_read_unlock+0x92/0x100 [ 636.456072][T27845] genl_rcv+0x24/0x40 [ 636.460053][T27845] netlink_unicast+0x7d8/0x970 [ 636.464826][T27845] ? netlink_detachskb+0x90/0x90 [ 636.469767][T27845] ? find_vmap_area+0xf3/0x100 [ 636.474535][T27845] ? __phys_addr_symbol+0x2b/0x70 [ 636.479565][T27845] ? __check_object_size+0x4dd/0xa30 [ 636.484873][T27845] ? bpf_lsm_netlink_send+0x5/0x10 [ 636.489987][T27845] netlink_sendmsg+0xa26/0xd60 [ 636.494764][T27845] ? netlink_getsockopt+0x580/0x580 [ 636.499980][T27845] ? aa_sock_msg_perm+0x91/0x150 [ 636.504927][T27845] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 636.510213][T27845] ? security_socket_sendmsg+0x7d/0xa0 [ 636.515670][T27845] ? netlink_getsockopt+0x580/0x580 [ 636.520869][T27845] ____sys_sendmsg+0x5a5/0x8f0 [ 636.525643][T27845] ? __sys_sendmsg_sock+0x30/0x30 [ 636.530682][T27845] __sys_sendmsg+0x2a9/0x390 [ 636.535276][T27845] ? ____sys_sendmsg+0x8f0/0x8f0 [ 636.540246][T27845] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 636.546275][T27845] ? syscall_enter_from_user_mode+0x2e/0x230 [ 636.552259][T27845] ? lockdep_hardirqs_on+0x94/0x130 [ 636.557458][T27845] ? syscall_enter_from_user_mode+0x2e/0x230 [ 636.563440][T27845] do_syscall_64+0x3b/0xb0 [ 636.567851][T27845] ? clear_bhb_loop+0x45/0xa0 [ 636.572522][T27845] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 636.578419][T27845] RIP: 0033:0x7f8e7bb8cda9 [ 636.582843][T27845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 636.602470][T27845] RSP: 002b:00007f8e7b9ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 636.610884][T27845] RAX: ffffffffffffffda RBX: 00007f8e7bda5fa0 RCX: 00007f8e7bb8cda9 [ 636.618853][T27845] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 636.626824][T27845] RBP: 00007f8e7bc0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 636.634816][T27845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 636.642784][T27845] R13: 0000000000000000 R14: 00007f8e7bda5fa0 R15: 00007fffd08af548 [ 636.650772][T27845] [ 636.674984][T27852] netlink: 'syz.2.11390': attribute type 29 has an invalid length. [ 637.066740][T27871] netlink: 'syz.0.11400': attribute type 8 has an invalid length. [ 637.103410][T27871] netlink: 'syz.0.11400': attribute type 1 has an invalid length. [ 637.185003][T27871] netlink: 104088 bytes leftover after parsing attributes in process `syz.0.11400'. [ 637.937653][T27890] netlink: 'syz.3.11409': attribute type 29 has an invalid length. [ 637.992482][T27890] netlink: 'syz.3.11409': attribute type 29 has an invalid length. [ 638.017150][T27894] netlink: 'syz.3.11409': attribute type 29 has an invalid length. [ 638.207332][T27903] netlink: 104088 bytes leftover after parsing attributes in process `syz.4.11416'. [ 639.588878][T27932] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 639.616492][T27937] validate_nla: 2 callbacks suppressed [ 639.616508][T27937] netlink: 'syz.1.11426': attribute type 29 has an invalid length. [ 639.636579][T27932] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 639.686268][T27937] netlink: 'syz.1.11426': attribute type 29 has an invalid length. [ 639.723026][T27941] netlink: 'syz.1.11426': attribute type 29 has an invalid length. [ 641.380936][T27973] netlink: 6401 bytes leftover after parsing attributes in process `syz.1.11447'. [ 641.698192][T27990] netlink: 65051 bytes leftover after parsing attributes in process `syz.4.11455'. [ 643.073039][T28022] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.11470'. [ 643.109176][T28026] netlink: 'syz.0.11472': attribute type 29 has an invalid length. [ 643.110295][T28024] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 643.118952][T28026] netlink: 'syz.0.11472': attribute type 29 has an invalid length. [ 643.154778][T28024] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 643.181084][T28026] netlink: 'syz.0.11472': attribute type 29 has an invalid length. [ 643.451713][T28038] netlink: 6401 bytes leftover after parsing attributes in process `syz.0.11479'. [ 643.779048][T28052] netlink: 65051 bytes leftover after parsing attributes in process `syz.0.11485'. [ 643.822799][T28055] netlink: 'syz.1.11487': attribute type 29 has an invalid length. [ 643.845029][T28055] netlink: 'syz.1.11487': attribute type 29 has an invalid length. [ 643.858301][T28055] netlink: 'syz.1.11487': attribute type 29 has an invalid length. [ 644.166545][T28074] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 644.182218][T28074] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 644.619393][T28087] netlink: 65051 bytes leftover after parsing attributes in process `syz.3.11500'. [ 644.708397][T28091] netlink: 'syz.4.11502': attribute type 29 has an invalid length. [ 644.726942][T28091] netlink: 'syz.4.11502': attribute type 29 has an invalid length. [ 644.738419][T28091] netlink: 'syz.4.11502': attribute type 29 has an invalid length. [ 647.617456][T28125] netlink: 65051 bytes leftover after parsing attributes in process `syz.2.11515'. [ 648.608546][T28149] netlink: 'syz.4.11531': attribute type 17 has an invalid length. [ 648.624899][T28149] netlink: 152 bytes leftover after parsing attributes in process `syz.4.11531'. [ 648.654966][T28149] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 648.692289][T28149] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 649.675851][T28185] netlink: 'syz.0.11548': attribute type 1 has an invalid length. [ 649.691114][T28185] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.11548'. [ 649.978355][T28195] netlink: 'syz.1.11551': attribute type 29 has an invalid length. [ 650.029537][T28195] netlink: 'syz.1.11551': attribute type 29 has an invalid length. [ 650.045317][T28197] netlink: 'syz.1.11551': attribute type 29 has an invalid length. [ 650.472640][T28216] netlink: 'syz.4.11563': attribute type 1 has an invalid length. [ 650.491726][T28216] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.11563'. [ 650.918921][T28228] netlink: 'syz.4.11569': attribute type 29 has an invalid length. [ 650.959731][T28228] netlink: 'syz.4.11569': attribute type 29 has an invalid length. [ 651.038924][T28233] netlink: 'syz.4.11569': attribute type 29 has an invalid length. [ 651.641770][T28255] netlink: 'syz.1.11578': attribute type 17 has an invalid length. [ 651.642516][T28256] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.11580'. [ 651.651638][T28255] netlink: 152 bytes leftover after parsing attributes in process `syz.1.11578'. [ 651.670198][T28255] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 651.926604][T28263] netlink: 'syz.3.11584': attribute type 29 has an invalid length. [ 651.984844][T28268] netlink: 'syz.2.11587': attribute type 21 has an invalid length. [ 653.813749][T28313] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.11606'. [ 654.627776][T28336] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.11619'. [ 654.666443][T28336] netlink: zone id is out of range [ 654.690193][T28336] netlink: zone id is out of range [ 655.105523][T28343] validate_nla: 6 callbacks suppressed [ 655.105545][T28343] netlink: 'syz.0.11620': attribute type 29 has an invalid length. [ 655.201851][T28343] netlink: 'syz.0.11620': attribute type 29 has an invalid length. [ 655.241033][T28343] netlink: 'syz.0.11620': attribute type 29 has an invalid length. [ 655.690721][T28353] netlink: 76 bytes leftover after parsing attributes in process `syz.1.11625'. [ 656.056761][T28361] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.11628'. [ 656.187143][T28365] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.11631'. [ 656.234766][T28365] netlink: zone id is out of range [ 656.242698][T28370] netlink: 'syz.2.11632': attribute type 4 has an invalid length. [ 656.250286][T28365] netlink: zone id is out of range [ 656.263966][T28370] netlink: 'syz.2.11632': attribute type 8 has an invalid length. [ 656.304826][T28370] netlink: 197344 bytes leftover after parsing attributes in process `syz.2.11632'. [ 656.504083][T28376] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.11635'. [ 656.912802][T28385] netlink: 76 bytes leftover after parsing attributes in process `syz.3.11639'. [ 657.128638][T28391] netlink: 14546 bytes leftover after parsing attributes in process `syz.0.11644'. [ 657.153974][T28397] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.11646'. [ 657.195621][T28397] netlink: zone id is out of range [ 657.200814][T28397] netlink: zone id is out of range [ 658.542386][T28434] netlink: zone id is out of range [ 658.557870][T28434] netlink: zone id is out of range [ 660.738985][T28514] netlink: 'syz.2.11701': attribute type 4 has an invalid length. [ 660.747166][T28514] __nla_validate_parse: 4 callbacks suppressed [ 660.747179][T28514] netlink: 152 bytes leftover after parsing attributes in process `syz.2.11701'. [ 660.826266][T28514] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 662.491483][T28582] netlink: 'syz.4.11732': attribute type 4 has an invalid length. [ 662.509994][T28582] netlink: 152 bytes leftover after parsing attributes in process `syz.4.11732'. [ 662.588223][T28588] netlink: 'syz.3.11734': attribute type 46 has an invalid length. [ 662.795854][T28597] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11738'. [ 663.915289][T28618] netlink: 'syz.3.11748': attribute type 4 has an invalid length. [ 663.927645][T28618] netlink: 152 bytes leftover after parsing attributes in process `syz.3.11748'. [ 665.027915][T28651] netlink: 'syz.4.11773': attribute type 46 has an invalid length. [ 665.070333][T28654] netlink: 'syz.0.11760': attribute type 4 has an invalid length. [ 665.091981][T28654] netlink: 152 bytes leftover after parsing attributes in process `syz.0.11760'. [ 665.140735][T28654] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 665.655886][T28676] netlink: 60 bytes leftover after parsing attributes in process `syz.4.11774'. [ 667.609766][T28764] netlink: 'syz.4.11816': attribute type 1 has an invalid length. [ 667.628451][T28764] netlink: 5 bytes leftover after parsing attributes in process `syz.4.11816'. [ 669.718625][T28855] netlink: 'syz.3.11857': attribute type 1 has an invalid length. [ 669.743061][T28855] netlink: 5 bytes leftover after parsing attributes in process `syz.3.11857'. [ 669.772843][T28857] netlink: 14546 bytes leftover after parsing attributes in process `syz.4.11858'. [ 670.298474][T28878] netlink: 'syz.1.11870': attribute type 3 has an invalid length. [ 670.324183][T28878] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.11870'. [ 671.437041][T28927] netlink: 'syz.1.11891': attribute type 1 has an invalid length. [ 671.474926][T28927] netlink: 5 bytes leftover after parsing attributes in process `syz.1.11891'. [ 671.492465][T28929] netlink: 14546 bytes leftover after parsing attributes in process `syz.2.11892'. [ 672.159935][T28954] netlink: 14546 bytes leftover after parsing attributes in process `syz.3.11905'. [ 672.817061][T28982] netlink: 'syz.4.11920': attribute type 3 has an invalid length. [ 672.849510][T28982] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.11920'. [ 674.635437][T29056] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.11953'. [ 676.536100][T29145] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.12005'. [ 677.580691][T29167] netlink: 'syz.4.12006': attribute type 10 has an invalid length. [ 677.626201][T29167] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.634100][T29167] bond0: (slave team0): Enslaving as an active interface with an up link [ 677.870172][T29181] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.12010'. [ 679.959792][T29235] netlink: 'syz.1.12035': attribute type 10 has an invalid length. [ 680.010661][T29235] 8021q: adding VLAN 0 to HW filter on device team0 [ 682.702340][T29311] netlink: 'syz.3.12071': attribute type 10 has an invalid length. [ 682.826660][T29311] 8021q: adding VLAN 0 to HW filter on device team0 [ 682.865965][T29311] bond0: (slave team0): Enslaving as an active interface with an up link [ 683.628089][T29348] netlink: 'syz.4.12087': attribute type 29 has an invalid length. [ 683.665140][T29348] netlink: 'syz.4.12087': attribute type 29 has an invalid length. [ 683.691736][T29355] netlink: 'syz.4.12087': attribute type 29 has an invalid length. [ 683.729406][T29357] netlink: 'syz.2.12092': attribute type 10 has an invalid length. [ 683.754831][T29357] netlink: 40 bytes leftover after parsing attributes in process `syz.2.12092'. [ 683.774828][T29357] device team0 entered promiscuous mode [ 683.780544][T29357] device team_slave_0 entered promiscuous mode [ 683.823898][T29357] device team_slave_1 entered promiscuous mode [ 683.855094][T29357] device geneve1 entered promiscuous mode [ 683.861116][T29357] device geneve0 entered promiscuous mode [ 683.884875][T29357] device wlan1 entered promiscuous mode [ 683.909668][T29357] device dummy0 entered promiscuous mode [ 683.929159][T29357] device bond0 entered promiscuous mode [ 683.935753][T29357] device bond_slave_0 entered promiscuous mode [ 683.959402][T29357] device bond_slave_1 entered promiscuous mode [ 683.968106][T29357] 8021q: adding VLAN 0 to HW filter on device team0 [ 683.981961][T29357] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 684.741618][T29392] netlink: 'syz.1.12109': attribute type 29 has an invalid length. [ 684.751387][T29392] netlink: 'syz.1.12109': attribute type 29 has an invalid length. [ 684.813274][T29392] netlink: 'syz.1.12109': attribute type 29 has an invalid length. [ 685.427709][T29428] netlink: 'syz.4.12125': attribute type 29 has an invalid length. [ 685.464910][T29428] netlink: 'syz.4.12125': attribute type 29 has an invalid length. [ 685.476835][T29428] netlink: 'syz.4.12125': attribute type 29 has an invalid length. [ 685.860603][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.866988][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.168207][T29454] netlink: 'syz.2.12139': attribute type 29 has an invalid length. [ 686.187976][T29454] netlink: 'syz.2.12139': attribute type 29 has an invalid length. [ 686.216296][T29454] netlink: 'syz.2.12139': attribute type 29 has an invalid length. [ 687.032079][T29496] netlink: 'syz.1.12154': attribute type 29 has an invalid length. [ 687.050746][T29496] netlink: 'syz.1.12154': attribute type 29 has an invalid length. [ 687.082156][T29496] netlink: 'syz.1.12154': attribute type 29 has an invalid length. [ 687.857642][T29532] netlink: 'syz.3.12175': attribute type 10 has an invalid length. [ 687.890752][T29532] netlink: 40 bytes leftover after parsing attributes in process `syz.3.12175'. [ 687.925318][T29532] device team0 entered promiscuous mode [ 687.935701][T29532] device team_slave_1 entered promiscuous mode [ 687.966566][T29532] bond0: (slave team0): Releasing backup interface [ 688.004161][T29532] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 688.703137][T29571] netlink: 40 bytes leftover after parsing attributes in process `syz.1.12196'. [ 688.732707][T29571] device team0 entered promiscuous mode [ 688.739055][T29571] device team_slave_1 entered promiscuous mode [ 688.746782][T29571] device wlan1 entered promiscuous mode [ 688.752798][T29571] device bond0 entered promiscuous mode [ 688.762652][T29571] 8021q: adding VLAN 0 to HW filter on device team0 [ 688.805672][T29571] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 689.676552][T29615] netlink: 40 bytes leftover after parsing attributes in process `syz.0.12216'. [ 689.686288][T29615] device team0 entered promiscuous mode [ 689.692153][T29615] device team_slave_1 entered promiscuous mode [ 689.700420][T29615] device geneve1 entered promiscuous mode [ 689.706799][T29615] device bond0 entered promiscuous mode [ 689.716468][T29615] 8021q: adding VLAN 0 to HW filter on device team0 [ 689.724541][T29615] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 691.475418][T29689] validate_nla: 2 callbacks suppressed [ 691.475437][T29689] netlink: 'syz.4.12252': attribute type 10 has an invalid length. [ 691.514770][T29689] netlink: 40 bytes leftover after parsing attributes in process `syz.4.12252'. [ 691.555079][T29689] device team0 entered promiscuous mode [ 691.582861][T29689] device team_slave_1 entered promiscuous mode [ 691.622660][T29689] bond0: (slave team0): Releasing backup interface [ 691.681397][T29689] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 692.433891][T29735] netlink: 'syz.1.12275': attribute type 10 has an invalid length. [ 692.448986][T29735] netlink: 40 bytes leftover after parsing attributes in process `syz.1.12275'. [ 692.486025][T29735] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 692.983060][T29758] netlink: 'syz.4.12284': attribute type 27 has an invalid length. [ 693.004933][T29758] netlink: 2418 bytes leftover after parsing attributes in process `syz.4.12284'. [ 694.164385][T29808] netlink: 'syz.1.12305': attribute type 27 has an invalid length. [ 694.180745][T29808] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.12305'. [ 694.371072][T29816] netlink: 'syz.2.12322': attribute type 27 has an invalid length. [ 694.408632][T29816] netlink: 2418 bytes leftover after parsing attributes in process `syz.2.12322'. [ 695.686383][T29872] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12339'. [ 695.717490][T29872] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12339'. [ 695.753540][T29875] netlink: 60 bytes leftover after parsing attributes in process `syz.2.12339'. [ 697.648756][T29961] netlink: 16098 bytes leftover after parsing attributes in process `syz.2.12380'. [ 698.255796][T29989] netlink: 60 bytes leftover after parsing attributes in process `syz.3.12390'. [ 698.274841][T29989] netlink: 60 bytes leftover after parsing attributes in process `syz.3.12390'. [ 698.335040][T29993] netlink: 60 bytes leftover after parsing attributes in process `syz.3.12390'. [ 699.412469][T30023] netlink: 'syz.1.12408': attribute type 10 has an invalid length. [ 699.434762][T30023] netlink: 152 bytes leftover after parsing attributes in process `syz.1.12408'. [ 699.478298][T30028] netlink: 60 bytes leftover after parsing attributes in process `syz.4.12410'. [ 699.498348][T30028] netlink: 60 bytes leftover after parsing attributes in process `syz.4.12410'. [ 701.780478][T30141] netlink: 'syz.3.12465': attribute type 10 has an invalid length. [ 701.835248][T30141] __nla_validate_parse: 2 callbacks suppressed [ 701.835267][T30141] netlink: 152 bytes leftover after parsing attributes in process `syz.3.12465'. [ 702.547789][T30182] netlink: 'syz.2.12481': attribute type 10 has an invalid length. [ 702.565469][T30182] netlink: 152 bytes leftover after parsing attributes in process `syz.2.12481'. [ 704.334569][T30278] netlink: 'syz.1.12529': attribute type 2 has an invalid length. [ 704.342839][T30278] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12529'. [ 708.326807][T30384] netlink: 'syz.2.12575': attribute type 2 has an invalid length. [ 708.394813][T30384] netlink: 132 bytes leftover after parsing attributes in process `syz.2.12575'. [ 711.799491][T30502] netlink: 'syz.4.12632': attribute type 11 has an invalid length. [ 711.835802][T30502] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.12632'. [ 711.855879][T30501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 713.702351][T30569] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.12666'. [ 715.648669][T30600] netlink: 'syz.2.12680': attribute type 11 has an invalid length. [ 715.684676][T30600] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.12680'. [ 715.724796][T30598] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 716.030002][T30616] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.12688'. [ 717.548182][T30648] netlink: 'syz.3.12702': attribute type 11 has an invalid length. [ 717.582582][T30648] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.12702'. [ 717.634024][T30643] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 717.655809][T30654] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.12705'. [ 719.219776][T30681] netlink: 16222 bytes leftover after parsing attributes in process `syz.1.12718'. [ 719.365476][T30687] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.12719'. [ 719.715394][T30706] netlink: 'syz.4.12729': attribute type 21 has an invalid length. [ 719.740694][T30706] netlink: 128 bytes leftover after parsing attributes in process `syz.4.12729'. [ 719.774524][T30706] netlink: 'syz.4.12729': attribute type 4 has an invalid length. [ 719.793992][T30706] netlink: 3 bytes leftover after parsing attributes in process `syz.4.12729'. [ 720.038256][T30719] netlink: 16222 bytes leftover after parsing attributes in process `syz.4.12736'. [ 720.928659][T30748] netlink: 'syz.0.12749': attribute type 21 has an invalid length. [ 720.936780][T30748] netlink: 128 bytes leftover after parsing attributes in process `syz.0.12749'. [ 720.946810][T30748] netlink: 'syz.0.12749': attribute type 4 has an invalid length. [ 720.955068][T30748] netlink: 3 bytes leftover after parsing attributes in process `syz.0.12749'. [ 721.723193][T30779] netlink: 'syz.3.12764': attribute type 21 has an invalid length. [ 721.731446][T30779] netlink: 128 bytes leftover after parsing attributes in process `syz.3.12764'. [ 721.742344][T30779] netlink: 'syz.3.12764': attribute type 4 has an invalid length. [ 721.752320][T30779] netlink: 3 bytes leftover after parsing attributes in process `syz.3.12764'. [ 721.904082][T30787] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12768'. [ 723.113287][T30839] netlink: 'syz.0.12795': attribute type 2 has an invalid length. [ 725.303175][T30890] __nla_validate_parse: 1 callbacks suppressed [ 725.303196][T30890] netlink: 64 bytes leftover after parsing attributes in process `syz.4.12819'. [ 725.638091][T30913] netlink: 'syz.2.12829': attribute type 2 has an invalid length. [ 725.670754][T30913] netlink: 199848 bytes leftover after parsing attributes in process `syz.2.12829'. [ 726.037453][T30933] netlink: 64 bytes leftover after parsing attributes in process `syz.0.12838'. [ 726.698986][T30968] netlink: 64 bytes leftover after parsing attributes in process `syz.1.12854'. [ 727.036461][T30982] netlink: 'syz.2.12859': attribute type 3 has an invalid length. [ 727.081107][T30982] netlink: 'syz.2.12859': attribute type 1 has an invalid length. [ 727.102890][T30982] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.12859'. [ 728.413975][T31047] netlink: 'syz.4.12895': attribute type 3 has an invalid length. [ 728.442633][T31047] netlink: 'syz.4.12895': attribute type 1 has an invalid length. [ 728.461206][T31047] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.12895'. [ 731.039068][T31162] netlink: 'syz.1.12949': attribute type 9 has an invalid length. [ 731.047447][T31162] netlink: 134780 bytes leftover after parsing attributes in process `syz.1.12949'. [ 731.346448][T31172] netlink: 'syz.3.12955': attribute type 3 has an invalid length. [ 731.365075][T31172] netlink: 'syz.3.12955': attribute type 1 has an invalid length. [ 731.389219][T31172] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.12955'. [ 731.595694][T31188] netlink: 'syz.4.12959': attribute type 3 has an invalid length. [ 731.625299][T31188] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.12959'. [ 732.455182][T31221] netlink: 'syz.2.12977': attribute type 3 has an invalid length. [ 732.476366][T31221] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.12977'. [ 732.692145][T31231] netlink: 'syz.2.12991': attribute type 9 has an invalid length. [ 732.741672][T31231] netlink: 134780 bytes leftover after parsing attributes in process `syz.2.12991'. [ 733.286285][T31260] netlink: 'syz.1.12994': attribute type 10 has an invalid length. [ 733.326642][T31260] device team0 left promiscuous mode [ 733.331986][T31260] device team_slave_1 left promiscuous mode [ 733.378993][T31260] device wlan1 left promiscuous mode [ 733.391463][T31260] device bond0 left promiscuous mode [ 733.430491][T31261] netlink: 'syz.1.12994': attribute type 10 has an invalid length. [ 733.453896][T31261] netlink: 2 bytes leftover after parsing attributes in process `syz.1.12994'. [ 733.471605][T31261] device team0 entered promiscuous mode [ 733.501860][T31261] device team_slave_1 entered promiscuous mode [ 733.514108][T31261] device wlan1 entered promiscuous mode [ 733.529350][T31261] device bond0 entered promiscuous mode [ 733.542163][T31261] 8021q: adding VLAN 0 to HW filter on device team0 [ 733.545076][T31270] netlink: 'syz.3.12998': attribute type 9 has an invalid length. [ 733.583193][T31270] netlink: 134780 bytes leftover after parsing attributes in process `syz.3.12998'. [ 733.717816][T31276] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.13001'. [ 733.736942][T31278] netlink: 'syz.0.13010': attribute type 9 has an invalid length. [ 733.763969][T31278] netlink: 134780 bytes leftover after parsing attributes in process `syz.0.13010'. [ 735.427419][T31356] netlink: 134780 bytes leftover after parsing attributes in process `syz.1.13035'. [ 736.081439][T31392] validate_nla: 3 callbacks suppressed [ 736.081459][T31392] netlink: 'syz.4.13053': attribute type 9 has an invalid length. [ 736.144822][T31392] __nla_validate_parse: 1 callbacks suppressed [ 736.144839][T31392] netlink: 134780 bytes leftover after parsing attributes in process `syz.4.13053'. [ 736.178016][T31394] netlink: 'syz.0.13056': attribute type 3 has an invalid length. [ 736.443606][T31410] netlink: 'syz.1.13063': attribute type 12 has an invalid length. [ 736.465993][T31410] netlink: 172 bytes leftover after parsing attributes in process `syz.1.13063'. [ 736.799078][T31431] netlink: 'syz.3.13071': attribute type 3 has an invalid length. [ 737.010866][T31449] netlink: 'syz.0.13078': attribute type 12 has an invalid length. [ 737.019134][T31449] netlink: 172 bytes leftover after parsing attributes in process `syz.0.13078'. [ 738.201316][T31482] netlink: 'syz.2.13093': attribute type 12 has an invalid length. [ 738.229533][T31482] netlink: 172 bytes leftover after parsing attributes in process `syz.2.13093'. [ 738.728963][T31516] netlink: 'syz.2.13109': attribute type 10 has an invalid length. [ 738.758863][T31516] device team0 left promiscuous mode [ 738.764206][T31516] device team_slave_0 left promiscuous mode [ 738.786224][T31516] device team_slave_1 left promiscuous mode [ 738.805057][T31516] device geneve1 left promiscuous mode [ 738.815037][T31516] device geneve0 left promiscuous mode [ 738.821030][T31516] device wlan1 left promiscuous mode [ 738.842764][T31516] device dummy0 left promiscuous mode [ 738.848728][T31516] device bond0 left promiscuous mode [ 738.857398][T31516] device bond_slave_0 left promiscuous mode [ 738.868363][T31516] device bond_slave_1 left promiscuous mode [ 738.906360][T31518] netlink: 'syz.2.13109': attribute type 10 has an invalid length. [ 738.919258][T31518] netlink: 2 bytes leftover after parsing attributes in process `syz.2.13109'. [ 738.931798][T31518] device team0 entered promiscuous mode [ 738.938541][T31518] device team_slave_0 entered promiscuous mode [ 738.945307][T31518] device team_slave_1 entered promiscuous mode [ 738.951710][T31518] device geneve1 entered promiscuous mode [ 738.966366][T31518] device geneve0 entered promiscuous mode [ 738.975586][T31518] device wlan1 entered promiscuous mode [ 738.981391][T31518] device dummy0 entered promiscuous mode [ 738.987213][T31518] device bond0 entered promiscuous mode [ 738.992848][T31518] device bond_slave_0 entered promiscuous mode [ 738.999228][T31518] device bond_slave_1 entered promiscuous mode [ 739.014134][T31518] 8021q: adding VLAN 0 to HW filter on device team0 [ 739.022136][T31525] netlink: 'syz.3.13112': attribute type 12 has an invalid length. [ 739.043879][T31525] netlink: 172 bytes leftover after parsing attributes in process `syz.3.13112'. [ 739.554992][T31566] netlink: 'syz.4.13132': attribute type 10 has an invalid length. [ 739.585082][T31566] device team0 left promiscuous mode [ 739.590431][T31566] device team_slave_1 left promiscuous mode [ 739.635112][T31569] netlink: 2 bytes leftover after parsing attributes in process `syz.4.13132'. [ 739.676931][T31569] device team0 entered promiscuous mode [ 739.701184][T31569] device team_slave_1 entered promiscuous mode [ 739.716114][T31569] 8021q: adding VLAN 0 to HW filter on device team0 [ 740.889255][T31612] netlink: 14560 bytes leftover after parsing attributes in process `syz.4.13153'. [ 742.514220][T31702] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.13196'. [ 742.556571][T31705] validate_nla: 1 callbacks suppressed [ 742.556589][T31705] netlink: 'syz.1.13198': attribute type 4 has an invalid length. [ 742.570507][T31705] netlink: 'syz.1.13198': attribute type 1 has an invalid length. [ 742.578808][T31705] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.13198'. [ 743.010550][T31730] netlink: 14560 bytes leftover after parsing attributes in process `syz.2.13211'. [ 743.518978][T31758] netlink: 'syz.0.13232': attribute type 4 has an invalid length. [ 743.544375][T31758] netlink: 'syz.0.13232': attribute type 1 has an invalid length. [ 743.574179][T31758] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.13232'. [ 743.797001][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 743.814060][T31769] netlink: 132 bytes leftover after parsing attributes in process `syz.1.13228'. [ 744.214987][T31791] netlink: 'syz.3.13237': attribute type 21 has an invalid length. [ 744.255465][T31791] netlink: 132 bytes leftover after parsing attributes in process `syz.3.13237'. [ 744.314423][T31799] netlink: 'syz.2.13243': attribute type 4 has an invalid length. [ 744.347908][T31799] netlink: 'syz.2.13243': attribute type 1 has an invalid length. [ 744.366584][T31799] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.13243'. [ 744.953836][T31833] netlink: 3 bytes leftover after parsing attributes in process `syz.4.13258'. [ 745.030764][T31841] netlink: 132 bytes leftover after parsing attributes in process `syz.2.13262'. [ 745.782677][T31879] netlink: 132 bytes leftover after parsing attributes in process `syz.3.13279'. [ 746.496471][T31913] netlink: 'syz.4.13294': attribute type 21 has an invalid length. [ 747.277484][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.283837][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 749.765197][T32001] netlink: 'syz.4.13337': attribute type 1 has an invalid length. [ 749.773066][T32001] __nla_validate_parse: 1 callbacks suppressed [ 749.773079][T32001] netlink: 16098 bytes leftover after parsing attributes in process `syz.4.13337'. [ 750.245636][T32035] netlink: 'syz.1.13352': attribute type 1 has an invalid length. [ 750.274920][T32035] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.13352'. [ 751.222756][T32087] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.13376'. [ 751.814936][T32115] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.13389'. [ 752.542787][T32153] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.13404'. [ 753.784329][T32208] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.13432'. [ 754.156626][T32228] netlink: 'syz.4.13442': attribute type 29 has an invalid length. [ 754.247251][T32228] netlink: 'syz.4.13442': attribute type 29 has an invalid length. [ 754.269732][T32229] netlink: 'syz.4.13442': attribute type 29 has an invalid length. [ 754.557929][T32248] netlink: 65043 bytes leftover after parsing attributes in process `syz.3.13450'. [ 755.117105][T32263] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.13457'. [ 755.265473][T32269] netlink: 'syz.0.13460': attribute type 29 has an invalid length. [ 755.370182][T32269] netlink: 'syz.0.13460': attribute type 29 has an invalid length. [ 755.382110][T32276] netlink: 65043 bytes leftover after parsing attributes in process `syz.1.13464'. [ 755.407538][T32274] netlink: 'syz.0.13460': attribute type 29 has an invalid length. [ 755.974501][T32305] netlink: 65043 bytes leftover after parsing attributes in process `syz.4.13477'. [ 756.093814][T32310] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 756.110903][T32314] netlink: 134268 bytes leftover after parsing attributes in process `syz.0.13481'. [ 757.190594][T32367] netlink: 'syz.0.13516': attribute type 21 has an invalid length. [ 757.349461][T32371] netlink: 'syz.4.13508': attribute type 29 has an invalid length. [ 757.385332][T32371] netlink: 'syz.4.13508': attribute type 29 has an invalid length. [ 757.490213][T32377] netlink: 'syz.4.13508': attribute type 29 has an invalid length. [ 759.199239][T32429] netlink: 134268 bytes leftover after parsing attributes in process `syz.2.13534'. [ 760.003687][T32464] netlink: 'syz.3.13547': attribute type 29 has an invalid length. [ 760.070573][T32464] netlink: 'syz.3.13547': attribute type 29 has an invalid length. [ 760.094987][T32465] netlink: 'syz.3.13547': attribute type 29 has an invalid length. [ 760.662190][T32484] netlink: 'syz.3.13558': attribute type 21 has an invalid length. [ 762.150964][T32532] syz.3.13577 (32532) used obsolete PPPIOCDETACH ioctl [ 762.401555][T32539] netlink: 'syz.3.13580': attribute type 3 has an invalid length. [ 762.451553][T32539] netlink: 118424 bytes leftover after parsing attributes in process `syz.3.13580'. [ 763.187372][T32553] netlink: 'syz.4.13588': attribute type 3 has an invalid length. [ 763.254766][T32553] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.13588'. [ 763.673265][T32567] netlink: 'syz.0.13594': attribute type 2 has an invalid length. [ 764.424182][T32598] netlink: 'syz.3.13608': attribute type 3 has an invalid length. [ 764.455782][T32598] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.13608'. [ 764.819319][T32611] netlink: 'syz.2.13612': attribute type 3 has an invalid length. [ 764.844732][T32611] netlink: 118424 bytes leftover after parsing attributes in process `syz.2.13612'. [ 765.745078][T32634] netlink: 'syz.3.13625': attribute type 21 has an invalid length. [ 765.748186][T32632] netlink: 'syz.1.13624': attribute type 3 has an invalid length. [ 765.753067][T32634] netlink: 156 bytes leftover after parsing attributes in process `syz.3.13625'. [ 765.811543][T32632] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.13624'. [ 766.166001][T32649] netlink: 'syz.4.13627': attribute type 3 has an invalid length. [ 766.204411][T32649] netlink: 118424 bytes leftover after parsing attributes in process `syz.4.13627'. [ 766.297175][T32651] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.13632'. [ 766.630341][T32664] netlink: 'syz.1.13639': attribute type 2 has an invalid length. [ 766.664730][T32664] netlink: 16098 bytes leftover after parsing attributes in process `syz.1.13639'. [ 766.810382][T32672] netlink: 'syz.2.13654': attribute type 2 has an invalid length. [ 766.834683][T32673] netlink: 146340 bytes leftover after parsing attributes in process `syz.0.13642'. [ 766.855779][T32673] openvswitch: netlink: Key type 386 is out of range max 32 [ 767.671912][T32705] __nla_validate_parse: 3 callbacks suppressed [ 767.671934][T32705] netlink: 146340 bytes leftover after parsing attributes in process `syz.3.13659'. [ 767.739848][T32705] openvswitch: netlink: Key type 386 is out of range max 32 [ 767.968911][T32715] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.13664'. [ 768.097250][T32721] netlink: 'syz.2.13666': attribute type 29 has an invalid length. [ 768.116198][T32721] netlink: 'syz.2.13666': attribute type 29 has an invalid length. [ 768.209628][T32728] netlink: 'syz.3.13670': attribute type 29 has an invalid length. [ 768.235247][T32728] netlink: 'syz.3.13670': attribute type 29 has an invalid length. [ 768.264932][T32730] netlink: 'syz.3.13670': attribute type 29 has an invalid length. [ 769.010446][ T303] netlink: 4068 bytes leftover after parsing attributes in process `syz.2.13691'. [ 772.019427][ T441] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.13767'. [ 772.039175][ T441] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.13767'. [ 772.069889][ T437] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.13767'. [ 773.431257][ T505] validate_nla: 4 callbacks suppressed [ 773.431279][ T505] netlink: 'syz.2.13791': attribute type 10 has an invalid length. [ 773.465772][ T505] device netdevsim0 left promiscuous mode [ 773.490223][ T505] device netdevsim0 entered promiscuous mode [ 773.501070][ T505] team0: Port device netdevsim0 added [ 773.507389][ T511] netlink: 'syz.2.13791': attribute type 10 has an invalid length. [ 773.516285][ T511] device netdevsim0 left promiscuous mode [ 773.529555][ T514] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.13792'. [ 773.551866][ T511] team0: Port device netdevsim0 removed [ 773.560705][ T511] device netdevsim0 entered promiscuous mode [ 773.568250][ T511] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 773.579955][ T514] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.13792'. [ 773.593088][ T509] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.13792'. [ 774.186544][ T550] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.13808'. [ 774.238243][ T550] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.13808'. [ 774.262049][ T543] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.13808'. [ 775.069324][ T589] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.13827'. [ 775.095553][ T589] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.13827'. [ 775.111123][ T591] netlink: 'syz.1.13830': attribute type 10 has an invalid length. [ 775.122636][ T591] device netdevsim0 entered promiscuous mode [ 775.129693][ T591] team0: Port device netdevsim0 added [ 775.140849][ T586] netlink: 4083 bytes leftover after parsing attributes in process `syz.4.13827'. [ 775.176473][ T591] netlink: 'syz.1.13830': attribute type 10 has an invalid length. [ 775.190978][ T591] device netdevsim0 left promiscuous mode [ 775.302121][ T591] team0: Port device netdevsim0 removed [ 775.321955][ T591] device netdevsim0 entered promiscuous mode [ 775.343003][ T591] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 775.538595][ T611] netlink: 'syz.3.13847': attribute type 10 has an invalid length. [ 775.549070][ T611] device netdevsim0 left promiscuous mode [ 775.569503][ T611] device netdevsim0 entered promiscuous mode [ 775.582452][ T611] team0: Port device netdevsim0 added [ 775.600023][ T613] netlink: 'syz.3.13847': attribute type 10 has an invalid length. [ 775.616258][ T613] device netdevsim0 left promiscuous mode [ 775.662408][ T613] team0: Port device netdevsim0 removed [ 775.675605][ T613] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 776.205250][ T656] netlink: 'syz.4.13858': attribute type 10 has an invalid length. [ 776.226141][ T656] device netdevsim0 entered promiscuous mode [ 776.240798][ T656] team0: Port device netdevsim0 added [ 776.264330][ T656] netlink: 'syz.4.13858': attribute type 10 has an invalid length. [ 776.281284][ T656] device netdevsim0 left promiscuous mode [ 776.313694][ T656] team0: Port device netdevsim0 removed [ 776.326510][ T656] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 776.947649][ T694] netlink: 'syz.3.13879': attribute type 2 has an invalid length. [ 776.965360][ T694] netlink: 'syz.3.13879': attribute type 1 has an invalid length. [ 779.105535][ T813] validate_nla: 5 callbacks suppressed [ 779.105564][ T813] netlink: 'syz.2.13933': attribute type 2 has an invalid length. [ 779.147691][ T813] netlink: 'syz.2.13933': attribute type 1 has an invalid length. [ 779.167446][ T817] netlink: 'syz.3.13937': attribute type 1 has an invalid length. [ 779.181680][ T817] netlink: 'syz.3.13937': attribute type 1 has an invalid length. [ 779.196630][ T817] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.13937'. [ 779.214837][ T819] netlink: 'syz.1.13938': attribute type 1 has an invalid length. [ 779.232495][ T819] netlink: 5 bytes leftover after parsing attributes in process `syz.1.13938'. [ 779.283990][ T823] netlink: 'syz.2.13940': attribute type 29 has an invalid length. [ 779.296552][ T823] netlink: 'syz.2.13940': attribute type 29 has an invalid length. [ 779.337566][ T823] netlink: 'syz.2.13940': attribute type 29 has an invalid length. [ 779.529082][ T841] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13945'. [ 779.558028][ T843] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.13949'. [ 779.574690][ T841] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13945'. [ 779.584003][ T835] netlink: 60 bytes leftover after parsing attributes in process `syz.2.13945'. [ 779.776908][ T857] netlink: 'syz.1.13956': attribute type 1 has an invalid length. [ 779.804676][ T857] netlink: 'syz.1.13956': attribute type 1 has an invalid length. [ 779.812564][ T857] netlink: 116376 bytes leftover after parsing attributes in process `syz.1.13956'. [ 779.971772][ T870] netlink: 116376 bytes leftover after parsing attributes in process `syz.0.13972'. [ 781.269920][ T948] netlink: 5 bytes leftover after parsing attributes in process `syz.3.13990'. [ 782.265090][ T996] netlink: 60 bytes leftover after parsing attributes in process `syz.3.14011'. [ 784.236888][ T1126] __nla_validate_parse: 6 callbacks suppressed [ 784.236910][ T1126] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.14067'. [ 784.599434][ T1145] validate_nla: 9 callbacks suppressed [ 784.599453][ T1145] netlink: 'syz.0.14079': attribute type 21 has an invalid length. [ 784.653764][ T1145] netlink: 156 bytes leftover after parsing attributes in process `syz.0.14079'. [ 784.945782][ T1167] netlink: 'syz.1.14089': attribute type 3 has an invalid length. [ 784.953669][ T1167] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14089'. [ 784.975874][ T1169] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.14090'. [ 785.388280][ T1196] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.14105'. [ 785.459350][ T1203] netlink: 'syz.4.14107': attribute type 3 has an invalid length. [ 785.491087][ T1203] netlink: 132 bytes leftover after parsing attributes in process `syz.4.14107'. [ 785.905327][ T1225] netlink: 'syz.1.14117': attribute type 10 has an invalid length. [ 785.962401][ T1228] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.14118'. [ 786.091515][ T1235] netlink: 'syz.3.14122': attribute type 3 has an invalid length. [ 786.116751][ T1235] netlink: 132 bytes leftover after parsing attributes in process `syz.3.14122'. [ 786.139136][ T1241] netlink: 'syz.4.14123': attribute type 21 has an invalid length. [ 786.152736][ T1241] netlink: 156 bytes leftover after parsing attributes in process `syz.4.14123'. [ 786.960585][ T1288] netlink: 'syz.2.14148': attribute type 10 has an invalid length. [ 788.590823][ T1384] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.14192'. [ 789.552340][ T1448] __nla_validate_parse: 1 callbacks suppressed [ 789.552358][ T1448] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.14224'. [ 790.060052][ T1485] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.14241'. [ 790.225879][ T1495] netlink: 'syz.2.14248': attribute type 21 has an invalid length. [ 790.235669][ T1495] netlink: 'syz.2.14248': attribute type 6 has an invalid length. [ 790.249411][ T1495] netlink: 132 bytes leftover after parsing attributes in process `syz.2.14248'. [ 790.815094][ T1540] netlink: 'syz.0.14266': attribute type 21 has an invalid length. [ 790.834780][ T1540] netlink: 'syz.0.14266': attribute type 6 has an invalid length. [ 790.864985][ T1540] netlink: 132 bytes leftover after parsing attributes in process `syz.0.14266'. [ 791.303651][ T1573] netlink: 'syz.1.14285': attribute type 21 has an invalid length. [ 791.322189][ T1573] netlink: 'syz.1.14285': attribute type 6 has an invalid length. [ 791.346211][ T1573] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14285'. [ 792.364896][ T1649] netlink: 166 bytes leftover after parsing attributes in process `syz.3.14323'. [ 793.446194][ T1714] netlink: 166 bytes leftover after parsing attributes in process `syz.4.14352'. [ 793.857369][ T1746] netlink: 56 bytes leftover after parsing attributes in process `syz.0.14368'. [ 793.892661][ T1746] netlink: 56 bytes leftover after parsing attributes in process `syz.0.14368'. [ 793.907200][ T1746] netlink: 56 bytes leftover after parsing attributes in process `syz.0.14368'. [ 794.696363][ T1798] __nla_validate_parse: 1 callbacks suppressed [ 794.696381][ T1798] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.14396'. [ 795.103265][ T1819] netlink: 132 bytes leftover after parsing attributes in process `syz.3.14406'. [ 795.817772][ T1862] netlink: 56 bytes leftover after parsing attributes in process `syz.4.14425'. [ 795.841762][ T1862] netlink: 56 bytes leftover after parsing attributes in process `syz.4.14425'. [ 795.871693][ T1862] netlink: 56 bytes leftover after parsing attributes in process `syz.4.14425'. [ 795.908147][ T1867] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.14428'. [ 796.316865][ T1896] netlink: 56 bytes leftover after parsing attributes in process `syz.2.14442'. [ 796.344420][ T1896] netlink: 56 bytes leftover after parsing attributes in process `syz.2.14442'. [ 796.356098][ T1896] netlink: 56 bytes leftover after parsing attributes in process `syz.2.14442'. [ 796.409248][ T1902] netlink: 16255 bytes leftover after parsing attributes in process `syz.4.14443'. [ 800.337432][ T2088] netlink: 'syz.2.14533': attribute type 29 has an invalid length. [ 800.364871][ T2088] netlink: 'syz.2.14533': attribute type 29 has an invalid length. [ 800.398060][ T2088] netlink: 'syz.2.14533': attribute type 29 has an invalid length. [ 800.787987][ T2100] __nla_validate_parse: 2 callbacks suppressed [ 800.788008][ T2100] netlink: 10 bytes leftover after parsing attributes in process `syz.4.14538'. [ 801.843727][ T2156] netlink: 'syz.0.14566': attribute type 17 has an invalid length. [ 801.864739][ T2156] netlink: 'syz.0.14566': attribute type 16 has an invalid length. [ 801.873084][ T2156] netlink: 152 bytes leftover after parsing attributes in process `syz.0.14566'. [ 802.047140][ T2171] netlink: 'syz.3.14572': attribute type 21 has an invalid length. [ 802.392853][ T2189] netlink: 'syz.3.14580': attribute type 2 has an invalid length. [ 802.506048][ T2193] netlink: 'syz.4.14581': attribute type 29 has an invalid length. [ 802.521024][ T2193] netlink: 'syz.4.14581': attribute type 29 has an invalid length. [ 802.540076][ T2198] netlink: 'syz.3.14584': attribute type 29 has an invalid length. [ 802.795240][ T2212] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.14589'. [ 802.839544][ T2214] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.14592'. [ 803.255020][ T2234] netlink: 152 bytes leftover after parsing attributes in process `syz.3.14603'. [ 803.999808][ T2260] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.14613'. [ 804.399654][ T2291] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.14629'. [ 804.659775][ T2307] netlink: 132 bytes leftover after parsing attributes in process `syz.3.14634'. [ 804.682724][ T2307] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14634'. [ 804.711827][ T2310] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.14637'. [ 806.128419][ T2412] validate_nla: 13 callbacks suppressed [ 806.128439][ T2412] netlink: 'syz.3.14680': attribute type 1 has an invalid length. [ 806.163198][ T2412] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.14680'. [ 807.146205][ T2472] netlink: 'syz.1.14701': attribute type 21 has an invalid length. [ 807.174747][ T2472] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14701'. [ 807.204708][ T2472] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14701'. [ 808.640395][ T2555] netlink: 'syz.2.14735': attribute type 3 has an invalid length. [ 808.676054][ T2555] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.14735'. [ 808.727052][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.733387][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.281821][ T2654] netlink: 'syz.3.14771': attribute type 3 has an invalid length. [ 810.290374][ T2654] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.14771'. [ 811.217223][ T2686] netlink: 'syz.1.14787': attribute type 3 has an invalid length. [ 811.242842][ T2686] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.14787'. [ 812.803141][ T2812] netlink: 'syz.4.14834': attribute type 6 has an invalid length. [ 812.832721][ T2812] netlink: 168 bytes leftover after parsing attributes in process `syz.4.14834'. [ 814.779505][ T2886] netlink: 'syz.1.14866': attribute type 6 has an invalid length. [ 814.794731][ T2886] netlink: 168 bytes leftover after parsing attributes in process `syz.1.14866'. [ 815.436186][ T2914] netlink: 'syz.3.14881': attribute type 6 has an invalid length. [ 815.454289][ T2914] netlink: 168 bytes leftover after parsing attributes in process `syz.3.14881'. [ 816.943261][ T2955] netlink: 'syz.0.14898': attribute type 6 has an invalid length. [ 816.968756][ T2955] netlink: 168 bytes leftover after parsing attributes in process `syz.0.14898'. [ 818.480114][ T3046] netlink: 40 bytes leftover after parsing attributes in process `syz.4.14944'. [ 824.910496][ T3196] netlink: 'syz.1.15013': attribute type 46 has an invalid length. [ 824.945353][ T3196] netlink: 44 bytes leftover after parsing attributes in process `syz.1.15013'. [ 825.818284][ T3232] netlink: 'syz.0.15029': attribute type 46 has an invalid length. [ 825.855849][ T3232] netlink: 44 bytes leftover after parsing attributes in process `syz.0.15029'. [ 825.964715][ T3241] netlink: 'syz.4.15036': attribute type 29 has an invalid length. [ 825.993432][ T3241] netlink: 'syz.4.15036': attribute type 29 has an invalid length. [ 826.023640][ T3250] netlink: 'syz.4.15036': attribute type 29 has an invalid length. [ 826.058345][ T3241] netlink: 'syz.4.15036': attribute type 29 has an invalid length. [ 826.712371][ T3270] netlink: 'syz.2.15048': attribute type 46 has an invalid length. [ 826.720842][ T3270] netlink: 44 bytes leftover after parsing attributes in process `syz.2.15048'. [ 827.072183][ T3281] netlink: 'syz.0.15052': attribute type 29 has an invalid length. [ 827.082114][ T3281] netlink: 'syz.0.15052': attribute type 29 has an invalid length. [ 827.093869][ T3281] netlink: 'syz.0.15052': attribute type 29 has an invalid length. [ 827.137587][ T3283] netlink: 830 bytes leftover after parsing attributes in process `syz.1.15053'. [ 827.189201][ T3287] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.15055'. [ 828.712987][ T3338] tap0: tun_chr_ioctl cmd 1074025677 [ 828.729596][ T3338] tap0: linktype set to 6 [ 829.202340][ T3362] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.15083'. [ 829.764092][ T3373] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.15089'. [ 829.898073][ T3375] netlink: 830 bytes leftover after parsing attributes in process `syz.0.15091'. [ 833.205643][ T3412] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.15105'. [ 837.755420][ T3467] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.15131'. [ 841.992763][ T3527] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.15159'. [ 843.223046][ T3559] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.15174'. [ 844.786257][ T3614] netlink: 61967 bytes leftover after parsing attributes in process `syz.4.15198'. [ 845.869072][ T3672] netlink: 830 bytes leftover after parsing attributes in process `syz.3.15225'. [ 846.189034][ T3686] netlink: 3291 bytes leftover after parsing attributes in process `syz.4.15232'. [ 850.875649][ T3742] validate_nla: 5 callbacks suppressed [ 850.875672][ T3742] netlink: 'syz.3.15256': attribute type 27 has an invalid length. [ 850.904637][ T3746] netlink: 'syz.0.15257': attribute type 21 has an invalid length. [ 850.912605][ T3746] netlink: 'syz.0.15257': attribute type 1 has an invalid length. [ 850.923183][ T3742] netlink: 2418 bytes leftover after parsing attributes in process `syz.3.15256'. [ 850.964642][ T3746] netlink: 'syz.0.15257': attribute type 2 has an invalid length. [ 850.989156][ T3746] netlink: 9062 bytes leftover after parsing attributes in process `syz.0.15257'. [ 851.192272][ T3757] netlink: 'syz.1.15273': attribute type 21 has an invalid length. [ 851.242911][ T3757] netlink: 'syz.1.15273': attribute type 1 has an invalid length. [ 851.291390][ T3757] netlink: 'syz.1.15273': attribute type 2 has an invalid length. [ 851.329375][ T3757] netlink: 9062 bytes leftover after parsing attributes in process `syz.1.15273'. [ 854.311450][ T3782] netlink: 'syz.2.15272': attribute type 27 has an invalid length. [ 854.321242][ T3782] netlink: 2418 bytes leftover after parsing attributes in process `syz.2.15272'. [ 854.437002][ T3787] netlink: 'syz.2.15276': attribute type 21 has an invalid length. [ 854.472124][ T3787] netlink: 'syz.2.15276': attribute type 1 has an invalid length. [ 854.494695][ T3787] netlink: 9062 bytes leftover after parsing attributes in process `syz.2.15276'. [ 854.715282][ T3805] netlink: 16166 bytes leftover after parsing attributes in process `syz.4.15285'. [ 854.906827][ T3814] delete_channel: no stack [ 854.907672][ T3817] tun0: tun_chr_ioctl cmd 1074025680 [ 855.368907][ T3850] netlink: 16166 bytes leftover after parsing attributes in process `syz.0.15308'. [ 855.722727][ T3866] tun0: tun_chr_ioctl cmd 1074025680 [ 855.732815][ T3868] delete_channel: no stack [ 855.946046][ T3886] validate_nla: 5 callbacks suppressed [ 855.946063][ T3886] netlink: 'syz.2.15325': attribute type 21 has an invalid length. [ 855.989759][ T3886] netlink: 16166 bytes leftover after parsing attributes in process `syz.2.15325'. [ 856.197968][ T3903] netlink: 'syz.4.15331': attribute type 49 has an invalid length. [ 856.277819][ T3904] delete_channel: no stack [ 856.355339][ T3909] tun0: tun_chr_ioctl cmd 1074025680 [ 856.676542][ T3928] tap0: tun_chr_ioctl cmd 2147767520 [ 856.688792][ T3926] tun0: tun_chr_ioctl cmd 1074025680 [ 856.897540][ T3937] netlink: 'syz.2.15358': attribute type 21 has an invalid length. [ 856.914635][ T3937] netlink: 152 bytes leftover after parsing attributes in process `syz.2.15358'. [ 857.611768][ T3974] netlink: 'syz.4.15363': attribute type 29 has an invalid length. [ 860.157342][ T3970] tun0: tun_chr_ioctl cmd 1074025680 [ 860.167554][ T3974] netlink: 'syz.4.15363': attribute type 29 has an invalid length. [ 861.939675][ T4044] netlink: 'syz.1.15402': attribute type 21 has an invalid length. [ 861.957972][ T4044] netlink: 152 bytes leftover after parsing attributes in process `syz.1.15402'. [ 862.316586][ T4069] netlink: 'syz.4.15401': attribute type 10 has an invalid length. [ 862.331265][ T4069] netlink: 3867 bytes leftover after parsing attributes in process `syz.4.15401'. [ 862.523761][ T4086] tap0: tun_chr_ioctl cmd 2147767520 [ 867.167981][ T4148] tap0: tun_chr_ioctl cmd 2147767520 [ 870.156339][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.162711][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.794575][ T4193] tap0: tun_chr_ioctl cmd 2147767520 [ 871.705286][ T4203] netlink: 4031 bytes leftover after parsing attributes in process `syz.2.15461'. [ 874.877809][ T4267] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.15484'. [ 876.247962][ T4324] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.15502'. [ 877.480472][ T4363] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.15516'. [ 877.883045][ T4388] netlink: 60 bytes leftover after parsing attributes in process `syz.0.15538'. [ 877.892345][ T4388] netlink: 60 bytes leftover after parsing attributes in process `syz.0.15538'. [ 877.912600][ T4383] netlink: 60 bytes leftover after parsing attributes in process `syz.0.15538'. [ 877.926866][ T4388] netlink: 60 bytes leftover after parsing attributes in process `syz.0.15538'. [ 878.544767][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 878.570072][ T4429] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 878.608194][ T4435] netlink: 'syz.3.15553': attribute type 46 has an invalid length. [ 878.623877][ T4435] netlink: 212868 bytes leftover after parsing attributes in process `syz.3.15553'. [ 880.422463][ T4516] netlink: 60 bytes leftover after parsing attributes in process `syz.3.15589'. [ 881.002817][ T4532] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 881.050428][ T4534] netlink: 'syz.4.15597': attribute type 46 has an invalid length. [ 881.073710][ T4534] netlink: 212868 bytes leftover after parsing attributes in process `syz.4.15597'. [ 881.626614][ T4563] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 881.770170][ T4567] netlink: 'syz.0.15612': attribute type 46 has an invalid length. [ 881.788596][ T4567] netlink: 212868 bytes leftover after parsing attributes in process `syz.0.15612'. [ 882.697297][ T4593] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 882.720513][ T4593] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 883.321922][ T4616] tap0: tun_chr_ioctl cmd 1074025681 [ 883.753813][ T4638] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15642'. [ 885.149373][ T4670] netlink: 202920 bytes leftover after parsing attributes in process `syz.4.15658'. [ 885.900638][ T4703] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.15670'. [ 886.031778][ T4705] tap0: tun_chr_ioctl cmd 2147767506 [ 886.427525][ T4721] netlink: 'syz.1.15679': attribute type 21 has an invalid length. [ 886.452735][ T4721] netlink: 'syz.1.15679': attribute type 1 has an invalid length. [ 886.469935][ T4721] netlink: 14374 bytes leftover after parsing attributes in process `syz.1.15679'. [ 886.622484][ T4734] netlink: 'syz.3.15683': attribute type 33 has an invalid length. [ 886.645913][ T4734] netlink: 'syz.3.15683': attribute type 10 has an invalid length. [ 886.656094][ T4734] netlink: 108 bytes leftover after parsing attributes in process `syz.3.15683'. [ 886.670019][ T4734] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 888.294395][ T4808] netlink: 'syz.0.15719': attribute type 29 has an invalid length. [ 888.320301][ T4808] netlink: 'syz.0.15719': attribute type 29 has an invalid length. [ 888.350744][ T4810] netlink: 'syz.2.15717': attribute type 3 has an invalid length. [ 888.397539][ T4810] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.15717'. [ 889.222376][ T4825] netlink: 61959 bytes leftover after parsing attributes in process `syz.2.15725'. [ 889.234125][ T4825] tc_dump_action: action bad kind [ 889.416042][ T4839] netlink: 'syz.1.15731': attribute type 1 has an invalid length. [ 889.441751][ T4839] netlink: 5 bytes leftover after parsing attributes in process `syz.1.15731'. [ 889.798319][ T4856] netlink: 'syz.4.15737': attribute type 49 has an invalid length. [ 889.826958][ T4856] netlink: 'syz.4.15737': attribute type 49 has an invalid length. [ 891.760268][ T4935] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.15771'. [ 892.876407][ T4980] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.15793'. [ 893.156864][ T4984] netlink: 'syz.1.15795': attribute type 29 has an invalid length. [ 893.174199][ T4984] netlink: 'syz.1.15795': attribute type 29 has an invalid length. [ 893.778121][ T5018] netlink: 'syz.0.15811': attribute type 10 has an invalid length. [ 893.878944][ T5026] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15813'. [ 893.888432][ T5026] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15813'. [ 893.906157][ T5023] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15813'. [ 893.918605][ T5023] netlink: 60 bytes leftover after parsing attributes in process `syz.1.15813'. [ 894.446821][ T5063] netlink: 'syz.1.15832': attribute type 29 has an invalid length. [ 894.472479][ T5063] netlink: 'syz.1.15832': attribute type 29 has an invalid length. [ 894.482285][ T5063] netlink: 'syz.1.15832': attribute type 29 has an invalid length. [ 894.492927][ T5063] netlink: 'syz.1.15832': attribute type 29 has an invalid length. [ 894.609486][ T5073] netlink: 188 bytes leftover after parsing attributes in process `syz.4.15837'. [ 894.806401][ T5080] netlink: 40 bytes leftover after parsing attributes in process `syz.0.15840'. [ 894.825562][ T5080] netlink: 3 bytes leftover after parsing attributes in process `syz.0.15840'. [ 894.864681][ T5080] netlink: 3 bytes leftover after parsing attributes in process `syz.0.15840'. [ 894.884615][ T5080] netlink: 3 bytes leftover after parsing attributes in process `syz.0.15840'. [ 894.928232][ T5088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15845'. [ 894.949615][ T5088] netlink: 152 bytes leftover after parsing attributes in process `syz.1.15845'. [ 895.020816][ T5092] netlink: 'syz.0.15847': attribute type 2 has an invalid length. [ 895.038880][ T5092] netlink: 132 bytes leftover after parsing attributes in process `syz.0.15847'. [ 895.468933][ T5124] netlink: 14 bytes leftover after parsing attributes in process `syz.0.15862'. [ 895.796127][ T5149] netlink: 'syz.4.15875': attribute type 21 has an invalid length. [ 895.814703][ T5149] netlink: 132 bytes leftover after parsing attributes in process `syz.4.15875'. [ 895.834756][ T5149] netlink: 'syz.4.15875': attribute type 1 has an invalid length. [ 897.653392][ T5268] netlink: zone id is out of range [ 897.672105][ T5268] netlink: zone id is out of range [ 898.078764][ T5302] netlink: 'syz.1.15948': attribute type 11 has an invalid length. [ 898.105880][ T5301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 898.302289][ T5316] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 898.315694][ T5316] syzkaller0: linktype set to 1 [ 898.384976][ T5318] netlink: 'syz.1.15958': attribute type 10 has an invalid length. [ 898.603539][ T5334] netlink: 'syz.0.15966': attribute type 9 has an invalid length. [ 898.874423][ T5355] netlink: 'syz.1.15975': attribute type 10 has an invalid length. [ 898.891618][ T5355] netlink: 'syz.1.15975': attribute type 19 has an invalid length. [ 898.982080][ T5360] netlink: 'syz.0.15978': attribute type 21 has an invalid length. [ 903.156222][ T5420] __nla_validate_parse: 13 callbacks suppressed [ 903.156242][ T5420] netlink: 14556 bytes leftover after parsing attributes in process `syz.3.16005'. [ 903.437963][ T5444] netlink: 60 bytes leftover after parsing attributes in process `syz.1.16014'. [ 903.448771][ T5444] netlink: 60 bytes leftover after parsing attributes in process `syz.1.16014'. [ 903.459294][ T5440] netlink: 60 bytes leftover after parsing attributes in process `syz.1.16014'. [ 903.469209][ T5444] netlink: 60 bytes leftover after parsing attributes in process `syz.1.16014'. [ 907.084761][ T5480] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16031'. [ 907.104664][ T5480] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16031'. [ 907.114046][ T5479] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16031'. [ 907.135650][ T5480] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16031'. [ 910.766018][ T5511] netlink: 'syz.3.16045': attribute type 29 has an invalid length. [ 910.775821][ T5511] netlink: 'syz.3.16045': attribute type 29 has an invalid length. [ 910.792151][ T5511] netlink: 'syz.3.16045': attribute type 29 has an invalid length. [ 910.815214][ T5511] netlink: 'syz.3.16045': attribute type 29 has an invalid length. [ 911.054177][ T5527] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.16056'. [ 911.485767][ T5541] netlink: 'syz.3.16062': attribute type 33 has an invalid length. [ 911.493859][ T5541] netlink: 120 bytes leftover after parsing attributes in process `syz.3.16062'. [ 911.798791][ T5560] netlink: 154020 bytes leftover after parsing attributes in process `syz.2.16066'. [ 911.808536][ T5560] openvswitch: netlink: ufid size 48894 bytes exceeds the range (1, 16) [ 912.905547][ T5608] tap0: tun_chr_ioctl cmd 1074025677 [ 912.911139][ T5608] tap0: linktype set to 804 [ 913.325891][ T5635] tap0: tun_chr_ioctl cmd 1074025677 [ 913.331781][ T5635] tap0: linktype set to 65534 [ 914.278167][ T5677] netlink: 15999 bytes leftover after parsing attributes in process `syz.3.16124'. [ 914.374982][ T5684] netlink: 'syz.2.16118': attribute type 13 has an invalid length. [ 914.383207][ T5684] netlink: 61967 bytes leftover after parsing attributes in process `syz.2.16118'. [ 914.966099][ T5710] netlink: 'syz.3.16139': attribute type 4 has an invalid length. [ 915.912293][ T5731] tun0: tun_chr_ioctl cmd 1074025681 [ 916.144056][ T5745] netlink: 48 bytes leftover after parsing attributes in process `syz.0.16155'. [ 916.835704][ T5797] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 916.842998][ T5797] IPv6: NLM_F_CREATE should be set when creating new route [ 916.850320][ T5797] IPv6: NLM_F_CREATE should be set when creating new route [ 916.857607][ T5797] IPv6: NLM_F_CREATE should be set when creating new route [ 917.039189][ T5809] netlink: 'syz.1.16184': attribute type 21 has an invalid length. [ 917.206972][ T5820] Â: renamed from pim6reg1 [ 917.429988][ T5836] netpci0: tun_chr_ioctl cmd 1074025694 [ 917.753822][ T5865] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16207'. [ 917.764107][ T5865] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16207'. [ 917.784947][ T5860] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16207'. [ 917.805203][ T5865] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16207'. [ 917.903006][ T5872] tun0: tun_chr_ioctl cmd 21731 [ 918.623338][ T5919] netlink: 'syz.0.16235': attribute type 17 has an invalid length. [ 918.760609][ T5929] netlink: 'syz.2.16239': attribute type 2 has an invalid length. [ 918.934839][ T5929] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.16239'. [ 919.784176][ T5978] Dead loop on virtual device ip6_vti0, fix it urgently! [ 919.920691][ T5980] tun0: tun_chr_ioctl cmd 1074025672 [ 919.926406][ T5980] tun0: ignored: set checksum enabled [ 920.607506][ T5992] netlink: 'syz.1.16268': attribute type 5 has an invalid length. [ 920.695450][ T5998] netlink: 148 bytes leftover after parsing attributes in process `syz.0.16272'. [ 920.863419][ T6008] netlink: 'syz.1.16277': attribute type 10 has an invalid length. [ 920.885020][ T6008] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.16277'. [ 921.709684][ T6059] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16299'. [ 921.725647][ T6059] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16299'. [ 921.746440][ T6056] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16299'. [ 921.759769][ T6059] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16299'. [ 921.780159][ T6061] tun1: tun_chr_ioctl cmd 1074812117 [ 921.964476][ T6069] netlink: 'syz.3.16305': attribute type 21 has an invalid length. [ 921.982520][ T6069] netlink: 'syz.3.16305': attribute type 2 has an invalid length. [ 921.990861][ T6069] netlink: 15970 bytes leftover after parsing attributes in process `syz.3.16305'. [ 922.205244][ T6088] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16312'. [ 922.225800][ T6088] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16312'. [ 922.238915][ T6083] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16312'. [ 922.249065][ T6088] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16312'. [ 922.396251][ T6100] tun0: tun_chr_ioctl cmd 1074025673 [ 922.696430][ T6120] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 922.702442][ T6120] syzkaller0: linktype set to 778 [ 922.742622][ T6124] netlink: 14568 bytes leftover after parsing attributes in process `syz.4.16332'. [ 923.583524][ T6174] Â: renamed from pim6reg1 [ 923.692533][ T6177] netlink: 'syz.2.16355': attribute type 8 has an invalid length. [ 923.960906][ T6189] pimreg0: tun_chr_ioctl cmd 1074025677 [ 923.967121][ T6189] pimreg0: linktype set to 769 [ 925.007523][ T6249] netlink: 'syz.2.16388': attribute type 16 has an invalid length. [ 925.503263][ T6266] device bridge_slave_0 left promiscuous mode [ 925.535952][ T6266] netlink: 'syz.3.16396': attribute type 3 has an invalid length. [ 926.669673][ T6331] netlink: 'syz.2.16422': attribute type 27 has an invalid length. [ 926.813375][ T6344] netlink: 'syz.3.16431': attribute type 27 has an invalid length. [ 926.829498][ T6344] __nla_validate_parse: 21 callbacks suppressed [ 926.830075][ T6344] netlink: 2418 bytes leftover after parsing attributes in process `syz.3.16431'. [ 926.973184][ T6353] netlink: 188 bytes leftover after parsing attributes in process `syz.0.16436'. [ 927.276504][ T6375] tap0: tun_chr_ioctl cmd 1074025677 [ 927.282071][ T6375] tap0: linktype set to 780 [ 928.332390][ T6435] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.16474'. [ 928.492865][ T6446] netlink: 'syz.0.16480': attribute type 29 has an invalid length. [ 928.502674][ T6446] netlink: 'syz.0.16480': attribute type 29 has an invalid length. [ 928.520084][ T6446] netlink: 'syz.0.16480': attribute type 29 has an invalid length. [ 928.529759][ T6446] netlink: 'syz.0.16480': attribute type 29 has an invalid length. [ 928.906086][ T6478] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16491'. [ 928.924953][ T6478] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16491'. [ 928.956466][ T6469] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16491'. [ 928.985995][ T6478] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16491'. [ 929.183530][ T6499] netlink: 830 bytes leftover after parsing attributes in process `syz.0.16503'. [ 929.376410][ T6514] netlink: 60 bytes leftover after parsing attributes in process `syz.2.16505'. [ 929.414707][ T6514] netlink: 60 bytes leftover after parsing attributes in process `syz.2.16505'. [ 930.559970][ T6561] netlink: 'syz.3.16532': attribute type 10 has an invalid length. [ 930.891411][ T6581] tap0: tun_chr_ioctl cmd 2147767517 [ 931.596512][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.602942][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.831384][ T6645] netlink: 'syz.1.16570': attribute type 2 has an invalid length. [ 931.957258][ T6656] tap0: tun_chr_ioctl cmd 1074025677 [ 931.965419][ T6656] tap0: linktype set to 773 [ 932.010856][ T6658] __nla_validate_parse: 7 callbacks suppressed [ 932.010876][ T6658] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.16577'. [ 932.195266][ T6671] netlink: 'syz.3.16583': attribute type 29 has an invalid length. [ 932.287977][ T6671] netlink: 'syz.3.16583': attribute type 29 has an invalid length. [ 932.305011][ T6675] netlink: 'syz.3.16583': attribute type 29 has an invalid length. [ 932.313277][ T6677] netlink: 'syz.3.16583': attribute type 29 has an invalid length. [ 932.458992][ T6685] netlink: 152 bytes leftover after parsing attributes in process `syz.4.16588'. [ 932.581438][ T6688] netlink: 'syz.0.16590': attribute type 29 has an invalid length. [ 932.590356][ T6688] netlink: 'syz.0.16590': attribute type 29 has an invalid length. [ 932.602139][ T6688] netlink: 'syz.0.16590': attribute type 29 has an invalid length. [ 932.613097][ T6688] netlink: 'syz.0.16590': attribute type 29 has an invalid length. [ 932.740935][ T6699] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16593'. [ 932.760391][ T6699] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16593'. [ 932.781098][ T6694] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16593'. [ 932.801387][ T6700] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16593'. [ 932.979836][ T6710] netlink: 60 bytes leftover after parsing attributes in process `syz.4.16601'. [ 933.066657][ T6716] netlink: 152 bytes leftover after parsing attributes in process `syz.0.16604'. [ 933.421945][ T6743] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16615'. [ 934.453301][ T6790] netlink: 60 bytes leftover after parsing attributes in process `syz.1.16637'. [ 935.003144][ T6816] tap0: tun_chr_ioctl cmd 1074025681 [ 936.571806][ T6887] tap0: tun_chr_ioctl cmd 2147767506 [ 937.114400][ T6911] validate_nla: 12 callbacks suppressed [ 937.114425][ T6911] netlink: 'syz.0.16704': attribute type 33 has an invalid length. [ 937.131461][ T6911] netlink: 'syz.0.16704': attribute type 10 has an invalid length. [ 937.140189][ T6911] __nla_validate_parse: 2 callbacks suppressed [ 937.140204][ T6911] netlink: 108 bytes leftover after parsing attributes in process `syz.0.16704'. [ 937.192270][ T6911] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 937.470658][ T6922] netlink: 'syz.4.16696': attribute type 21 has an invalid length. [ 937.498283][ T6922] netlink: 'syz.4.16696': attribute type 1 has an invalid length. [ 937.530922][ T6922] netlink: 14374 bytes leftover after parsing attributes in process `syz.4.16696'. [ 938.559090][ T6989] netlink: 'syz.1.16733': attribute type 3 has an invalid length. [ 938.579095][ T6989] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.16733'. [ 939.066301][ T7008] netlink: 61959 bytes leftover after parsing attributes in process `syz.4.16741'. [ 939.080026][ T7008] tc_dump_action: action bad kind [ 939.378682][ T7023] netlink: 'syz.4.16747': attribute type 1 has an invalid length. [ 939.387673][ T7023] netlink: 5 bytes leftover after parsing attributes in process `syz.4.16747'. [ 939.635356][ T7034] netlink: 'syz.1.16750': attribute type 49 has an invalid length. [ 939.643456][ T7034] netlink: 'syz.1.16750': attribute type 49 has an invalid length. [ 941.216808][ T7109] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.16783'. [ 941.966032][ T7146] netlink: 'syz.0.16810': attribute type 29 has an invalid length. [ 941.974870][ T7146] netlink: 'syz.0.16810': attribute type 29 has an invalid length. [ 942.452653][ T7161] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.16807'. [ 945.029335][ T7254] netlink: 'syz.2.16848': attribute type 29 has an invalid length. [ 945.044850][ T7256] netlink: 188 bytes leftover after parsing attributes in process `syz.3.16851'. [ 945.102655][ T7254] netlink: 'syz.2.16848': attribute type 29 has an invalid length. [ 945.195870][ T7261] netlink: 'syz.2.16848': attribute type 29 has an invalid length. [ 945.233586][ T7268] netlink: 'syz.2.16848': attribute type 29 has an invalid length. [ 945.323044][ T7274] netlink: 40 bytes leftover after parsing attributes in process `syz.4.16859'. [ 945.334851][ T7274] netlink: 3 bytes leftover after parsing attributes in process `syz.4.16859'. [ 945.345832][ T7274] netlink: 3 bytes leftover after parsing attributes in process `syz.4.16859'. [ 945.355414][ T7274] netlink: 3 bytes leftover after parsing attributes in process `syz.4.16859'. [ 945.374117][ T7276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.16860'. [ 945.394781][ T7276] netlink: 152 bytes leftover after parsing attributes in process `syz.0.16860'. [ 945.505913][ T7286] netlink: 'syz.3.16864': attribute type 2 has an invalid length. [ 945.524747][ T7286] netlink: 132 bytes leftover after parsing attributes in process `syz.3.16864'. [ 945.927011][ T7311] netlink: 14 bytes leftover after parsing attributes in process `syz.4.16879'. [ 946.453994][ T7350] ================================================================== [ 946.462124][ T7350] BUG: KASAN: use-after-free in dev_map_enqueue+0x3c/0x340 [ 946.469351][ T7350] Read of size 8 at addr ffff8880761ea400 by task syz.4.16892/7350 [ 946.477258][ T7350] [ 946.479589][ T7350] CPU: 1 PID: 7350 Comm: syz.4.16892 Not tainted 6.1.127-syzkaller #0 [ 946.487754][ T7350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 946.497825][ T7350] Call Trace: [ 946.501118][ T7350] [ 946.504060][ T7350] dump_stack_lvl+0x1e3/0x2cb [ 946.508762][ T7350] ? nf_tcp_handle_invalid+0x642/0x642 [ 946.514248][ T7350] ? panic+0x764/0x764 [ 946.518334][ T7350] ? _printk+0xd1/0x111 [ 946.522506][ T7350] ? __virt_addr_valid+0x17f/0x530 [ 946.527635][ T7350] ? __virt_addr_valid+0x17f/0x530 [ 946.532767][ T7350] print_report+0x15f/0x4f0 [ 946.537287][ T7350] ? __virt_addr_valid+0x17f/0x530 [ 946.542421][ T7350] ? __virt_addr_valid+0x17f/0x530 [ 946.547557][ T7350] ? __virt_addr_valid+0x45b/0x530 [ 946.552689][ T7350] ? __phys_addr+0xb6/0x170 [ 946.557215][ T7350] ? dev_map_enqueue+0x3c/0x340 [ 946.562089][ T7350] kasan_report+0x136/0x160 [ 946.566619][ T7350] ? dev_map_enqueue+0x3c/0x340 [ 946.571495][ T7350] dev_map_enqueue+0x3c/0x340 [ 946.576196][ T7350] xdp_do_redirect_frame+0x323/0x660 [ 946.581512][ T7350] bpf_test_run_xdp_live+0xbf4/0x1ea0 [ 946.586914][ T7350] ? __mutex_unlock_slowpath+0x218/0x750 [ 946.592592][ T7350] ? 0xffffffffa0003b40 [ 946.596767][ T7350] ? bpf_test_run_xdp_live+0x75c/0x1ea0 [ 946.602341][ T7350] ? xdp_convert_md_to_buff+0x330/0x330 [ 946.607916][ T7350] ? bpf_dispatcher_change_prog+0xdf5/0xf80 [ 946.613845][ T7350] ? 0xffffffffa0003b40 [ 946.618023][ T7350] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 946.624291][ T7350] ? __might_fault+0xbd/0x110 [ 946.628990][ T7350] ? _copy_from_user+0x109/0x170 [ 946.633960][ T7350] ? bpf_test_init+0x15a/0x180 [ 946.638742][ T7350] ? xdp_convert_md_to_buff+0x5b/0x330 [ 946.644220][ T7350] bpf_prog_test_run_xdp+0x7d1/0x1130 [ 946.649621][ T7350] ? dev_put+0x80/0x80 [ 946.653716][ T7350] ? dev_put+0x80/0x80 [ 946.657801][ T7350] bpf_prog_test_run+0x32f/0x3a0 [ 946.662754][ T7350] __sys_bpf+0x3eb/0x6c0 [ 946.667023][ T7350] ? bpf_link_show_fdinfo+0x300/0x300 [ 946.672432][ T7350] ? print_irqtrace_events+0x210/0x210 [ 946.677918][ T7350] ? print_irqtrace_events+0x210/0x210 [ 946.683408][ T7350] ? syscall_enter_from_user_mode+0x2e/0x230 [ 946.689413][ T7350] ? syscall_enter_from_user_mode+0x2e/0x230 [ 946.695421][ T7350] ? lockdep_hardirqs_on+0x94/0x130 [ 946.700643][ T7350] __x64_sys_bpf+0x78/0x90 [ 946.705089][ T7350] do_syscall_64+0x3b/0xb0 [ 946.709527][ T7350] ? clear_bhb_loop+0x45/0xa0 [ 946.714225][ T7350] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 946.720151][ T7350] RIP: 0033:0x7f8050f8cda9 [ 946.724584][ T7350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 946.744216][ T7350] RSP: 002b:00007f8051d08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 946.752659][ T7350] RAX: ffffffffffffffda RBX: 00007f80511a5fa0 RCX: 00007f8050f8cda9 [ 946.760654][ T7350] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 946.768649][ T7350] RBP: 00007f805100e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 946.776646][ T7350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 946.784639][ T7350] R13: 0000000000000000 R14: 00007f80511a5fa0 R15: 00007ffdfeca80d8 [ 946.792644][ T7350] [ 946.795683][ T7350] [ 946.798021][ T7350] Allocated by task 6742: [ 946.802359][ T7350] kasan_set_track+0x4b/0x70 [ 946.806972][ T7350] __kasan_kmalloc+0x97/0xb0 [ 946.811582][ T7350] copy_semundo+0xb1/0x230 [ 946.816019][ T7350] copy_process+0x1848/0x4060 [ 946.820712][ T7350] kernel_clone+0x222/0x920 [ 946.825229][ T7350] __se_sys_clone3+0x373/0x410 [ 946.830007][ T7350] do_syscall_64+0x3b/0xb0 [ 946.834438][ T7350] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 946.840349][ T7350] [ 946.842674][ T7350] The buggy address belongs to the object at ffff8880761ea400 [ 946.842674][ T7350] which belongs to the cache kmalloc-cg-96 of size 96 [ 946.856827][ T7350] The buggy address is located 0 bytes inside of [ 946.856827][ T7350] 96-byte region [ffff8880761ea400, ffff8880761ea460) [ 946.869860][ T7350] [ 946.872187][ T7350] The buggy address belongs to the physical page: [ 946.878613][ T7350] page:ffffea0001d87a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x761ea [ 946.888787][ T7350] memcg:ffff88807f6d7e01 [ 946.893039][ T7350] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 946.900627][ T7350] raw: 00fff00000000200 ffffea000166a2c0 dead000000000007 ffff888017c428c0 [ 946.909231][ T7350] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff88807f6d7e01 [ 946.917826][ T7350] page dumped because: kasan: bad access detected [ 946.924257][ T7350] page_owner tracks the page as allocated [ 946.929982][ T7350] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4252, tgid 4252 (syz-executor), ts 921147235486, free_ts 921146873734 [ 946.948425][ T7350] post_alloc_hook+0x18d/0x1b0 [ 946.953213][ T7350] get_page_from_freelist+0x3731/0x38d0 [ 946.958795][ T7350] __alloc_pages+0x28d/0x770 [ 946.963417][ T7350] alloc_slab_page+0x6a/0x150 [ 946.968126][ T7350] new_slab+0x84/0x2d0 [ 946.972213][ T7350] ___slab_alloc+0xc20/0x1270 [ 946.976908][ T7350] __kmem_cache_alloc_node+0x19f/0x260 [ 946.982607][ T7350] __kmalloc_node+0xa2/0x230 [ 946.987225][ T7350] kvmalloc_node+0x6e/0x180 [ 946.991752][ T7350] alloc_fdtable+0x154/0x280 [ 946.996368][ T7350] dup_fd+0x95c/0xca0 [ 947.000371][ T7350] copy_files+0x72/0xe0 [ 947.004551][ T7350] copy_process+0x1873/0x4060 [ 947.009247][ T7350] kernel_clone+0x222/0x920 [ 947.013773][ T7350] __x64_sys_clone+0x231/0x280 [ 947.018564][ T7350] do_syscall_64+0x3b/0xb0 [ 947.023003][ T7350] page last free stack trace: [ 947.027686][ T7350] free_unref_page_prepare+0x12a6/0x15b0 [ 947.033341][ T7350] free_unref_page+0x33/0x3e0 [ 947.038038][ T7350] __vunmap+0x873/0xa30 [ 947.042209][ T7350] do_ip6t_get_ctl+0x11df/0x18a0 [ 947.047286][ T7350] nf_getsockopt+0x28e/0x2b0 [ 947.051904][ T7350] ipv6_getsockopt+0x259/0x370 [ 947.056701][ T7350] tcp_getsockopt+0x15c/0x1c0 [ 947.061403][ T7350] __sys_getsockopt+0x2b2/0x5d0 [ 947.066278][ T7350] __x64_sys_getsockopt+0xb1/0xc0 [ 947.071326][ T7350] do_syscall_64+0x3b/0xb0 [ 947.075766][ T7350] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 947.081691][ T7350] [ 947.084019][ T7350] Memory state around the buggy address: [ 947.089665][ T7350] ffff8880761ea300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 947.097747][ T7350] ffff8880761ea380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 947.105826][ T7350] >ffff8880761ea400: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 947.113905][ T7350] ^ [ 947.117980][ T7350] ffff8880761ea480: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 947.126052][ T7350] ffff8880761ea500: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 947.134126][ T7350] ================================================================== [ 947.142314][ T7350] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 947.149531][ T7350] CPU: 1 PID: 7350 Comm: syz.4.16892 Not tainted 6.1.127-syzkaller #0 [ 947.157702][ T7350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 947.167769][ T7350] Call Trace: [ 947.171056][ T7350] [ 947.173998][ T7350] dump_stack_lvl+0x1e3/0x2cb [ 947.178707][ T7350] ? nf_tcp_handle_invalid+0x642/0x642 [ 947.184194][ T7350] ? panic+0x764/0x764 [ 947.188290][ T7350] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 947.194468][ T7350] ? vscnprintf+0x59/0x80 [ 947.198820][ T7350] panic+0x318/0x764 [ 947.202731][ T7350] ? check_panic_on_warn+0x1d/0xa0 [ 947.207858][ T7350] ? memcpy_page_flushcache+0xfc/0xfc [ 947.213252][ T7350] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 947.219172][ T7350] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 947.225092][ T7350] ? _raw_spin_unlock+0x40/0x40 [ 947.229964][ T7350] ? print_report+0x4a3/0x4f0 [ 947.234662][ T7350] check_panic_on_warn+0x7e/0xa0 [ 947.239621][ T7350] ? dev_map_enqueue+0x3c/0x340 [ 947.244495][ T7350] end_report+0x66/0x110 [ 947.248764][ T7350] kasan_report+0x143/0x160 [ 947.253285][ T7350] ? dev_map_enqueue+0x3c/0x340 [ 947.258160][ T7350] dev_map_enqueue+0x3c/0x340 [ 947.262857][ T7350] xdp_do_redirect_frame+0x323/0x660 [ 947.268169][ T7350] bpf_test_run_xdp_live+0xbf4/0x1ea0 [ 947.273575][ T7350] ? __mutex_unlock_slowpath+0x218/0x750 [ 947.279243][ T7350] ? 0xffffffffa0003b40 [ 947.283414][ T7350] ? bpf_test_run_xdp_live+0x75c/0x1ea0 [ 947.288980][ T7350] ? xdp_convert_md_to_buff+0x330/0x330 [ 947.294547][ T7350] ? bpf_dispatcher_change_prog+0xdf5/0xf80 [ 947.300463][ T7350] ? 0xffffffffa0003b40 [ 947.304647][ T7350] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 947.310923][ T7350] ? __might_fault+0xbd/0x110 [ 947.315630][ T7350] ? _copy_from_user+0x109/0x170 [ 947.320599][ T7350] ? bpf_test_init+0x15a/0x180 [ 947.325389][ T7350] ? xdp_convert_md_to_buff+0x5b/0x330 [ 947.330882][ T7350] bpf_prog_test_run_xdp+0x7d1/0x1130 [ 947.336288][ T7350] ? dev_put+0x80/0x80 [ 947.340358][ T7350] ? dev_put+0x80/0x80 [ 947.344420][ T7350] bpf_prog_test_run+0x32f/0x3a0 [ 947.349352][ T7350] __sys_bpf+0x3eb/0x6c0 [ 947.353592][ T7350] ? bpf_link_show_fdinfo+0x300/0x300 [ 947.358964][ T7350] ? print_irqtrace_events+0x210/0x210 [ 947.364420][ T7350] ? print_irqtrace_events+0x210/0x210 [ 947.369878][ T7350] ? syscall_enter_from_user_mode+0x2e/0x230 [ 947.375857][ T7350] ? syscall_enter_from_user_mode+0x2e/0x230 [ 947.381836][ T7350] ? lockdep_hardirqs_on+0x94/0x130 [ 947.387038][ T7350] __x64_sys_bpf+0x78/0x90 [ 947.391459][ T7350] do_syscall_64+0x3b/0xb0 [ 947.395871][ T7350] ? clear_bhb_loop+0x45/0xa0 [ 947.400552][ T7350] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 947.406445][ T7350] RIP: 0033:0x7f8050f8cda9 [ 947.410856][ T7350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 947.430461][ T7350] RSP: 002b:00007f8051d08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 947.438869][ T7350] RAX: ffffffffffffffda RBX: 00007f80511a5fa0 RCX: 00007f8050f8cda9 [ 947.446835][ T7350] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 947.454806][ T7350] RBP: 00007f805100e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 947.462773][ T7350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 947.470740][ T7350] R13: 0000000000000000 R14: 00007f80511a5fa0 R15: 00007ffdfeca80d8 [ 947.478709][ T7350] [ 947.481997][ T7350] Kernel Offset: disabled [ 947.486317][ T7350] Rebooting in 86400 seconds..